How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ransomware Attacks Perspective (pp. 79-82)
Sulaiman Al Amro, Computer Science Department, Computer College, Qassim University, Qassim, Saudi Arabia.
Vol. 18 No. 6 JUNE 2020 International Journal of Computer Science and Information Security
https://sites.google.com/site/ijcsis/vol-18-no-6-jun-2020
How Safe is Governmental Infrastructure: A Cyber Extortion and Increasing Ransomware Attacks Perspective
1. How safe is governmental infrastructure: A Cyber
Extortion and Increasing Ransomware Attacks
Perspective
Sulaiman Al Amro
Computer Science Department, Computer College
Qassim University
Qassim, Saudi Arabia
Email: samro@qu.edu.sa
AbstractâCybercrimes of blackmail â whether emotional or
material â are increasing against users, especially as a result of
the large amount of personal information available due to the
development of social networking sites The development of
modern technology and the dissemination of personal data are
the most important factors in a blackmail incident, which
highlights the lack of monitoring and awareness regarding safe
online behaviours. Blackmail is particularly complex, as young
users tend to be most vulnerable to such crimes. This indicates
that more awareness and dissemination of protection methods
and immunization of society is required, as well as the
strengthening of sanctions. Indeed, research has identified
ignorance regarding modern technology as the main cause of
cybercrimes. Cyber blackmail is an abnormal behaviour that has
a negative impact on an individual, their family, and the
community. It is an indicator of the decline of certain values. It
impacts the psyche of the victim and the stability of their family,
and can lead to family disintegration and the spread of deception
and exploitation, psychological and sexual diseases, and chaos
and fear in society. This study presents an investigation of cyber
blackmail and the malicious software designed to extort money
from victims
Keywords- Cyber Ransomware; Extortion; Malware; Users
I. INTRODUCTION
Cyber extortion is harassment and intimidation conducted
via any electronic platform, such as chat rooms, mobile phones,
blogs, e-mails, and more. One of the most common methods of
cyber extortion is threatening to publish pornographic videos
through pirated accounts in order to manipulate the victim's
emotions. One of the most problematic aspects of digital
blackmail is how difficult it is to monitor. Its prohibition is not
a matter for children or their parents. Despite the rapid spread
of information over the Internet, perpetrators of such crimes
can conceal their identity. Is spreading in the world in general,
and in the Arab world, especially the phenomenon of sexual
extortion on the Internet, or the so-called âsextortionâ, which is
based on the exploitation of people aged 19 and over, in order
to blackmail them to get moneyÂť [2, 4].
The cyber blackmail process commonly begins with the
victim receiving a friend request on social media from an
account claiming to be a normal user on the site. After the
victim accepts the friend request and chats for a few minutes
via instant messenger, they are asked to continue talking via
sound media. This is when the entrapment takes place: the
victim believes that they are talking to the user who added
them as a friend, but they are in fact talking to a composite
scene from a pornographic film. They then are invited through
the text chat to take off their clothes and do certain activities. In
the meantime, everything is being recorded on their deviceâs
camera, and once the fabricated conversation ends a link is sent
to the video, which has been uploaded to YouTube. The victim
is told that they must pay a minimum of $1,000 or the link will
be sent to all their friends and family on social media. Many
victims of blackmail do not complain to their parents or elders,
fearing scandal and shame within their community. Instead,
they prefer to accept the extortion and keep the incident a
secret. This is because they believe they are at fault for
revealing their secrets and private information to a stranger on
a social networking site [3].
Cyber extortion is carried out using several software tools,
the most common of which is ransomware, a type of malicious
software that tries to obtain money from users by taking control
of their device or files. Ransomware generally locks the device
to prevent normal usage (locker ransomware) or encrypts files
to prevent access to them (crypto ransomware). The user may
be unaware that they have downloaded ransom software from a
hacked or unsafe website, and this malware can come as an
attachment in anonymous e-mail. Although cybersquatting is
seen as a source of illegal access to funds, and in spite of its
negative impact on users and organizations of all kinds, recent
studies have revealed a steady increase in this type of
cybercrime. Organizations should, in the first instance, seek to
prevent cyber-extortion. In the event of such attacks,
organizations should also take action to prevent their
significant consequences. The best way to do this is to train
specialists and those interested in the subject to understand the
stages of cyber extortion and its operations and consequences,
equip them with the necessary skills to prevent it, and provide
them with the necessary skills to manage cybercrime and
manage it when it occurs.
