SlideShare a Scribd company logo

L Scope

CTIN, profile picture
CTIN

The document discusses various types of computer crimes including crimes committed by insiders, hackers, viruses, pedophiles, and different techniques such as data diddling, trojan horses, salami slicing, and scavenging. It provides examples of computer crimes that have occurred and outlines the methods, impacts, and challenges of detecting and prosecuting computer crimes.

Economy & FinanceTechnology
1 of 67
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Computer Crime Scope of the problem
Computer Crime: Background In 1991, a business firm in the U.S. was 8 times more likely to be the victim of a crime than an individual living in the U.S. Economic crime cost American businesses $128 billion.
Computer Crime: Background The accounting firm of Ernst & Young estimates that computer-related crime cost U.S. businesses about $3 billion to $5 billion a year in losses. Other researchers put the total loss figure as high as $40 billion if losses from Viruses and Software Piracy are included.
Computer Crime: Background Only 6% to 11% of computer crime is reported. Of this segment, only 2% of the cases resulted in a conviction requiring any jail time. Less than a dozen computer criminals nationwide have served any time.
Computer Crime: Background Average insured losses resulting from exploitation and tampering of computer systems are in the range of $500,000 - $600,000.
Computer Crime: Background 75% to 80% of all computer crime is traceable to trusted insiders who had legitimate computer access, and/or knowledge of how operational procedures could be manipulated to their financial benefit.
Computer Crime: Background Key motivational factors driving insider actions are: - lax security - revenge aimed at management.
Computer Crime: Background Average bank robber: $5K / 90% / 7 yrs hard time vs. Computer criminal: $600K / 2%/ 2 yrs min. security
Computer Crime: Background Normal computer crime takes less than one second to pull off, and is usually done from another state or foreign country.
Computer Crime: Background A 1989 study by the National Center for Computer Crime Data of 3,500 companies found an average loss of $110,000, 365 man-hours, and 26 hours of computer time for each computer crime event discovered. 70% of all events involved theft of money or services.
Computer Crime: Background When a computer criminal is caught, it is "because such a large sum of money is taken that even the most ill-prepared system will note the anomaly." (Donn Parker. SRI computer crime expert)
Computer Crime: Background "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than a bomb." "To date, we have been remarkably lucky... Unfortunately, there is reason to believe that our luck will soon run out."
Computer Crime: Background "The committee is concerned that the development of legislation and case law is being outpaced by the growth of technology and changes in our society." (Source: Computers At Risk, National Research Council, 1991)
Computer Crime: Insider Examples Stanley Mark Rifkin hits Security Pacific Bank for $10.2 million using EFT passwords he observed pasted to terminals in the money transfer room of the bank. ('78)
Computer Crime: Insider Examples A New York brokerage firm disables the audit trail on their computer system to speed up operations. Shortly after, a clerk disappears to Switzerland with an estimated $28.8 million. ('86)
Computer Crime: Insider Examples The computer program that Volkswagen of West Germany used to control its international finance operations was altered so that 5 high-level executives got away with $260 million. No charges filed, but all fired! ('87)
Computer Crime: Insider Examples A London bank releases a press statement claiming their banks are not vulnerable to fraud the same day 4 persons are arrested with 1,864 valid, but forged, ATM cards in their possession. ('87)
Computer Crime: Insider Examples Seven New York men use stolen EFT codes to embezzle S70 million from the bank accounts of Merrill-Lynch and United Airlines. They are caught only after they cause Merrill-Lynch's account to be overdrawn. ('88)
Computer Crime: Insider Examples A Delaware state lottery computer system malfunctions, allowing unscrupulous lottery vendors to help themselves to $555,000 in winning tickets after the numbers had already been drawn. ('89)
Computer Crime: Insider Examples The Washington State prison system suspends a program where inmates were allowed to keep PCs in their cells, citing security issues after one prison's main computer system experienced unusual problems. ('89)
Computer Crime: Insider Examples 18 inmates working as data entry operators at the Tennessee State Prison guess the password to a payroll system and give themselves raises ranging from $20 to $500 a month. ('90)
