Docstoc

CyberCrime

Document Sample
CyberCrime Powered By Docstoc
					       MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE




    Defamation on the Internet


“Defamation”, Arts Law Centre [Online: Accessed 4th February 2004 URL:
http://artslaw.com.au/reference/info05/ ]
“Gutnick and Beyond”, FindLaw [Online: accessed: 28th May 2003 URL:
http://www.findlaw.com.au/magazine/Article.asp?id=428 ]
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Defamation
 A communication
    from one person to at least one other,
    that lowers the reputation of an identifiable
     third person,
    where the communicator has no legal
     defence.
 The law of defamation aims to balance free
  speech with the right of an individual to protect
  their reputation
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Communication
 Must be made ('published') to at least one
  person other than the plaintiff.
 The intention of the communicator does not
  matter. Liability for defamation can arise from
  errors.
 Everyone involved in the communication is
  equally liable
 No defence to argue that you are only repeating
  rumours or a comment made by somebody else
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Identification
 The person must be identified
 False names are no defence if the person can
  be identified by other means.
 Identification can be accidental
 A class of people cannot be defamed, but a
  statement denigrating a group may be
  defamatory of a member of that group
 A dead person cannot be defamed
 Corporations can also sue for defamation.
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Reputation
 'Does the communication lower the plaintiff's
  personal or professional reputation, ridicule
  them, or lead others to shun and avoid them?„
 This is judged from the viewpoint of 'ordinary
  decent people in the community taken in
  general' and in light of contemporary standards.
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Imputations
 Court considers the 'imputation', this might not
  be what you meant to say.
 The literal meaning of the communication is not
  the only meaning that is considered.
 The court looks at what it thinks the ordinary
  reader or viewer would have understood the
  communication to mean.
    MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Defences
 Fair comment
 Truth/Justification
 Qualified privilege
 Absolute privilege
 Innocent publication
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Fair Comment
 Statement is 'fair comment' on a matter of public
  interest.
 Must prove:
   It is comment - an opinion, criticism, deduction,
    judgment, remark, observation, or conclusion
   The facts upon which the comment is based must be
    stated unless they are widely known
   The communication has to be on a matter of public
    interest
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Justification
 If your imputation is found to be defamatory, the
  law presumes it to be false.
 To use this defence you have to prove it's true.
 This can be difficult as you can only use
  evidence that is admissible in court
 In some states you also have to prove that your
  publication was for the public benefit
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Qualified Privilege
 Applies when you have an interest or a legal,
  social or moral duty to communicate something
  to a person and that person has a corresponding
  interest or duty to receive the information.
 The defence will fail if you were actually
  motivated by malice to make the communication
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Absolute Privilege
 Protects reports of court and parliamentary
  proceedings
Innocent Publication
 For those such as newsagents (and possibly
  ISP‟s) who cannot reasonably be expected to be
  aware of the defamatory content of material they
  distribute
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Before you publish
 Consider the communication as a whole
  including any headlines or illustrations. Consider
  the context. Which groups or individuals have
  been identified? What imputations arise? Are
  they defamatory?
 See if editing or clarification can remove any
  unintended defamatory imputations;
 Check who is identified in the communication.
  Potential problems can be avoided by narrowing
  the scope of the article, or removing details that
  can lead to identification;
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Before you publish (cont.)
 What defences might be relevant? If it is meant
  to be comment, ensure that it is clearly identified
  as such (for example by adding 'In my opinion„)
  and that the facts on which it is based are stated
  or obvious;
 If you want to argue that the defamatory
  imputations are true, how can they be proved?
  What has been done to verify their accuracy?
  Remember proof has to be to the stringent
  standards demanded by a court. Sources need
  to be first hand (what if they wish to remain
  confidential?).
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Defamation
Dow Jones v Gutnik – High Court of Australia
 The law governing Internet defamation cases is the
  same as for other types of media.
 If a defamation case involves more than one jurisdiction,
  the Court will apply the law of the place in which the
  cause of action arose.
 Each time a new person accesses and reads defamatory
  material on a web site, a new cause of action arises and
  the place in which each case of action arises is the place
  of the reader.
 Discussed in Forder & Quirk at pp 36 & 37
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Defamation (cont.)
 An Internet publisher will need to consider the
  law in many jurisdictions
 Freedom of Speech defences may not apply
 Conflicts in international law
    US decisions that each mass media
     publication gives rise to only one cause of
     action and that the applicable law is that of
     the place of person that publishes the
     material.
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE




                     CyberCrime


See: Brenner Susan W, 2001, “Cybercrime Investigation and Prosecution:
The Role of Penal and Procedural Law”, [Online: Accessed 3 February
2004 URL: http://www.murdoch.edu.au/elaw/issues/v8n2/brenner82.txt ]
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