II. LITERATURE REVIEW
A. Taxonomy
The following sections present important concepts and their
definitions that are vital to understanding the âcyberâ sector [7].
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 18, No. 6, June 2020
79 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
2. Cyberspace: A virtual space that seeks to integrate the whole
world, different from real space and where many societies are
distributed unevenly using a technical environment - the
Internet in the first place - where citizens and institutions
benefit from ICT in their interactions.
Cybersecurity: An umbrella term for a wide range of issues,
from information security, to security measures for combating
Internet misuse and cybercrime.
Because Internet architecture has not yet taken
cybersecurity into account, the inclusion of security protection
requires substantial modifications of current Internet
infrastructure and Internet Protocol (TCP), including:
¡ Incorporation of security into its design
¡ Infrastructure security
¡ Mechanisms that protect computers and data
¡ Secure operating systems
¡ Safe coding
¡ Capacity and access control lists
The balance between cybersecurity and human rights, in
particular the right to privacy and freedom of expression, is
constantly changing.
Information and communication technologies (ICT): The
integration of telecommunications and computer hardware as
well as software, storage, and audio-visual systems to allow
users to access, store, transport, and process information.
Information security: The processes and techniques used to
protect information resources from unauthorized acquisition,
exposure, manipulation, alteration, destruction, or loss.
Information security ensures that data is not lost when critical
issues such as natural disasters, computer/server failures,
physical theft, etc., occur and prevents unauthorized access to,
and use, disclosure, obstruction, alteration, examination,
registration, or destruction of data.
Misuse of the Internet: Misuse of the Internet and related
ICTs, which may cause material loss or physical harm to
individuals. There is no line between Internet misuse and
cybercrime. Depending on the degree of material loss or
physical injury to individuals, infringement â violation of law
or rights â or violation of regulations or other codes of
practice through abuse of the Internet with respect to
fundamental human rights may be considered a cybercrime.
Cybercrime: Any crime involving any of the following:
¡ A computer system (crimes committed by computers or
computer-related crimes in a narrow sense)
¡ Networking technologies (network crimes in a narrow
sense)
¡ Or both
Cyberattack: The misuse of the Internet or a cybercrime that
exploits Internet vulnerabilities to launch various types of
attack primarily targeting ICT devices or software, or primarily
to harm people. There are different types of cyberattack (each
with subtypes):
¡ Active and non-effective attacks
¡ Attacks on denial of service
¡ Attempts to replace web pages
¡ Attacks using malicious software
¡ Breakthrough
B. Related work
According to research conducted by Google Search,
Internet thieves have seized at least $25,000,000 in the past two
years [1]. Google has created thousands of virtual victims to
detect cybercrime [13]. The research found that two types of
cyber blackmail are the most common, with different patterns.
Firstly, gangs use a type of software to encrypt files so they
cannot be read and then request money from the victim in order
to release their files. Google used more than one way to
identify the money paid, including a representative sample
based on the reports of individuals or entities that have paid a
ransom. The results show that most ransoms are converted into
cash through the company's stock exchange in Russia. As a
result of this research, experts have indicated that they do not
expect to stop the extortion gangs, but instead expect new
gangs and other extortion programs to emerge. For example,
newer gangs pay huge sums of money to people to deliver the
program to a large number of computer devices, so ordinary
people can be pulled into cybercrime.
In their investigation of the online gaming industry, Paulson
et al. (2006) examined DDoS attacks, especially regarding
electronic games, and studied the impact of and possible
solutions to these attacks against websites.
Kassim et al. [11] proposed some countermeasures that
could help mitigate potential risks and threats to social network
users, such as cyber harassment, cyber stalking, and the
creation of fake profiles. Furthermore, Nandhini and Das [12]
suggested an approach that could help to detect similar social
network profiles based on profile attributes and analyse them to
see if they belonged to the same user or multiple people.
