Digital Evidence and Computer Crime

Hackers Gaining Access through Social Media

Recently, social networks such as Facebook, Twitter, and MySpace have become significantly popular. Individuals, as well as enterprises, increasingly use social media to connect with the outside world including friends and clients respectively. In fact, the growth of some of the social media sites such as Facebook has tremendously become popular, with more than 2.07 billion monthly active users (Statista, 2017). Twitter and Google+ are also growing at a high rate, with Twitter having more than 330 million monthly active users (Statista, 2017). Virtually, organizations depend on their workforce to use technology to perform their job. Most of the times, there is a need to trust workers with sensitive data. Yet, a considerable number of all users of social networks are more likely to post information that can place them at a high risk of being targeted by cybercriminals. In recent times, Kleidermacher and Kleidermacher (2012) note that social engineering attacks have become not only common but also increasingly sophisticated. Hackers are now devising new and cleverer ways of getting into unsuspecting employees or individual’s social media networks and laying their hands into valuable company data. In light of this, we first review the different ways in which, hackers are gaining access to social media. Then we provide an overview of the impact of hackers gaining access through social media with a highlight of current issues. Lastly, we consider the role of computers in digital crime and how organizations can ensure that cybercriminals are prosecuted.

Ways Hackers Gain Access through Social Media

Essentially, the majority of the companies now allow employees to use social media, while others that restrict its use have employees doing it behind their back. Social engineering, malware, and spam attacks are on the rise as cyber criminals target social media to gain access to company data or even individual information. Usually, hackers accomplish their mission by applying various tactics focused at luring social media users to give out sensitive information, which they later use to compromise the security of an organization or individual accounts and gain unauthorized access.

Phishing Scams

Hackers use phishing scams to gain access or establish communication between them and their target victim to access private information such as credit card numbers, passwords or to simply obtain an individual’s or company network. Identity theft is a lucrative business because it rewards the criminal efforts and the probability of being caught is minimal since the victim is likely to take time before they understand what happened. Normally, hackers accomplish their mission by searching through social media networks to find important information such as favorite colors, pet names, or any other information that can be useful to help them hack through a public or private system (Herring, 2015). Email accounts and bank accounts have been hacked through this method and changes made into important accounts or financial arrangements made, with the potential of harming the victim. While more and more people are now aware of phishing, the fraud still works and for various factors. For instance, fraudsters understand that people want to believe that they are helping others. By playing on individual’s naïve altruism, scammers get others to fund their crimes. Similarly, hackers rely on people’s credulity to play with their mind and emotions seeking some quick money. Phishing can happen to anyone including the tech-savvy social media users. In this case, hackers may use a person’s known friends with a message familiar enough such as one seeking for help to entice the victims to click on it. Once people click on the link, the message is likely to reveal more information that requires further action and perhaps long enough to allow a security break for the hackers. In most cases, fraudsters stealing identities combine data extracted from social media with personal information available on the web to execute their criminal activities.

Using Trojan horse

Trojan horse is a malware that hides or masquerades as a useful program and uses its outward appearance to trick users into opening them (Solomon, 2014). The malware disguises itself as a program that performs useful tasks, while in reality, it is hiding malicious codes. Once the program is activated, the code executes with the permission and authority of the user to do what it was originally intended to do. Hackers understand this, and often slip a virus into the target computer. Once it is installed, the malware records everything the user does and sends it back to the criminals. Virtually, one of the most popular ways used by fraudsters to deliver Trojan horse is through email scams. For instance, an email can be sent showing it is from a shipping company, bank, or a reputable company, claiming that there is a problem with a transaction. In order to learn more, the user is tricked into opening the email attachment that may look like a normal file, but in reality, it contains a Trojan. Upon clicking the file, it installs on the machine, even before the user can do anything. Similar scams are being used on Facebook and Twitter. A user opens a funny video to watch. Instead, a popup appears wanting them to update their video player. However, the update file provided is, in fact, a Trojan horse.

Drive-by Downloads and Blackhole

Drive-by downloads can mean two things; downloads where the user is authorized but does not understand the consequences, and downloads that happen without the user’s knowledge (Johnson, 2016). The second usage is the most common among hackers. Drive-by downloads often involve injection or insertion of a malicious code through a website, to create a security vulnerability in browsers. Although a computer can have security software, it is likely that programs installed have one weakness that hackers can use to bypass security. Usually, this happens when victims visit certain websites, or from an email message, or a deceptive pop-up window. Once the malicious code is installed in the machine, it scans the computer for security holes, downloads a virus, and installs it. On the other hand, a black hole is a professional crimeware kit that is sold to cybercriminals due to its web administration capabilities (Holt & Schell, 2013). The method uses sophisticated techniques to generate malware, and it is very insidious due to its ability to escape antivirus detection. The other dark side of the blackhole is that it is continuously updated as a new vulnerability is detected.