Computer Crime: Insider Examples U.S. Attorney's Office in Kentucky sells computer at surplus auction for $45, and then realizes that 7 years worth of data on Federal Agents and Witness Protection participants were not erased. ('90)
Computer Crime: Insider Examples Laptop computer is stolen from Wing Commander of British military. On the laptop were classified plans for Persian Gulf war. Returned 4 days later in the mail. ('91)
Computer Crime: Insider Examples Four Cal Poly University students are arrested after charging $250,000 in goods to MasterCard and Visa cards. They gained access to Equifax, and copied some 1,600 credit reports. They then used the good credit-card numbers to re-program the magnetic data on stolen credit cards. They did this from a laptop in their car. ('91)
Computer Crime: Hacker History The term "hacking" was coined by members of the MIT Railroad Club in the mid 1960s. Back then, "hacker" was a term used to show respect for someone's technical expertise. "Hands on imperative" became the Golden Rule.
Computer Crime: Hacker History Today, "Hacking" is described by some as the art of young, anti-social males who are arrogant and obsessive. They have hyperactive imaginations that drive them to explore the world of cyberspace, usually returning with other people's money. The goal of today s hacker is to make the rules, not follow them.
Computer Crime: Hacker Profile Profile of a typical hacker is a white or Asian male, age 14 to 20, with average to below-average grades, an introvert who does not relate well to even his peers, has no father in the home, and has a personal life that is severely disorganized.
Computer Crime: Hacker Profile Hackers will spend 200 to 300 hours a month on the phone exchanging messages with other hackers, as well as trying to gain entry to computer systems world wide.
Computer Crime: Malicious Hackers AF-OSI nabs 14 year old for hacking into computers at the Pentagon and downloading several unclassified documents. Use of an "800" number allowed him to be traced. ('89)
Computer Crime: Malicious Hackers Kevin Mitnick, the "Darth Vader of Hackers," hacks into DEC and copies the security software (loss, $4 million) they use to protect their systems. When arrested, he had 16 stolen MCI codes in his possession. He also shut down 911 service in California ('89)
Computer Crime: Malicious Hackers Republican Party staff member from New Jersey hacks into the Democratic Party computer system and copies confidential files. Files showed that state workers were using state time for campaign work. ('90)
Computer Crime: Malicious Hackers The Legion of Doom is credited with planting a virus in the AT&T Switching Network. The system was down for 9 hours. 25 million long distance phone calls get busy signal. (Jan 15, 1990 - MLK holiday)
Computer Crime: Malicious Hackers Johnson Space Center denies it has lost $12 million over two years due to abuse of their phone system. One stolen access code was distributed to hundreds of hackers. ('90)
Computer Crime: Malicious Hackers Leslie Lynne Douchette (AKA, Kyrie), ring-leader of nationwide group of hackers, is sentenced to 27 months. Losses directly tied to her pivot on 481 MCI access codes in her possession that accounted for S595,000 in long-distance phone fraud. ('90)
Computer Crime: Malicious Hackers "Hacker Heaven": Belgium, Greece, Italy and the Netherlands. As of August 1991, they had no laws that made unauthorized access/tampering of computers a crime.
Computer Crime: Malicious Hackers U.S. vendor of secure modems issues challenge to hackers: "Hack into my system and I will give you cash reward." 8,000 hackers tried. ('91)
Computer Crime: Viruses & Worms A "virus" is software that hides itself inside of other legitimate software programs. A virus can not exist on its own, it requires a host. A "worm" is software, which does not hide itself in other programs, but rather is self-sufficient, stand-alone code.
Computer Crime: Viruses & Worms The goal of both viruses and worms is to replicate themselves. They may, or may-not trigger on some external event that causes them to be annoying or destructive.
Computer Crime: Viruses & Worms Of the 1,000 or so core viruses known to researchers, we only know the origin of about 40%. Most common origins: Minnesota, Italy, and Bulgaria.
Computer Crime: Viruses & Worms The public attitude toward viruses is changing. They are now seen as a bizarre form of industrial sabotage, rather than a technological version of a practical joke.
Computer Crime: Viruses & Worms "Christmas Tree" virus forces IBM to shut down 350,000 internal communications networks world- wide for nearly three days to permit location and removal of the virus. ('87)
Computer Crime: Viruses & Worms The Internet Unix worm, written by Robert Morris, caused 6,200 computer systems to crash, it took 1 million hours to repair the damage, at an estimated cost of $97 million.