III. DISCUSSION
A number of reasons have been identified as causes of
cybercrimes, including those that occur at a global level,
community level, and an individual or personal level. The
identified causes vary according to type of crime, type of
target, and type and level of execution (individual, societal). In
addition, the causes of young and amateur crimes tend to differ
from the causes of professional crimes, and vary according to
targeted theft and information.
The increase in cybercrime victims can be explained by
changes in people's daily activities. With the advent of the
Internet, the way people interact with others, entertainment,
commerce, etc. has changed. The change in people's daily
activities â such as the use of the Internet and online platforms
like Facebook, email, websites and others â has created
opportunities for perpetrators to focus on valuable and easy
Identify applicable sponsor/s here. (sponsors)
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 18, No. 6, June 2020
80 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
3. targets in the space. Thus, crimes tend to occur as a result of
the culmination of three factors: the presence of a motivated
offender, the absence of capable guardians, and the increase of
suitable targets, as shown in Fig.1.
suitable
targets
absence of
capable
guardians
Motivated
offender
FIGURE 1: CYBER EXTORTION OPPORTUNITY
A. The causes of crime at the individual level
Middle Eastern society continues to suffer from the
repression, isolation, weakness, or absence of sexual culture as
a result of fear that it could be used in a manner that is not
religiously or socially correct. This is the crux of the
cybercrime issue in the region. Most of the victims of this type
of fraud lack sufficient experience in using the Internet or
social media. Therefore, the problem is definitely social. Many
users of social media do not care tighten privacy on their own
pages, and try to form a wide circle of friends and followers at
the expense of their security, but the main reason for social
education, and individual awareness. Furthermore, in a study of
universities in Riyadh, 67% of participants believed that weak
punishments was the most prominent cause of cybercrimes
against women, and highlighted the social role of universities
in raising the awareness of students regarding the dangers of
social media and in prompting and improving steps taken by
the government to address the social and psychological effects
of extortion [6].
ďˇ For the sake of recognition
Some cybercrimes are committed by young people looking
to challenge the status quo and seeking recognition in the
media. This type of perpetrator often stops such behaviour as
they get older. Modern technologies and the Internet have
provided unprecedented opportunities for the spread of such
crimes.
ďˇ Opportunity
Modern technologies and the Internet have provided
unprecedented opportunities for the spread of cybercrime. The
environment and its structure play a major role in the spread of
crime, and on social norms. Deviation from societal rules and
the absence of censorship increase the chance of cybercrimes
being committed. Information is often an easily attainable goal
which delivers quick benefit, and is thus stolen. It is a
profitable, low-risk opportunity, and the potential for detection
is minimal. ICTs and increased use of the Internet have created
new opportunities for criminals that have facilitated the growth
of crime. That is, cybercrime is a new and distinctive form of
crime, and has created challenges to anticipate and prevent
evolution.
B. Electronic extortion
According to a study conducted by researchers in the
Department of Sociology and Social Work at Imam
Muhammad Bin Saud Islamic University, the weakness of
penalties is one of the main factors leading to crimes of
extortion against women, followed by other factors [6].
Furthermore, 47.3% of the female university students in the
study had personal accounts on social networking sites, 32.3%
reported that they used social networks to communicate daily
for hours. Moreover, 68% of the participants emphasized the
impact of blackmail on issues of display and honour, and 64%
identified the main psychological problems of e-extortion as
constant fear and anxiety
C. Factors leading to blackmail
The study conducted on 300 university students in Riyadh
revealed some facts about extortion, including the university's
knowledge that spreading privacy through communication sites
exposes them to a very high level of blackmail, as well as the
penetration of personal devices, the cause of blackmail of the
victim, as proven knowledge That the communication sites
facilitated the protester threat of the victim [6].
The above indicates that main factors leading to blackmail
are the weakness of sanctions for the perpetrators of extortion,
the weakness of the victim's personality, the perception that
some girls lack emotion, the excessive confidence of girls when
dealing with mobile repair shops, and the weak culture of
women's rights.
