tts1133 : internet ethics and cyber law chapter two computer crime and internet crime 1 prepared by:...
TRANSCRIPT
TTS1133 : INTERNET ETHICS AND CYBER LAWCHAPTER TWO
Computer Crime and Internet Crime
1
Pre
pa
red
By: R
azif R
aza
li
CONTENTS IT Security incidents Types of attacks Perpetrator types – hacking and cracking
The cyber law pertaining to computer crime Penalties appropriate to the crime
Fraud, sabotage, Information theft and forgery Credit card, identity theft, cell phones, etc Swindling and sabotaging employers and competitors Digital forgery
Reducing vulnerabilities Risk assessment Establish a security policy
2
Pre
pa
red
By: R
azif R
aza
li
TERMS & DEFINITIONS
Computer crime, or cybercrime, refers to any crime that involves a computer and a network.
Internet Crime or Netcrime refers, more precisely, to criminal exploitation of the Internet.
Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming.
There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
3
Pre
pa
red
By: R
azif R
aza
li
CATEGORIES OF CYBERCRIMES
Basically there are three basic categories of cybercrimes: Cybercrimes against persons. Cybercrimes against property. Cybercrimes against government.
Overview of cybercrime
4
Pre
pa
red
By: R
azif R
aza
li
Prepared By:
Razif Raza
li
5WHAT IS THE MALICIOUS CODE?
Malicious Code or a rogue program is the general name for unanticipated or undesired effects in programs or program parts. Cause by agents that the computer system can be affected. The agent is the writer of the program or the person or the person who causes its distribution. Malicious code can do anything any other program can, such as writing a message on a computer screen, stopping a running program, generating a sound or erasing a stored file. Malicious code runs under the user authority.
TYPES OF ATTACKS
Security incidents can take many forms, but one of the most frequent is an attack on a networked computer from outside source.
Most attacks involve: Viruses Worms Trojan Horses Denial – of – Service (DoS)
7
Pre
pa
red
By: R
azif R
aza
li
VIRUSES
• Computer virus has become an umbrella term for many types of malicious code.
• Technically, virus is a piece of programming code that seeks out other programs and “infects” a file by embedding a copy of itself inside the program.
• The infected program is often called a virus host. • When the host procedure runs, the virus code runs as
well and performs the instruction it was intended to perform.
• A virus needs a host to infect. Without a host, the virus cannot replicate.
8
Pre
pa
red
By: R
azif R
aza
li
VIRUSES
Viruses cause some unexpected and usually undesirable event. Most viruses deliver a “payload” or malicious act. For example, the virus may be programmed to display a certain message on
the screen, delete or modify certain document, or reformat the hard drive. A true virus doesn’t spread itself from computer to computer. To propagate to other machines, it must be passed through e-mail
attachment, shared files, etc. Macro virus: attackers use an application macro language (Visual Basics
Scripting) to create programs that infects documents and templates. After an infected document is opened, the virus is executed and infects the
user’s application template. Macros can insert unwanted words, numbers or phrases into documents. After a macro virus infects user’s application, it can embed itself in all future
documents created with the application 9
Pre
pa
red
By: R
azif R
aza
li
VIRUSES
Virus is a program that can be broken into three functional parts: Replication Concealment Bomb
How virus spread How to avoid computer virus
10
Pre
pa
red
By: R
azif R
aza
li
HISTORY OF VIRUSES
Early 1970s – creeper virus detected on ARPANET a virus was implemented called Reaper to seek out and
kill creeper 1974 – Rabbit virus (named because of how quickly it
spread) appears 1975 – Pervading Animal, a game implemented on the
UNIVAC unknown whether this was the first Trojan Horse program
or a program with unintentional bugs 1980 – Masters thesis regarding self-replication of programs 1982 – Elk Cloner introduced, virus that affected Apple II
computers, first to spread by floppy disk 1983 – term virus first coined, renamed computer virus in
1984
11
Pre
pa
red
By: R
azif R
aza
li
HISTORY OF VIRUSES
1986 – Brain boot sector virus released, first known virus targeting IBM PC computers
1986 – Virdem model of programs introduced programs that could replicate by placing their own
