computer crime and cybercrime why we need computer forensics
TRANSCRIPT
Computer Crime and CyberCrime
Why we need Computer Forensics
Objectives
• To review the environment of computer crime and cybercrime
• To relate to computer forensics practice – the challenges which need to be addressed
and – the skills and techniques we need to be
developing
Computer Crime Environment
• Cheap and easy access to tools for computer crime
• Skills low skill base required• Computer systems are badly designed
– Not enough thought given to security or integrity
• Initial detection of crime can be difficult• Reluctance of victims to prosecute and publicise
crime• Lack of knowledge and awareness of victims• Wider societal issue of haves and have nots
Opportunities
• Computers and computer systems offer new opportunities for crime
• More people with computer skills, therefore there are more potential criminals
• Access to computer crime is very cheap• Computer systems are badly designed
– Not enough thought given to security or integrity
• Detection becomes much more difficult• Reluctance of victims to publicise crime
Why do People Carry out Computer Crime ?
• Discovery of loopholes, providing opportunity – Understanding systems (electronic joyriding)
• They think they can get away with the crime– Majority of thieves are caught by accident– Ineffectiveness of formal and / or informal sanctions– Computer criminals don’t know about Computer Forensics
• They think stealing from a large company won’t hurt• Financial gain• Occupationally related - caused by dissatisfied employees
– Masqueraders (those who operate under the identity of another user)– Clandestine users (those who evade access controls and auditing)– Misfeasors (those who have legitimate authorisation but misuse their
privileges)• Technology provides easier, quicker and larger opportunity
– Issue in pornography and paedophile rings• Perception of victimless crime
Computer Crime and Cybercrime
• Computer crime– A crime in which the perpetrator uses special
knowledge about computer technology
• Cybercrime– A crime in which the perpetrator uses special
knowledge of cyberspace
From Furnell (2002)
Further Definitions (UK Audit Commission)
• Computer assisted crimes– Cases in which the computer is used in a supporting capacity,
but the underlying crime or offence either predates the emergence of the computer or could be committed without them. The headings of fraud, theft, unauthorised private work, misuse of personal data, sabotage and pornography can all be considered to fit into this category
• Computer focussed crimes– Cases in which the category of crime has emerged as a direct
result of computer technology and there is no direct parallel in other sectors. From the Audit Commission’s headings, the problems of hacking and viruses clearly fall within this category
• This categorisation in no way indicates any difference in levels of seriousness between assisted and focussed, indeed financial losses from fraud dwarf all other categories of crime in terms of scale
Example
Assisted Enabled Only
Computer Blackmail CD piracy Viruses
Internet ID Theft IPR Theft DoS
Can further categorise by splitting into computer based (PC based) and Internet
Categorisation by Victim• Against organisations (source nhtcu)
– sabotage of data or networks, virus attacks, financial fraud, theft of proprietary information, denial of service, unauthorised website access / misuse, spoofing, theft of hardware, telecomms fraud
• By organisations against employees and / or public– misuse of funds (eg pensions), false accounting, industrial
espionage
• Against individuals– Cyber-stalking, e-mail issues (phishing, flaming, defamation,
harassment), access to personal data (identity theft), manipulation and / or loss of data, economic theft
CRIME SCENE CRIME SCENE CRIME SCENE
Computer Security Institute Categorisations
• Theft of proprietary information
• Sabotage of data or networks
• Telecom eavesdropping• System penetration by
outsider• Insider abuse of Net
access• Financial fraud• Denial of service
• Spoofing• Virus• Unauthorised insider
access• Telecom fraud• Active wiretapping• Laptop theft
Source CSI/FBI Computer Crime and Security Survey (2001)
Social Engineering
• Weakest point in any computer or information system is the human
• Social engineering is a con game – persuading another person to do what you want them to do
• Based on the premise that as humans we want to be helpful
• Look the part (could be technical could be physical) and ask the question
Implications for Computer Forensics Practice
• We need to be aware of the range of threats and types of attack
• Awareness of the types of digital evidence we seek
• Skills and techniques we need to be developing
Is action always a crime ?
• Hacking example
• Is hacking always a crime or are there situations when it is acceptable behaviour?
Case against Hacking
• It is difficult to detect when a hack has occurred• Misconception that because there is no victim no
crime has occurred !• Difficulty in accepting concept of apparent crime• Often hacking is not enough, alteration or
destruction or planting of a virus / logic bomb is the next stage !
• Public announcements of hacking may effect customer trust
Case to support Hacking
• All information should be free– if it were free there would be no need for intellectual
property or security
• Break-ins show security problems– allows designers to do something about it
• Hackers are doing no harm and changing nothing– merely learning how systems operate
• Hackers break into systems to watch for instances of data abuse and to help keep Big Brother at bay
• Skill in penetration testing – helps organisations
Hackers and their MotivationsCyber terrorists
Cyber warriors
Hackers Malware writers
Phreakers Script kiddies
Old school
Challenge
Ego
Espionage
Ideology
Mischief
Money
Revenge
Summary
• New opportunities and instances of computer crime and cyber crime are developing all the time
• We need to be aware of the threat
• As well as developing protection we need to be able gather appropriate digital evidence
• Implications for CPD