scholarly journals Cybercrime and You: How Criminals Attack and the Human Factors That They Seek to Exploit

2018 ◽  
pp. 662-690 ◽  
Author(s):  
Jason R. C. Nurse
Keyword(s):  
Human Factors ◽  
Denial Of Service ◽  
Social Engineering ◽  
Identity Theft ◽  
Hate Crimes ◽  
Psychological Aspects ◽  
Online Harassment ◽  
Significant Challenge ◽  
Revenge Porn ◽  
Topical Analysis

Cybercrime is a significant challenge to society, but it can be particularly harmful to the individuals who become victims. This chapter engages in a comprehensive and topical analysis of the cybercrimes that target individuals. It also examines the motivation of criminals that perpetrate such attacks and the key human factors and psychological aspects that help to make cybercriminals successful. Key areas assessed include social engineering (e.g., phishing, romance scams, catfishing), online harassment (e.g., cyberbullying, trolling, revenge porn, hate crimes), identity-related crimes (e.g., identity theft, doxing), hacking (e.g., malware, cryptojacking, account hacking), and denial-of-service crimes. As a part of its contribution, the chapter introduces a summary taxonomy of cybercrimes against individuals and a case for why they will continue to occur if concerted interdisciplinary efforts are not pursued.

Defining Online Aggression

2018 ◽  
pp. 1-24
Keyword(s):  
Denial Of Service ◽  
Identity Theft ◽  
The Internet ◽  
Cyber Aggression ◽  
Cyber Harassment ◽  
Online Aggression ◽  
Revenge Porn

The internet has become an inescapable part of our lives, and while it makes our lives easier, it also exposes us to online threats ranging from identity theft to denial of service to phony lottery/sweepstake scams. Among these online threats are those that are carried out with the direct intent of harming another person or group of individuals. This category of crimes is referred to as cyber aggression and includes cyberbullying, cyber-harassment, and cyberstalking. As technology expands, so does the opportunity for new forms of online aggression such as doxing and revenge porn. It is becoming difficult to keep up with new trends in acts of online aggression or distinguish between cybercrimes that appear to have similar definitions. This chapter acts as an introduction to online aggression by providing an overview of older and emerging forms of cyber aggression.

A Macroergonomic Approach for Improving Safety and Work Design

1992 ◽  
Vol 36 (11) ◽  
pp. 859-861 ◽  
Author(s):  
Mitsuo Nagamachi ◽  
Andrew S. Imada
Keyword(s):  
Human Factors ◽  
Work Performance ◽  
Psychological Aspects ◽  
Work Design ◽  
Work Place ◽  
Human Suffering ◽  
The Past ◽  
Safe Work ◽  
Physical Dimensions

Over the past few years the concept of macroergonomics has heightened our awareness of how human factors can be successfully implemented in the work place. One application of this approach addresses the importance of psychological aspects of work that contribute to safe work performance. Traditionally safety interventionists, and to some extent, human factors professionals, have focused exclusively on the physical dimensions of work. Emphasizing the psychological and organizational impacts on safety represents a broader macroergonomic approach to human factors interventions. There is evidence that this approach has merit in reducing human suffering and costs.

Identity Theft, Malware, and Social Engineering in Dealing with Cybercrime

2018 ◽  
pp. 627-648
Author(s):  
Anupama Mishra ◽  
Brij B. Gupta ◽  
Deepak Gupta
Keyword(s):  
Social Engineering ◽  
Identity Theft

Cybercrime: Thieves, Swindlers, Bandits, and Privateers in Cyberspace

2021 ◽  
pp. 88-108
Author(s):  
Roderic Broadhurst
Keyword(s):  
Law Enforcement ◽  
Illicit Drugs ◽  
Credit Cards ◽  
Social Engineering ◽  
Identity Theft ◽  
Personal Identification ◽  
Private And Public ◽  
History Of ◽  
Cross National

This chapter describes the definitions and scope of cybercrime including an outline of the history of hackers and the role of criminal networks and markets in the dissemination of malicious software and other contraband such as illicit drugs, stolen credit cards and personal identification, firearms, and criminal services. Different cybercrime types and methods are described, including the widespread use of ‘social engineering’ or deception in computer misuse and identity theft. The challenges facing law enforcement in the suppression of cybercrime and the important role of private and public partnerships, as well as cross-national cooperation in the suppression of cybercrime is illustrated.

