Introduction to computers and Information TechnologyChapter 33, Issues for Computer Users

Lesson 33-2, All About Cybercrime

Robert Crawford, MBAWest Middle School

Identify techniques that intruders use to attack computer systems.

Discuss different types of cybercrime. Summarize how computer crime costs business

money.

UNIT O BJECTIVES

Essential QuestionWhat are the common types of Cybercrime, and how can I avoid being a victim?

Computer Crime Cybercrime Downtime Identity Theft Memory shave Phishing Scanning Software Piracy Spoof

KEY TERMS

Superzapper Time bomb Trap door

Back door Virus Worm Trojan HorseNot in text Script Kiddie Macro Virus

What is Cyber-crime? Computer Crime is a term for any illegal activity

that uses a computer as its primary means of commission.

Cybercrime refers to crimes carried out by means of the internet (456)◦ The U.S. Department of Justice expands the definition of cybercrime to

include any illegal activity that uses a computer for the storage of evidence.

Before we go too far in this unit

http://searchsecurity.techtarget.com/definition/cybercrime

Cybercrime Techniques

Page 454

Many cybercrimes come from illegal access to networks.◦ Remember, a network is a set of computers,

connected to each other, to provide access to shared resources and information.

Cybercrime Techniques (pg. 454)

Many cybercrimes come from illegal access to networks.

This access can be provided by:◦ Viruses◦ Worms◦ Trojan Horse Programs◦ Or other criminal techniques

Cybercrime Techniques (pg. 454)

A computer virus is a malware program whose purpose is to damage or destroy computer data, cause a computer to behave in unexpected ways, or interfere with the operation of the network, all while concealing and replicating itself.

The defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.

Computer Viruses

A macro virus is a virus hidden in a document◦ Since some applications (notably, but not

exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails.

Macro Viruses can spread between platforms

Macro Virus

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. 

Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. ◦ Unlike a computer virus, it does not need to

attach itself to an existing program.

Worms

A Trojan horse, or Trojan, is a program disguised as useful but it is destructive to the data on the hard drive

Trojan Horse

Software used to rapidly guess potential usernames and passwords◦ Avoiding this vulnerability is one of the reasons

that many websites only give you a few times to attempt to enter your password.

Scanning

http://hashsuite.openwall.net/

In coding culture a script kiddie  is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks, and deface websites.

It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated coding programs or exploits on their own, ◦ their objective is to try to impress their friends or gain

credit in computer-enthusiast communities. The term is typically intended as an insult.

Script Kiddie

http://en.wikipedia.org/wiki/Script_kiddie

Using software that bypasses normal security constraints to allow unauthorized access to data. ◦ For example, such a program may issue

commands directly to the disk drivers without going through normal file I/O routines, bypassing not only security restrictions but also leaving no audit trail.

Superzapping

Faking the sending address (IP) of a transmission in order to gain illegal entry into a secure system.

The unauthorized use of a third-party domain name as the sender's name in an e-mail message. ◦ Most often used by spammers, spoofing the name

of a popular retailer or organization entices the recipient to read the full message. 

◦ We will look closer at this with Phishing

Spoofing

Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords.

An official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment.

E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

Phishing

E-Mail Is the "Bait"

The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service.

A link in the message directs the user to a Web page that asks for financial information.

The page looks genuine, because it is easy to fake a valid Web site. ◦ Remember spoofing

Any HTML page on the Web can be copied and modified to suit the phishing scheme.

Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Phishing

This is more of a concern to business than individuals

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. ◦ For example, a programmer may hide a piece of code

that starts deleting files (such as a salary database trigger), should they ever be terminated from the company.

◦ Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs".

Time Bomb (Logic Bomb)

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer.◦ The backdoor may take the form of an installed

program (e.g., Back Orifice) or may subvert the system through a rootkit.

Default passwords can function as backdoors if they are not changed by the user.

Some debugging features can also act as backdoors if they are not removed in the release version.

Trap Doors (back door)

These are just plain old scams.◦ e.g. “You have already won! send $50 for your

portion of a $50,000 prize!” The key word there was “portion.” Your portion is going to be a very, very, very small

one.

Scams

Types of Cybercrime455Crimes using the internet can take many forms

This includes identity theft

You can be left with the bills And a damaged credit rating

Fraud

The illegal copying and distribution of computer programs.

When you purchase a program you, typically are purchasing a single user license.

Piracy makes it harder for companies to sell their product.◦ This can serve to discourage innovation

Software Piracy

Just plain old theft. Most is “inside”

◦ Crimes committed by people who have legitimate access to the item being stolen.

Memory Shaving is hard to detect

Theft

Just as defacing a building is vandalism, so is defacing a website

Further, it interferes with that availability to legitimate users.

Vandalism

The High Cost of Computer Crime

456Computer Crime: Any act that violates state or federal laws that involves using a computerCybercrime: Crimes carried out by means of the internet

The expense to business in repairing vandalism and making systems secure

Staff Time

When the system has to be shutdown, there is downtime.

This costs the business money in:◦ Business not done during that time◦ Lack of availability to customers◦ Lack of confidence to customers

Downtime

Customers loose confidence in the company:◦ Its ability to meet their needs◦ Its ability to secure their data

Bad Publicity

Fighting Cybercrime456Law enforcement is using technology to catch cyber-criminals

The Computer Crime and Intellectual Property Section (CCIPS) is a section of the Criminal Division of the U.S. Department of Justice in charge of investigating: ◦ computer crime (hacking, viruses, worms) ◦ and intellectual property crime and specializing in

the search and seizure of digital evidence in computers and on networks.

CCIPS

The NDCA CHIP Unit was created in response to the pressing need for a core of highly-trained and experienced federal prosecutors dedicated to prosecuting cybercrime and to assisting federal agencies in their investigative efforts in Silicon Valley.

CHIP

The National Infrastructure Protection Center (NIPC) was a unit of the United States federal government charged with protecting computer systems and information systems critical to the United States' infrastructure.◦ It was founded in 1998 by President Bill Clinton's

Presidential Decision Directive 63.◦ It was originally created as a branch of the FBI.◦ In 2003, the NIPC was transferred to the Department of

Homeland Security.  The NIPC was eventually disbanded, with other

federal government organizations taking on its responsibilities.

NIPC

Identify techniques that intruders use to attack computer systems.

Discuss different types of cybercrime. Summarize how computer crime costs

business money.

UNIT O BJECTIVES

Computer Crime Cybercrime Downtime Identity Theft Memory shave Phishing Scanning Software Piracy Spoof

KEY TERMS

Superzapper Time bomb Trap door

Back door Virus Worm Trojan HorseNot in text Script Kiddie Macro Virus