Computer Crime: Viruses & Worms Convicted, Morris could have gotten five years and a $250,000 fine, but instead a U.S. District Court Judge gave him 400 hours of community service, a $10,000 fine and 3 years probation . ('88)
Computer Crime: Viruses & Worms A survey of 200 businesses in the U.S. found that 25% hat been hit with a virus. ('90) A survey of 950 businesses in England revealed that 50% had been hit with a virus. ('90)
Computer Crime: Viruses & Worms One of the most common viruses, the "Friday the 13th," was written by a programmer in the Middle East as a protest against the 40-year anniversary of the founding of Israel.
Computer Crime: Pedophiles Pedophiles are increasingly using microcomputers and BBS technology to share child pornography and to identify potential victims. The ability of microcomputers to display high-resolution graphics makes them ideal vehicles for the distribution of child pornography. The BBS networks give pedophile's anonymity and make them difficult to track.
Computer Crime: Pedophiles Medford, Massachusetts Police raided a child pornography video operation and discovered a major computer BBS network. There were over 1,000 users on the system from across the U.S. , and many international users. (‘90)
Computer Crime: Pedophiles Alameda County, California District Attorney’s Office prosecuted two males on pedophilia-related charges after an investigation revealed the suspects were running a travel service for pedophiles to Thailand. The contact information was kept in Casio databank watches. (‘86)
Computer Crime: Pedophiles The pedophile victim profile is very similar to the computer hacker profile, making electronic networks a fertile hunting ground for pedophiles.
Computer Crime: Pedophiles Mr. Roger Deitz of Fremont, California told newspapers and TV stations that he posed as a 13 year old homosexual male and was able to make contact with 20 - 30 pedophiles using America On-Line service. The service is assisting the FBI in a subsequent investigation but does not monitor private E-Mail. (New York Times 3/92)
Computer Crime: Pedophiles A San Jose, California detective posing as a pedophile on a BBS system was solicited by pedophiles Dean Lambey and Daniel Depew to participate in a kidnapping and "snuff flick" of a 12-year-old. FBI officials arrested both Lambey and Depew when they made an overt act to further the conspiracy. (Los Angeles Times 10/91)
Data Diddling Simplest Safest Most Common Method Used in discovered Cases Involves changing Data Before or During Input Process Can Be accomplished by anyone having access to the data
Data Diddling: Attack Points Creating Recording Transporting Encoding Examination Checking Converting Transforming
Data Diddling: Examples Counterfeiting Documents Exchanging Valid computer tapes, cards, disks with prepared replacements Source data entry procedure violations (entering wrong data)
Data diddling: Detection Transaction Participant: Data comparison Data Preparers: Document Validation Source data suppliers: Manual controls
Trojan horse: Definition The covert placement of computer instructions in a program so that the computer will perform unauthorized functions. But usually still will allow the basic program to perform its intended purpose
Trojan horse: Common method for prevention or detection Typical business application program can consist of 100,000 + instructions Operating system can consist of 5 to 6 million instructions Poor system documentation and maintenance practices aids perpetrators
Trojan horse: Detection Programmers: Program code comparisons
Trojan horse: Sources Employees Vendor programs Contract programmers User community
Salami Technique: Definition Theft of small amounts of assets from a larger number of sources Individual losses small and often unnoticed Requires a large amount of accounts be accessible to the perpetrator Random selection of target accounts reduces detection probability
Salami Technique: Most common targets Savings accounts Margin accounts Mortgage accounts Trust accounts Payroll Most common method used is the round down
Salami Technique: Detection Programmers: Application test User community: Detailed data analysis Former employees: Program comparisons Contractors: Transaction audits Vendors: Financial status of possible suspect
Superzapping A program that permits the user to bypass all normal system controls. It makes possible the disclosure and/or modification of any program or data resident in the system.
Trap Doors/Back doors Computer instructions (part of a program) that allows users to access the program and/or data without initializing the program in the normal fashion. (Go in the back door)
Logic bomb Special unauthorized instruction imbedded in computer routines that determine process conditions or system status.
Scavenging: Definition Obtaining information that may be resident in or around a computer system
Scavenging: Sources Discarded listings Carbon paper Source documents Scratch paper Company Phone books

