cyber crimesfaculties.sbu.ac.ir/~m_taherkhani/2014f-comp/law-2014-ch... · 2015. 11. 9. ·...
Post on 26-Aug-2021
1 Views
Preview:
TRANSCRIPT
Cyber CrimesCyber Crimes
M. A. Taherkhani
Dec. 2013
M. A. Taherkhani
Dec. 2013
2
AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study
– Identity Theft– Social Engineering – Malwares– Denial of Services
• References
• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study
– Identity Theft– Social Engineering – Malwares– Denial of Services
• References
3
Concepts & DefinitionsConcepts & Definitions
• Cyber Crime: Any crime conducted viacyber infrastructures– computer networks: Internet– some other inter-communication networks
• Cyber Crime: Any crime conducted viacyber infrastructures– computer networks: Internet– some other inter-communication networks
4
Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):
– Household with Internet Access:(Ref: ITU: Annual Report. 2013)
• Current Trends (Technical):– Household with Internet Access:
(Ref: ITU: Annual Report. 2013)
5
Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):
– Household with Internet Access– Increasing no. Vulnerabilities (Ref: Xforce-
2012)
Vulnerability: An error or weakness in design, implementation or operation
• Current Trends (Technical):– Household with Internet Access– Increasing no. Vulnerabilities (Ref: Xforce-
2012)
Vulnerability: An error or weakness in design, implementation or operation
6
Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):
– Household with Internet Access– Increasing no. Vulnerabilities– Increasing no. of Security Incidents
• CERT/CC, CSIRT
• Current Trends (Technical):– Household with Internet Access– Increasing no. Vulnerabilities– Increasing no. of Security Incidents
• CERT/CC, CSIRT
7
Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)
– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via
the IC3 Web site:
• Current Trends (Case Study)– Internet Crime Compliant Center: IC3
• Yearly Comparison Complaints Received viathe IC3 Web site:
8
Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)
– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via
the IC3 Web site• Yearly Dollar Loss (in millions) of Referred
Complaints
• Current Trends (Case Study)– Internet Crime Compliant Center: IC3
• Yearly Comparison Complaints Received viathe IC3 Web site
• Yearly Dollar Loss (in millions) of ReferredComplaints
9
Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)
– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via
the IC3 Web site• Yearly Dollar Loss (in millions) of Referred
Complaints– FBI Report (2005)
• 9 out of 10 businesses affected bycybercrime
• $67.2 billion per year is lost to cybercrime inthe USA
• Current Trends (Case Study)– Internet Crime Compliant Center: IC3
• Yearly Comparison Complaints Received viathe IC3 Web site
• Yearly Dollar Loss (in millions) of ReferredComplaints
– FBI Report (2005)• 9 out of 10 businesses affected by
cybercrime• $67.2 billion per year is lost to cybercrime in
the USA
10
Concepts & DefinitionsConcepts & Definitions• Security Metrics
– Confidentiality• The asset can only be viewed by
authorized entities– Integrity
• The asset is protected from accidental ordeliberate modification
– Availability• The asset is available for legitimate
entities– Non-Repudiation
• proves the origin of the data/service
• Security Metrics– Confidentiality
• The asset can only be viewed byauthorized entities
– Integrity• The asset is protected from accidental or
deliberate modification– Availability
• The asset is available for legitimateentities
– Non-Repudiation• proves the origin of the data/service
11
AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:
– Identity Thefts – Social Engineering – Malwares– Denial of Services
• Security Mechanism• References
• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:
– Identity Thefts – Social Engineering – Malwares– Denial of Services
• Security Mechanism• References
12
Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Theoretical aspects of Attacks
– Waiting for receiving message m (Ref: EyadAlshareef)
• Theoretical aspects of Attacks– Waiting for receiving message m (Ref: Eyad
Alshareef)
m
Internet
x y
Ref: Eyad Alshareef’s Slides
13
Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Interruption:
– Adversary (A) can discard (m) in its transit• Interruption:
– Adversary (A) can discard (m) in its transit
Ref: Eyad Alshareef’s Slides
m
x y
A
14
Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Interception:
– Adversary (A) can get a copy of (m) when (m)passes by
• Interception:– Adversary (A) can get a copy of (m) when (m)
passes by
Ref: Eyad Alshareef’s Slides
m
x y
m
m
A
15
Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Modification:
– Adversary (A) can arbitrarily modify the contentof (m) to become (m’)
• Modification:– Adversary (A) can arbitrarily modify the content
of (m) to become (m’)
Ref: Eyad Alshareef’s Slides
m
x y
m’
A
16
Concepts & Definitions:Concepts & Definitions:• Fabrication:
– Adversary (A) can arbitrarily fabricate a message(m), pretending that (m) was sent by (x)
• Fabrication:– Adversary (A) can arbitrarily fabricate a message
(m), pretending that (m) was sent by (x)
Ref: Eyad Alshareef’s Slides
x y
m
src: xdst: yA
17
Concepts & Definitions:Concepts & Definitions:• Normal Flow:• Interruption:
– Attack on Availability• Interception:
– Attack on Confidentiality• Modification:
– Attack on Integrity• Fabrication:
– Attack on Non-Repudiation
• Normal Flow:• Interruption:
– Attack on Availability• Interception:
– Attack on Confidentiality• Modification:
– Attack on Integrity• Fabrication:
– Attack on Non-RepudiationRef: Eyad Alshareef’s Slides
18
AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:
– Identity Theft– Social Engineering – Malwares– Denial of Services
• References
• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:
– Identity Theft– Social Engineering – Malwares– Denial of Services
• References
19
Cyber AttacksCyber Attacks– Case Study
• Target: Your User Account – Case Study
• Target: Your User Account
Ref: http://www.ipa.go.jp
20
Cyber Attacks Cyber Attacks • Identity Theft:
– Password Sniffing• Eavesdropping network traffic
– Password Cracking
• Identity Theft: – Password Sniffing
• Eavesdropping network traffic– Password Cracking
Computer
switch
Computer
Computer Computer
21
Cyber AttacksCyber Attacks• Social Engineering Attacks
– Phishing– Pharming
• Social Engineering Attacks – Phishing– Pharming
Ref: http://www.ipa.go.jp
22
Cyber Attacks Cyber Attacks • Malware
– Virus– Worms– Rootkits– Trojan Horses- Etc.
• Malware– Virus– Worms– Rootkits– Trojan Horses- Etc.
Ref: http://www.ipa.go.jp
23
Cyber Attacks Cyber Attacks • Denial of Service
– Distributed DoS • Denial of Service
– Distributed DoS
attacker
attacker
attacker
attacker
victim
attacker
24
ReferencesReferences• ITU Annual Report (2012)• IC3 Report (2009) • FBI Cyber Report (2005) • Network Security Essentials
• ITU Annual Report (2012)• IC3 Report (2009) • FBI Cyber Report (2005) • Network Security Essentials
top related