D. Psychological problems
The psychological problems of e-extortion include the
suffering of the victim from continuous fear and anxiety, stress
and mental disorders, depressive symptoms, and social
adjustment disorders, which cause chest tightness and breathing
difficulties.
E. Social services
The social role of a university is to raise the awareness of
university students about the dangers of social networks, to
prompt and improve the steps taken by government institutions
to address the social and psychological effects of extortion, and
to train social workers and develop their tools and cultural
composition in accordance with current technical
developments.
She stressed that "the role of social worker in the face of
blackmail, working with the student exposed to extortion, and
suffering from psychological problems and trauma, and
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 18, No. 6, June 2020
81 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
4. provide the necessary counselling, and try to modify the
behaviour and attitudes of the victim who often suffer from
aggressive tendencies and negative attitudes towards society.
IV. SUGGESTED SOLUTIONS
Constructive and comprehensive awareness and the
circulation of the subject intensively, and try to create projects
and campaigns raise this problem and warn of the seriousness.
Online exploitation stories are too much of an iceberg in a
world where borders are intertwined and partitions are blurred.
Experts have estimated that there are 30,000 crimes of cyber
blackmail annually in the Gulf States alone [5]. Therefore,
awareness, knowledge, and e-culture must be improved to
prevent people from falling victim to such crimes. It is
important that people do not display their personal information
permanently on any site or electronic account, whether for
work or other activities. Furthermore, people should not be
afraid to talk to parents or friends if they are subjected to any
kind of extortion or insult. Indeed, perhaps talking about these
hidden problems and breaking the fear barrier could contribute
to spreading awareness and avoiding a large number of Internet
users becoming victims of cybercrimes on social networking
sites and in their digital life.
Studies have shown that smartphones are targeted three
times more frequently than laptop by spyware, through
transactions or applications, and some applications allow the
owner of the program to spy on the user and determine their
location. In addition, research has shown that users generally
agree to the terms of downloading an application without
reading them. Moreover, the viruses and spyware that are
inserted onto mobile phones have different stages of
intelligence. Some malware can be used maliciously to obtain
the phone ownerâs personal details. Others, when opened,
activate a number of commands that allow a hacker to control
and operate the phone camera.
The majority of attacks can be stopped with regular
debugging, so any errors must be fixed quickly. Anti-malware
programs should also be used to help stop infection.
Furthermore, users should avoid opening emails, clicking on
links, or opening attachments from unknown sources.
Moreover, all solid motors and external devices must be
separated after use. In addition, some hackers send messages
on Facebook which say that if the user posts a certain message
or text on the page of any user, they will be sent a secret code.
This method is often used to access girlsâ accounts, steal their
pictures, and then demand money, and it is important to raise
awareness of this. Another important solution is to not use
âcrackedâ programs and games, as this is the a common method
used by hackers to install malware or gain access to personal
details. Original copies of the programs must be used and users
should not rely on free programs offered on the Internet,
because some contain malicious programs that run themselves.
Similarly, users should not open any means of communication
or password-protected sites or programs on open networks, or
on devices that are not their own. Finally, all devices should be
closed immediately after use, and users should install anti-virus
software and not open any anonymous emails.
V. CONCLUSION
Many people use social networks to build new friendships
and to communicate with new friends. However, awareness of
the consequences of such relationships â such as the release of
private details or falling victim to social and moral extortionists
â is lacking. Many young people are influenced by the media,
such as television and cinema, and have been exposed to stories
that in many of their details contradict reality and its standards
of socially acceptable behaviour.
Electronic crime and ways to overcome its challenges is a
topic of significant focus for citizens, community institutions,
and legal research. Therefore, it was selected as the focus for
this research paper in order to contribute to understanding of its
dimensions and organization of its rules. This paper
investigated the types of attackers who blackmail and extort
money from Internet users and proposed some methods to
prevent such crimes occurring.