Distributed Social Platforms for Confidentiality and Resilience

2013 ◽  
pp. 114-136 ◽  
Author(s):  
Enrico Franchi ◽  
Michele Tomaiuolo
Keyword(s):  
Social Networking ◽  
Social Networking Sites ◽  
Denial Of Service ◽  
Social Engineering ◽  
Peer To Peer ◽  
Current Approach ◽  
Data Availability ◽  
Hash Tables ◽  
Semantic Data ◽  
Peer To Peer Systems

Social networking sites have deeply changed the perception of the web in the last years. Although the current approach to build social networking systems is to create huge centralized systems owned by a single company, such strategy has many drawbacks, e.g., lack of privacy, lack of anonymity, risks of censorship and operating costs. These issues contrast with some of the main requirements of information systems, including: (i) confidentiality, i.e., the interactions between a user and the system must remain private unless explicitly public; (ii) integrity; (iii) accountability; (iv) availability; (v) identity and anonymity. Moreover, social networking platforms are vulnerable to many kind of attacks: (i) masquerading, which occurs when a user disguises his identity and pretends to be another user; (ii) unauthorized access; (iii) denial of service; (iv) repudiation, which occurs when a user participates in an activity and later claims he did not; (v) eavesdropping; (vi) alteration of data; (vii) copy and replay attacks; and, in general, (viii) attacks making use of social engineering techniques. In order to overcome both the intrinsic defects of centralized systems and the general vulnerabilities of social networking platforms, many different approaches have been proposed, both as federated (i.e., consisting of multiple entities cooperating to provide the service, but usually distinct from users) or peer-to-peer systems (with users directly cooperating to provide the service); in this work the most interesting ones were reviewed. Eventually, the authors present their own approach to create a solid distributed social networking platform consisting in a novel peer-to-peer system that leverages existing, widespread and stable technologies such as distributed hash tables and BitTorrent. The topics considered in detail are: (i) anonymity and resilience to censorship; (ii) authenticatable contents; (iii) semantic interoperability using activity streams and weak semantic data formats for contacts and profiles; and (iv) data availability.

Evolution and Growth of Cyber Crimes: An Analys on the Kerala Scenario

GIS Business ◽  
2019 ◽  
Vol 14 (3) ◽  
pp. 196-201
Author(s):  
S S KARTHIK KUMAR
Keyword(s):  
Credit Card ◽  
Science And Technology ◽  
Identity Theft ◽  
Hate Crimes ◽  
Common Word ◽  
The Internet ◽  
Cyber Crime ◽  
Internet Fraud ◽  
New Type ◽  
Cyber Crimes

Crime is a common word that we always hereof in this era of globalization. Crimes refer to any violation of law or the commission of an act forbidden by law. Crime and criminality have been associated with man since time immemorial. Cyber crime is a new type of crime that occurs in these years of Science and Technology. There are a lot of definitions for cyber crime. It is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. In addition, cyber crime also includes traditional crimes that been conducted with the access of Internet. For example hate crimes, telemarketing Internet fraud, identity theft, and credit card account thefts. In simple word, cyber crime can be defined as any violence action that been conducted by using computer or other devices with the access of internet.

