Table of Contents
- Types of Computer Crimes
- Prevalence of Computer Crime in Singapore
- Repercussions of undetected computer crimes
- Criminal Investigations that can be initiated
The use of internet is increasing rapidly. It has brought much convenience in accessing information and advantages in every sector of our lives - be it industrial, entertainment, business, education or transport. However, it also became a breeding ground for illegal activities, such as growing acts of computer crime.
This report looks into computer crimes, its variations, the motivation behind such crimes, and its impact and repercussions on both personal and corporate levels.
Computer crime, alternatively known as cyber crime, is a crime that involves malicious use of digital technologies to harm others. There are many different types of computer crimes with varying severity and motives behind them. Below are some common types of computer crimes:
Types of Computer Crimes
Computer fraud is the act of using a computer to take or alter electronic data, or to gain unlawful use of a computer or system. Some examples are:
- Distributing hoax emails
- Accessing unauthorized computers
- Engaging in data mining via spyware and malware
- Hacking into computer systems to illegally access personal information, credit card and/or passwords
- Sending computer viruses or worms with the intent to destroy or ruin another party's computer or system.
Unauthorised Hacking is an attempt to exploit a computer system or a private network inside a computer. In layman terms, it is unauthorised access to or control over computer network security systems for some illicit purpose.
People who take over or hack into the computer for personal gains are called black hat hackers. These are the hackers who destroy, steal or even prevent authorised users from authorised users from accessing the system. This is usually done through finding loopholes and vulnerabilities in the targeted victim’s computer system.
It is referred to as the deliberate use of somebody else’s identity, such as their name, identity card, or their credit card without their permission, to commit fraud and/or other such crimes.
Scam is defined as a confidence game or other fraudulent scheme, especially for making a quick profit; swindle
To elaborate further, a scam is something designed to trick innocent people into giving away their money, personal details or data by offering an attractive deal or false information.
The Top 5 scams that commonly take place are as follows:
- Online Purchase Scam
- Internet Love Scam
- Impersonation Scam
- Investment Scam
- Credit-For-Sex Scam
The sale of data is illegal if the user does not consent for the company or organization to sell their data or if it not from a public site. If the crime is committed, heavy fines and severe penalties will be placed on the company or organization.
Profiles of Computer Crimes
There are many types of hackers in the cyber world. The examples of the types of hackers are:
- Black Hat Hackers
- Identity Thieves
According to investopedia.com, Identity theft is the crime of obtaining the personal information or financial information of another person for the sole purpose of assuming that person’s name or identity to make transactions or purchases.
Internet Stalkers (Cyberstalking)
Cyberstalking is a crime in which the attacker harasses a victim using electronic communication, such as email, blog sites or discussion groups in apps such as Discord and Telegram.
A cyberstalker usually relies upon the anonymity the Internet provides in order to stalk their target while being undetected.
The difference between a regular spammer and a cyberstalker is that a spammer would target multiple recipients with very annoying messages whereas, a cyberstalker would target a specific victim with threatening messages.
Phishing is associated with activities that are considered fraudulent and stealing of personal information on the internet
These are hackers or scammers who send suspicious pop-ups and emails to random computer users around the world. These scams mostly take place through sending emails. An example of such emails would be asking its users to update their account particulars through a link which is similar to a trusted company/organisation (for example: w321.steam.org instead of www.steam.org)
Cyberterrorism is defined as “The use of computer network tools to harm or shut down critical national infrastructures”. They will usually try to bring down a website through DDosing or replace the entire website with their own website with subliminal messages to spread fear and presence.
White Hat Hackers
White Hat Hackers are a type of hackers that are paid to hack government or organizations in order to find and patch exploits. They do more good than evil. One difference that sets them aside from black hat hackers is that the owner of the computer systems in government or organizations give them permission to hack the system. They do something called penetration testing in order to try to gain access to these systems.