Bypassing passwords

The ingenuity of cybercriminals is to try to find some ways to bypass a security system. Unlike in movies, where hackers guess account passwords, in real life, very few fraudsters do that. Instead, they prefer going around passwords. Usually, this is accomplished by extracting passwords from a data breach on a website (Krause & Tipton, (2016). Hackers can also bypass an account’s security question using information posted publicly, especially in social media.

Using open WIFI

Today, WLAN networks are increasingly common in public, commercial, and private settings. However, as the proliferation of these networks increase, it also creates a loophole for exploitation of users. According to a breach report by Verizon in 2012, cyber-security breaches reported in Australia, Ireland, UK, and U.S.A indicated more than 174 million records were compromised through cyber attacks (Pathan, 2016). Virtually, as Pathan further elaborates, the majority of users mistakenly think that their WIFI hotspots are secure, despite well-known cases of WIFI security. By using a WIFI network that is not encrypted, it means that other people can connect to the same network, and maybe view and record everything. They can also open websites and download illegal files to a user’s connection, which can be linked to criminal activities. 

Impact of Information leakage

Information held by organizations is assets. Whether it belongs to the organization or the company acts as a custodian for another entity, the information should be protected. The same applies to personal information or even employees’ information. When impacted negatively, a security breach occurs and may lead to loss of finances or reputation. Consequently, disclosing organization’s information to unauthorized parties could expose the organization to attack. The impact of these losses also includes the cost of repairing the damage and recovering from the mess.

Data Loss

As mentioned above, data held by an organization is critically important and may be at risk when hackers gain access. As Iosifidis and Wheeler (2016) point out, this includes property information such as contact lists, customer account details, customer card details, and corporate data among others. Loss of intellectual property including things such as trade secrets could resort to loss of organization’s competitive advantage.

Piracy and infringement

Intellectual property includes organization properties in digital form. According to Iosifidis and Wheeler (2016), the high number of users, low-cost technology, a large amount of processing power, and storage has made it easy for high quality and fast copying of digital media. This translates to a high number of potential copyright infringers. Book contents are the intellectual properties of a book publisher. In case hackers access contents of the book and post it to the internet as an e-book, the publisher is likely to lose sales due to free copies. Digital intellectual property also applies to digital copies of videos, movies, and music. Celebrities or film directors can lose sales due to infringed intellectual property when hackers gain access to such data. Infringement involves the use of copyrighted work without the permission of the legal owner. Use of copyrighted material without attributing the work to the rightful owner is a common exercise. While this may seem harmless, it can be damaging to the organization who are the legal owners.

Preventing Hacking through Social Media

According to a report by Business Wire (2016), almost two-thirds of U.S. citizens who use social media have had their accounts hacked. With more than 76 percent of adults using social media, this is a large figure for hackers who are always looking for victims. Users often manage organization social media accounts through their accounts, which makes it an easy target for hackers when they gain access to personal accounts. Nonetheless, there are several ways that individuals and organizations can prevent hacking through social media.

Educate employees

Privacy is a prevalent concern social media users should take into consideration as social networks become integrated into their daily life. As Miryala (2015) notes, with every like or follow on Twitter or Facebook, users may be drawing closer to enabling spam or illegal marketing practices. Unfortunately, in this era and future, corporate cannot keep away from social media. Nevertheless, they can educate employees to protect organization privacy and prevent stealing of sensitive personal information and company data. Training programs focusing on fostering good passwords, recognizing spam, and phishing attempts should be introduced in the organization. Employees should also be educated on the risk of sharing personal information on public platforms and ways to enhance their privacy settings.

Limit Access

Social media users are often unaware of the type and extent of information collected about them from what they share online. Although social networks such as Facebook now have settings that help users to restrict sharing data to only limited users, Packard (2013) notes that it is still not enough to prevent information from being shared. In light of this knowledge, some organizations often prefer not to give employees access to information and instead require them to use third-party tools. Unfortunately, this is normally not practical as employees may sometimes be required to know specific account information to fulfill some job responsibilities. Nonetheless, not every employee in the organization will be required to have access to login information. In this case, corporate can use third-party management tools to enable junior employees to publish and monitor accounts, without necessarily having access to the accounts private settings.

Use Strong and Different Passwords

Often, people find it easy to use the same password for all their social media accounts. Unfortunately, they also do the same for their organization accounts. Hackers know this and often see this as a security loophole that they are willing to exploit. The best way to avoid such security breaches is to ensure that individuals use different passwords for different accounts. Two-factor authentication should also be encouraged on accounts that have this option, and passwords changed immediately if an employee leaves the organization.