The Cybercrime Challenge
 Enforcement agencies lack tools
 Lack of specific cybercrime offences
 Lack of appropriate procedural rules
 Transnational nature of cybercrime
    Lack of international agreement
    Lack of uniformity prevents extradition
 Offending often involves multiple and
  geographic diverse offences
 High cost
       MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Types of crimes
   Crimes against the person
   Crimes against property
   Crimes against the administration of justice
   Crimes against the State
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Preparing for Cybercrime
 Most criminal law is generic
 Procedural law differs widely
 Cybercrime can involve
    Using a new means to effect a traditional
     crime
    A completely new type of offending
 A survey of 52 countries found that 33 had yet to
  update their laws to address cybercrime
    MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Crimes Against the Person
 Non-Sexual Crimes
   Murder
   Assault
   Threats
 Sexual Crimes
   Rape
   Child pornography
   Stalking
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Cyberstalking
 Facilitated by enormous amount of personal
  information on the web
 Impersonal and anonymous nature of Internet
  communications remove disincentives for
  stalking
 Cyberstalkers effort is minimal
 Difficult to locate, identify and arrest offender
 Inflicts psycological but not physical damage
 Conflicts with “freedom of speech”
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Cyberstalking (cont.)
 When should criminal liability be imposed for creating
  and disseminating artificial constructs and manipulating
  information that is freely available about individuals?
 This is a "new" criminal
    exploits computer technology to achieve results that
     would not have been achievable in years past.
 A nation must maintain a balance between
    protecting the safety and security of individuals and
    guaranteeing the free dissemination of information
     and opinion.
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Crimes Against Property
   Theft
   Forgery
   Fraud
   Malicious damage
   Hacking
        MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Theft
   Unlawfully taking property
   That belongs to another
   So as to deprive the owner of its use
   By
       Carrying it away (larceny)
       Using force (robbery)
       Deception (fraud)
       Breaking & entering (burglary)
       Exploiting a position of trust (embezzlement)
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Theft (cont.)
 The law has had difficulty in reconciling the use
  of new technology with theft offences e.g.
   “joy riding” in cars)
   Cheques
   Electronic funds
 Cybertheft relies on the electronic transmission
  and manipulation of data-rather than acts and
  communications effected in the "real world“
 Cybertheft is traditional theft accomplished by
  rather non-traditional means
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Theft (cont.)
 Real world theft is a zero sum offence - the sole
  possession and use of property is transferred
  from the rightful owner to the thief.
 Cybertheft may only involve copying information
    Both the owner and the thief now have the
     information
    The owner has lost value due to loss of
     exclusive use of the information
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Forgery
 Using a computer to forge:
   paper documents
   Electronic documents
 Same offence – new means
 No new penal laws required
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Hacking
 Analogous to traditional law of trespass
 Difficulties with
   Consent
   Virtual worlds
  Requires specific penal laws
 Hactivism
   Analogous to vandalism
   More damage caused
   Is it free speech?
    MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Denial of Service
 Cannot be prosecuted as:
   Vandalism
   Theft
 Requires new penal laws
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Crimes Against Administration of Justice
 Generating false evidence
 Altering court records
 Threatening judges, law enforcement officials
  etc.
 False reports of crime
 Impersonating police officers etc.
 Mostly, computer technology is simply a tool that
  is used to commit an existing offence
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Crimes Against Administration of Justice
 Two new types of offending
    Cybervigilantism
       Raises similar issues to cyberstalking
    Threats
       Conflict with “freedom of speech”
       Virtual activities may not be seen as a
        direct threat
       Compilation of publicly available material
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Crimes Against the State
   Treason
   Espionage
   Sabotage
   Terrorism
     One man‟s terrorist is another man‟s freedom fighter
 Counterfeiting
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Procedural Laws
   Jurisdiction
   Place of offence
   Extradition
   Search and Seizure laws
     What is a legal search in one country may not be in
      another
     Often only cover tangible evidence
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


International Agreements
 The Council of Europe's Draft Convention on
  Cyber-Crime seeks "to improve the means to
  prevent and suppress computer- or computer -
  related crime by establishing a common
  minimum standard of relevant offences."
 The convention proposed by the Center for
  International Security and Cooperation (CISAC)
  has similar provisions
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


International Agreements (cont.)
 The Council of Europe‟s convention addresses
   misuse of computer data and computer systems;
   computer-related forgery and fraud;
   child pornography;
   infringement of copyright
   provisions governing the imposition of aiding and
    abetting and corporate liability.; and
   the availability of certain procedures used to
    investigate cybercrime and apprehend cybercriminals.
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


The Australian Response
Cybercrime Act 2001
 Creates 3 new serious offences
   Unauthorised access, modification or
    impairment with intent to commit a serious
    offence
   Unauthorised modification of data
   Unauthorised impairment of electronic
    communications
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Cybercrime Act 2001 (cont.)
 Creates 4 lesser offences
   Unauthorised access to, or modification of,
    restricted data
   Unauthorised impairment of data held on a
    computer disk
   Possession or control of data with intent to
    commit a computer offence
   Producing, supplying or obtaining data with
    intent to commit a computer offence
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Cybercrime Act 2001 (cont.)
 increases investigation powers relating to search
  and seizure of electronically stored data
 Defines computer terms e.g.
    Access to data
    Data held in a computer
    Electronic communication
    modification
    Unauthorised access
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Hacker
 Originally, an expert programmer
 Today, someone who breaks into computers
 Types of hackers
    White-hat hackers
    Black-hat hackers (crackers, dark side hackers)
    Elite hackers
       Superior technical skills
       Very persistent
       Often publish their exploits
    Samurai – a hacker for hire
    MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

