virginia commonwealth university police the technical side of the internet & computer crime...
TRANSCRIPT
VIRGINIA COMMONWEALTHVIRGINIA COMMONWEALTHUNIVERSITY POLICEUNIVERSITY POLICE
THETHE
TECHNICAL SIDE OF THETECHNICAL SIDE OF THE
INTERNET & COMPUTERINTERNET & COMPUTER
CRIMECRIME
Officer Troy C. Ross
Webmaster, VCU Police
An Introduction to the NetAn Introduction to the Net
As of the year 2000, the Internet has become an
international collection of over 9.7 million computer
networks, all very capable of communicating with
one another. Approximately 300 million people
world-wide have access to the Internet (122.6 million
of them being in the United States). So how do each
of these computers connect with one another?
How Computers ConnectHow Computers Connect
Every computer that is connected to the Internet depends on Internet
Protocol (IP) to communicate with one another. Each computer has
an IP Address. An example of an IP Address may look like
128.172.101.102. The first set of digit(s) in this example, 128, identifies
a section of the main Internet system. The next set of digit(s), 172,
identifies a specific network. The next set of digit(s), 101, identifies a
section or department of the specific network. Finally, the last set of
digit(s), 102, identifies a specific computer within that network.
How Computers ConnectHow Computers Connect128.172.101.102 128.172.101.302
128.172.101.199
ISPServer
ISP Server
ISPServer
Typical Diagram of a Network
Surfin’ The WebSurfin’ The Web
Most people who surf the web use
browsers, such as Microsoft Internet
Explorer™ or Netscape Communicator™.
These browsers allow your computer to
connect to servers (computers that store
web site files and "serves" them to you
when requested). These communications
over the net are not private. Nearly everything is sent unencrypted and can be
easily read.
Information ExchangeInformation Exchange
When computers connect, certain information can be exchanged. For instance, some web
sites can log your IP address. Others can place on your hard drive a "cookie" (a text file
that is stored in the hard drive of your computer, telling the server things about you, your
computer and your activities). Web browsers can be customized in their settings to accept
or reject the cookie. Passwords stored in your computer can possibly be read by programs
operated by malicious users, either locally (physically at your computer) or remotely
(through the web).
Online ProtectionOnline Protection
There is no fool-proof way to protect your computer 100%, with the exception of turning
it off. But you can protect it about 99% of the time, with the right tools. There is a large
amount of software available that can protect you and your computer. Anti-virus programs
can block trojan files, worm files, and viruses from infecting your computer. These harmful
things can make it vulnerable to outside attacks by malicious users. Firewall programs can
keep other computers from connecting to yours through unguarded ports on your PC.
Certain hardware connected to your computer, such as barricades, can 'hide' your computer
from others on the web.
An Intro to Computer An Intro to Computer CrimeCrime
The most common Internet crime is online fraud. This occurs when you go online,
make a purchase from someone, and the product is never delivered. This often
occurs on auction sites. Fraudulent sites may obtain your credit card information
in order to make purchases on your credit. Some users may become victim to
email pyramid get-rich-quick schemes. You may unknowingly become a victim
when the damage is already done.
Malicious Users OnlineMalicious Users Online
A 'hacker' is someone who enjoys the
challenge of deciphering programs and
stretching the capabilities of a program
or a computer. They are not necessarily
malicious users. A 'cracker' is a term used
for persons who intentionally codes
or utilizes programs to bypass security
functions with the intent to gain private
information or unauthorized access to a computer or number of computers.
Malicious Users at WorkMalicious Users at WorkThere are programs that are available today that allow malicious users to gain access to other
computers and their programs. They use these hacks for several purposes, ranging from causing
simple mischief to major damage. One type of program can 'steal' a password or passwords
allowing the malicious user to do things such as access your email account, login to an Instant
Messenger program and pretend to be you, or access your online banking. Another type of program
can connect their computer to yours in a 'stealth mode' where you would not even be aware. It usually
requires that your computer already be infected by a trojan program so that same trojan program can
open up your computer to theirs. Once done, and if the program is strong in capabilities, the
malicious user can do most anything with your computer remotely. They could access and view all
your files on your hard drive, turn on your microphone or webcam, erase your hard drive(s) and
even turn your computer off. The fact remains that technology has evolved greatly from the age
of the Abacus. Protection is what ALL users of the web need most.
Malicious Users at WorkMalicious Users at Work
Why is Cybercrime Why is Cybercrime Increasing?Increasing?