More Related Content

PDF
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
PPT
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
 
PDF
SEO2India - Cyber crime
SEO2India - Devang Barot - SEO2India
 
PDF
Cyber crime and security
Muhammad Hamza
 
PDF
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
David Sweigert
 
PPT
Computer crime (1)
Shahd Elbadri
 
PPTX
What constitutes a cyber crime in the country
Ujjwal Tripathi
 
PPT
Cyber crime
S.M.Mustofa Kauser
 
Utilizing Internet for Fraud Examination and Investigation
Goutama Bachtiar
 
2009 10 21 Rajgoel Trends In Financial Crimes
Raj Goel
 
SEO2India - Cyber crime
SEO2India - Devang Barot - SEO2India
 
Cyber crime and security
Muhammad Hamza
 
Worldwide Cyber Threats report to House Permanent Select Committee on Intelli...
David Sweigert
 
Computer crime (1)
Shahd Elbadri
 
What constitutes a cyber crime in the country
Ujjwal Tripathi
 
Cyber crime
S.M.Mustofa Kauser
 

What's hot (20)

PDF
Cyber Fraud and Risk Management By Bolaji Bankole
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
PPTX
Cyber-crime PPT
Anshuman Tripathi
 
DOCX
Cyber security and threats
Harsh Kumar
 
PPT
Email crimes and Cyber Law-Nasscom Cyber safe 2010
Adv Prashant Mali
 
DOCX
87161911 selected-case-studies-on-cyber-crime
homeworkping4
 
DOC
Assignment of cyber crimes for oumh1203
Faridah Husin
 
PPTX
12 c business i environment i society mba 2016
Rajesh Satpathy, Regional College of Management (RCM), Bhubaneswar
 
PDF
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
PPTX
Cyber crime
dixitas
 
PPT
Cyber Wars And Cyber Terrorism
Ganesh DNP
 
ODP
Cyber crime law libreoffice
solomon24
 
PPTX
Cyber crime and issues
Roshan Mastana
 
PPTX
Rajveer choudhary cyber crime presentation
Rajveer Choudhary
 
DOCX
Shilpa
Shilpa Nayak
 
PDF
Cyber law
Arshad_A
 
PDF
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
khansalman19
 
PPTX
Lesson iv on fraud awareness (cyber frauds)
CA.Kolluru Narayanarao
 
PPTX
Lesson iv on fraud awareness (cyber frauds)
Kolluru N Rao
 
PPTX
Cyber warfare ss
Maira Asif
 
DOC
Cyber Fraud
Dixita S
 
Cyber Fraud and Risk Management By Bolaji Bankole
Bolaji James Bankole CCSS,CEH,MCSA,MCSE,MCP,CCNA,
 
Cyber-crime PPT
Anshuman Tripathi
 
Cyber security and threats
Harsh Kumar
 
Email crimes and Cyber Law-Nasscom Cyber safe 2010
Adv Prashant Mali
 
87161911 selected-case-studies-on-cyber-crime
homeworkping4
 
Assignment of cyber crimes for oumh1203
Faridah Husin
 
12 c business i environment i society mba 2016
Rajesh Satpathy, Regional College of Management (RCM), Bhubaneswar
 