 Script-kiddie (packet monkeys, lamerz)
   Hacker in training
   Disdained by the elite hackers
 Phreaker
   Person who cracks the telephone network
 Insider
   Trusted employee turned black-hat hacker
   Very dangerous
      MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Password Theft
 Easiest way to gain access
 User carelessness
    Poor passwords
       Easily guessed
    Dumpster diving
    Observation, particularly for insiders
       The sticky note on the monitor
    Human engineering, or social engineering
    Standard patterns (e.g., Miami University)
       Guess the password from the pattern
    MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Password Cracker Software
 Available over the Internet
 Recover lost passwords
 Cracking techniques
   Word list or dictionary
   Brute force
   Hybrid – lOphtcrack
 Precaution – store encoded passwords
 MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Passwords are stored in encoded form
                         User      Server

 Minimize risk if        Enter     Encode
                        password   password
  hacker steals
  password file
                                     Read          Encoded
    Un-encoded                    encoded         password
                                   password           file
     password needed
 Password                          Match     No
  cracking programs                  ?


    Dictionary based                   Yes


    Avoid English                  Grant
                                    access
                                                   Deny
                                                   access
     words
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Packet Sniffer
 Software wiretap
 Captures and analyzes packets
 Any node between target and Internet
 Broadcast risk
    Ethernet and cable broadcast messages
    Set workstation to promiscuous mode
 Legitimate uses
    Detect intrusions
    Monitoring
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

           A packet sniffer


                             Wiring
                             closet

                                         Server




                             Ethernet is a broadcast
          Sniffer
          Promiscuous mode   technology
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Backdoor
 Undocumented access point
    Testing and debugging tool
    Common in interactive computer games
        Cheats and Easter eggs
 Hackers use backdoors to gain access
    Programmer fails to close a backdoor
    Trojan horse
    Inserted by hacker on initial access
        Back Orifice – the Cult of the Dead Cow
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Potentially Destructive Software
 Logic bomb
    Potentially very destructive
    Time bomb – a variation
 Rabbit
    Denial of service
 Trojan horse
    Common source of backdoors
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Viruses
 Parasite
 Requires host program to replicate
 Virus hoaxes can be disruptive
Worms
 Virus-like
 Spreads without a host program
 Used to collect information
       Sysop – terminal status
       Hacker – user IDs and passwords
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

      Structure of a typical virus

  Reproduction       Concealment
                                       Payload
     logic              logic


  Macro viruses                   Payload can be
                                    Trivial
  Polymorphic viruses
                                    Logic bomb
  E-mail attachments               Time bomb
     Today, click attachment
                                    Trojan horse
     Tomorrow, ???
                                    Backdoor
  Cluster viruses                  Sniffer
     Spawn mini-viruses
     Cyberterrorism threat
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Anti-Virus Software
 Virus signature
   Uniquely identifies a specific virus
   Update virus signatures frequently
 Heuristics
   Monitor for virus-like activity
 Recovery support
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


System Vulnerabilities
 Known security weak points
   Default passwords – system initialization
   Port scanning
   Software bugs
   Logical inconsistencies between layers
   Published security alerts
 War dialer to find vulnerable computer
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

Denial of Service Attacks (DoS)
 An act of vandalism or terrorism
    A favorite of script kiddies
 Objective
    Send target multiple packets in brief time
    Overwhelm target
 The ping o‟ death
 Distributed denial of service attack
    Multiple sources
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

      A distributed denial of service attack
   Cyber equivalent of
    throwing bricks
   Overwhelm target
    computer
   Standard DoS is a
    favorite of script              Target system
    kiddies
   DDoS more
    sophisticated
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE


Spoofing
 Act of faking key system parameters
 DNS spoofing
    Alter DNS entry on a server
    Redirect packets
 IP spoofing
    Alter IP address
    Smurf attack
     MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE

                IP spoofing                                       Preparation
                                                                     Probe target (A)
             1      False message claiming to come from Beta


                            Counterfeit
                                                                  Launch DoS attack on trusted
                       3
                            acknowledgement                        server (B)
  Alpha server                                       Hacker's
  (the target)                                       computer
                       4   One-way connection                     Attack target (A)
                                                                     Fake message from B
                    Acknowledgement to Beta                          A acknowledges B
            2
                    No response possible                                 B cannot respond
                                                                         DoS attack
                                                                     Fake acknowledgement from B
                                                                     Access A via 1-way
    Beta server
 (trusted source)
                                                                      communication path



Under DoS attack

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:8/25/2011
language:English
pages:55