Computer Crime & Computer Crime & SecuritySecurity

Hackers & Crackers & Worms!Hackers & Crackers & Worms!

Oh my!!Oh my!!

What’s at RiskWhat’s at Risk

Personal InformationPersonal Information Intellectual PropertyIntellectual Property Business InformationBusiness Information National SecurityNational Security

Personal InformationPersonal Information

Identity TheftIdentity Theft Contact the fraud departments of any one of Contact the fraud departments of any one of

the three consumer reporting companies the three consumer reporting companies Close the accounts that you know or believe Close the accounts that you know or believe

have been tampered with or opened have been tampered with or opened fraudulently. fraudulently.

File a report with your local police or the police File a report with your local police or the police in the community where the identity theft took in the community where the identity theft took placeplace

File your complaint with the FTCFile your complaint with the FTC

Intellectual PropertyIntellectual Property

CopyrightCopyright Protects words, music, and other expressions for life of Protects words, music, and other expressions for life of

copyright holder plus 70 yearscopyright holder plus 70 years TrademarkTrademark

Protects unique symbol or words used by a business to Protects unique symbol or words used by a business to identify a product or serviceidentify a product or service

Trade SecretTrade Secret Protects secrets or proprietary informationProtects secrets or proprietary information

PatentPatent Protects an invention by giving the patent holder Protects an invention by giving the patent holder

monopoly on invention for 20 years after patent monopoly on invention for 20 years after patent application has been applied.application has been applied.

Business InformationBusiness Information

Business IntelligenceBusiness Intelligence Collecting & analyzing information in pursuit of Collecting & analyzing information in pursuit of

the business advantage.the business advantage. Competitor IntelligenceCompetitor Intelligence

Business intelligence about the competitor.Business intelligence about the competitor. Counter IntelligenceCounter Intelligence

Protecting your own information from access Protecting your own information from access by a competitor.by a competitor.

Customers’ InformationCustomers’ Information

National SecurityNational Security

Cyber terrorismCyber terrorism Acts of terrorism over the Internet which intimidate or Acts of terrorism over the Internet which intimidate or

harm a populationharm a population

United States Computer Emergency United States Computer Emergency Readiness Team – US CERTReadiness Team – US CERT National Strategy to Secure cyberspaceNational Strategy to Secure cyberspace Prevent cyberattacks on America’s critical Prevent cyberattacks on America’s critical

infrastructuresinfrastructures Reduce national vulnerability to cyberattacksReduce national vulnerability to cyberattacks Minimize damage and recovery time from cyberattacksMinimize damage and recovery time from cyberattacks http://www.us-cert.http://www.us-cert.gov/gov/

Current US Privacy LawsCurrent US Privacy Laws

Consumer Internet Privacy Protection Consumer Internet Privacy Protection Act of 1997Act of 1997

The Children’s Online Privacy The Children’s Online Privacy Protection Act of 2000Protection Act of 2000

Information Protection & Security Act Information Protection & Security Act of 2005of 2005

Notification of Risk of Personal Data Notification of Risk of Personal Data Act 2003Act 2003

Current US Privacy LawsCurrent US Privacy Laws

Identity Theft Protection Act of 2005Identity Theft Protection Act of 2005 Health Insurance Portability & Health Insurance Portability &

Accountability Act (HIPAA) of 1996Accountability Act (HIPAA) of 1996 Sarbanes-Oxley Act (“Sarbox”) of Sarbanes-Oxley Act (“Sarbox”) of

20022002 Gramm-Leach-Bliley Act (GBLA) of Gramm-Leach-Bliley Act (GBLA) of

19991999

Source of Security ThreatsSource of Security Threats

Software/Network VulnerabilitiesSoftware/Network Vulnerabilities User Negligence & TheftUser Negligence & Theft Pirates & PlagiarismPirates & Plagiarism Hackers & CrackersHackers & Crackers Internal ThreatsInternal Threats

Software/Network Software/Network VulnerabilitiesVulnerabilities

Security HolesSecurity Holes Vulnerability of a program or a systemVulnerability of a program or a system Data compromiseData compromise Unauthorized software installationUnauthorized software installation

Software PatchesSoftware Patches Fixes to the softwareFixes to the software Announces the problemAnnounces the problem

User Negligence & TheftUser Negligence & Theft

Data-entry errorsData-entry errors Errors in programsErrors in programs Improper set-up or installationImproper set-up or installation Mishandling of outputMishandling of output Inadequate planning for equipment Inadequate planning for equipment

malfunctionsmalfunctions Inadequate planning for environmentInadequate planning for environment

Pirates & PlagiarismPirates & Plagiarism

PiracyPiracy Illegal copying, use, and distribution of Illegal copying, use, and distribution of

digital intellectual propertydigital intellectual property Warez - Commercial programs made Warez - Commercial programs made

available to the public illegallyavailable to the public illegally PlagiarismPlagiarism

Taking credit for someone else’s Taking credit for someone else’s inellectual propertyinellectual property

Hackers & CrackersHackers & Crackers

HackerHacker Slang term for computer enthusiastSlang term for computer enthusiast May be complementary or derogatoryMay be complementary or derogatory Goal is to gain knowledgeGoal is to gain knowledge

CrackerCracker Someone who breaks into a computer system for Someone who breaks into a computer system for

malicious purposesmalicious purposes

Computer ForensicsComputer Forensics The application of scientifically proven methods to The application of scientifically proven methods to

gather, process, interpret, and to use digital evidence to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber crime activities. provide a conclusive description of cyber crime activities.

