cybercrime

What It Was Used For?

Who Used to Own It?

Cyber Crime – “Is the Cyber Crime – “Is the Internet the new “Internet the new “WWild ild

WWild ild WWest?”est?”

The New Wild Wild WestThe New Wild Wild West

More cyber criminals than More cyber criminals than cyber copscyber copsCriminals feel “safe” Criminals feel “safe” committing crimes from committing crimes from the privacy of their own the privacy of their own homeshomesBrand new challenges Brand new challenges facing law enforcementfacing law enforcement Most not trained in the Most not trained in the

technologiestechnologies Internet crimes span Internet crimes span

multiple jurisdictionsmultiple jurisdictions Need to retrofit new crimes Need to retrofit new crimes

to existing lawsto existing laws

1 out of 5 children received a sexual solicitation or approach over the Internet in a one-year period of time (www.missingchildren.com)

California warns of massive ID theft – personal data stolen from computers at University of California, Berkeley (Oct 21, 2004 IDG news service)

Microsoft and Cisco announced a new initiative to work together to increase internet security (Oct 18, 2004 www.cnetnews.com)

In the News…….

Computer Crime

Computer used to commit Computer used to commit a crimea crime Child porn, threatening Child porn, threatening

email, assuming email, assuming someone’s identity, sexual someone’s identity, sexual harassment, defamation, harassment, defamation, spam, phishingspam, phishing

Computer as a target of a Computer as a target of a crime crime Viruses, worms, industrial Viruses, worms, industrial

espionage, software piracy, espionage, software piracy, hackinghacking

GlobalGlobal ScenarioScenario

Global cyber crime is $105 billion industry Global cyber crime is $105 billion industry which is more than global drug traffickingwhich is more than global drug trafficking

Economic meltdown and recessionEconomic meltdown and recession

Under employment/unemployment Under employment/unemployment

Who Commits Cybercrime?Who Commits Cybercrime?Traditional journalism-speak answer: "hackers"

Note: journalists really should be saying crackers, not hackers, but we both understand the casual/popular misuse of the "hacker" term instead of the more strictly correct "cracker" nomenclature.

Some more specific possible answers to the question of "Who commits cyber intrusions?" might be…

-- Disgruntled/untrustworthy (former) insiders-- Juveniles-- Ideologically motivated individuals-- Sophisticated professionals

ThreatsThreats

IndividualsOrganized cyber criminalsRival organizationsHostile StatesInsiders/ex employees 44%HactivistsTerrorists

Types of ThreatsTypes of ThreatsMalwareMalware

Virus attacks account for more than 50% of Virus attacks account for more than 50% of security incidentssecurity incidents

Two thirds of all malicious code threats Two thirds of all malicious code threats currently detected were created in 2007currently detected were created in 2007

Any file can be infected (Flash, Adobe PDF)Any file can be infected (Flash, Adobe PDF)

Toolkits or rootkits easily availableToolkits or rootkits easily available

PhishingPhishing

Every month more than 20,000 unique Every month more than 20,000 unique phishing websites are detected affecting phishing websites are detected affecting more than 200 brandsmore than 200 brands

E-BayE-Bay

AmazonAmazon

PaypalPaypal

Electronic Fund TransferElectronic Fund Transfer

November 2008 100 compromised card November 2008 100 compromised card accounts resulted in $9 million fraudulent accounts resulted in $9 million fraudulent withdrawals from 130 ATM's in 49 cities withdrawals from 130 ATM's in 49 cities across the world in 30 minutesacross the world in 30 minutes

Online Grooming, Sexual Online Grooming, Sexual Exploitation and Child AbuseExploitation and Child Abuse

Sec 67 B (B), (C) inserted in IT Act Sec 67 B (B), (C) inserted in IT Act AmendmentAmendment

Cyber PornographyCyber Pornography

Cyber pornography accounts for 46% of all Cyber pornography accounts for 46% of all cyber crimes under IT Actcyber crimes under IT Act

Every second 28,258 Internet users are view Every second 28,258 Internet users are view pornographypornography

The pornography industry is larger than The pornography industry is larger than revenues of the top technology companies revenues of the top technology companies combines: Microsoft, Google, Amazon, combines: Microsoft, Google, Amazon, eBay, Yahoo, Apple, Netflix and EarthlinkeBay, Yahoo, Apple, Netflix and Earthlink

One of the easiest ways of installing malwareOne of the easiest ways of installing malware

BotnetsBotnetsCollection of compromised computersCollection of compromised computers

Centralized controlCentralized control

Identity TheftIdentity Theft

Estimated more than 9 million incidents each Estimated more than 9 million incidents each yearyear

Separate offense created under IT Act Separate offense created under IT Act AmendmentAmendment

SpamSpam

““Spam accounts for 9 out of every 10 Spam accounts for 9 out of every 10 emails in the United States.” emails in the United States.”

