| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
ТЕМА 13. Противодействие киберпреступностиUnit 13
Combating cybercrime
The world is constantly developing new technologies and has a big reliance on technology. Most smart devices are connected to the Internet. There are benefits and there are also risks. One of the risks is the big rise in the number of cybercrimes. Cybercrime is any criminal activity that involves a computer, a network or a networked device[1]. Cybercriminals are offenders who use their skills in technology to commit cybercrimes. Cybercrimes can be committed by individuals or organizations. Some cybercriminals are organized, use advanced techniques and are highly technically skilled. Others are novice hackers. Most cybercrimes are committed by cybercriminals for profit. Cybercriminals are widely available in what is called the dark web, or the dark net, where they provide their illegal services or products. But sometimes cybercrimes aim to damage computers or networks for other reasons: political or personal. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal information, disrupt services, and cause financial or reputational harm to individuals, organizations and governments. Cybercrimes can target individuals (e-mail and internet fraud, identity fraud, phishing, spoofing, cyber stalking, etc.), organizations (theft and sale of corporate data. cyber extortion, etc.), property and the economic system (theft of financial or card payment data, cryptojacking, copyright infringement, etc.), the government and the society (cyber espionage, cyber terrorism, etc.) Cybercrimes can be divided into two main categories. Cybercrimes that target computers are usually associated with the use of viruses and other types of malware. The examples of such crimes are infecting computers with malware to damage devices or stop them working (malware attacks), denial-of-service (DoS) attacks and distributed DoS (DDoS) attacks (cyber-attacks when legitimate users are unable to access information systems, devices or other network resources). Cybercrimes that use computers to commit other crimes are identity theft, identity fraud, cyber extortion, cyber espionage, cyber terrorism, etc. Identity theft is committed when cybercriminals steal somebody’s personal details (login credentials, bank account numbers, etc.) and identity fraud occurs when those details are used to commit fraud. Criminals often use phishing, vishing and spoofing to commit these crime. Phishing is a type of social engineering attack and a scam that targets the users by sending fake messages, emails, and links (which seem to be from a trusted source, such as a bank or a government agency) to get sensitive information about them. Creation and use of such fake messages, emails, etc. is called spoofing. These messages often redirect to a fake page where the user is asked to enter his/her login credentials, which can further be used to steal money or for other purposes. Vishing (short for voice phishing) uses fraudulent phone calls to trick victims into providing personal information, like login credentials, credit card numbers, or bank details. Swatting is a term used to describe the action of making hoax phone calls to report serious crimes to police or emergency services. People who carry out a swatting prank call aim to fool emergency services into sending a Special Weapons and Tactics (SWAT) team to respond to the supposed emergency. Cyber extortion is the demand for money by cybercriminals to give back some important data they've stolen or stop doing malicious activities such as DDoS attacks. Cyber espionage is the unlawful access to government or company data. Cyber terrorism is an act of terrorism committed by the use of cyberspace or computers. Cybercrime is a global problem. Cybercrime is almost always a cross-border activity, with criminals targeting victims in foreign countries to reduce the risk of arrest. Many cybercriminals are based in countries where laws against cybercrime are not as strict as they are in other parts of the world. All that makes it difficult for law enforcement agencies to detect, locate and apprehend them. To solve cybercrimes police agencies should keep abreast of technological development, use modern advanced techniques such as AI-driven forensic software, etc. Cyber security requires cooperation between many states as well as between public, private, and international organizations within a country. It also requires individual security measures such as the use of anti-virus software and keeping it updated, the use of strong passwords, etc. Only through the joint efforts of different countries and the police, the state and citizens in every country can cyber threats be effectively countered.
[1] https://www.techtarget.com/searchsecurity/definition/cybercrime
А Exercise 1. Translate the following words and word combinations into Russian: networked device, novice hackers, advanced techniques, identity fraud, card payment data, cyber extortion, spread malware, to take a look at, areas of urgent need, account hijacking, to be on the rise, to address concerns, fraud and cyber espionage.
Exercise 2. Match English and Russian equivalents:
Exercise 3. Complete the sentences: 1) Cybercrime is a criminal activity that either targets or uses a … . 2) Cybercrimes are carried out by … . 3) Cybercrime that targets computers … . 4) … both categories of cybercrime at once. 5) … are all areas where criminal activity appears to be on the rise. 6) Officers can then take that data and use it to investigate … . 7) … contain a wealth of information. 8) The software can identify patterns in very complex data sets and … .
Exercise 4. Agree or disagree: 1) All cybercrimes are committed by cybercriminals or hackers who want to make money. 2) Cybercrimes are carried out by individuals or organizations. 3) Often, cybercrime aims to damage computers for reasons other than profit. 4) Cybercrime that targets computers to commit other crimes may involve using computers or networks to spread malware, illegal information or illegal images 5) Sometimes cybercriminals conduct both categories of cybercrime at once. 6) Agencies should begin by assessing areas of urgent need. 7) To commit these scams, agencies must be able to trace cryptocurrency on the darknet and quickly identify instances in which data may have been compromised. 8) Officers can take data and use it to investigate the incident and mitigate the damage. 9) By first collecting the data, and then using AI-driven forensic software to analyze it, police officers can make use of their digital evidence faster than ever before.