Connectivity is Global - no boundariesConnectivity is Global - no boundaries Numerous vulnerable targetsNumerous vulnerable targets Easy concealment - Anonymous HacksEasy concealment - Anonymous Hacks Low equipment costs and accessLow equipment costs and access Less technical skill requiredLess technical skill required Ability to obtain tools, exploits, and Ability to obtain tools, exploits, and
vulnerabilities via the Webvulnerabilities via the Web
Trends & MethodsTrends & Methods
Forgery trend growingForgery trend growing Use of consumer accounts for fraudUse of consumer accounts for fraud Identity theft - possibly made available Identity theft - possibly made available
by your computerby your computer Theft of Credit Card numbersTheft of Credit Card numbers Online Auction FraudOnline Auction Fraud Child Pornography and ExploitationChild Pornography and Exploitation Online Banking FraudOnline Banking Fraud
E-commerceE-commerce
E-commerce may reach $13 billion E-commerce may reach $13 billion dollars this year alonedollars this year alone
FDIC estimated that most banks FDIC estimated that most banks currently have web sitescurrently have web sites
GAO estimated that 380 banks offer GAO estimated that 380 banks offer direct dial-in servicesdirect dial-in services
Booz-Allen stated, “There were 16 Booz-Allen stated, “There were 16 million cyber-banking customers as of million cyber-banking customers as of 2000” (and it’s growing)2000” (and it’s growing)
What are we up Against?What are we up Against?
Transparent technology - you can’t Transparent technology - you can’t touch thistouch this
Assumptions that “it will take care Assumptions that “it will take care of itself”of itself”
Unseen background “attacks” by Unseen background “attacks” by malicious usersmalicious users
Lack of Knowledge - “I just don’t Lack of Knowledge - “I just don’t understand this stuff”understand this stuff”
What are the Laws?What are the Laws?
“Possession of sexually explicit visual material utilizing or having as a subject a person less than
eighteen years of age”
Click to view statute:Code of Virginia § 18.2-374.1:1
Possession of Child Possession of Child PornographyPornography
Production of Child Production of Child PornographyPornography
Production, publication, sale, possession with intent to distribute, financing, distribution, etc., of sexually explicit items involving children; presumption as to
age; severability
Click to view statute:Code of Virginia § 18.2-374.1
Seizure and ForfeitureSeizure and Forfeiture
Seizure and forfeiture of all audio and visual equipment, electronic equipment, devices and other
personal property used in connection with the production, distribution, publication, sale, possession
with intent to distribute or making of child pornography following conviction of §18.2- 374.1
Click to view statute:Code of Virginia § 18.2-374.2
Use of communications Use of communications systems to facilitate certain systems to facilitate certain
offensesoffenses
Click to view statute:Code of Virginia § 18.2-374.3
Includes making personal contact or direct contact through any agent or agency, any print medium, the
United States mail, any common carrier or communication common carrier, any electronic
communications system, or any telecommunications, wire, computer, or radio communications system.
Virginia Computer Crime ActVirginia Computer Crime Act
§§18.2-152.218.2-152.2 Definitions Definitions
§§1818.2-152.3.2-152.3 Computer fraud Computer fraud
§§18.2-152.418.2-152.4 Computer trespass Computer trespass
§§18.2-152.518.2-152.5 Computer invasion Computer invasion of privacy of privacy
§§18.2-152.618.2-152.6 Theft of computer Theft of computer services services
§§18.2-152.718.2-152.7 Personal trespass Personal trespass by computerby computer
§§18.2-152.7:118.2-152.7:1 Harassment by Harassment by computercomputer
§§18.2-152.818.2-152.8 Property capable of Property capable of embezzlement embezzlement
§§18.2-152.918.2-152.9 Limitation of Limitation of prosecution prosecution
§§18.2-152.1018.2-152.10 Venue for Venue for prosecution prosecution
§§18.2-152.1118.2-152.11 Article not exclusive Article not exclusive
§§18.2-152.1218.2-152.12 Civil relief; damages Civil relief; damages
§§18.2-152.1318.2-152.13 Severability Severability
§§18.2-152.1418.2-152.14 Computer as Computer as instrument of forgery instrument of forgery
§§18.2-152.1518.2-152.15 Encryption used in Encryption used in criminal activitycriminal activity Click to view statute
Cyber StalkingCyber Stalking
Any person who on more than one occasion engages in conduct directed at another person with the intent to
place, or when he knows or reasonably should know that the conduct places that other person in reasonable fear of
death, criminal sexual assault, or bodily injury to that other person or to that other person's family or
household member
Click to view statute:
Code of Virginia § 18.2-60
Cyber ThreatsCyber Threats
Any person who knowingly communicates, including an electronically transmitted communication a threat to kill
or do bodily injury to a person
Click to view statute:
Code of Virginia § 18.2-60
Harassment by ComputerHarassment by Computer
Any person, with the intent to coerce, intimidate, or harass any person, shall use a computer or computer
network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any
suggestion or proposal of an obscene nature, or threaten any illegal or immoral act
Click to view statute:
Code of Virginia § 18.2-152.7:1
Communicating Communicating Identifying InformationIdentifying Information
Any person, with the intent to coerce, intimidate, or harass another person, publishes the person's name or
photograph along with identifying information as defined in clauses (iii) through (ix), or clause (xii) of
subsection C of § 18.2-186.3
Click to view statute:
Code of Virginia § 18.2-186.4
““Hacked” StatisticsHacked” Statistics
Of 2738 organizations, 90% reported Of 2738 organizations, 90% reported security breaches in past 12 monthssecurity breaches in past 12 months
70% detected serious breaches - info 70% detected serious breaches - info theft, fraud, outside penetrationtheft, fraud, outside penetration
74% reported financial loss74% reported financial loss only 42% could estimate losses - only 42% could estimate losses -
$265,589,940 total (based on 2000 $265,589,940 total (based on 2000 CSI survey)CSI survey)
Is it Investigated?Is it Investigated?