Computer and Cyber forensics, a case study of Ghana
Mohammed Mahfouz Alhassan
 
Cyber crime
dixitas
 
Cyber Wars And Cyber Terrorism
Ganesh DNP
 
Cyber crime law libreoffice
solomon24
 
Cyber crime and issues
Roshan Mastana
 
Rajveer choudhary cyber crime presentation
Rajveer Choudhary
 
Shilpa
Shilpa Nayak
 
Cyber law
Arshad_A
 
Computer Security,Types of Hackers,Installation of Kali Linux, Common Keywords
khansalman19
 
Lesson iv on fraud awareness (cyber frauds)
CA.Kolluru Narayanarao
 
Lesson iv on fraud awareness (cyber frauds)
Kolluru N Rao
 
Cyber warfare ss
Maira Asif
 
Cyber Fraud
Dixita S
 
Ad

Viewers also liked (12)

PPTX
Legal500
Ohnicio Kalb
 
PDF
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
PDF
Tackling Financial Crime through Business Process Management
Cognizant
 
PDF
The International Comparative Legal Guide to: Business Crime 2017
Matheson Law Firm
 
DOCX
Business Crime Research Assignment FC
Melissa Gibson
 
PPT
Crime Unit
Jennifer Vogt-Erickson
 
PDF
Global Economic Crime Survey
Viren Aul
 
PPTX
Crime in the Business World
Jennifer Vogt-Erickson
 
PPT
Chapter 2 Criminology
Katrina Homer
 
PDF
The International Comparative Legal Guide to Business Crime 2016
Matheson Law Firm
 
PDF
Bribery and Corruption
Adel Abouhana
 
PDF
eCrime-report-2011-accessible
Charmaine Servado
 
Legal500
Ohnicio Kalb
 
Secure Wall - how should companies protect themselves from cyber crime?
Browne Jacobson LLP
 
Tackling Financial Crime through Business Process Management
Cognizant
 
The International Comparative Legal Guide to: Business Crime 2017
Matheson Law Firm
 
Business Crime Research Assignment FC
Melissa Gibson
 
Crime Unit
Jennifer Vogt-Erickson
 
Global Economic Crime Survey
Viren Aul
 
Crime in the Business World
Jennifer Vogt-Erickson
 
Chapter 2 Criminology
Katrina Homer
 
The International Comparative Legal Guide to Business Crime 2016
Matheson Law Firm
 
Bribery and Corruption
Adel Abouhana
 
eCrime-report-2011-accessible
Charmaine Servado
 
Ad

Similar to L Scope (20)

PPT
Security and privacy
Haa'Meem Mohiyuddin
 
PPTX
Chap11
nitin_009
 
PPT
Chap11
Aman Sharma
 
PPT
Hacking
thajmohammed
 
PPT
Security and privacy
Mohammed Adam
 
PPT
css ppt.ppt
ShivaTyagi26
 
PPT
Beekman5 std ppt_12
Department of Education - Philippines
 
PDF
Computer crimes
Muniba Bukhari
 
PPTX
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
PPT
Cyber Crime
Accenture
 
PPTX
Managing and securing the enterprise
Abha Damani
 
PPT
Presentation1
Rachel Lasotas
 
PPTX
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
PPT
Hackers
Alvaro Cipriano
 
PPT
Hackers
yozusaki
 
PPT
Hackers
guesta04f59b
 
PPT
Computer security and_privacy_2010-2011
lbcollins18
 
PPT
How to become Hackers .
Greater Noida Institute Of Technology
 
PPT
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
PPT
Mis chapter 9
Filmon Habtemichael Tesfai
 
