Collecting Evidence◦ Subpoenas, court orders, search warrants,
electronic surveillance, and traditional methods
You have to know where to look!
Let’s talk about WikiLeaks. Where is it housed? The US? What company?
Can we put a dollar amount on the damage?
1
Clues vs evidence◦ Clues must meet courtroom evidence
requirements unless uncovered by legal authorities and its evaluation is strictly controlled
◦ Clues collected by forensic investigator may provide legal authorities with enough preliminary evidence to request subpoena, search warrant, etc.
◦ Need to be familiar with protocols used to be able to collect clues
2010 Cengage Learning 2
Helps satisfy requirements of SAS 99 asking auditor to “brainstorm” about the possibility of fraud
Hoke Hoax◦ IP numbers
Hiding your IP addressproxy server
Ping of DeathICMP Internet control message protocol
2010 Cengage Learning 3
Keyloggers◦ Logs all keystrokes made on the keyboard
Used in collecting passwords, IP addresses, emails Secretly installed without user’s knowledge
Guess Who I amhttp://myip.sonyonline.netYou are coming in from IP Address 66.82.9.61, port
5543 Using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.19) Gecko/2010031422 Firefox/3.0.19 (.NET CLR 3.5.30729)
2010 Cengage Learning 4
Guess Who I Am Now. Decoding Simple Mail Transfer Protocol (SMTP)◦ Open relays that forward mail to third parties
without check who the third party is
Emulex E-mail Hoaxbogus news release sent to Internet Wire (news service)
Spam Close down the corporate mail relay ports
2010 Cengage Learning 5
Informational Searches◦ General search
Metacrawler My email address is Internet relay chat, Listserv searches Legal records Social networking IM Web page searches Government data searches Miscellaneous searches
2010 Cengage Learning 6
Most common: virus; laptop/mobile theft; insider abuse o net access; unauthorized access to information; denial of services; system penetration; abuse of wireless network; theft of proprietary information; financial fraud
Cybercriminals cannot be pursued in traditional ways
2010 Cengage Learning 7
Blue Bottle LTD and Matthew Stokes◦ Combination of hacking and financial expertise
Net frauds “The number and variety of frauds that have occurred on the Internet defy classification.”
Nigerian Bank or 419 ScamWho in the world doesn’t recognize this when they see it?
Phishing scams Pharming-opening email from phisher
leaves bug on victim’s computer
2010 Cengage Learning 8
Wardialing may not be legal! Wardialer is a downloadable software cracking program that allows a modem attacker to rapidly dial and check all phone numbers within a given range
NEXT uncover the password used to access modem
Fake IP addresses invisible browsing allows user to hide IP address and substitute another US or overseas server address
2010 Cengage Learning 9
When is a cybercrime really a cybercrime? A cybercrime is an activity that has been
made clearly illegal by the jurisdiction in which the crime was committed.◦ What this means is that laws of different countries
do not uniformly consider every activity discussed in this text to be illegal.
◦ I love You virus was not considered illegal in the Philippines at the time
◦ Jurisdictional issues
2010 Cengage Learning 10
240 countries with domain registered country codes
Tuvalu (TV)
Organization for Economic Cooperation and Development defined computer crimes as illegal acts and recommended that member states adopt similar definitions in their national legislation
OECD Recommendations for Computer Laws pg 15-15
2010 Cengage Learning 11
Spoofing – misappropriation of another’s identity without that person’s knowledge
Why spoof? To gain unauthorized access to a network by assuming the identity of a trusted site
Bots – software programs constructed to perform specific actions with little human input, acting on behalf of the person who created or installed them
2010 Cengage Learning 12
Chaffing – Internet based methodology for sending hidden messages. Usually “in plain sight”
It is difficult to enact legislation to incorporate specific restrictions for technologies that are continually changing. It is expected that as legislation becomes specific in defining illegal activities, programmers will write code to attempt to circumvent such statutes. On the other hand, broad-scoped legislative rules may entrap legitimate businesses.
2010 Cengage Learning 13
USA Patriot Act (2001) strengthened US cyber laws and expanded cybercrime definitions. Under the Act, an activity covered by the law is considered a crime if it causes a loss exceeding $5,000, impairment of medical records, harm to a person, or threat to public safety.
2010 Cengage Learning 14
15