Grey Hat Hackers
These hackers are neither black hat or white hat but instead an in between of the both of them. They usually look for vulnerabilities in a system of an organization illegally and without their permission. If an issue or exploit is found, they will report it to the owner and usually ask them for a small fee to fix the issue. If the owner refuses to pay or comply, the hackers will post these vulnerabilities online for the rest to see. These hackers do not exploit themselves but hacking into the system without permission is still illegal.
Motivations behind Computer Crimes
Most of the crime on the internet is fueled by the desire to get money. Money is source for all problems in life. Hackers will access banks or organizations to either get information to sell to the highest bidder or directly access into bank accounts to transfer money into an off-shore bank account where it would be difficult to trace. Another type of crime is phishing through the usage of fake banking website that steals personal information. Yet another type of crime done is through scams.
Sometimes, reasons for doing crimes do not involve money and instead to spread ideologies. Groups like ISIS have hackers hack into government websites and take it down to replace it with their own with subliminal messages and ideologies in order to spread fear.
Another reason for doing crimes in for politics. Some politicians or hardcore supporters will try to take down websites of their oppositions to hinder their chances of winning the elections.
Not only about certain views about politics that could be the motivation but also changes in laws and regulations that could cause certain groups to be unhappy and dissatisfied and rebel against the government.
One such case are the 2013 Singapore Cyberattacks. The hacktivist organisation “Anonymous” with represent member known as “The Messiah” hacked several Singapore websites such as the website for seletar airport and 13 schools, which all school’s website were hosted on the same server. The reasoning for the attacks was due to the regulations made by Media Development Authorities (MDA) concerning censorship in websites about racial or religious harmony.
As stated by MDA:
“websites with at least 50,000 unique visitors from Singapore every month that publish at least one local news article per week over a period of two months... will have to remove 'prohibited content' such as articles that undermine 'racial or religious harmony' within 24 hours of being notified by Singapore's media regulator”
This made James Raj, the alleged “The Messiah”, to cause these attacks and on 12 November 2013 was charged in Singapore Court.
Fun and Curiosity
Sometimes hackers hack out of boredom and not for any gain. An example was when some ambitious pranksters figured out how to get into electronic road signs in San Francisco in 2014. They had re-programmed the messages to read “GODZILLA ATTACK – TURN BACK!” Thankfully, no accidents were caused by drivers fleeing giant radioactive lizards, but it still caused a lot of confusion.
Furthermore, some people who are curious about hacking may accidently take down a website when experimenting with tools they found on the internet. The people causing the crime are usually script kiddies, people who have little to no experience in hacking and uses scripts or hacks downloaded on the internet.
Prevalence of Computer Crime in Singapore
The computer crime in Singapore is very prevalent as computer crime continues to rise, even when common computer threat detected saw its decrease in 2018 compared to 2017.
The Singapore Police Force reported that 6,179 cases of computer crime were reported in 2018, accounting for 19 percent of the overall crime in Singapore. 1,204 cases were investigated under the Computer Misuse Act, which is a 40 percent increase as compared to 2017.
2,125 cases of e-commerce scams were reported in 2018, causing victims to lose about a total of S$1.9 million. Carousell is the main platform of 70 percent of such scams, involving electronic products and tickets to events and attractions. There is an increase in business email impersonation scams. It is observed that there were 332 cases in 2017 when compared to 378 cases in 2018, causing close to S$58 million loss to businesses, a 31 percent increase from 2017 to 2018.
Even though Computer Crime cases continue to climb, the Common Cyber Threats were observed to have decreased in 2018 when compared with the year before.
The number of detected website defacements have decreased significantly from 2,040 in 2017 to 605 in 2018 and most of the defaced websites belonged to small and medium enterprises.
There were 16,100 phishing URLs with a Singapore-link in 2018, it is a decrease of 30 percent as compared to 23,420 in 2017.
90 percent of the spoofed companies in 2018 are banking and financial services, technology and file hosting services.