The Role of Computer in Digital Crime

Unlike years back, criminals nowadays use mobile phones, computers, and network servers to commit fraud and steal from unsuspecting individuals or organizations. In most cases, computers provide a better means of committing crimes. For instance, as observed above, a computer can be used to launch hacker attack against vulnerable computer networks, to dispatch malware to steal information and commit a security breach. In the current era of digital crime, computers play several roles in criminal activities and sometimes used as digital evidence in an investigation. For instance, as Casey (2010) notes, computers can be the object of crime when if it is destroyed or stolen. A computer can be a subject of crime if it is used as the environment for committing a criminal activity. This is especially the case when a virus infects a computer or its security impaired to inconvenience users in a way that is meant for criminal activities. Computers can also be used to conduct or plan crimes such as forging documents or gaining unauthorized access to other computers. Along with that, computers can be used to intimidate or deceive people. Importantly noted, the difference between a computer being a subject or object of crime is significant during criminal investigations since it reflects the intention of the offender. Among other roles, computers contain digital evidence that a crime occurred.

Digital Evidence

Nowadays, organizations are considering legal actions when targeted by cyber criminals and are now aware of the importance of digital evidence. Virtually, corporate should understand that by processing digital evidence in the right way, they are protecting their business against the invasion of privacy and unfair dismissal claims (Casey, 2010). In computer intrusions, attackers often leave behind a trail of evidence including file systems, system log, and network-level logs. Furthermore, attackers are more likely to transfer elements of the crime to them including stolen passwords, or intellectual properties in a file. Such digital evidence is critically important to link hackers with the attack.

Following a cyber trail

When people commit criminal activities over the internet, they think it is different from the physical world. However, as Casey (2010) notes, this is not usually the case as the internet reflects a crime in the physical world, with perpetrators and victims. Another thing, because criminals feel safe when using the internet to commit fraud, it becomes easy to observe them and therefore vulnerable. In fact, it provides a better chance to uncover crimes since trails can be traced through digital evidence.

For many organizations, they cannot do away with the use of social media. In fact, they cannot live without. A risk assessment ensures that organizations understand the risk of social media and how much damage it will cause. The scope of risk assessment is not only confined to the internal structure of the organization. Evaluation of external agents such as hackers gaining access through social media is also necessary to prevent unauthorized access that can negatively affect the organization. Consequently, internet crime is similar to a physical offense. Organizations are advised to invent ways to generate and ensure the security of digital evidence to help in the prosecution of fraudsters and to help seal loopholes available in their network systems.

References

Business Wire. (2016). Nearly Two-Thirds of U.S. Adults with Social Media Accounts Say They Have Been Hacked, According to University of Phoenix Survey. Retrieved from: http://www.businesswire.com/news/home/20160427006133/en/Two-Thirds-U.S.-Adults-Social-Media-Accounts-Hacked

Casey, E. (2010). Digital evidence and computer crime: Forensic science, computers and the Internet. London: Academic.

Herring, M. Y. (2015). Social media and the good life: Do they connect?. Jefferson, North Carolina : McFarland & Company, Inc., Publishers.

Holt, T. J., & Schell, B. H. (2013). Hackers and hacking: A reference handbook. Santa Barbara, California : ABC-CLIO, LLC.

Iosifidis, P., & Wheeler, M. (2016). Public spheres and mediated social networks in the western context and beyond. London : Palgrave Macmillan.

Johnson, M. (2016). Cyber crime, security and digital intelligence. London: Routledge.

Kleidermacher, D., & Kleidermacher, M. (2012). Embedded systems security [recurso electrónico]: Practical methods for safe and secure software and systems development. Paises Bajos: Elsevier.

Krause, N. M., & Tipton, H. F. (2016). Information Security Management Handbook, Sixth Edition, Volume 5. [Place of Publication not identified]: Auerbach Publications.

Miryala, R. K. (2015). Trends, Challenges & Innovations in Management – Volume III. [Place of publication unidentified]: Zenon academic Publishing.

Packard, A. (2013). Digital media law. Malden, Mass: John Wiley & Sons, Inc.

Pathan, A.K. (2016). State of the art in intrusion prevention and detection. Place of publication not identified: CRC Press.

Solomon, M. (2014). Security strategies in Windows platforms and applications, second edition. Burlington, MA: Jones & Bartlett Learning.

Statista. (2017). Number of monthly active Facebook users worldwide as of 3rd quarter 2017 (in millions). Retrieved from: https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-worldwide/

Statista. (2017). Number of monthly active Twitter users worldwide from 1st quarter 2010 to 3rd quarter 2017 (in millions). Retrieved from: https://www.statista.com/statistics/282087/number-of-monthly-active-twitter-users/