executable code into DOS .com files 1987 – Cascade, first self-encrypting virus 1987 – Jerusalem virus unleashed
in 1988 would become a world-wide epidemic 1988 – Morris Internet worm 1988 – first antiviral software released 1990 – polymorphic viruses introduced 1992 – Michelangelo virus
was discovered before it could do worldwide damage and was minimized
12
Pre
pa
red
By: R
azif R
aza
li
HISTORY OF VIRUSES 1995 – Concept virus (first macro virus) 1999 – Melissa Worm released targeting MS Outlook 2000 – Loveletter (ILOVEYOU) worm released
as of 2004, this has been the most costly worm released 2001 – Ramen Worm
like Morris Worm but affects Linux Redhat systems 2001 – Sadmind worm affects Sun workstations and Microsoft
Internet Information Services both 2001 – Code Red, Code Red II, Nimda, Klez worms 2003 – SQL Slammer Worm attacks MS SQL servers 2003-2004 – also saw Blaster worm, Sobig worm, MyDoom
(fastest spreading worm ever)
13
Pre
pa
red
By: R
azif R
aza
li
Prepared By:
Razif Raza
li
18
HOW VIRUS ATTACH?
Virus is attached by using three methods: Appended to program Surrounding a program Integrating into program
Prepared By:
Razif Raza
li
19
VIRUS APPENDED TO A PROGRAM
The program virus attached itself to a program, then, whenever the program is run, the virus is activated.
This kind of attachment is simple and effective.
In the simplest case, a virus inserts a copy of itself into the executable program file before the first executable instruction.
Then, all the virus instructions execute first; after the last virus instruction, control flows naturally to what used to be the first program instruction.
Prepared By:
Razif Raza
li
21
VIRUS SURROUNDING & INTEGRATING
Virus surrounding a program Virus that runs the original program but has control
before and after its executions. Example: the virus writer might want to prevent the
virus from being detected.
Virus Integrated into a program The virus replaces some of its target, integrating
itself into the original code of the target. The virus writer has to know the exact structure of
the original program and must know where to insert the piece of the virus.
Prepared By:
Razif Raza
li
23
HOMES FOR VIRUSES
Since a virus can be rather smaller, its code can be ‘hidden’.
Two hundred lines of a virus could be separated into one hundred packets of two lines of code.
The virus writer may find these qualities appealing in a virus: It is hard to detect It is not easily destroyed and deactivated. It spread infection widely. It can reinfect it home program or other programs. It is easy to create. It is machine independent and operating system
independent.
HOW VIRUSES MAY EFFECT FILES
Viruses can affect any files; however, usually attack .com, .exe, .sys, .bin, .pif or any data files.
Increase the files size, however this can be hidden. It can delete files as the file is run. It can corrupt files randomly. It can because write protect errors when
executing .exe files from a write protected disk. It can convert .exe files to .com files. It can reboot the computer when executed.
Prepared By:
Razif Raza
li
24
Prepared By:
Razif Raza
li
25
TRUTH ABOUT VIRUS Viruses can infect only Microsoft Windows operating
systems – FALSE Viruses can modify ‘hidden’ or’ read only file’. –
TRUE Virus can appear only in data files, or only in word
document, or programs – FALSE Virus spread only on disks or only in e-mail.- FALSE Virus cannot remain in memory after a complete
power off/power on reboot – TRUE Virus cannot infect hardware – TRUE Virus can be malevolent, benign or benevolent -
TRUE
SALAMI ATTACK
This approach gets its name from the way odd bits of meat and fat are fused together in a sausage or salami.
Some books refer salami attack as a salami shaving. In the same way, a salami attack merges bits of seemingly
inconsequential data to yield powerful result. Example of salami attack:
With salami shaving, a programmer alters a program to subtract a very small amount of money from an account – say, two cents- and diverts the funds to the embezzler’s account.
Ideally, the sum is so small that it’s never noticed. In a business that handles thousand of accounts, an insider
could skim tens of thousands of dollars per year using this method. Prep
ared By:
Razif Raza
li
26
Prepared By:
Razif Raza
li
27
PREVENTION OF VIRUS INFECTION
The only way to prevent the infection of a virus is not to share executable code with an infected source.