There is a slight decrease in reported Ransomware cases in 2018. 21 cases were reported to CSA in 2018 compared to 25 cases in 2017.
However, Europol warned that targeted attacks on specific organisation using ransomware such as GandCrab and SamSam may become prevalent.
In February 2018, GandCrab has infected a private financial institution in Singapore.
Command and Control(C&C) Servers
The CSA have observed a 60 percent decrease of unique C&C servers. In 2018, 300 unique C&C servers were detected and 2,900 botnet drones with Singapore IP address were observed on a daily basis. 5 out of 470 detected malware variants account to half of the observed infections.
This may indicate that users have not adopt protecting measures such as patching systems and using anti-virus software.
Repercussions of undetected computer crimes
The impacts of undetected computer crime can vary depending on the crime committed, but is generally very huge. Because of how information is accessed and stored today, undetected computer crimes will greatly affect our jobs, our money, our community and our lives.
One impact of cybercrime is a breach of privacy, where an individual’s personal information is revealed or stolen. Identity theft and phishing scams or any quick-profit scams are the types of cybercrime that mainly works on a personal level.
Example: More than 50 people have fallen victim to phishing SMS purportedly sent by DBS or POSB bank. The link the SMS lead them to fraudulent websites where they were deceived into providing their Internet banking details.
The corporate world is also heavily affected by cybercrime as attacks are commonly targeted at companies for their valuable data. Businesses suffer significant financial and reputational loss from computer hijacks, denial-of-service attacks, malware, and more.
One example of such case is with SingHealth getting hacked for the information of 1.5 million SingHealth patients. The group, identified as WhiteFly, had breached SingHealth’s database and had stolen 1.5 million users data and personal information. The data stolen could have been used to sell to others for money or to gain valuable information of certain individuals for their malicious intent.
Criminal Investigations that can be initiated
A criminal investigation is something which involves the study of facts or traces that are then used as evidence during criminal court crimes.
According to the Criminal Procedure Code, if a person acting on a warrant any police officer has reason to believe that the person to be arrested is in a particular place, the person residing there or having charge of the place is required, on demand,
To allow the person making the arrest, free entry to their place
To provide the investigator/officer all reasonable facilities to enable a search to be conducted at the suspect’s location
However in Section 77(4), if entry cannot be gained, the person making the arrest may “break into the suspect’s house” once he has notified the person residing in or having charged to the residence.
In Section 39(1), the police officer investigating an arrestable offence may access and inspect a computer, or search for data in that computer, suspected to be used in that offence.
In Section 39(2), the police officer can require assistance from any person using that computer in connection with the offence, or any person in charge of that computer.
In Section 40(2)(a), in addition to the powers under Section 39, the police officer responsible for investigating an arrestable offence shall be entitled to access information, code or technology for unscrambling encrypted data into readable text for investigation.
In Section 40(2)(b), the police officer in charge can request any person to provide him with technical assistance for purposes of unscrambling seized encrypted data.
In Section 40(2)(c), the police officer can require any person to be in possession of decrypted information to grant the police access to that information.
WIth the rise of instant access to information, one can easily get a hold of millions of information on the internet. With that being said, the internet has become a gateway to tutorials for cybercrime.
In the digital age, crime syndicates have access to more complex methods to hold illegal activities without being caught. Scams, identity theft and fraud can be easily take place through the medium of emails and online chat applications where the usual victims are older, less tech-savvy adults. In addition, cyber terrorists use anonymous online forums to spread and recruit users to their religious or political beliefs.
But, not all hackers are evil, there is a type of hackers called White Hat Hackers who work for good instead of evil unlike Black Hat Hackers. White Hat Hackers find hack to find exploits and vulnerabilities with permissions whereas Black Hat Hackers are online criminals that hack for their own benefit.
There are reasons why Black Hat Hackers commit computer crimes, such as for financial gain, grudges, political motivation and terrorism. However, certain people called ‘script kiddies’ which are amateur hackers that have limited knowledge commit crimes for either fun or for their curiosity.