MessageLabs, Inc., an email management MessageLabs, Inc., an email management and security company based in New and security company based in New York.York.

““We do not object to the use of this slang We do not object to the use of this slang term to describe UCE (unsolicited term to describe UCE (unsolicited commercial email), although we do commercial email), although we do object to the use of the word “spam” as object to the use of the word “spam” as a trademark and the use of our product a trademark and the use of our product image in association with that term” image in association with that term”

www.hormel.com

Can-Spam Act of 2003Can-Spam Act of 2003

Controlling the Assault of Non-Solicited Pornography and Marketing Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam)Act (Can-Spam)Signed into law by President Bush on Dec 16, 2003Signed into law by President Bush on Dec 16, 2003 Took effect Jan 1, 2004Took effect Jan 1, 2004

Unsolicited commercial email must:Unsolicited commercial email must: Be labeledBe labeled Include Opt-Out instructionsInclude Opt-Out instructions No false headersNo false headers

FTC is authorized (but not required) to establish a “do-not-email” FTC is authorized (but not required) to establish a “do-not-email” registryregistry

www.spamlaws.com –lists all the latest in federal, state, and –lists all the latest in federal, state, and international lawsinternational laws

Spam is HostileSpam is Hostile

You pay for Spam, not SpammersYou pay for Spam, not Spammers Email costs are paid by email Email costs are paid by email

recipientsrecipients

Spam can be dangerousSpam can be dangerous Never click on the opt-out link!Never click on the opt-out link!

May take you to hostile web site May take you to hostile web site where mouse-over downloads where mouse-over downloads an .exean .exe

Tells spammers they found a Tells spammers they found a working addressworking address

They won’t take you off the list They won’t take you off the list anywayanyway

What should you do?What should you do? Filter it out whenever possibleFilter it out whenever possible Keep filters up to dateKeep filters up to date If you get it, just delete the emailIf you get it, just delete the email

Viruses and WormsViruses and Worms

Different types of “ailments”Different types of “ailments”VirusesViruses software that piggybacks on software that piggybacks on

other software and runs when other software and runs when you run something elseyou run something else

Macro in excel, wordMacro in excel, wordTransmitted through sharing Transmitted through sharing programs on bulletin boardsprograms on bulletin boardsPassing around floppy disksPassing around floppy disks

An .exe, .com file in your emailAn .exe, .com file in your email

WormsWorms software that uses computer software that uses computer

networks to find security holes networks to find security holes to get in to your computer – to get in to your computer – usually in Microsoft OS!! But usually in Microsoft OS!! But worm for MAC was recently worm for MAC was recently writtenwritten

Wireless Fidelity (Wi-Fi)Wireless Fidelity (Wi-Fi)

Using antennas to create “hot spots”Using antennas to create “hot spots”

Hotspots – Internet Access (sometimes free)Hotspots – Internet Access (sometimes free) Newport Harbor - All the boats in Harbor have internet accessNewport Harbor - All the boats in Harbor have internet access San Francisco Giants Stadium – Surf the web while catching a San Francisco Giants Stadium – Surf the web while catching a

gamegame UMass (need to register, but it’s free)UMass (need to register, but it’s free) Cambridge, MACambridge, MA Philadelphia, PA – just announced – entire city by 2006Philadelphia, PA – just announced – entire city by 2006

Wi-Fi High JackingWi-Fi High Jacking

60-70% wireless networks are wide open60-70% wireless networks are wide open

Why are the Wi-Fi networks unprotected?Why are the Wi-Fi networks unprotected? Most people say “Our data is boring”Most people say “Our data is boring” But… criminals look for wireless networks to commit But… criminals look for wireless networks to commit

their crimes their crimes And… the authorities will come knocking on your And… the authorities will come knocking on your

door…..door…..

Other Types of Cyber CrimesOther Types of Cyber CrimesDenial of Service AttacksDenial of Service Attacks

Cyber stalkingCyber stalking

Cyber squattingCyber squatting

Mobile cloningMobile cloning

Cyber TerrorismCyber TerrorismPower Grid (nuclear power stations)Power Grid (nuclear power stations)

Banking and Financial SystemsBanking and Financial Systems

Stock ExchangeStock Exchange

Transportation Control Systems (Airlines Transportation Control Systems (Airlines reservations)reservations)

Tele-CommunicationsTele-Communications

Gas/Oil/Water Pipeline Control systemsGas/Oil/Water Pipeline Control systems

Health/FoodHealth/Food

Emergency ServicesEmergency Services

Military/Defense InstallationsMilitary/Defense Installations

Computer ForensicsWhat is it?What is it? an autopsy of a computer or network to an autopsy of a computer or network to

uncover digital evidence of a crimeuncover digital evidence of a crime Evidence must be preserved and hold up Evidence must be preserved and hold up

in a court of lawin a court of law

Growing field – Many becoming Growing field – Many becoming computer forensic savvycomputer forensic savvy FBI, State and Local Police, IRS, FBI, State and Local Police, IRS,