Exercise 5. Answer the questions: 1) What is cybercrime? 2) Why are cybercrimes committed? 3) Who can commit cybercrimes? 4) What are the main types of cybercrime? 5) How can law enforcement agencies combat cybercrime? 6) Why should law enforcement agencies develop a cyber-defense plan? 7) How can use of intelligence tools help law enforcement agencies? 8) How can AI help law enforcement agencies to combat cybercrime?
B
Exercise 1. Insert the required tense forms (Passive Voice): 1) The case of murder (to investigate) last year. 2) Penalties (to impose) on convicts according to the law. 3) The juvenile (to arrest) by the police, but now he (to release). 4) The verdict (to give) by the jury and the sentence (to pass) by the judge. 5) The verdict (to discuss) still by the jury. 6) The evidence on the case (to collect) still by the investigator. 7) The suspect (to arrest) just by the police inspector. 8) The trial (to close) by the judge by the time we came to the court. 9) This terrible crime (to prevent) by the measures taken by the police. 10) Different kinds of offences (to reflect) in Crime Statistics. 11) The Common law offences (to codify) by 1986.
Exercise 2. Translate the sentences paying attention to the use of the non-finite forms of the verb. 1) A hacker always wants to get your personal information. 2) Programs sending ads on email are called phishing 3) Hackers mine cryptocurrency using resources they do not own 4) Criminal activity targeting computers using viruses and other types of malware 5) Criminals may also use malware to delete or steal data 6) Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. 7) Cybercriminals who are carrying out cyberextortion may use the threat of a DDoS attack to demand money 8) Anti-virus software allows you to scan, detect and remove threats before they become a problem.
Exercise 3. Translate the following sentences paying attention to the tense forms: 1) The word “lawyer” describes a person who has become officially qualified to act in certain legal matters. 2) If a person has a legal problem, he will go and see a solicitor. 3) The number of solicitors in Britain is increasing. 4) The solicitor deals with petty crimes and some matrimonial matters in Magistrate’s Courts. 5) Mr. Smith is a well–known solicitor who has gained a lot of practical experience. Preparing documents. 6) When a person has passed all the exams necessary to become a solicitor, he may apply to the Law Society to be “admitted”.
C
Exercise 1. Read and translate the text: Distributed DoS attacks
DDoS attacks are carried out with networks of Internet-connected machines. These networks consist of computers and other devices (such as IoT devices) which have been infected with malware, allowing them to be controlled remotely by an attacker. These individual devices are referred to as bots (or zombies), and a group of bots is called a botnet. Once a botnet has been established, the attacker is able to direct an attack by sending remote instructions to each bot. When a victim’s server or network is targeted by the botnet, each bot sends requests to the target’s IP address, potentially causing the server or network to become overwhelmed, resulting in a denial-of-service to normal traffic. Cybercriminals who are carrying out cyberextortion may use the threat of a DDoS attack to demand money. Alternatively, a DDoS may be used as a distraction tactic while other type of cybercrime takes place. A famous example of this type of attack is the 2017 DDoS attack on the UK National Lottery website. This brought the lottery’s website and mobile app offline, preventing UK citizens from playing.
Exercise 2. Read and retell the text: Malware attacks A malware attack is where a computer system or network is infected with a computer virus or other type of malware. A computer compromised by malware could be used by cybercriminals for several purposes. These include stealing confidential data, using the computer to carry out other criminal acts, or causing damage to data. A famous example of a malware attack is the WannaCry ransomware attack, a global cybercrime committed in May 2017. Ransomware is a type of malware used to extort money by holding the victim’s data or device to ransom. WannaCry is type of ransomware which targeted a vulnerability in computers running Microsoft Windows. When the WannaCry ransomware attack hit, 230,000 computers were affected across 150 countries. Users were locked out of their files and sent a message demanding that they pay a BitCoin ransom to regain access. Worldwide, the WannaCry cybercrime is estimated to have caused $4 billion in financial losses.
Exercise 3. Read and retell the text: Phishing
Phishing campaign messages may contain infected attachments or links to malicious sites. Or they may ask the receiver to respond with confidential information A famous example of a phishing scam from 2018 was one which took place over the World Cup. According to reports by Inc, the World Cup phishing scam involved emails that were sent to football fans. These spam emails tried to entice fans with fake free trips to Moscow, where the World Cup was being hosted. People who opened and clicked on the links contained in these emails had their personal data stolen. Another type of phishing campaign is known as spear-phishing. These are targeted phishing campaigns which try to trick specific individuals into jeopardizing the security of the organization they work for. Unlike mass phishing campaigns, which are very general in style, spear-phishing messages are typically crafted to look like messages from a trusted source. For example, they are made to look like they have come from the CEO or the IT manager. They may not contain any visual clues that they are fake.
D
Combating cybercrime
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| © Академия Министерства внутренних дел Республики Беларусь Электронный учебно-методический комплекс | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Distributed DoS attacks (DDoS) are a type of cybercrime attack that cybercriminals use to bring down a system or network. Sometimes connected IoT (internet of things) devices are used to launch DDoS attacks.
A phishing campaign is when spam emails, or other forms of communication, are sent en masse, with the intention of tricking recipients into doing something that undermines their security or the security of the organization they work for.