Document Sample
nov30 Powered By Docstoc
					Principles of Information Science

       Fall 2010, Prof. Hafner
    Class notes for Nov. 30, 2010
Computer Crime
   Angela Mosley
Hackers, Crackers, and
  Network Intruders

        Dick Steflik
  Sri. Loknath Behera IPS
IGP (HQ) Police Headquarters
        Emerging Cyber Threats
           Report for 2009

Georgia Tech Information Security Center
       What is Computer Crime?

• Any crime in which computer-related
  technology is encountered.

• The commission of illegal acts through
  the use of a computer or against a
  computer system.
        Reasons for Computer Crime

•   Business attacks
•   Financial attacks
•   Terrorist attacks
•   Grudge attacks
•   Fun attacks
    Most Common Computer Crimes
• Fraud by computer manipulation

• Damage to or modifications of computer
  data or programs

• Unauthorized access to computer
  systems and service

• Unauthorized reproduction of legally
  protected computer programs/data
          Common scenarios in Cyber Crime

Unauthorized access: This occurs when a user/hacker deliberately gets access
into someone else’s network either to monitor or data destruction purposes

Denial of service attack: It involves sending of disproportionate demands or
data to the victims server beyond the limit that the server is capable to handle
and hence causes the server to crash

Virus, Worms and Trojan attacks: Viruses are basically programs that are
attached to a file which then gets circulated to other files and gradually to other
computers in the network. Worms unlike Viruses do not need a host for
attachments they make copies of themselves and do this repeatedly hence
eating up all the memory of the computer. Trojans are unauthorized programs
which functions from inside what seems to be an authorized program, thereby
concealing what it is actually doing.
           Email Bombing It refers to sending a large number of emails to
          the victim resulting in the victim's email account (in case of an
          individual) or mail servers (in case of a company or an email
          service provider) crashing

          Internet Time Thefts This connotes the usage by an
           unauthorized person of the Internet hours paid for by another.

Web Jacking This occurs when someone forcefully takes control of a
website (by cracking the password and later changing it). The actual owner
of the website does not have any more control over what appears on that

Theft and Physical damage of computer or its peripherals This type of
offence involves the theft of a computer, some parts of a computer or a
peripheral attached to the computer. and physically damaging a computer or
its peripherals
Computer Crimes
• Financial Fraud
  – Credit Card Theft
  – Identity Theft
• Computer accessibility crimes
  – Denial-of-service
  – Denial of access to information
  – Viruses Melissa virus cost New Jersey man 20
    months in jail
     • Melissa caused in excess of $80 Million
Computer Crimes
• Intellectual Property Offenses
  –   Information theft
  –   Trafficking in pirated information
  –   Storing pirated information
  –   Compromising information
  –   Destroying information
• Content related Offenses
  – Hate crimes
  – Harrassment
  – Cyber-stalking
• Child privacy
five specific trends and some profound questions
that will drive threats and countermeasures
in 2009 and beyond, including:

Cyber warfare
Threats to VoIP and mobile devices
The evolving cyber crime economy
     Cyberthreats: Social Engineering for
             malware infection
A Facebook message sent from one friend to another
includes a link to a YouTube video of interest to the
recipient. The recipient clicks on the link supposedly sent
by his/her friend, and then sees a prompt to install the
latest version of Flash Player in order to watch the video
clip. The user clicks to install the update, but actually
installs a piece of malware on the machine, effectively
involving the computer in a botnet.

In 2008, botnets have become worse—a trend
  expected to continue next year. GTISC
  estimated in last year‘s report that 10 percent
  of online computers were part of botnets,
  groups of computers infected with malicious
  code and unknowingly controlled by a
  malicious master.
Prompted to act in unison, bots become bot armies
  that harness considerable computing power to
  engage in a variety of malicious activities,
— Data theft (social security numbers, credit card
   information, trade secrets, etc.)
— Denial of service attacks
— Spam delivery
— DNS server spoofing
                 Cyber Warfare

Russian cyber attacks against Georgia:
• The vast majority of Georgian Internet traffic
is routed through Turkey and Russia. As of
August 10, 2008, traffic routed through Turkey
was almost completely blocked, and IP traffic
through Russia (via Azerbaijan) was slow
and effectively unusable.
        Mobile Communication (VoIP)

Cyber criminals will be drawn to the VoIP
 medium to engage in voice fraud, data theft
 and other scams—similar to the problems
 email has experienced. Denial of service,
 remote code execution and botnets all apply to
 VoIP networks, and will become more
 problematic for mobile devices as well.
                For-profit malware
Sources of cyber crime will become increasingly
  organized and profit-driven in the years ahead.
The new sophisticated malware-for-sale features
  encrypted command and control channels, builtin Web
  services for hosting phishing content, man-in-
  thebrowser proxy engines for identity theft, along with
  drive scanners for capturing sellable data like email
  addresses and credit card details.‖
Ollmann reports that several malware kits are supported
  by product guarantees and service level agreements.
Computer Criminals Are Hard to Catch