Security and privacy
Haa'Meem Mohiyuddin
 
Chap11
nitin_009
 
Chap11
Aman Sharma
 
Hacking
thajmohammed
 
Security and privacy
Mohammed Adam
 
css ppt.ppt
ShivaTyagi26
 
Beekman5 std ppt_12
Department of Education - Philippines
 
Computer crimes
Muniba Bukhari
 
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Cyber Crime
Accenture
 
Managing and securing the enterprise
Abha Damani
 
Presentation1
Rachel Lasotas
 
Week_7.pptx Computer science topic 7 Notes
FrancisOdoom5
 
Hackers
Alvaro Cipriano
 
Hackers
yozusaki
 
Hackers
guesta04f59b
 
Computer security and_privacy_2010-2011
lbcollins18
 
How to become Hackers .
Greater Noida Institute Of Technology
 
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
Mis chapter 9
Filmon Habtemichael Tesfai
 

More from CTIN (20)

PPTX
Mounting virtual hard drives
CTIN
 
PPTX
Open Source Forensics
CTIN
 
PDF
Encase V7 Presented by Guidance Software august 2011
CTIN
 
PDF
Windows 7 forensics -overview-r3
CTIN
 
PDF
Windows 7 forensics event logs-dtl-r3
CTIN
 
PPTX
Msra 2011 windows7 forensics-troyla
CTIN
 
PPTX
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
PPTX
Windows 7 forensics jump lists-rv3-public
CTIN
 
PPTX
Time Stamp Analysis of Windows Systems
CTIN
 
PPT
Vista Forensics
CTIN
 
PPT
Mac Forensics
CTIN
 
PPT
Nra
CTIN
 
PPT
Live Forensics
CTIN
 
PPT
Translating Geek To Attorneys It Security
CTIN
 
PPT
Edrm
CTIN
 
PPT
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
PPT
CyberCrime
CTIN
 
PPT
Search Warrants
CTIN
 
PPT
Part6 Private Sector Concerns
CTIN
 
PDF
Sadfe2007
CTIN
 
Mounting virtual hard drives
CTIN
 
Open Source Forensics
CTIN
 
Encase V7 Presented by Guidance Software august 2011
CTIN
 
Windows 7 forensics -overview-r3
CTIN
 
Windows 7 forensics event logs-dtl-r3
CTIN
 
Msra 2011 windows7 forensics-troyla
CTIN
 
Windows 7 forensics thumbnail-dtl-r4
CTIN
 
Windows 7 forensics jump lists-rv3-public
CTIN
 
Time Stamp Analysis of Windows Systems
CTIN
 
Vista Forensics
CTIN
 
Mac Forensics
CTIN
 
Nra
CTIN
 
Live Forensics
CTIN
 
Translating Geek To Attorneys It Security
CTIN
 
Edrm
CTIN
 
Computer Searchs, Electronic Communication, Computer Trespass
CTIN
 
CyberCrime
CTIN
 
Search Warrants
CTIN
 
Part6 Private Sector Concerns
CTIN
 
Sadfe2007
CTIN
 

Recently uploaded (20)

PPTX
Introduction to Customs (June 2025) v1.pptx
josepheric420
 
PDF
caregiving tools.pdf...........................
cyrilbotor
 
PPTX
Understanding-Economic-Growth in macro..
marriumkhan920
 
PDF
Blockchain Pesa Research by Samuel Mefane
KatlehoMefane
 
PPTX
Session 14-16. Capital Structure Theories.pptx
2023mb21003
 
PDF
Is Retirement Income a Three Dimensional (3-D) problem_ What is the differenc...
Better Financial Education
 
PDF
Why Ignoring Passive Income for Retirees Could Cost You Big.pdf
Enterprise world
 
PPTX
EABDM Slides for Indifference curve.pptx
deeksha8770
 
PPTX
What is next for the Fractional CFO - August 2025
PaulYoung221210
 
PPTX
Introduction to Essence of Indian traditional knowledge.pptx
souravpoddarhith
 
PPTX
4.5.1 Financial Governance_Appropriation & Finance.pptx
RuhulQuddus23
 
PPTX
Who’s winning the race to be the world’s first trillionaire.pptx
ManiRamesh15
 