REFERENCES
[1] Hackers have seized $ 25 million in blackmail in two years (2017).
https://steemit.com/technology/@steemmaster/hackers-have-seized-usd-
25-million-in-blackmail-in-two-years. [Accessed 23/12/2019].
[2] Th akkar, D. (2017). Preventing Digital Extortion. Packt Publishing.
[3] Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B.
(2016). Ransomware digital extortion: a rising new age threat. Indian
Journal of Science and Technology, 9(14).
[4] Schneier, B. (2011). Secrets and lies: digital security in a networked
world. John Wiley & Sons.
[5] Jøsang, A. (2011, June). Trust extortion on the internet, In: International
Workshop on Security and Trust Management. Springer: Berlin,
Heidelberg, Chicago. pp. 6-21.
[6] Najlaa Alharbi (2017) Female university students are subject to
electronic extortion for weak
punishment.http://www.alwatan.com.sa/Nation/News_Detail.aspx?Articl
eID=301593&CategoryID=3
[7] Graham, J., Olson, R., & Howard, R. (2016). Cyber security essentials.
Auerbach Publications.
[8] Paulson, R.A. & Weber, J.E. (2006). Cyberextortion: an overview of
distributed denial of service attacks against online gaming companies.
Issues in Information Systems, 7(2), 52-56.
[9] Hampton, N. & Baig, Z.A. (2015). Ransomware: Emergence of the
cyber-extortion menace.
[10] Salvi, M.H.U. & Kerkar, M.R.V. (2016). Ransomware: A cyber
extortion. Asian Journal For Convergence In Technology (AJCT).
[11] Kassim, S.R.M., Zakaria, W.Z.A., Maksom, F., & Abdullah, K. (2018).
Cyber Harassment Trends Analysis: A Malaysia Case Study.
International Journal of Engineering & Technology, 7(4.15), 109-112.
[12] Nandhini, M. & Das, B.B. (2016). Profile Similarity Technique for
Detection of Duplicate Profiles in Online Social Network. International
Journal of Computer Science and Information Technology, 7(2), 507-
512.
[13] Ward, M. (2017). Ransomware 'here to stay', warns Google study.
https://www.bbc.com/news/technology-40737060. [Accessed
02/03/2020].ferences)
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 18, No. 6, June 2020
82 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
5. IJCSIS
ISSN (online): 1947-5500
Please consider to contribute to and/or forward to the appropriate groups the following opportunity to submit and publish
original scientific results.
CALL FOR PAPERS
International Journal of Computer Science and Information Security (IJCSIS)
January-December 2020 Issues
The topics suggested by this issue can be discussed in term of concepts, surveys, state of the art, research,
standards, implementations, running experiments, applications, and industrial case studies. Authors are invited
to submit complete unpublished papers, which are not under review in any other conference or journal in the
following, but not limited to, topic areas.
See authors guide for manuscript preparation and submission guidelines.
Indexed by Google Scholar, DBLP, CiteSeerX, Directory for Open Access Journal (DOAJ), Bielefeld
Academic Search Engine (BASE), SCIRUS, Scopus Database, Cornell University Library, ScientificCommons,
ProQuest, EBSCO and more.
Deadline: see web site
Notification: see web site
Revision: see web site
Publication: see web site
For more topics, please see web site https://sites.google.com/site/ijcsis/
For more information, please visit the journal website (https://sites.google.com/site/ijcsis/)
Â
Context-aware systems
Networking technologies
Security in network, systems, and applications
Evolutionary computation
Industrial systems
Evolutionary computation
Autonomic and autonomous systems
Bio-technologies
Knowledge data systems
Mobile and distance education
Intelligent techniques, logics and systems
Knowledge processing
Information technologies
Internet and web technologies, IoT
Digital information processing
Cognitive science and knowledgeÂ
Agent-based systems
Mobility and multimedia systems
Systems performance
Networking and telecommunications
Software development and deployment
Knowledge virtualization
Systems and networks on the chip
Knowledge for global defense
Information Systems [IS]
IPv6 Today - Technology and deployment
Modeling
Software Engineering
Optimization
Complexity
Natural Language Processing
Speech Synthesis
Data MiningÂ