Chapter 3 - Computer and Internet Crime1 Chapter 3 Computer and Internet Crime.

Chapter 3 - Computer and Internet Crime 1

Chapter 3

Computer and Internet Crime


Chapter 3 - Objectives 1. Discuss key trade-offs and ethical issues associated

with safeguarding of data and information systems. 2. Identify reasons for the increase in the number of

Internet-related security incidents.3. Describe the most common types of computer

security attacks.4. Outline the characteristics of common perpetrators

including their objectives, available resources, willingness to accept risk, and frequency of attack.

5. Describe a multi-level process for managing Internet vulnerabilities based on the concept of reasonable assurance.

6. Outline the actions that must be taken in response to a security incident.


IT Security IncidentsYear Number of Incidents Reported

20032002

137,529 82,094

20012000

52,658 21,756

1999 9,859

1998 3,734

1997 2,134 Total: 1988-2003: 319,992

Source: CERT Web site at www.CERT.org/stats


Increased Internet Security Incidents

1. Increasing complexity increases vulnerability.

2. Higher computer user error and access to information.

3. Expanding and changing environment introduces new risks.

4. Increased reliance on commercial software with known vulnerabilities.


Types of Internet Attacks

•Virus•Worm•Trojan Horse•Denial-of-Service Attacks


Virus• The term “computer virus” is an

umbrella term used for many types of malicious code.

• A virus is usually a piece of programming code that causes some unexpected and usually undesirable event.

• Most viruses deliver a “payload” or malicious act.


Virus • Viruses may execute and affect your

computer in many different ways. – Replicate themselves – Reside in memory and infect other files– Modify and/or create new files

• Most common viruses are “macro” viruses. These viruses use an application language such as VBScript to infect and replicate documents and templates.


Worm • A worm is a computer program, which

replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. (http://www.easydesksoftware.com/glossary.htm)

• Worms are also harmful and they differ from standard viruses in that they have this ability to “self-propagate” without human intervention.


Trojan Horse• A Trojan horse is a program that

gets secretly installed on a computer, planting a harmful payload that can allow the hacker to do such things as steal passwords or spy on users by recording keystrokes and transmitting them to a third party.


Trojan Horse – Logic Bomb• A logic bomb is a type of Trojan

horse that executes when a specific condition occurs.

• Logic bombs can be triggered by a change in a particular file, typing a specific series of key strokes, or by a specific time or date.


Denial-of-Service Attack

• A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other tasks. SCO and Microsoft – MyDoom.a and .b

• Denial of service does not involve a computer break-in; it simply keeps the target machine so busy responding to the automated requests that legitimate users cannot get work done.


Denial-of-Service Attack

• Zombies are computers that send these requests.

• Spoofing is the practice of putting a false return address on a data packet.

• Filtering is the process of preventing packets with false IP addresses from being passed on.


Classification of Perpetrators of Computer

Crime Type of perpetrator

Objective Resources available to perpetrator

Level of risk taking acceptable to perpetrator

Frequency of Attack

Hacker Test limits of system, gain publicity

Limited Minimal High

Cracker Cause problems, steal data, corrupt systems

Limited Moderate Medium

Insider Financial gain or disrupt company’s information systems

Knowledge of systems and passwords

Moderate Low

Industrial spy Capture trade secrets or gain competitive advantage

Well funded, well trained Minimal Low

Cybercriminal Financial gain Well funded, well trained Moderate Low

Cyberterrorist Cause destruction to key infrastructure components

Not necessarily well funded nor well trained

Very high Low

See: Three Blind Phreaks


Hacker • A hacker is an individual who tests

the limitations of systems out of intellectual curiosity.

• Unfortunately, much of what hackers (and crackers) do is illegal.– Breaking into networks and systems.– Defacing web pages.– Crashing computers.– Spreading harmful programs or hate

messages.


Hacker• Crackers are hackers who break

code.• Malicious insiders are a security

concern for companies. Insiders may be employees, consultants, or contractors. They have knowledge of internal systems and know where the weak points are.


Forms of Computer Criminals

• Malicious insiders are the number one security concern for companies.

• Industrial spies use illegal means to obtain trade secrets from the competitors of firms for which they are hired.

• Cybercriminals are criminals who hack into computers and steal money.

• Cyberterrorists are people who intimidate or coerce a government to advance their political or social objectives by launching attacks against computers and networks.


Legal Overview • Fraud is obtaining title to property

through deception or trickery. • To prove fraud four elements must

be shown:– The wrongdoer made a false

representation of the material fact. – The wrongdoer intended to deceive the

innocent party.– The innocent party justifiably relied on

the misrepresentation.– The innocent party was injured.


Reducing Internet Vulnerabilities • Risk assessment is an organization’s review of

the potential threats to its computer and network and the probability of those threats occurring.

• Establish a security policy that defines the security requirements of an organization and describes the controls and sanctions to be used to meet those requirements.

• Educate employees, contractors, and part-time workers in the importance of security so that they will be motivated to understand and follow security policy.


Prevention • Install a corporate firewall.• Install anti-virus software on personal computers. • Implement safeguards against attacks by

malicious insiders.• Address the ten most critical Internet security

threats (10 each in Windows and UNIX): Top Twenty List

• Verify backup processes for critical software and databases.

• Conduct periodic IT security audits.• See: Tourbus Virus Solution or locally• MS Patch for IE—CNET News. Implications of

changes, speed of reaction


Detection • Intrusion detection systems monitor

system and network resources and activities and, using information gathered from theses sources, they notify authorities when they identify a possible intrusion.

• Honeypot is a computer on your network that contains no data or applications critical to the company but has enough interesting data to lure intruders so that they can be observed in action.


Response • Incident notification is the plan and

process used to notify company individuals when a computer attack has happened. In addition, your company should be prepared to: – Protect evidence and activity logs– Incident containment – Incident eradication– Incident follow-up


Summary • Business managers, IT

professionals, and IT users all face a number of ethical decisions regarding IT security.

• The increased complexity of the computing environment has led to an increase in the number of security related issues.


Summary • Common computer attacks

include viruses, worms, Trojan horses, and denial-of-service attacks.

• Computer hackers include general hackers, crackers, and malicious insiders.


Summary • A strong security program is a

safeguard for a company’s systems and data.

• An incident response plan includes:

– Protect evidence and activity logs.– Incident containment. – Incident eradication.– Incident follow-up.


Case 1 Cybercrime: Even Microsoft is

Vulnerable• On October 27, 2000, Microsoft

acknowledges that its security had been breached and that outsiders using a Trojan house virus had been able to view source code for computer programs under development .


Case 2Visa Combats Online Credit

Card Fraud • Visa-branded credit cards generate

almost $2 trillion in annual volume and are acceptable at over 22 million location around the world. Visa is reviewing new ways of authenticating user transactions.


In the News, and more…

• Teen Hacker avoids jail sentence• The Register: Security and Viruses• Google News: Hacking, Computer

Security, etc

Chapter 3 - Computer and Internet Crime1 Chapter 3 Computer and Internet Crime.

Documents

internet crime1 chapter

internet crime2 chapter

computer program

internet vulnerabilities

internet crime3

number of internet

internet crime8

term computer virus