Back at home, Singapore has also faced its fair share of cyber attacks. The threats of cyber attacks may have been lower in 2018 compared to 2017 but cyber crimes have been on a rise involving online scams and business email impersonation scams.
Incidents and statistics:
- Hariz B., 2019, Singapore Red Cross website hacked, over 4,200 affected, [Online]. Available at: https://www.straitstimes.com/singapore/spore-red-cross-website-hacked-over-4200-affected
- TODAY, 2018, Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth, [Online]. Available at: https://www.todayonline.com/singapore/hackers-stole-medical-data-pm-lee-and-15-million-patients-major-cyber-attack-singhealth
- CNA, 2018, More than 50 DBS customers fell for phishing SMSes in last two months, [Online]. Available at: https://www.channelnewsasia.com/news/singapore/phishing-scam-dbs-posb-customers-fake-sms-police-10957456
- CSA, 2018, Fewer Cases of Common Cyber Threats Detected in Singapore in 2018, [Online]. Available at: https://www.csa.gov.sg/news/press-releases/fewer-cases-of-common-cyber-threats-detected-in-singapore-in-2018
- Jeanette Tan, 2013, Hacker 'The Messiah' claims attack on Singapore govt sites, repeats ‘Anonymous’ cyber threat, [Online]. Available at: https://sg.news.yahoo.com/hacker--the-messiah--claims-attack-on-singapore-govt-sites--repeats-%E2%80%98anonymous%E2%80%99-cyber-threat-090023141.html
- Amanda Lee, Tiffany Yap, David Ngiau, 2013, Suspected ‘Messiah’ hacker charged in court, [Online]. Available at: https://www.todayonline.com/singapore/suspected-messiah-hacker-charged-court
- 2015, Cyber Crime Chapter 1, [Online]. Available at: https://shodhganga.inflibnet.ac.in/bitstream/10603/175612/9/09_chapter1.pdf
- Lillian A., 2018, Data Thieves: The Motivations of Cyber Threat Actors and Their Use and Monetization of Stolen Data, [Online]. Available at: https://www.rand.org/content/dam/rand/pubs/testimonies/CT400/CT490/RAND_CT490.pdf
- Bhattacharjee R., 2016, SF Traffic Sign Warns of 'Godzilla Attack', [Online]. Available at: https://www.nbcbayarea.com/news/local/Hacked-San-Francisco-Message-Board-Warns-About-Godzilla-Attack-259449961.html
- Computer Hope, 2018, Computer crime, [Online]. Available at: https://www.computerhope.com/jargon/c/compcrim.htm
- Norton, What is the Difference Between Black, White and Grey Hat Hackers?, [Online]. Available at: https://us.norton.com/internetsecurity-emerging-threats-what-is-the-difference-between-black-white-and-grey-hat-hackers.html
- Norwich University Online, 2017, Who Are Cyber Criminals?, [Online]. Available at: https://online.norwich.edu/academic-programs/resources/who-are-cyber-criminals
- The Economic Times, Definition of 'Hacking', [Online]. Available at: https://economictimes.indiatimes.com/definition/hacking
- Scam Alert, Types of Scams, [Online]. Available at: https://www.scamalert.sg/types-of-scams
- PInow.com, Criminal Investigations, [Online]. Available at: https://www.pinow.com/investigations/criminal-investigations
- Matt H., 2017, What are the motives behind cyber-attackers?, [Online]. Available at: https://www.cgsinc.com/blog/what-are-motives-behind-cyber-attackers
- Panda Security, 2018, Types of Cybercrime, [Online]. Available at: https://www.pandasecurity.com/mediacenter/panda-security/types-of-cybercrime/
- Margaret R., 2007, Cyberstalking, [Online]. Available at: https://searchsecurity.techtarget.com/definition/cyberstalking
- Criminal Procedure Code (last updated 2019), [Online]. Available at: https://sso.agc.gov.sg/Act/CPC2010