|Author : DAOUDI Samir | Context : MSc Software Engineering – Professional issues in computing|
All humans’ inventions enhance and improve our lives but also in certain cases have negative aspects or weaknesses. Internet is not an exception, in spite of all the benefits of this new communication technology that we’ve discussed in previous weeks it has also allowed the appearance of new forms of crimes and illegality due to a misuse of this technology.
So what are Cybercrimes?
The term of cybercrimes can be understood differently by people. Some might see at just as some teenage hackers in dark rooms with sodas and trying to access top-secret files and computers of government. It can be also seen as the Nigerian e-mail scammer, auction fraudster or the identity thief. All these personal point of views share one point in their definitions which is the use of computer as tool to perform what can be seen as crimes (Antohny,R & Kevin,O 2007).
The enhancement and additional values provided by the new technologies and Internet have changed different parts of our life; crimes have also been touched by this movement.
New forms of crimes appeared since the earlier times of the internet appearance. These crimes characterized by the use of the computing tools (hardware or software) in order to illegally access, alter or destroy data and systems. The damages that can be caused by such attempts are really considerable and legislations and laws try to minimize the consequences of these new crimes. The main difference between Cybercrimes and ‘Classic’ crimes resides in the fact that in the classics’ the juries and judges focuses in the forensic proof of crime which is in general tangible and material proofs as blood, DNA analyse, surveillance cameras recording …etc.
Considering Cyber-crimes the approach is the same i.e. trying to clarify the situation and proof that a crime occurred. However, the type of proofs changes in such situations the different types available can be access logs, trace, alerts generated by firewall or security experts’ analyses.
My personal point of view in the different steps to gather forensic evidences can differ from situation to another or from type of attack to others. Attacks can be related to a network intrusion, data alteration, software security cracked, bank accounts hacked …etc.
In the case of data alteration for example, providing an evidence of a cyber-crime can be as follow.
1. Once an intrusion to the system is detected or suspected, operations should be stopped or at least minimized.
2. Investigating the breaches used to access the network (in case the attack came from outside).
3. Making if possible a comparison between any stored data (in general backups) and the data that got altered.
4. Asking (if possible and needed) for the exact identity of the outside attackers.
5. Trying to estimate the damages caused by this alteration of data.
6. Provide a complete report to the court and if possible adding an extra evidence of attack that can be an analyse of the system by a security specialized company (Sumit,G 2010).
This approach can be completely different in the case of software protection crack or any other different type of attack.
In Algeria, government has recently created an authority called the Cyber-Brigade which is consisted in majority of security specialist and lawyers who can be able to determine and provide the court with a consistent and evidence proofs of cyber-crimes. In many cases, lawyers in cyber affaires ask for an analyse and report from the cyber-brigade as the judges have limited knowledge in this field.
Anthony,R and Kevin,O. (2007) Cyber Crime Investigations: Bridging the Gaps Between Security Professionals.
Sumit,G (2010) Cybercrimes: A Multidisciplinary Analysis. ISBN:978-3-642-13546-0.