Techniques used to control virus:Use only commercial software acquired from
reliable, well establish vendor.Test all new software on an isolated computer.Open attachments only when you know them to
be safe.Make a recoverable system image and store it
safely.Make and retain backup copies of executable
system files.Use virus detectors regularly and update them
daily.
WORMS A worm is different from a virus in that it is a standalone
program . A typical worm maintains only a functional copy of itself
in active memory and duplicate itself . They differ from viruses because they can propagate
without human intervention, sending copies of themselves to other computers by e-mail, for example: Melissa (1999).
Melissa was a worm/virus hybrid that could infect a system like a virus by modifying documents to include quotes from The Simpsons TV show.
28
Pre
pa
red
By: R
azif R
aza
li
TROJAN HORSE• The Trojan horse is an application that hides a nasty
surprise.• The Trojan horse is a program that a hacker secretly
installs on a computer. • The program harmful payload can allow the hacker to steal
password, SSN, or spy on users recording keystrokes and transmitting them to a server operated by a third party.
• The data may then be sold to criminals who use this info to obtain credit cards.
29
Pre
pa
red
By: R
azif R
aza
li
TROJAN HORSE
The Trojan horse is standalone application that appears to perform some helpful or neutral purpose, but is actually performing a malicious act while the user watches the program appear to do something else.
Trojan horse doesn’t replicate itself, and doesn’t attach itself to other files.
30
Pre
pa
red
By: R
azif R
aza
li
LOGIC BOMB
Type of Trojan horse, which executes under specific conditions.
A logic bomb can execute based on a date and time, or when you shut down your machine for the 33rd time or based on typing a specific series of keystrokes. Any event works.
31
Pre
pa
red
By: R
azif R
aza
li
DENIAL OF SERVICE (DOS)
Also known as Distributed Denial of Service Attack.
DOS is an attempt to make a computer resource unavailable to the intended users.
It simply aims to prevent legitimate users from accessing the system.
Prepared By:
Razif Raza
li
33
TYPES OF COMPUTER CRIMES Computer as the target
theft of intellectual property, blackmail of information gained through electronic files
Computer as the instrument fraud (credit card fraud, fraudulent use of ATM accounts,
stock market transfers, telecommunications fraud), theft of (electronic) money
Computer incidental to the crime computers used in support, e.g., money laundering, record
keeping, tracking of targets, etc Computer associated with the prevalence of the crime
software piracy/counterfeiting, copyright violation of software, counterfeit hardware, black market sales of hardware and software, theft of equipment and new technologies
34
Pre
pa
red
By: R
azif R
aza
li
SPECIFIC CRIMES
Denial of service (which might be performed for extortion or sabotage)
Fraud, which encompasses many possible actions employees altering data, making false entries unauthorized access that leads to altering, destroying,
suppressing, or stealing data or output altering or misusing existing system tools or software
packages or altering or writing code for fraudulent purposes manipulating banking systems to make unauthorized identity
theft. Harassment by computer (cyberstalking, defamation) Pornography Copyright infringement Larceny (theft) of software or data Malicious software (viruses, trojan horses, worms, logic bombs,
spyware, backdoors) 35
Pre
pa
red
By: R
azif R
aza
li
HACKING VS. CRACKING
• Hack originally used to refer to clever way MIT engineers used to run a model railroad
• Hacker originally meant a clever programmer but has been co-opted by media to mean a criminal
• Cracker is a better term for computer criminal
• Hacker's Ethic described in 1984 book by Steven Levy, Hackers: Heroes of the Computer Revolution
36
Pre
pa
red
By: R
azif R
aza
li
HACKING VS. CRACKING
A hacker is a person who is proficient with computers and/or programming to an elite level where they know all of the in's and out's of a system.
Hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks.
A cracker is a hacker who uses their proficiency for personal gains outside of the law. Eg: stealing data, changing bank accounts, distributing viruses etc.
crackers sole aim is to break into secure systems,
To copy commercial software illegally by breaking (cracking) the various copy-protection and registration techniques being used.
