cybercrime
DESCRIPTION
Computer forensics once specialized is now mainstream due to our total dependence on data. Experts deal not only with computer related crime such as hacking, software piracy, and viruses but also with conventional crimes including fraud, embezzlement, organized crime and child pornography.TRANSCRIPT
![Page 1: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/1.jpg)
What It Was Used For?
Who Used to Own It?
![Page 2: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/2.jpg)
Cyber Crime – “Is the Cyber Crime – “Is the Internet the new “Internet the new “WWild ild
WWild ild WWest?”est?”
![Page 3: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/3.jpg)
The New Wild Wild WestThe New Wild Wild West
More cyber criminals than More cyber criminals than cyber copscyber copsCriminals feel “safe” Criminals feel “safe” committing crimes from committing crimes from the privacy of their own the privacy of their own homeshomesBrand new challenges Brand new challenges facing law enforcementfacing law enforcement Most not trained in the Most not trained in the
technologiestechnologies Internet crimes span Internet crimes span
multiple jurisdictionsmultiple jurisdictions Need to retrofit new crimes Need to retrofit new crimes
to existing lawsto existing laws
![Page 4: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/4.jpg)
1 out of 5 children received a sexual solicitation or approach over the Internet in a one-year period of time (www.missingchildren.com)
California warns of massive ID theft – personal data stolen from computers at University of California, Berkeley (Oct 21, 2004 IDG news service)
Microsoft and Cisco announced a new initiative to work together to increase internet security (Oct 18, 2004 www.cnetnews.com)
In the News…….
![Page 5: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/5.jpg)
Computer Crime
Computer used to commit Computer used to commit a crimea crime Child porn, threatening Child porn, threatening
email, assuming email, assuming someone’s identity, sexual someone’s identity, sexual harassment, defamation, harassment, defamation, spam, phishingspam, phishing
Computer as a target of a Computer as a target of a crime crime Viruses, worms, industrial Viruses, worms, industrial
espionage, software piracy, espionage, software piracy, hackinghacking
![Page 6: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/6.jpg)
GlobalGlobal ScenarioScenario
Global cyber crime is $105 billion industry Global cyber crime is $105 billion industry which is more than global drug traffickingwhich is more than global drug trafficking
Economic meltdown and recessionEconomic meltdown and recession
Under employment/unemployment Under employment/unemployment
![Page 7: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/7.jpg)
Who Commits Cybercrime?Who Commits Cybercrime?Traditional journalism-speak answer: "hackers"
Note: journalists really should be saying crackers, not hackers, but we both understand the casual/popular misuse of the "hacker" term instead of the more strictly correct "cracker" nomenclature.
Some more specific possible answers to the question of "Who commits cyber intrusions?" might be…
-- Disgruntled/untrustworthy (former) insiders-- Juveniles-- Ideologically motivated individuals-- Sophisticated professionals
![Page 8: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/8.jpg)
ThreatsThreats
IndividualsOrganized cyber criminalsRival organizationsHostile StatesInsiders/ex employees 44%HactivistsTerrorists
![Page 9: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/9.jpg)
Types of ThreatsTypes of ThreatsMalwareMalware
Virus attacks account for more than 50% of Virus attacks account for more than 50% of security incidentssecurity incidents
Two thirds of all malicious code threats Two thirds of all malicious code threats currently detected were created in 2007currently detected were created in 2007
Any file can be infected (Flash, Adobe PDF)Any file can be infected (Flash, Adobe PDF)
Toolkits or rootkits easily availableToolkits or rootkits easily available
![Page 10: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/10.jpg)
PhishingPhishing