PDF
Predicting Customer Bankruptcy Using Machine Learning Algorithm research pape...
Razan Shahwan
 
PDF
Dr Tran Quoc Bao the first Vietnamese speaker at GITEX DigiHealth Conference ...
Gorman Bain Capital
 
PPTX
Globalization-of-Religion. Contemporary World
JudyMhaeBustillos
 
PDF
Copia de Minimal 3D Technology Consulting Presentation.pdf
viccarlin12
 
PDF
Understanding University Research Expenditures (1)_compressed.pdf
Innovosource
 
PDF
Bladex Earnings Call Presentation 2Q2025
Bladex
 
PDF
Dialnet-DynamicHedgingOfPricesOfNaturalGasInMexico-8788871.pdf
davidromero210805
 
PPTX
Unilever_Financial_Analysis_Presentation.pptx
HarisKaimKhani
 
Introduction to Customs (June 2025) v1.pptx
josepheric420
 
caregiving tools.pdf...........................
cyrilbotor
 
Understanding-Economic-Growth in macro..
marriumkhan920
 
Blockchain Pesa Research by Samuel Mefane
KatlehoMefane
 
Session 14-16. Capital Structure Theories.pptx
2023mb21003
 
Is Retirement Income a Three Dimensional (3-D) problem_ What is the differenc...
Better Financial Education
 
Why Ignoring Passive Income for Retirees Could Cost You Big.pdf
Enterprise world
 
EABDM Slides for Indifference curve.pptx
deeksha8770
 
What is next for the Fractional CFO - August 2025
PaulYoung221210
 
Introduction to Essence of Indian traditional knowledge.pptx
souravpoddarhith
 
4.5.1 Financial Governance_Appropriation & Finance.pptx
RuhulQuddus23
 
Who’s winning the race to be the world’s first trillionaire.pptx
ManiRamesh15
 
Predicting Customer Bankruptcy Using Machine Learning Algorithm research pape...
Razan Shahwan
 
Dr Tran Quoc Bao the first Vietnamese speaker at GITEX DigiHealth Conference ...
Gorman Bain Capital
 
Globalization-of-Religion. Contemporary World
JudyMhaeBustillos
 
Copia de Minimal 3D Technology Consulting Presentation.pdf
viccarlin12
 
Understanding University Research Expenditures (1)_compressed.pdf
Innovosource
 
Bladex Earnings Call Presentation 2Q2025
Bladex
 
Dialnet-DynamicHedgingOfPricesOfNaturalGasInMexico-8788871.pdf
davidromero210805
 
Unilever_Financial_Analysis_Presentation.pptx
HarisKaimKhani
 

L Scope

  • 1. Computer Crime Scope of the problem
  • 2. Computer Crime: Background In 1991, a business firm in the U.S. was 8 times more likely to be the victim of a crime than an individual living in the U.S. Economic crime cost American businesses $128 billion.
  • 3. Computer Crime: Background The accounting firm of Ernst & Young estimates that computer-related crime cost U.S. businesses about $3 billion to $5 billion a year in losses. Other researchers put the total loss figure as high as $40 billion if losses from Viruses and Software Piracy are included.
  • 4. Computer Crime: Background Only 6% to 11% of computer crime is reported. Of this segment, only 2% of the cases resulted in a conviction requiring any jail time. Less than a dozen computer criminals nationwide have served any time.
  • 5. Computer Crime: Background Average insured losses resulting from exploitation and tampering of computer systems are in the range of $500,000 - $600,000.
  • 6. Computer Crime: Background 75% to 80% of all computer crime is traceable to trusted insiders who had legitimate computer access, and/or knowledge of how operational procedures could be manipulated to their financial benefit.
  • 7. Computer Crime: Background Key motivational factors driving insider actions are: - lax security - revenge aimed at management.
  • 8. Computer Crime: Background Average bank robber: $5K / 90% / 7 yrs hard time vs. