Docstoc

Cyber Crime

Document Sample
Cyber Crime Powered By Docstoc
					Cyber Crime – “Is the
Internet the new “Wild
     Wild West?”
                 Introduction

Computers Are Tools
  Computers assist us in our work, expand our
   thinking, and provide entertainment.
Computers Are Used to Commit Crimes
  Preventing, detecting, and prosecuting
   computer crime is a challenge.
               In the News…….
1 out of 5 children received a
sexual solicitation or approach
over the Internet in a one-year
period of time
(www.missingchildren.com)

California warns of massive ID
theft – personal data stolen from
computers at University of
California, Berkeley (Oct 21, 2004
IDG news service)

Microsoft and Cisco announced a
new initiative to work together to
increase internet security
(Oct 18, 2004
www.cnetnews.com)


                       E-Commerce Network - Suzanne Mello
                                 - Nov 5 2004
     The New Wild Wild West
More cyber criminals than
cyber cops
Criminals feel “safe”
committing crimes from
the privacy of their own
homes
Brand new challenges
facing law enforcement
   Most not trained in the
    technologies
   Internet crimes span
    multiple jurisdictions
   Need to retrofit new crimes
    to existing laws
                     E-Commerce Network - Suzanne Mello
                               - Nov 5 2004
                 Computer Crime
Computer used to commit
a crime
   Child porn, threatening
    email, assuming
    someone’s identity, sexual
    harassment, defamation,
    spam, phishing


Computer as a target of a
crime
   Viruses, worms, industrial
    espionage, software piracy,
    hacking         E-Commerce Network - Suzanne Mello
                                  - Nov 5 2004
            Computer Forensics
What is it?
    an autopsy of a computer or network to
     uncover digital evidence of a crime
    Evidence must be preserved and hold up
     in a court of law

Growing field – Many becoming
computer forensic savvy
    FBI, State and Local Police, IRS,
     Homeland Security
    Defense attorneys, judges and
     prosecutors
    Independent security agencies
    White hat or Ethical Hackers
    Programs offered at major universities
     such as URI
      http://homepage.cs.uri.edu/faculty/wolfe/cf

                          E-Commerce Network - Suzanne Mello
                                    - Nov 5 2004
    Uncovering Digital Evidence
Smart Criminals don’t use their
  own computers

  Floppy disks
  Zip/Jazz disks
  Tapes
  Digital cameras
  Memory sticks
  Printers
  CDs
  PDAs
  Game boxes
  Networks
  Hard drives

                      E-Commerce Network - Suzanne Mello
                                - Nov 5 2004
               Digital Evidence
      Not obvious…….it’s most likely hidden on purpose
      or needs to be unearthed by forensics experts

Criminals Hide Evidence                    Forensics Uncover Evidence
  Delete their files and emails                Restore deleted files and emails –
                                               they are still really there!

  Hide their files by encryption,              Find the hidden files through
  password protection, or                      complex password, encryption
  embedding them in unrelated                  programs, and searching
  files (dll, os etc)                          techniques

  Use Wi-Fi networks and cyber                 Track them down through the
  cafes to cover their tracks                  digital trail - IP addresses to ISPs
                                               to the offender

                      E-Commerce Network - Suzanne Mello
                                - Nov 5 2004
                    The Crime Scene
                      (with Computer Forensics)
    Similar to traditional crime scenes

      Must acquire the evidence while
       preserving the integrity of the
       evidence
           No damage during collection,
           transportation, or storage
           Document everything
           Collect everything the first time
      Establish a chain of custody

    But also different…….

      Can perform analysis of evidence on
       exact copy!
      Make many copies and investigate
       them without touching original
      Can use time stamping/hash code
       techniques to prove evidence hasn’t
       been compromised

                             E-Commerce Network - Suzanne Mello
                                       - Nov 5 2004
Top Cyber Crimes that
   Attack Business
                 Spam
            Viruses/Worms
  Industrial Espionage and Hackers
          Wi-Fi High Jacking
Fraud, Embezzlement, Sabotage,
   Identity Theft, and Forgery
Some Causes of Fraud
  Credit-Card
      Stolen receipts, mailed notices, and cards.
      Interception of online transaction or weak e-
      commerce security.
      Careless handling by card-owner.
  ATM
      Stolen account numbers and PINs.
      Insider knowledge.
      A counterfeit ATM.
  Telecommunications
      Stolen long-distance PINs.
      Cloned phones.
Fraud, Embezzlement, Sabotage,
   Identity Theft, and Forgery
Some Defenses Against Fraud
   Credit-Card
         Instant credit-card check.
         Analysis of buying patterns.
         Analysis of credit card applications (to detect identity
         theft).
         Verify user with Caller ID.
   ATM
         Redesigned ATMs.
         Limited withdrawal.
   Telecommunications
         match phone “signature” with serial number.
         identify phone without broadcasting serial number.
    Fraud, Embezzlement,
  Sabotage, Identity Theft, and
           Forgery
Embezzlement and Sabotage
  Some Causes
     Insider information.
     Poor security.
     Complex financial transactions.
     Anonymity of computer users.
  Some Defenses
     Rotate employee responsibility.
     Require use of employee ID and password .
     Implement audit trails.
     Careful screening and background checks of
     employees.
  Fraud, Embezzlement, Sabotage,
     Identity Theft, and Forgery
Identity Theft
    Some Causes of Identity Theft
           Insecure and inappropriate use of Social Security
           numbers.
           Careless handling of personally identifiable information.
           Weak security of stored records.
           Insufficient assistance to identity theft victims.
    Some Defenses for Identity Theft
           Limit use of personally identifiable information.
           Increase security of information stored by businesses and
           government agencies.
           Improve methods to accurately identify a person.
          Educate consumers.
Fraud, Embezzlement, Sabotage,
   Identity Theft, and Forgery
Forgery
    Some Causes
        Powerful computers and digital manipulation software.
        High-quality printers, copiers, and scanners.
    Some Defenses
        Educate consumers and employees.
        Use anti-counterfeiting techniques during production.
        Use counterfeit detection methods.
        Create legal and procedural incentives to improve
        security.
                                  Spam
“Spam accounts for 9 out of every 10
   emails in the United States.”
            MessageLabs, Inc., an email management
              and security company based in New
              York.


