Cybercrime Case Study

Introduction

Cybercrime has advanced with the progressing advancement of the current technology. However, the law implementation has placed a lot of efforts to move with cybercriminals' innovation. Cybercrime has been a serious problem, particularly for E-commerce and financial institutions websites. Cybercriminals do all their delinquencies online with distance as their motivating factor. Collecting date is their instant reward while the financial advantage is at a later period. Utilizing social learning model as an exploratory director, this article offers a case study of an example of a cybercrime. Furthermore, this is a heuristic survey which investigates various offenders who decide to personalize and employ similar PayPal phishing kit known as the hadidi44-2 due to the existence of that distinct filename. This case study provides a clear picture of how cybercriminals trail different actions and undertake deviant activities by using open source intelligence technique to do the study while explaining it under differential association model.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Theoretical Explanation

Historical criminological philosophies have often been utilized to describe cybercrime for over three centuries. Nonetheless, these philosophies relate to spontaneous decisions instead of knowledge results. Social learning philosophies are a subunit of social procedural theories. They try to explain crimes via the influence of communal factors into the moral growth of people. Specifically, social learning theories, describe how the contact among peers or clusters creates a background for criminal actions. Moreover, these philosophies suggest that offenders acquire behavior through social communication comprising knowledge sharing via physical activities and support of ethical attitudes and codes to crimes (Hawdon, 12). Thus, in this context, these models can subsidize explanation to cybercrime.

PCs offer some service and open source communication hub since a universe within it encompasses various communities. The varieties of benefits present in the cyber universe comprise a rich subcultural centered on deceitful intent. The prosperous cybercriminals need entree to a broad selection of capabilities, devices, and information which is difficult to obtain in separation (Blum et al., 23). Thus, one may conclude that social learning philosophies offer a straightforward background for describing the manner in which criminals share devices and knowledge and more essentially, the process of establishing appropriate attitudes as well as cluster-reinforcing explanations to involvement in crimes. Additionally, social learning theory encompasses various sub-philosophies. The most appropriate in explaining this case is differential association model in respect to the world of cybercrime (Hawdon, 13).

In Criminology and Sociology fields, the differential association model is an example of social learning philosophy. It was established by a great scholar in 1939 known as Edwin Sutherland. It suggests that criminality, in a greater section denotes as socialization procedure (Hawdon, 14). Short for discrepancy connection with the patterns of anti-criminal acts and criminals, it adopts a broad view that human beings study to be involved in crime due to exposure to illegal attitudes and behaviors via connection with trusted and close individuals. Additional study in this model shows that the notion that learning illegal acts is a procedure which is the same as learning any form of conduct. According to Hawdon (15), the model is constructed upon various nine core concepts which include:

• Illegal conduct is erudite
• Unlawful conduct is learned via contact with other individuals
• Learning conduct occurs within close individual clusters
• Learning illegal behavior encompasses methods of performing the delinquency and directions of attitude, rationalizations, drives, and motives
• Motives and drives directions are acquired from the description of legal conduct as unfavorable or favorable
• Differential relationships differ in intensity, priority, time, and frequency
• The procedure of learning illegal conduct through contact with offenders and anti-criminals designs comprise every technique, involved in other acquisitions (Yip et al., 513).
• The procedure of learning illegal conduct reveals overall requirements and standards. However, it is not exempted by this since non-criminal acts reveal similar values and needs.

Among these concepts, the differential association is often utilized in explaining a broad variety of cybercrimes which extends from terrorism to cyberbullying and online theft (Blum et al., 26). Therefore, the differential association philosophy governs the hadidi44-2.php phishing kit incident by acting as a background to comprehend it.

Case History

For the purpose of this phishing kit case called hadidi44-2.php, the term phishing may be demarcated as utilizing deceiving emails to trick intended parties to disclose and redirect their personal data, for instance, social security numbers, passwords, usernames, and addresses among other information into a fake website. Most organizations have incorporated online techniques of banking, commerce as well as online traders shifting to emails as the cheapest and efficient technique of maintaining connections with their clients. Furthermore, this standardization of email is the desired methodology particularly for client-facing connections which has established a novel gap for offenders (Alazab et al., 205). This is because customers currently anticipate receiving significant notices and reminders from their online merchants through emails. This has derived the requirement for offenders to be physically around their victims to perform their complex financial criminalities.

