Docstoc

Computer Fraud and Identity Theft

Document Sample
Computer Fraud and Identity Theft Powered By Docstoc
					Computer Fraud, Identity Theft,
   and Computer Forensics
                         How not to
                         be a victim


                 Presented by Scott R. Ellis
    Manager, Forensic and Litigation Technologies Practice
Computer Fraud and Identity Theft
     What is Identity Theft
      Victim v. Opponent
    What is an Opponent?
         The Old Tricks
     You’ve been Hacked
       What NOT to Do
          What TO Do
          Checkmate
          Contact Info
What is Identity Theft?
 Computer Fraud and Identity Theft
      What is Identity Theft

Victim v. Opponent
      What is an Opponent?
         The Old Tricks
        You’ve been Hacked
          What NOT to Do
          What TO Do
            Checkmate
          Contact Info
           Victim v. Opponent
• Qualities of a victim:
  – Inexperienced user
  – Experienced user
  – Suspecting/unsuspecting Users
  – Insecure system
  – Secure system
  – Access to email
  – Uses online banking or other common services
  – Any type of person! (except maybe one)
 Computer Fraud and Identity Theft
      What is Identity Theft
       Victim v. Opponent
What is an Opponent?
           The Old Tricks
          You’ve been Hacked
            What NOT to Do
            What TO Do
             Checkmate
            Contact Info
      Qualities of an Opponent

– Doesn’t want you to know about him.
– The bigger the trick and the older the trick the
  easier it is to pull. There are two reasons this
  works.
– Wants to reassure you, wants you to feel safe.
– The more sophisticated the game, the more
  sophisticated the opponent.
– He is generous (seemingly).
– When you question it, you will question yourself.
  YOU can’t be wrong, right?
Computer Fraud and Identity Theft
     What is Identity Theft
      Victim v. Opponent
    What is an Opponent?

The Old Tricks
       You’ve been Hacked
         What NOT to Do
           What TO Do
           Checkmate
           Contact Info
              The Old Tricks
• The Mole
  – The Mole Might be Your Mother
    (or mine!)
The Nigerian
     How you can get a million dollars for a
     small investment of $4,000?
Bait and Switch
     Check the URL!
Boiler Room (Do they even know the depth of
the con?)
Cross Site Scripting
     The power or right clicking on links
Power of look-alike pop-ups
  Methods of the “Modern” Trick
• When you are being victimized:
  – In every con there is a victim and an opponent.
  – The more control you think you have, the less you
    have.
  – You will be fed pieces. (Something free).
  – You will have likely installed the malware on your
    computer yourself, knowingly and willingly.
  – The opponent will have complete control of the
    environment.
  – Checkmate. When it comes you will know it.
           Method (continued)

• Your weakness will be located with the
  following “tricks”:
  – Searches
  – Banner ads
  – Pop-ups
  – Emails from people you know -- enough spam to
    enough people, will trigger a response
  – Certified letters
  – (eventually one will compel you)
 Computer Fraud and Identity Theft
      What is Identity Theft
       Victim v. Opponent
     What is an Opponent?
          The Old Tricks

You’ve been Hacked
         What NOT to Do
          What TO Do
           Checkmate
          Contact Info
                  You’ve been Hacked

• How do you know?
• Symptoms:
   – Erratic Behavior – windows closing, software that won’t start, antivirus
     stops functioning or won’t update, etc…
   – Errors at unusual times
   – Long boot up times
• Poison Ivy – complete system control, microphone, webcam
  control, desktop access.
• Undetectable root kits.
• Metasploit – allows hackers to generate payloads in many formats.
• DNS Poisoning:
   – Used to replace content for a set of victims
   – Replaces it with the opponents own, malicious web site
• SQL Injection
Computer Fraud and Identity Theft
     What is Identity Theft
      Victim v. Opponent
    What is an Opponent?
         The Old Tricks
     You’ve been Hacked

What NOT to Do
          What TO Do
          Checkmate
          Contact Info
              What NOT to Do
• Do not Panic. Stay Calm.
• Do not continue to use the computer for
  transactions.
• In certain situations, do not even reboot.
• Do not call me (unless you want a forensic
  investigation of the incident!)
• If an identity of the opponent is involved, do not
  attempt to initiate contact.
• Do not think the problem will go away.
Computer Fraud and Identity Theft
     What is Identity Theft
      Victim v. Opponent
    What is an Opponent?
     You’ve been Hacked
       What NOT to Do

   What TO Do
          Checkmate
          Contact Info
                What TO Do
• Call your credit card companies. All of them.
• Be Honest. “Yes officer, I really did believe I
  could help this man retrieve his lost fortune and
  make a nice commission for myself in the process
  by simply depositing $4000 in his checking
  account.”
• EVERY DETAIL HELPS
• They just might know his MO.
• Report cybercrime to cybercrime.gov
• Learn to be safe.
              Credit Reporting Agencies
(notice “free credit report” .com is not one of them)
• TransUnion
  Fraud Victim Assistance Department
  Phone: 800-680-7289

  Equifax
  Consumer Fraud Division
  Phone: 800-525-6285 or: 404-885-8000

• Experian
  Experian's National Consumer Assistance
  Phone: 888-397-3742
Computer Fraud and Identity Theft
     What is Identity Theft
      Victim v. Opponent
    What is an Opponent?
     You’ve been Hacked
       What NOT to Do
          What TO Do

    Checkmate
          Contact Info
                  Checkmate

•   Don’t live in fear.
•   Be Safe – Don’t Click on anything.
•   The Hardest Person to Con?
•   The most difficult person to con is an honest one.
    The honest person believes in working for his
    reward. Nothing worth having is free.

• But just because you are honest doesn’t mean you
  will win at chess!
          Contact Info



For a copy of this presentation and
other articles published by Scott Ellis,
please contact him at:


sellis@us.rgl.com

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:8/13/2011
language:English
pages:24