• Multinational activity
  – No international laws for computer

• Complexity
  – Networked attacks hard to trace
 Real-world & Virtual- world

Current approaches evolved to
deal with real-world crime

Cybercrime occurs in a virtual-
world and therefore presents
different issues
             Example : Theft
Real-world theft:
Possession of property shifts completely
from A to B, i.e., A had it now B has it

Theft in Virtual-world (Cyber-theft):
Property is copied, so A “has” it and so does B
Computer Crimes Are Hard to Prosecute

•   Lack of understanding
•   Lack of physical evidence
•   Lack of recognition of assets
•   Lack of political impact
•   Complexity of case
•   Juveniles
 The Fight Against Computer Crimes

The role in combating cyber crime is
  essentially two-fold:
(1) preventing cyber attacks before they
  occur or limiting their scope by
  disseminating warnings and advisories
  about threats so that potential victims
  can protect themselves
(2) responding to attacks that do occur by
  investigating and identifying the
Existing Laws Used for Computer
Federal Statutes
• Computer Fraud and Abuse Act of 1984
  – Makes it a crime to knowingly access a federal
• Electronic Communications Privacy Act of
  – Updated the Federal Wiretap Act to include
    electronically stored data
• U.S. Communications Assistance for Law
  Enforcement Act of 1996
  – Amended the Electronic Communications Act
    to require all communications carriers to make
    wiretaps possible
  Federal Statutes
• Economic and Protection of Proprietary
  Information Act of 1996
  – Extends definition of privacy to include proprietary
    economic information , theft constitutes corporate or
    industrial espionage
• Health Insurance Portability and Accountability
  Act of 1996
  – Standards for the electronic transmission of healthcare
  Federal Statutes
• National Information Infrastructure Protection Act
  of 1996
  – Amends Computer Fraud and Abuse Act to provide
    more protection to computerized information and
    systems used in foreign and interstate commerce or
• The Graham-Lynch-Bliley Act of 1999
  – Limits instances of when financial institution can
    disclose nonpublic information of a customer to a third
Legal Recourse
• Average armed robber will get $2500-$7500 and risk
  being shot or killed; 50-60% will get caught , convicted
  and spent an average of 5 years of hard time
• Average computer criminal will net $50K-$500K with a
  risk of being fired or going to jail; only 10% are caught,
  of those only 15% will be turned in to authorities; less
  than 50% of them will do jail time
• Prosecution
   – Many institutions fail to prosecute for fear of
   – Many banks absorb the losses fearing that they would
     lose more if their customers found out and took their
     business elsewhere
         – Fix the vulnerability and continue on with business as usual
U.S. Computer Fraud and Abuse Act
• Unauthorized access to a computer
  containing data protected for the
  national defense or foreign relations
• Unauthorized access to a computer
  containing certain banking or financial
• Unauthorized access, use,
  modification, destruction, or disclosure
  of a computer or information in a
  computer operated on behalf of the
  U.S. government
  U.S. Computer Fraud and Abuse Act
             1994, 1996

• Accessing without permission a “protected
  computer,” which the courts now interpret
  to include any computer connected to the
• Computer fraud
• Transmitting code that causes damage to a
  computer system or network
• Trafficking in computer passwords
 U.S. Economic Espionage Act (1996)

• Outlaws use of a computer for foreign
  espionage to benefit a foreign country
  or business or theft of trade secrets
 U.S. Electronic Funds Transfer Act
• Prohibits the use, transport,sale,
  receipt, or supply of counterfeit,
  stolen, altered,lost, or fraudulently
  obtained debit in interstate or foreign
           U.S. Privacy Act
• Protects the privacy of personal data
  collected by the government
U.S. Electronic Communications Privacy
          Act (1986, 1994)
• Protects against wiretapping
             USA Patriot Act

• Knowingly causing the transmission of code
  resulting in damage to a protected
  computer is a felony
• Recklessly causing damage to a computer
  system as a consequence of unauthorized
  access is also a felony
• Causing damage (even unintentionally) as a
  consequence of unauthorized access to a
  protected computer is a misdemeanor
     Digital Millenium Copyright Act
• Prohibits circumventing a technological
  measure designed to protect a copyright.
Obviously computer crime is on the rise,
 but so is the awareness and ability to
 fight it. Law enforcement realizes that
 it is happening more often than it is
 reported and are doing there best to
 improve existing laws and create new
 laws as appropriate. The problem is not
 with the awareness or the laws, but with
 actually reporting that a crime has
 occurred. Hopefully people will begin to
 realize that unless they report these
 crimes and get convictions, those
 committing computer crimes will continue
 to do so.