Database Security and Statistical Database Security

2011 ◽  
pp. 610-616
Author(s):  
Edgar R. Weippl
Keyword(s):  
Denial Of Service ◽  
Personal Data ◽  
Social Engineering ◽  
Database Security ◽  
Security Requirements ◽  
Data Warehouses ◽  
Aggregated Data ◽  
Statistical Databases ◽  
Security Models ◽  
Transactional Databases

In this article we will present an introduction to issues relevant to database security and statistical database security. We will briefly cover various security models, elaborate on how data analysis in data warehouses (DWH) might compromise an individual’s privacy, and explain which safeguards can be used to prevent attacks. In most companies, databases are an essential part of IT infrastructure since they store critical business data. In the last two decades, databases have been used to process increasing amounts of transactional data, such as, a complete account of a person’s purchases from a retailer or connection data from calls made on a cell phone. As soon as this data became available from transactional databases and online transactional processing (OLTP) became well established, the next logical step was to use the knowledge contained in the vast amounts of data. Today, data warehouses (DWH) store aggregated data in an optimal way to serve queries related to business analysis. In recent years, most people have begun to focus their attention on security. Early OLTP applications were mainly concerned with integrity of data during transactions; today privacy and secrecy are more important as databases store an increasing amount of information about individuals, and data from different systems can be aggregated. Thuraisingham (2002) summarizes the requirements briefly as “However, we do not want the information to be used in an incorrect manner.” All security requirements stem from one of three basic requirements: confidentiality (aka secrecy), integrity, and availability (CIA). Confidentiality refers to the requirement that only authorized subjects, that is, people or processes should be permitted to read data. Integrity means that unauthorized modifications must not be permitted. This includes both modifications by unauthorized people and incorrect modification by authorized users. To correctly perform the services requested, the system needs to remain available; a denial-of-service compromises the requirement of availability. Other security requirements may include privacy, non-repudiation, and separation of duties. These requirements are, however, composite requirements that can be traced back to one of the three basic requirements. Privacy, for instance, is the non-disclosure (=confidentiality) of personal data; non-repudiation refers to the integrity of transaction logs and integrity of origin. Throughout this article we will focus only on technical attacks and safeguards and not on social engineering. Social engineering is often the easiest and, in many cases, a very successful attack vector. For an in-depth coverage of social engineering we recommend (Böck, 2007). In Section 2 we cover the most relevant access control models; in Section 3 we provide an overview of security in statistical databases. Finally, in Section 4 we highlight the essentials of securing not only the transactional and the statistical databases but the entire system.

Social Issues of Trust and Digital Government

2008 ◽  
pp. 2905-2914
Author(s):  
Stephen Marsh ◽  
Andrew S. Patrick ◽  
Pamela Briggs
Keyword(s):  
Research Council ◽  
Personal Information ◽  
National Research Council ◽  
Identity Theft ◽  
Government Agencies ◽  
Government Services ◽  
Significant Challenge ◽  
Other Information ◽  
Identification Documents ◽  
The Government

Building any online system or service that people will trust is a significant challenge. For example, consumers sometimes avoid e-commerce services over fears about their security and privacy. As a result, much research has been done to determine factors that affect users’ trust of e-commerce services (e.g., Egger, 2001; Friedman, Khan, & Howe, 2000; Riegelsberger & Sasse, 2001). Building trustable e-government services, however, presents a significantly greater challenge than e-commerce services for a number of reasons. First, government services are often covered by privacy protection legislation that may not apply to commercial services, so they will be subject to a higher level of scrutiny. Second, the nature of the information involved in an e-government transaction may be more sensitive than the information involved in a commercial transaction (Adams, 1999). Third, the nature of the information receiver is different in an e-government context (Adams, 1999). Some personal information, such as supermarket spending habits, might be relatively benign in an e-commerce situation, such as a loyalty program (supermarket points, or Air Miles, for instance), but other information such as medical records would be considered very sensitive if shared amongst all government agencies. Fourth, the consequences of a breach of privacy may be much larger in an e-government context, where, for example, premature release of economic data might have a profound effect on stock markets, affecting millions of investors (National Research Council, 2002). E-government services also involve significant privacy and security challenges because the traditional trade-offs of risks and costs cannot be applied as they can in business. In business contexts it is usually impossible to reduce the risks, for example of unauthorized access to information, or loss of or corruption of personal information, to zero and managers often have to trade-off acceptable risks against increasing costs. In the e-government context, because of the nature of the information and the high publicity, no violations of security or privacy can be considered acceptable (National Research Council, 2002). Although zero risk may be impossible to achieve, it is vital to target this ideal in an e-government service. In addition, government departments are often the major source of materials used to identify and authenticate individuals. Identification documents such as driver’s licenses and passports are issued by government agencies, so any breach in the security of these agencies can lead to significant problems. Identity theft is a growing problem worldwide, and e-government services that issue identification documents must be especially vigilant to protect against identity theft (National Research Council, 2002). Another significant challenge for e-government systems is protecting the privacy of individuals who traditionally have maintained multiple identities when interacting with the government (National Research Council, 2002). Today, a driver’s license is used when operating an automobile, a tax account number is used during financial transactions, while a government health card is used when seeking health services. With the implementation and use of e-government services it becomes possible to match these separate identities in a manner that was not being done before, and this could lead to new privacy concerns.