Hackers Crackers
They are both the same thing...Sort of.
It's then safe to say that all crackers are hackers, but not all hackers are crackers. This is an important distinction.
37
Pre
pa
red
By: R
azif R
aza
li
38
COMPUTER CRIMINALS
We can differentiate the hackers into three groups:White HatBlack HatGrey Hat
Pre
pa
red
By: R
azif R
aza
li
39
WHITE HAT HACKERS
Upon finding vulnerability in a system, will report the vulnerability to the vendor of that system.
For example: if they discover some flaw in Red Hat Linux, they would then e-mail the Red Hat company and explain exactly what the flaw is and how it was exploited.
Pre
pa
red
By: R
azif R
aza
li
40
BLACK HAT HACKERS
The people normally depicted in the media.
Once they gain access to a system, their goal is to cause some type of harm.
Sometimes are referred to as crackers. Example: stealing data, erase file or
deface Web sites.
Pre
pa
red
By: R
azif R
aza
li
41
GRAY HAT HACKERS
Typically law-abiding citizens, but in some cases will venture into illegal activities.
They may do so for a wide variety of reasons.Example: hacking into a system belonging to a corporation that the hackers feels is engaged in unethical activities.
Pre
pa
red
By: R
azif R
aza
li
PHISHING Illegally attempting to gain sensitive information from people
for the purpose of computer-based fraud, these attempts can include social engineering password cracking packet sniffing
listening over a network for sensitive information (e.g., someone emailing a password), wireless networks have been especially susceptible in the past
link manipulation for website spoofing sending an email with a phony link, causing the
unsuspecting person to go to a phony website rather than the intended website
website forgery in addition to website spoofing, javascript code can do
such things as change the address bar to make the website look legitimate
phone phishing getting someone to dial-up your computer and thus gain
sensitive information
43
Pre
pa
red
By: R
azif R
aza
li
KEVIN MITNICK Started off forging bus punch cards with his own card puncher He then moved into phreaking
in 1979 broke into DEC system when a friend gave him their dial-up phone number, was convicted
Later, would change his identity by obtaining birth certificates of children who died by the time they were 3 years old
He continued to break into people’s computer systems but was ultimately caught when he hacked into the system of Tsutomu Shimomura, who tracked him down supporters of Mitnick have claimed that many of the charges
against him were fraudulent! he now runs his own computer security firm and is a highly
sought public speaker
44
Pre
pa
red
By: R
azif R
aza
li
MORRIS WORM
Robert Morris, a Professor at MIT, is notable for releasing a WORM on the Internet in 1988 his idea, as a graduate student at Cornell, was to
demonstrate the security holes in Unix and also gauge the size of the Internet at the time
he claims that he had no idea that the WORM would spread so far or rapidly or affect as many computers as it did
the WORM would attempt to gain access to an Internet host by overflowing the finger utility’s buffer overflowing the sendmail buffer try simple or no passwords to break into accounts use rsh to access computers of the same server
once it was able to access the host computer, it would attempt to make copies of itself on all computers accessible via this host’s host table 45
Pre
pa
red
By: R
azif R
aza
li
FRAUD
Computer fraud is any dishonest misrepresentation of fact intended to let another to do or refrain from doing something which causes loss.
Fraud usually involves a material respresentation of a fact that is false and known to be false by the maker.
46
Pre
pa
red
By: R
azif R
aza
li
SABOTAGE
Sabotage is a deliberate action aimed at weakening another entity through subversion, obstruction, disruption, or destruction
47
Pre
pa
red
By: R
azif R
aza
li
FRAUD EXAMPLES
Altering computer input in an unauthorized way.
Altering, destroying, suppressing, or stealing output.
Altering or deleting stored data; Altering or misusing existing system tools or
software packages, or altering or writing code for fraudulent purposes.
Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information.
48
Pre
pa
red
By: R
azif R
aza
li
DEFINITION OF IDENTITY THEFT
A person commits the crime of identity theft if, without the authorization, consent, or permission of the victim, and with the intent to defraud for his or her own benefit or the benefit of a third person, he or she does any of the following:
1. Obtains, records, or accesses identifying information that would assist in accessing financial resources, obtaining identification documents, or obtaining benefits of the victim.