Every month more than 20,000 unique Every month more than 20,000 unique phishing websites are detected affecting phishing websites are detected affecting more than 200 brandsmore than 200 brands
E-BayE-Bay
AmazonAmazon
PaypalPaypal
![Page 11: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/11.jpg)
Electronic Fund TransferElectronic Fund Transfer
November 2008 100 compromised card November 2008 100 compromised card accounts resulted in $9 million fraudulent accounts resulted in $9 million fraudulent withdrawals from 130 ATM's in 49 cities withdrawals from 130 ATM's in 49 cities across the world in 30 minutesacross the world in 30 minutes
![Page 12: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/12.jpg)
Online Grooming, Sexual Online Grooming, Sexual Exploitation and Child AbuseExploitation and Child Abuse
Sec 67 B (B), (C) inserted in IT Act Sec 67 B (B), (C) inserted in IT Act AmendmentAmendment
![Page 13: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/13.jpg)
Cyber PornographyCyber Pornography
Cyber pornography accounts for 46% of all Cyber pornography accounts for 46% of all cyber crimes under IT Actcyber crimes under IT Act
Every second 28,258 Internet users are view Every second 28,258 Internet users are view pornographypornography
The pornography industry is larger than The pornography industry is larger than revenues of the top technology companies revenues of the top technology companies combines: Microsoft, Google, Amazon, combines: Microsoft, Google, Amazon, eBay, Yahoo, Apple, Netflix and EarthlinkeBay, Yahoo, Apple, Netflix and Earthlink
One of the easiest ways of installing malwareOne of the easiest ways of installing malware
![Page 14: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/14.jpg)
BotnetsBotnetsCollection of compromised computersCollection of compromised computers
Centralized controlCentralized control
![Page 15: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/15.jpg)
Identity TheftIdentity Theft
Estimated more than 9 million incidents each Estimated more than 9 million incidents each yearyear
Separate offense created under IT Act Separate offense created under IT Act AmendmentAmendment
![Page 16: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/16.jpg)
SpamSpam
““Spam accounts for 9 out of every 10 Spam accounts for 9 out of every 10 emails in the United States.” emails in the United States.”
MessageLabs, Inc., an email management MessageLabs, Inc., an email management and security company based in New and security company based in New York.York.
““We do not object to the use of this slang We do not object to the use of this slang term to describe UCE (unsolicited term to describe UCE (unsolicited commercial email), although we do commercial email), although we do object to the use of the word “spam” as object to the use of the word “spam” as a trademark and the use of our product a trademark and the use of our product image in association with that term” image in association with that term”
www.hormel.com
![Page 17: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/17.jpg)
Can-Spam Act of 2003Can-Spam Act of 2003
Controlling the Assault of Non-Solicited Pornography and Marketing Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam)Act (Can-Spam)Signed into law by President Bush on Dec 16, 2003Signed into law by President Bush on Dec 16, 2003 Took effect Jan 1, 2004Took effect Jan 1, 2004
Unsolicited commercial email must:Unsolicited commercial email must: Be labeledBe labeled Include Opt-Out instructionsInclude Opt-Out instructions No false headersNo false headers
FTC is authorized (but not required) to establish a “do-not-email” FTC is authorized (but not required) to establish a “do-not-email” registryregistry
www.spamlaws.com –lists all the latest in federal, state, and –lists all the latest in federal, state, and international lawsinternational laws
![Page 18: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/18.jpg)
Spam is HostileSpam is Hostile
You pay for Spam, not SpammersYou pay for Spam, not Spammers Email costs are paid by email Email costs are paid by email
recipientsrecipients
Spam can be dangerousSpam can be dangerous Never click on the opt-out link!Never click on the opt-out link!