Internal ThreatsInternal Threats

Threat to System Health & StabilityThreat to System Health & Stability SoftwareSoftware DataData

Information TheftInformation Theft Most information theft internalMost information theft internal Most not reportedMost not reported Accidental unauthorized accessAccidental unauthorized access

Types of ThreatsTypes of Threats

NetworksNetworks Wireless NetworksWireless Networks Internet ThreatsInternet Threats MalwareMalware Scams, Hoaxes, Spam, & FraudScams, Hoaxes, Spam, & Fraud

Network ThreatsNetwork Threats

UsersUsers PermissionsPermissions File OwnershipFile Ownership

SoftwareSoftware DataData Unauthorized use of resourcesUnauthorized use of resources

Wireless Network ThreatsWireless Network Threats

Signals are broadcastSignals are broadcast War drivingWar driving War walkingWar walking PiggybackingPiggybacking

Internet ThreatsInternet Threats

MethodsMethods Key-logging softwareKey-logging software Packet-sniffing softwarePacket-sniffing software Port-scanning softwarePort-scanning software Social engineeringSocial engineering Denial of ServiceDenial of Service Distributed Denial of ServiceDistributed Denial of Service

Internet ThreatsInternet Threats

PurposePurpose Hobby or challengeHobby or challenge VandalismVandalism Gain a platform for an attackGain a platform for an attack Steal information or servicesSteal information or services SpyingSpying

MalwareMalware

VirusesViruses WormsWorms Trojan HorsesTrojan Horses Spyware/AdwareSpyware/Adware Zombies & BotnetsZombies & Botnets

Computer VirusesComputer Viruses

Self-replicatingSelf-replicating Self-executingSelf-executing Delivers a payload Delivers a payload Attaches itself to an existing fileAttaches itself to an existing file

Types of VirusesTypes of Viruses

Boot VirusBoot Virus Direct Action VirusDirect Action Virus Directory VirusDirectory Virus Encrypted VirusEncrypted Virus File VirusFile Virus Logic BombLogic Bomb Macro VirusMacro Virus

Types of VirusesTypes of Viruses

Multipartite VirusMultipartite Virus Overwrite VirusOverwrite Virus Polymorphic VirusPolymorphic Virus Resident VirusResident Virus Time BombTime Bomb Stealth VirusStealth Virus

WormsWorms

Operate on a computer networkOperate on a computer network Uses network to send copies of itselfUses network to send copies of itself Does not attach itself to an existing Does not attach itself to an existing

filefile Exploits network security flawsExploits network security flaws

Types of WormsTypes of Worms

E-mail WormsE-mail Worms Instant Messaging WormsInstant Messaging Worms IRC WormsIRC Worms File-sharing Networks WormsFile-sharing Networks Worms Internet WormsInternet Worms

Trojan HorseTrojan Horse

Disguised as non-harmful softwareDisguised as non-harmful software Non-self replicatingNon-self replicating Types of Trojan HorsesTypes of Trojan Horses

Legitimate program corrupted by Legitimate program corrupted by malicious code insertionmalicious code insertion

Stand alone program masquerading as Stand alone program masquerading as something else, i.e. a game or image filesomething else, i.e. a game or image file

Spyware & AdwareSpyware & Adware

SpywareSpyware Collects informationCollects information Sends information over the InternetSends information over the Internet Can take control of computerCan take control of computer

AdwareAdware Automatically pops-up with advertising Automatically pops-up with advertising

materialmaterial

Zombies & BotnetsZombies & Botnets

ZombieZombie Compromised computer attached to the Compromised computer attached to the

InternetInternet Performs malicious behavior under Performs malicious behavior under

remote controlremote control May be used for Ddos or SpamMay be used for Ddos or Spam

BotnetBotnet Collection of robot computers running Collection of robot computers running

autonomouslyautonomously

Phishing, Spam, & HoaxesPhishing, Spam, & Hoaxes

Phishing & PharmingPhishing & Pharming SpamSpam

http://video.http://video.googlegoogle..com/videoplaycom/videoplay??docid=5627694446211716271docid=5627694446211716271

Hoaxes & Urban LegendsHoaxes & Urban Legends http://www.http://www.snopessnopes.com.com

Securing SystemsSecuring Systems

PasswordsPasswords FirewallsFirewalls ID Devices & BiometricsID Devices & Biometrics Data EncryptionData Encryption Systems MaintenanceSystems Maintenance Wireless SecurityWireless Security

PasswordsPasswords

Secret authenticationSecret authentication Control accessControl access Short enough to be memorizedShort enough to be memorized Good PasswordsGood Passwords

Do use a password with mixed-case alphabetic Do use a password with mixed-case alphabetic characters.characters.

Do use a password with nonalphabetic characters.Do use a password with nonalphabetic characters. Do use a password that is easy to remember.Do use a password that is easy to remember. Do use a password that you can type quickly.Do use a password that you can type quickly.

FirewallsFirewalls

Hardware or SoftwareHardware or Software Port ProtectionPort Protection Packet FilterPacket Filter Network LayerNetwork Layer Application LayerApplication Layer Proxy ServerProxy Server

ID Devices & BiometricsID Devices & Biometrics

ID DevicesID Devices Hardware for authenticationHardware for authentication

BiometricsBiometrics Measure of unique physical Measure of unique physical

characteristic for authenticationcharacteristic for authentication

Data EncryptionData Encryption

Obscuring InformationObscuring Information CipherCipher Encryption SoftwareEncryption Software

Systems MaintenanceSystems Maintenance

Anti-virus softwareAnti-virus software Back-up system and dataBack-up system and data Software updatesSoftware updates Delete temporary filesDelete temporary files

Wireless SecurityWireless Security

Disable SSIDDisable SSID Passwords Passwords DiscriminationDiscrimination Data EncryptionData Encryption