“We do not object to the use of this slang
  term to describe UCE (unsolicited
  commercial email), although we do
  object to the use of the word “spam” as
  a trademark and the use of our product
  image in association with that term”
                www.hormel.com




                           E-Commerce Network - Suzanne Mello
                                     - Nov 5 2004
         Can-Spam Act of 2003
Controlling the Assault of Non-Solicited Pornography and Marketing
Act (Can-Spam)
Signed into law by President Bush on Dec 16, 2003
    Took effect Jan 1, 2004

Unsolicited commercial email must:
    Be labeled
    Include Opt-Out instructions
    No false headers

FTC is authorized (but not required) to establish a “do-not-email”
registry

www.spamlaws.com –lists all the latest in federal, state, and
international laws

                        E-Commerce Network - Suzanne Mello
                                  - Nov 5 2004
                     Spam is Hostile
You pay for Spam, not Spammers
    Email costs are paid by email
     recipients
Spam can be dangerous
    Never click on the opt-out link!
         May take you to hostile web site
         where mouse-over downloads an
         .exe
    Tells spammers they found a
     working address
    They won’t take you off the list
     anyway
What should you do?
    Filter it out whenever possible
    Keep filters up to date
    If you get it, just delete the email


                                 Suzanne Mello - Nov 5 2004
             Viruses and Worms
Different types of “ailments”
Viruses
    software that piggybacks on
     other software and runs when
     you run something else
    Macro in excel, word
         Transmitted through sharing
         programs on bulletin boards
         Passing around floppy disks
    An .exe, .com file in your email
Worms
    software that uses computer
     networks to find security holes
     to get in to your computer –
     usually in Microsoft OS!! But
     worm for MAC was recently
     written
                         E-Commerce Network - Suzanne Mello
                                   - Nov 5 2004
       Hackers are Everywhere
Stealing data
    Industrial Espionage
    Identity theft
    Defamation
Deleting data for fun
    A lot of bored 16 year olds late at
     night                                                       Mafia Boy
Turning computers into zombies
    To commit crimes
    Take down networks
    Distribute porn
    Harass someone
Ethical/white hat hackers exist too
    Help break into networks to
     prevent crimes



                            E-Commerce Network - Suzanne Mello
                                      - Nov 5 2004
      Wireless Fidelity (Wi-Fi)
Using antennas to create “hot spots”
Hotspots – Internet Access (sometimes free)
   Newport Harbor - All the boats in Harbor have internet access
   San Francisco Giants Stadium – Surf the web while catching a
    game
   UMass (need to register, but it’s free)
   Cambridge, MA
   Philadelphia, PA – just announced – entire city by 2006




                     E-Commerce Network - Suzanne Mello
                               - Nov 5 2004
            Wi-Fi High Jacking
60-70% wireless networks are wide open

Why are the Wi-Fi networks unprotected?
     Most people say “Our data is boring”
     But… criminals look for wireless networks to commit
      their crimes
     And… the authorities will come knocking on your
      door…..


                    E-Commerce Network - Suzanne Mello
                              - Nov 5 2004
      Protect your Computers!
Use anti-virus software and                   Don't share access to your
firewalls - keep them up to date              computers with strangers

Keep your operating system up to              If you have a wi-fi network,
date with critical security updates           password protect it
and patches
                                              Disconnect from the Internet
Don't open emails or attachments              when not in use
from unknown sources
                                              Reevaluate your security on a
Use hard-to-guess passwords.                  regular basis
Don’t use words found in a
dictionary. Remember that
password cracking tools exist                 Make sure your employees and
                                              family members know this info
                                              too!
Back-up your computer data on
disks or CDs often

                       E-Commerce Network - Suzanne Mello
                                 - Nov 5 2004
                     Hacking

Security can be improved by:
      Ongoing education and training to recognize
      the risks.
      Better system design.
      Use of security tools and systems.
      Challenging “others” to find flaws in systems.
      Writing and enforcing laws that don’t stymie
      research and advancement.

       Q: Does weak security justify
       intrusion?
Thank you!
        Web sites of Interest
http://homepage.cs.uri.edu/faculty/wolfe/cf
www.missingchildren.com
www.spamlaws.com
www.netsmartz.org
http://www.ifccfbi.gov - operation web snare – latest
cyber crimes to be aware of
http://www.dcfl.gov/dc3/home.htm
http://www.cops.org/



                 E-Commerce Network - Suzanne Mello
                           - Nov 5 2004

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:32
posted:9/13/2012
language:English
pages:26