May take you to hostile web site May take you to hostile web site where mouse-over downloads where mouse-over downloads an .exean .exe
Tells spammers they found a Tells spammers they found a working addressworking address
They won’t take you off the list They won’t take you off the list anywayanyway
What should you do?What should you do? Filter it out whenever possibleFilter it out whenever possible Keep filters up to dateKeep filters up to date If you get it, just delete the emailIf you get it, just delete the email
![Page 19: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/19.jpg)
Viruses and WormsViruses and Worms
Different types of “ailments”Different types of “ailments”VirusesViruses software that piggybacks on software that piggybacks on
other software and runs when other software and runs when you run something elseyou run something else
Macro in excel, wordMacro in excel, wordTransmitted through sharing Transmitted through sharing programs on bulletin boardsprograms on bulletin boardsPassing around floppy disksPassing around floppy disks
An .exe, .com file in your emailAn .exe, .com file in your email
WormsWorms software that uses computer software that uses computer
networks to find security holes networks to find security holes to get in to your computer – to get in to your computer – usually in Microsoft OS!! But usually in Microsoft OS!! But worm for MAC was recently worm for MAC was recently writtenwritten
![Page 20: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/20.jpg)
Viruses and WormsViruses and Worms
Different types of “ailments”Different types of “ailments”VirusesViruses software that piggybacks on software that piggybacks on
other software and runs when other software and runs when you run something elseyou run something else
Macro in excel, wordMacro in excel, wordTransmitted through sharing Transmitted through sharing programs on bulletin boardsprograms on bulletin boardsPassing around floppy disksPassing around floppy disks
An .exe, .com file in your emailAn .exe, .com file in your email
WormsWorms software that uses computer software that uses computer
networks to find security holes networks to find security holes to get in to your computer – to get in to your computer – usually in Microsoft OS!! But usually in Microsoft OS!! But worm for MAC was recently worm for MAC was recently writtenwritten
![Page 21: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/21.jpg)
Wireless Fidelity (Wi-Fi)Wireless Fidelity (Wi-Fi)
Using antennas to create “hot spots”Using antennas to create “hot spots”
Hotspots – Internet Access (sometimes free)Hotspots – Internet Access (sometimes free) Newport Harbor - All the boats in Harbor have internet accessNewport Harbor - All the boats in Harbor have internet access San Francisco Giants Stadium – Surf the web while catching a San Francisco Giants Stadium – Surf the web while catching a
gamegame UMass (need to register, but it’s free)UMass (need to register, but it’s free) Cambridge, MACambridge, MA Philadelphia, PA – just announced – entire city by 2006Philadelphia, PA – just announced – entire city by 2006
![Page 22: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/22.jpg)
Wi-Fi High JackingWi-Fi High Jacking
60-70% wireless networks are wide open60-70% wireless networks are wide open
Why are the Wi-Fi networks unprotected?Why are the Wi-Fi networks unprotected? Most people say “Our data is boring”Most people say “Our data is boring” But… criminals look for wireless networks to commit But… criminals look for wireless networks to commit
their crimes their crimes And… the authorities will come knocking on your And… the authorities will come knocking on your
door…..door…..
![Page 23: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/23.jpg)
Other Types of Cyber CrimesOther Types of Cyber CrimesDenial of Service AttacksDenial of Service Attacks
Cyber stalkingCyber stalking
Cyber squattingCyber squatting
Mobile cloningMobile cloning
![Page 24: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/24.jpg)
Cyber TerrorismCyber TerrorismPower Grid (nuclear power stations)Power Grid (nuclear power stations)
Banking and Financial SystemsBanking and Financial Systems
Stock ExchangeStock Exchange
Transportation Control Systems (Airlines Transportation Control Systems (Airlines reservations)reservations)
Tele-CommunicationsTele-Communications
Gas/Oil/Water Pipeline Control systemsGas/Oil/Water Pipeline Control systems
Health/FoodHealth/Food
Emergency ServicesEmergency Services
Military/Defense InstallationsMilitary/Defense Installations
![Page 25: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/25.jpg)
Computer ForensicsWhat is it?What is it? an autopsy of a computer or network to an autopsy of a computer or network to
uncover digital evidence of a crimeuncover digital evidence of a crime Evidence must be preserved and hold up Evidence must be preserved and hold up
in a court of lawin a court of law
Growing field – Many becoming Growing field – Many becoming computer forensic savvycomputer forensic savvy FBI, State and Local Police, IRS, FBI, State and Local Police, IRS,
Homeland SecurityHomeland Security Defense attorneys, judges and Defense attorneys, judges and
prosecutorsprosecutors Independent security agenciesIndependent security agencies White hat or Ethical HackersWhite hat or Ethical Hackers Programs offered at major universities Programs offered at major universities
such as URIsuch as URIhttp://homepage.cs.uri.edu/faculty/wolfe/cf
![Page 26: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/26.jpg)
Uncovering Digital EvidenceSmart Criminals don’t use their Smart Criminals don’t use their
own computersown computers
Floppy disksFloppy disksZip/Jazz disksZip/Jazz disksTapesTapesDigital camerasDigital camerasMemory sticksMemory sticksPrintersPrintersCDsCDsPDAsPDAsGame boxesGame boxesNetworksNetworksHard drivesHard drives
![Page 27: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/27.jpg)
Digital EvidenceDigital Evidence
Criminals Hide EvidenceCriminals Hide Evidence
Delete their files and emailsDelete their files and emails
Hide their files by encryption, Hide their files by encryption, password protection, or password protection, or embedding them in unrelated embedding them in unrelated files (dll, os etc)files (dll, os etc)
Use Wi-Fi networks and cyber Use Wi-Fi networks and cyber cafes to cover their trackscafes to cover their tracks
Forensics Uncover EvidenceForensics Uncover Evidence
Restore deleted files and emails – Restore deleted files and emails – they are still really there!they are still really there!