36% of respondents in CSI survey 36% of respondents in CSI survey reported the computer crime(s) to reported the computer crime(s) to Law Enforcement (a significant Law Enforcement (a significant increase from the year 2000 when increase from the year 2000 when only 25% reported any offenses)only 25% reported any offenses)
Law Enforcement needs to know to Law Enforcement needs to know to investigateinvestigate
HOW DO I PROTECT HOW DO I PROTECT MYSELFMYSELF
MY FAMILY, AND MY MY FAMILY, AND MY COMPUTER?COMPUTER?
Software ProtectionAt a very basic level, everyone using the Internet should have software installed
on their computer to protect it. Virginia Commonwealth University does not
endorse these commercial providers or products unless otherwise noted.
http://www.at.vcu.edu/faq/nav.htmlhttp://www.mcafee.com/
http://www.zonealarm.com/
Hardware ProtectionAt the next level, everyone using the Internet may want to have hardware
installed on their computer to protect it. Virginia Commonwealth University
does not endorse these commercial providers or products unless otherwise noted.
NetGear FS105 - http://www.netgear.comSMC Barricade - http://www.smc.com/
What your Network should What your Network should BeBe
Your Computerwith Anti-Virus
and FirewallSoftware Installed
(Excellent Protection)
Your PC connects tothe router or switchvia Ethernet cable
Your Router orSwitch - HardwareProtection at Best
Router or Switch connects to CableModem or Direct Ethernet to your ISP Server
Your ISP’sServer
connects you tothe rest of theWorld Wide
Web
Online Safety TipsOnline Safety Tips
Register your PC with Operation PC-IDRegister your PC with Operation PC-ID Never leave a notebook PC unattended in Never leave a notebook PC unattended in
public - it’s an easy stealpublic - it’s an easy steal When not in use - shutdown PCWhen not in use - shutdown PC Close a program when not in useClose a program when not in use Never save or store passwords on a PCNever save or store passwords on a PC Use STRONG passwords - no easy guessUse STRONG passwords - no easy guess
WEBLINK: OPERATION PC-ID
More Online Safety TipsMore Online Safety Tips
Beware of file attachments - TrojansBeware of file attachments - Trojans Purchase online from reputable Purchase online from reputable
businesses with secured Browserbusinesses with secured Browser Beware of get-rich-quick emailsBeware of get-rich-quick emails Update anti-virus software weeklyUpdate anti-virus software weekly Set browser options to maximum Set browser options to maximum
protectionprotection Never give out personal information!Never give out personal information!
Informational VideosInformational Videos
Web Surfing, Security, and Privacy Online
Internet Security, Hacks, and Trojan Horses
Are You Protected? Find Out! Test Your System
Using ShieldsUP to learn how to Secure your System
Is Your Firewall doing its Job? Find Out!
These links connect to videos online. Steve Gibson (Internet Security Expert), Leo Laporte (ZDTV), and Kate Botello discuss Internet Security, information your PCis revealing, and ways you can test your system for safety and privacy. These videosare in Windows Media format. Please allow time for buffering.
Test Your PC NowTest Your PC Now
Privacy Analysis of Your Connection
Test the Security of Your PC Online
Test Your Computer’s Firewall Online
These online tests can actually tell you how vulnerable your computer system is online.If you wonder what information your computer is sending out to the world, these linkswill tell you. These sites are 100% safe and fully tested. The test results are accurate.
Reading ResourcesReading Resources
Latest Internet Fraud Trends
Internet Fraud Preventative Measures
How You Are Being Traced Over the Net
The IP Address - Your Internet Identity
Brought to you byBrought to you by
VCU POLICE DEPARTMENT918 W. FRANKLIN STREET
RICHMOND, VA. 23834(804) 828-1196
PRESENTATION BY:OFFICER TROY C. ROSS
WEBMASTER, VCUPDUNIT 1420
WWW.VCU.EDU/POLICE