Social Issues of Trust and Digital Government

2011 ◽  
pp. 1466-1471
Author(s):  
S. Marsh ◽  
A. S. Patrick
Keyword(s):  
Research Council ◽  
Personal Information ◽  
National Research Council ◽  
Identity Theft ◽  
Government Agencies ◽  
Government Services ◽  
Significant Challenge ◽  
Other Information ◽  
Identification Documents ◽  
The Government

Building any online system or service that people will trust is a significant challenge. For example, consumers sometimes avoid e-commerce services over fears about their security and privacy. As a result, much research has been done to determine factors that affect users’ trust of e-commerce services (e.g., Egger, 2001; Friedman, Khan, & Howe, 2000; Riegelsberger & Sasse, 2001). Building trustable e-government services, however, presents a significantly greater challenge than e-commerce services for a number of reasons. First, government services are often covered by privacy protection legislation that may not apply to commercial services, so they will be subject to a higher level of scrutiny. Second, the nature of the information involved in an e-government transaction may be more sensitive than the information involved in a commercial transaction (Adams, 1999). Third, the nature of the information receiver is different in an e-government context (Adams, 1999). Some personal information, such as supermarket spending habits, might be relatively benign in an e-commerce situation, such as a loyalty program (supermarket points, or Air Miles, for instance), but other information such as medical records would be considered very sensitive if shared amongst all government agencies. Fourth, the consequences of a breach of privacy may be much larger in an e-government context, where, for example, premature release of economic data might have a profound effect on stock markets, affecting millions of investors (National Research Council, 2002). E-government services also involve significant privacy and security challenges because the traditional trade-offs of risks and costs cannot be applied as they can in business. In business contexts it is usually impossible to reduce the risks, for example of unauthorized access to information, or loss of or corruption of personal information, to zero and managers often have to trade-off acceptable risks against increasing costs. In the e-government context, because of the nature of the information and the high publicity, no violations of security or privacy can be considered acceptable (National Research Council, 2002). Although zero risk may be impossible to achieve, it is vital to target this ideal in an e-government service. In addition, government departments are often the major source of materials used to identify and authenticate individuals. Identification documents such as driver’s licenses and passports are issued by government agencies, so any breach in the security of these agencies can lead to significant problems. Identity theft is a growing problem worldwide, and e-government services that issue identification documents must be especially vigilant to protect against identity theft (National Research Council, 2002). Another significant challenge for e-government systems is protecting the privacy of individuals who traditionally have maintained multiple identities when interacting with the government (National Research Council, 2002). Today, a driver’s license is used when operating an automobile, a tax account number is used during financial transactions, while a government health card is used when seeking health services. With the implementation and use of e-government services it becomes possible to match these separate identities in a manner that was not being done before, and this could lead to new privacy concerns.

Sign in / Sign up

Export Citation Format

Share Document