2. Obtains goods or services through the use of identifying information of the victim.
3. Obtains identification documents in the victim's name.
US Legal Definitions49
Pre
pa
red
By: R
azif R
aza
li
Pre
pa
red
By: R
azif R
aza
liPROTECTED INFORMATION
Name Date of birth Social Security
number Driver's license
number Financial services
account numbers, including checking and savings accounts
Credit or debit card numbers
Personal identification numbers (PIN)
Electronic identification codes
Automated or electronic signatures
Biometric data Fingerprints Passwords Parent's legal
surname prior to marriage
50
Prepared By:
Razif Raza
li
INDIVIDUALS COMMITTING IDENTITY THEFT Individuals
May have some relationship to the victim Often have no prior criminal record
Illegal Immigrants Methamphetamine Users Career Criminals Gangs
Hells Angels MS-13
Foreign Organized Crime Groups Asia Eastern Europe
51
Prepared By:
Razif Raza
li
VICTIMS OF IDENTITY THEFT
Higher education / higher income
Age 22 - 59
Married
Basically, individuals most likely to have a
good credit rating / credit history
52
Prepared By:
Razif Raza
li
METHODS OF OBTAINING IDENTITY INFORMATION
Dumpster Diving
Skimming
Phishing
Change of Address
Theft of Personal Property
Pretexting / Social Engineering
53
Prepared By:
Razif Raza
li
HOW THE INTERNET IS USED FOR ID THEFT
Hackers Interception of transmissions - retailer to credit
card processor Firewall penetration - data search Access to underlying applications
Social Engineering / Phishing / Pretexting Malware / Spyware / Keystroke Loggers
54
CRIMES FOLLOWING IDENTITY THEFT
Credit Card Fraud Phone/Utility Fraud Bank/Finance Fraud Government Document Fraud Employment Fraud Medical Fraud Misrepresentation during arrest
55
Prepared By:
Razif Raza
li
PROBLEM WITH IDENTITY THEFT INVESTIGATION
Lapse of time between crime and the time
the crime is reported
Monetary amount
Jurisdiction
Anonymity
56
Prepared By:
Razif Raza
li
IDENTITY THEFT INVESTIGATION
http://www.ftc.gov/bcp/edu/microsites/idtheft/law-enforcement/investigations.html
Identity Theft Data Clearing House Identity Theft Transaction Records
Subpoena or victim’s permissionRequest for documents
Must be in writing Authorized by the victim Be sent address specified by the business Allow the business 30 days to respond
57
Prepared By:
Razif Raza
li
CARDING TERMINOLOGY Dumps - information electronically
copied from the magnetic stripe on the back of credit and debit cards.Track 1 is alpha-numeric and contains
the customer’s name and account number
Track 2 is numeric and contains the account number, expiration date, the secure code (known as the CVV),and discretionary institution data.
PIN - Personal Information Number BIN - Bank Information Number
58
Prepared By:
Razif Raza
li
CARDING TERMINOLOGY CONT.
Full Info” or “Fulls” - a package of data about a victim, including for example address, phone number, social security number, credit or debit account numbers and PINs, credit history report, mother’s maiden name, and other personal identifying information
59
Prepared By:
Razif Raza
li
HOW CREDIT CARD INFORMATION OBTAINED ONLINE
In bulk from hackers who have
compromised large databases
http://www.privacyrights.org/ar/ChronDataBre
aches.htm
Phishing
Malware
60
Prepared By:
Razif Raza
li
TYPES OF CARDING
Carding Online
Using stolen credit cards to purchase goods & services online
Carding to a drop - having goods sent to another physical address
Cobs - changing billing address with credit card company
61
Prepared By:
Razif Raza
li
TYPES OF CARDING CONT.
In-Store Carding Presenting a counterfeit credit card that had
been encoded with stolen account information to a cashier at a physical retail store location
More risky
Higher level of sophistication
62
Prepared By:
Razif Raza
li
TYPES OF CARDING CONT.