Homeland SecurityHomeland Security Defense attorneys, judges and Defense attorneys, judges and

prosecutorsprosecutors Independent security agenciesIndependent security agencies White hat or Ethical HackersWhite hat or Ethical Hackers Programs offered at major universities Programs offered at major universities

such as URIsuch as URIhttp://homepage.cs.uri.edu/faculty/wolfe/cf

Uncovering Digital EvidenceSmart Criminals don’t use their Smart Criminals don’t use their

own computersown computers

Floppy disksFloppy disksZip/Jazz disksZip/Jazz disksTapesTapesDigital camerasDigital camerasMemory sticksMemory sticksPrintersPrintersCDsCDsPDAsPDAsGame boxesGame boxesNetworksNetworksHard drivesHard drives

Digital EvidenceDigital Evidence

Criminals Hide EvidenceCriminals Hide Evidence

Delete their files and emailsDelete their files and emails

Hide their files by encryption, Hide their files by encryption, password protection, or password protection, or embedding them in unrelated embedding them in unrelated files (dll, os etc)files (dll, os etc)

Use Wi-Fi networks and cyber Use Wi-Fi networks and cyber cafes to cover their trackscafes to cover their tracks

Forensics Uncover EvidenceForensics Uncover Evidence

Restore deleted files and emails – Restore deleted files and emails – they are still really there!they are still really there!

Find the hidden files through Find the hidden files through complex password, encryption complex password, encryption programs, and searching programs, and searching techniquestechniques

Track them down through the Track them down through the digital trail - IP addresses to ISPs digital trail - IP addresses to ISPs to the offenderto the offender

Not obvious…….it’s most likely hidden on purpose or needs to be unearthed by forensics experts

The Crime SceneThe Crime Scene(with Computer Forensics)(with Computer Forensics)

Similar to traditional crime scenesSimilar to traditional crime scenes

Must acquire the evidence while Must acquire the evidence while preserving the integrity of the preserving the integrity of the evidenceevidence

No damage during collection, No damage during collection, transportation, or storagetransportation, or storageDocument everythingDocument everythingCollect everything the first timeCollect everything the first time

Establish a chain of custodyEstablish a chain of custody

But also different…….But also different…….

Can perform analysis of evidence on Can perform analysis of evidence on exact copy!exact copy!

Make many copies and investigate Make many copies and investigate them without touching originalthem without touching original

Can use time stamping/hash code Can use time stamping/hash code techniques to prove evidence hasn’t techniques to prove evidence hasn’t been compromisedbeen compromised

TrendsTrendsThe time to exploit vulnerability is decreasingThe time to exploit vulnerability is decreasing

Cyber crimes are being committed with financial Cyber crimes are being committed with financial gains in mindgains in mind

The attack sophistication is increasing and more The attack sophistication is increasing and more automation can be seen in the attacksautomation can be seen in the attacks

The speed of spread of attacks are increasingThe speed of spread of attacks are increasing

Growing evidence of organized crime and Growing evidence of organized crime and beginning to overlap with activities of drug, beginning to overlap with activities of drug, mafia, pedophiles and money launderingmafia, pedophiles and money laundering

Cyber crime increasing on social networking Cyber crime increasing on social networking sitessites

Protect your Computers!Protect your Computers!Use anti-virus software and Use anti-virus software and firewalls - keep them up to firewalls - keep them up to datedate

Keep your operating system Keep your operating system up to date with critical up to date with critical security updates and patchessecurity updates and patches

Don't open emails or Don't open emails or attachments from unknown attachments from unknown sourcessources

Use hard-to-guess passwords. Use hard-to-guess passwords. Don’t use words found in a Don’t use words found in a dictionary. Remember that dictionary. Remember that password cracking tools existpassword cracking tools exist

Back-up your computer data Back-up your computer data on disks or CDs oftenon disks or CDs often

Don't share access to your Don't share access to your computers with strangers computers with strangers

IfIf you have a wi-fi network, you have a wi-fi network, password protect itpassword protect it

Disconnect from the Internet Disconnect from the Internet when not in usewhen not in use

Reevaluate your security on a Reevaluate your security on a regular basisregular basis

Make sure your employees Make sure your employees and family members know and family members know this info too!this info too!

Thank you!Thank you!

Any Questions?Any Questions?

cybercrime

Technology

cyber crimes

emailworms software

software piracy

spam act

computer networks

email recipientsspam

computer crimecomputer

spammers email costs