Let’s talk about cybercrime

In the 21th century internet and information technologies have become ubiquitous. Unfortunately, there is hardly a place in the world not touched by one type of cybercrime or another either. Every day 600,000 Facebook accounts get compromised. Similar to the Internet itself, cybercrime is broadly defined and covers a wide spectrum of illegal activities.

Cybercrime includes any criminal act using a computer or network as an instrument most often to steal personal or sensitive data, or disrupt the normal running of the Internet itself. So on one side of the spectrum are data breaches of individual, corporate or government data for the purposes of blackmailing or identity theft. In the middle, there are transaction crimes such as piracy, counterfeiting, money laundering or fraud. On the other side of the spectrum are spam and denial of service (DoS) attacks against websites.

It is important to note that cybercrime is truly global since the act and the perpetrator can be separated by unlimited physical distances. This can be problematic for law enforcement. However, the good news is that even though they hide their tracks, they usually leave some clues about their location or identity. Such clues come in the form of domain names, IP addresses or mail servers.

This means that reverse Whois, reverse IP and reverse nameserver lookups can be used in cybercrime investigations to provide evidence about who is behind domains and IP addresses. Reverse lookups provide lists of domains based on a single piece of data such as an IP address, nameserver or any detail from a Whois record. Whois records are created upon the registration of each domain and contain domain owner information as well as domain details such as creation and expiry dates, etc. Whois databases are maintained by domain registrars — for Verisign global extensions .com and .net, by registries of gTLDs .org, .info, .biz and newgTLDs and by national registries for country code extensions such as .be, .ca, .de, etc.

However, perpetrators can hide their identity by using Whois privacy which is a service offered by registrars for global extensions. This means that their contact details are replaced by their service provider’s. Also, knowing their IP address may not be conclusive since perpetrators may use IP addresses in a cloud such as CDNs (Content Delivery Networks). In such cases, reverse nameserver lookups may offer all domains using the same nameservers. The Whois of these domains may reveal some clues about perpetrators. For this reason, reverse tools are best applied in combination.

Since Internet is everywhere, nothing is exempt from cyberattacks and apparently this includes cars as well. Since they are now equipped with the latest technology, this makes them prone to hacking. A security flaw can allow hackers to bring in malware into the system for remote control regardless of distance. This means that the car’s engine, brakes, steering, etc. can be hijacked through its networked system. If perpetrators’ malware uses host names and IPs, a combination of Whois, reverse Whois and reverse IP lookups will yield domain names whose Whois records can be checked for owner data or nameservers.

The general conclusion is that no one is immune to cybercrime and therefore cybersecurity should be taken into account by individuals, companies and government institutions alike.

Be the first to comment on "Let’s talk about cybercrime"

Leave a comment

Your email address will not be published.


Need some help?