Find the hidden files through Find the hidden files through complex password, encryption complex password, encryption programs, and searching programs, and searching techniquestechniques
Track them down through the Track them down through the digital trail - IP addresses to ISPs digital trail - IP addresses to ISPs to the offenderto the offender
Not obvious…….it’s most likely hidden on purpose or needs to be unearthed by forensics experts
![Page 28: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/28.jpg)
The Crime SceneThe Crime Scene(with Computer Forensics)(with Computer Forensics)
Similar to traditional crime scenesSimilar to traditional crime scenes
Must acquire the evidence while Must acquire the evidence while preserving the integrity of the preserving the integrity of the evidenceevidence
No damage during collection, No damage during collection, transportation, or storagetransportation, or storageDocument everythingDocument everythingCollect everything the first timeCollect everything the first time
Establish a chain of custodyEstablish a chain of custody
But also different…….But also different…….
Can perform analysis of evidence on Can perform analysis of evidence on exact copy!exact copy!
Make many copies and investigate Make many copies and investigate them without touching originalthem without touching original
Can use time stamping/hash code Can use time stamping/hash code techniques to prove evidence hasn’t techniques to prove evidence hasn’t been compromisedbeen compromised
![Page 29: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/29.jpg)
TrendsTrendsThe time to exploit vulnerability is decreasingThe time to exploit vulnerability is decreasing
Cyber crimes are being committed with financial Cyber crimes are being committed with financial gains in mindgains in mind
The attack sophistication is increasing and more The attack sophistication is increasing and more automation can be seen in the attacksautomation can be seen in the attacks
The speed of spread of attacks are increasingThe speed of spread of attacks are increasing
Growing evidence of organized crime and Growing evidence of organized crime and beginning to overlap with activities of drug, beginning to overlap with activities of drug, mafia, pedophiles and money launderingmafia, pedophiles and money laundering
Cyber crime increasing on social networking Cyber crime increasing on social networking sitessites
![Page 30: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/30.jpg)
Protect your Computers!Protect your Computers!Use anti-virus software and Use anti-virus software and firewalls - keep them up to firewalls - keep them up to datedate
Keep your operating system Keep your operating system up to date with critical up to date with critical security updates and patchessecurity updates and patches
Don't open emails or Don't open emails or attachments from unknown attachments from unknown sourcessources
Use hard-to-guess passwords. Use hard-to-guess passwords. Don’t use words found in a Don’t use words found in a dictionary. Remember that dictionary. Remember that password cracking tools existpassword cracking tools exist
Back-up your computer data Back-up your computer data on disks or CDs oftenon disks or CDs often
Don't share access to your Don't share access to your computers with strangers computers with strangers
IfIf you have a wi-fi network, you have a wi-fi network, password protect itpassword protect it
Disconnect from the Internet Disconnect from the Internet when not in usewhen not in use
Reevaluate your security on a Reevaluate your security on a regular basisregular basis
Make sure your employees Make sure your employees and family members know and family members know this info too!this info too!
![Page 31: Cybercrime](https://reader036.vdocuments.mx/reader036/viewer/2022062513/55599486d8b42a14638b525e/html5/thumbnails/31.jpg)
Thank you!Thank you!
Any Questions?Any Questions?