Cashing The act of obtaining money, rather than retail
goods and services, with the unauthorized use of
stolen financial information
Pin Cashing - Using dump information to encode
a strip on a card to use at ATMs
63
Prepared By:
Razif Raza
li
TYPES OF CARDING CONT.
Gift Card Vending
Purchasing gift cards from retail merchants at
their physical stores using counterfeit credit
cards and reselling such cards for a percentage
of their actual value
Sales maybe online or face-to-face
64
FORGERY
Forgery is the process of making, adapting, or imitating objects, statistics, or documents with the intent to deceive.
Copies, studio replicas, and reproductions are not considered forgeries, though they may later become forgeries through knowing and willful misrepresentations.
Forging money or currency is more often called counterfeiting
65
Pre
pa
red
By: R
azif R
aza
li
DIGITAL FORGERY
Digital forgery involves any action using the digital or soft copy to propagate crime. Example: image forger, information forgery, etc.
66
Pre
pa
red
By: R
azif R
aza
li
Prepared By:
Razif Raza
li
CARDING WEBSITES (ALL DISABLED)
www.shadowcrew.com
www.carderplanet.com
www.CCpowerForums.com
www.theftservices.com
www.cardersmarket.com
67
SPAM
Is the unsolicited sending of bulk email for commercial purposes, is unlawful to varying degrees.
As applied to email, specific anti-spam laws are relatively new, but however, limits on unsolicited electronic communications have existed in few forms for some time.
70
Pre
pa
red
By: R
azif R
aza
li
RISK ASSESTMENT
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Risk assessment is a step in a risk management procedure.
Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard).
72
Pre
pa
red
By: R
azif R
aza
li
Prepared By:
Razif Raza
li
73
RISK ANALYSIS
Good, effective security planning includes a careful risk analysis.
A risk is a potential problem that the system or its users may experiences.
We distinguish a risk from other projects events by looking for three things:A loss associated with an event.
The event must generate a negative effect.The likelihood that the event will occur.
There is a probability of occurrence associated with each risk.
The degree to which we can change the outcome.We must determine what, if anything, we can do to avoid the impact or at least reduce its effects.
Prepared By:
Razif Raza
li
74
STRATEGIES FOR RISK REDUCTION
In general, there are three strategies for risk reduction: Avoiding the risk Transferring the risk. Assuming the risk.
Risk analysis is the process of examining a system and its operational context to determine possible exposure and the potential harm they can cause.
Prepared By:
Razif Raza
li
75
STEPS OF A RISK ANALYSIS
Risk analysis for security is adapted from more general management practice, placing special emphasis on the kinds of problem likely to arise from security issues.
By following well-defined steps, we can analyze the security risks in a computing system.
The basic steps of risk analysis are listed below: Identify assets. Determine vulnerabilities. Estimate likelihood of exploitation. Computer expected annual loss. Survey applicable controls and their costs. Project annual savings of control.
Prepared By:
Razif Raza
li
77
SECURITY PLANNING
A security plan is a document that describes how an organization will address its security needs.
The plan is subject to periodic review and revision as the organization’s security needs change.
A good security plan is an official record of current security practices, plus a blueprint for orderly change to improve the practices.
A security plan identifies and organizes the security activities for computing system.
Advantage of having the security plan is it can allow happening in studied and organized manner.
Prepared By:
Razif Raza
li
78
SECURITY PLANNING
The plan is both a description of the current situation and a plan for improvement.
Every security plan must address seven issues, which is:: Policy Current State Requirements Recommended Control Accountability Timetable Continuing Attention
ORGANIZATIONAL SECURITY POLICIES
A key element of any organization’s security planning is an effective security policy.
A security policy is a high-level management document to inform all users of the goals of and constrains on using a system.
A policy document is written in broad enough terms that it does not change frequently.
Purpose of security policies: Security policies are used for several purposes, including
the following: Recognizing sensitive information assets. Clarifying security responsibilities. Promoting awareness for existing employees. Guiding new employees.
79
Pre
pa
red
By: R
azif R
aza
li