Currently, phishing has resulted in millions of dollar corporation encompassing cybercriminals sects globally. They have collectively hoarded numerous personal data from unsuspecting individuals yearly and utilized such information to exploit the finances of their victims or for theft identity. According to a survey conducted by Alazab et al. (204), approximately three hundred emails in circulation within the internet were thought to confine components connected to phishing. The survey also reported in 2011 that there was 279, 580 phishing attack experienced which is an increase of 40 percent of discovered cases in the 2012 report.

The highest demanded site resembled the login website pages of many United States centered banks. Furthermore, this data reveals the reason survey in a financial organization phish like PayPal is essential for a better comprehension of cybercriminal distribution mechanism. Drawing from the RSA January 2012 phishing article, in 2011, phishers maintained their concentration on performing deceit against financial institutes (Parmar, 8). This article revealed that financial institutes topped the rank of organizations which had their websites aimed at most of the phishing bouts. Monetary institutes fight phishing through two techniques. These include by contracting takedown organizations or internal cybersecurity specialists which eliminate crucial phishing web pages when discovered (Parmar. 10). Nonetheless, with an enhanced comprehension of cybercrime via present social learning models, it is possible to battle phishing before it occurs (Yip et al., 518).

Case Brief

Specialists on the PhishOps team perform jointly with relevant corporate detectives and law enforcement to determine clusters connected to phishing websites. This is due to their fame concerning some groups of phishing sites. In this case, personal phishing kits were selected for investigation due to various reasons such as being connected to specific monetary loss or in reaction to an investigator's request. The kit was selected because of a sudden increase in its prominence. In April 2011, over forty phishing websites resembling PayPal were discovered to utilize similar phishing kit. The only alteration between the two types was on the drop email to obtain the stolen information (Yip et al., 520). The system file which sends emails to offenders is termed as lab parlance. Due to the necessity for reference convenience, the kit was denoted as the term of its performance file that is hadidi44-2.php. Furthermore, it was discovered utilized to establish at least 275 phishing websites from January 2011. Various ninety-six kit versions were also discovered centered on the uniqueness of performance file where the most famous kit type was employed thirty-one times (Alazab et al., 205). For the purposes of investigations, ninety-nine distinct emails were extracted from ninety-six hadidi44-2 kits.

The idea of ninety-nine people each selecting to refer their performance folder hadidi44-2.php proved doubtful. Furthermore, this gave the investigation triple distinct results. Alazab et al., (205), states these results as kit being easily accessible through the internet where some motivated offenders could obtain and utilize it, the developer of the kid had various email address accounts and spread the kit from different aliases plethora, and it was dispersed among the cybercriminal communities particularly those who shared their devices and methods with each other. Through email investigation, the connection between these offenders could be defined and detecting the initial hadidi44-2 may be essential in explaining if the convicts behind such address had a connection with each other as advocated by the differential association philosophy (Yip et al., 520).

Once extraction of the ninety-nine distinct emails from the phishing set was complete. Every single address was investigated via various open cause intelligence techniques. Among them is Paterva's Maltego commodity. It utilizes a sequence of predefined converts to explore various sources of information for significant data and then graphically show the connection established among searched items when they reveal similar findings. It was found that they were connected emails due to some motives (Yip et al., 521). Several emails were discovered on similar hacked sites where the hackers had presented team colleagues' emails as graffiti type. Whereas others were discovered to relate to individuals of a famous hacking website or have been employed as administrative emails for the sites.

A major finding from the Maltergo search generated extra identities or aliases employed by an identical hacker. It yielded over fifty outcomes for the email [email protected] containing proof which the email was utilized to sign up for the site Kitkat.cr. Besides, this person additionally employed the pennames [email protected] and [email protected] (Alazab et al., 206). These emails were found in the initial ninety-nine44-2 emails list. Furthermore, this specific person was tangled in hacking activity. It is additionally recognized that this offender employed the email [email protected] to sign up a domain known as tahasocial.com, a forum for online hacking. This forum contains various associates' targeted emails such as [email protected], [email protected], and [email protected]. These email addresses additionally receive stole personal data from various types of hadidi44-2.php performance file.

An additional search engine utilized in this case was Google to discover extra data on the phishers and evidence to points where they pooled their devices. Through searching the earlier mentioned email address [email protected], it was evident that it employs the alias termed as Zakarati which is a famous Arabic hacking site, Sa3ake. Sa3ake revealed to be famous among the group of offenders, alongside various Arabic web designs forums, for instance, traid.net (Alazab et al., 207). Besides, these sites were discovered to establish most of the connection between the criminal website. This dete...