•   Hackers and their vocabulary
•   Threats and risks
•   Types of hackers
•   Gaining access
•   Intrusion detection and prevention
•   Legal and ethical issues
    Hacker Terms

• Hacking - showing computer expertise
• Cracking - breaching security on software or systems
• Phreaking - cracking telecom networks
• Spoofing - faking the originating IP address in a
• Denial of Service (DoS) - flooding a host with sufficient
  network traffic so that it can‘t respond anymore
• Port Scanning - searching for vulnerabilities
The threats

• Denial of Service (Yahoo, eBay, CNN, MS)
• Defacing, Graffiti, Slander, Reputation
• Loss of data (destruction, theft)
• Divulging private information (AirMiles,
  corporate espionage, personal financial)
• Loss of financial assets (CitiBank) defacement example
Web site defacement example
 Types of hackers
• Professional hackers
    – Black Hats – the Bad Guys
    – White Hats – Professional Security Experts
• Script kiddies
    – Mostly kids/students
        • User tools created by black hats,
             – To get free stuff
             – Impress their peers
             – Not get caught
• Underemployed Adult Hackers
    – Former Script Kiddies
        • Can‘t get employment in the field
        • Want recognition in hacker community
        • Big in eastern european countries
• Ideological Hackers
    – hack as a mechanism to promote some political or ideological purpose
    – Usually coincide with political events
Types of Hackers

• Criminal Hackers
   – Real criminals, are in it for whatever they can get no matter who it
• Corporate Spies
   – Are relatively rare
• Disgruntled Employees
   – Most dangerous to an enterprise as they are ―insiders‖
   – Since many companies subcontract their network services a disgruntled
     vendor could be very dangerous to the host enterprise
Top intrusion justifications

• I‘m doing you a favor pointing out your vulnerabilities

• I‘m making a political statement

• Because I can

• Because I‘m paid to do it
Gaining access
• Front door
   – Password guessing
   – Password/key stealing
• Back doors
   – Often left by original developers as debug and/or diagnostic tools
   – Forgot to remove before release
• Trojan Horses
   – Usually hidden inside of software that we download and install
     from the net (remember nothing is free)
   – Many install backdoors
• Software vulnerability exploitation
   – Often advertised on the OEMs web site along with security patches
   – Fertile ground for script kiddies looking for something to do
 Software vulnerability
• Buffer overruns
• HTML / CGI scripts
• Poor design of web applications
   – Javascript hacks
   – PHP/ASP/ColdFusion URL hacks
• Other holes / bugs in software and services
• Tools and scripts used to scan ports for vulnerabilities
Password guessing

•   Default or null passwords
•   Password same as user name (use finger)
•   Password files, trusted servers
•   Brute force
    – make sure login attempts audited!
Password/key theft
• Dumpster diving
   – Its amazing what people throw in the trash
      • Personal information
      • Passwords
      • Good doughnuts
   – Many enterprises now shred all white paper trash
• Inside jobs
   – Disgruntled employees
   – Terminated employees (about 50% of intrusions
     resulting in significant loss)
        Once inside, the hacker can...

• Modify logs
   – To cover their tracks
   – To mess with you
• Steal files
   – Sometimes destroy after stealing
   – A pro would steal and cover their tracks so to be undetected
• Modify files
   – To let you know they were there
   – To cause mischief
• Install back doors
   – So they can get in again
• Attack other systems
      Intrusion detection systems (IDS)
• A lot of research going on at universities
   – Doug Somerville- EE Dept, Viktor Skorman – EE Dept
• Big money available due to 9/11 and Dept of Homeland
• Vulnerability scanners
   – pro-actively identifies risks
   – User use pattern matching
       • When pattern deviates from norm should be investigated
• Network-based IDS
   – examine packets for suspicious activity
   – can integrate with firewall
   – require one dedicated IDS server per segment
     Intrusion detection systems (IDS)

• Host-based IDS
  – monitors logs, events, files, and packets sent to the
  – installed on each host on network

• Honeypot
  – decoy server
  – collects evidence and alerts admin
Intrusion prevention

•   Patches and upgrades (hardening)
•   Disabling unnecessary software
•   Firewalls and Intrusion Detection Systems
•   ‗Honeypots‘
•   Recognizing and reacting to port scanning
Risk management
 Legal and ethical questions
• ‗Ethical‘ hacking?
• How to react to mischief or nuisances?
• Is scanning for vulnerabilities legal?
   – Some hackers are trying to use this as a business model
       • Here are your vulnerabilities, let us help you
• Can private property laws be applied on the Internet?
Port scanner example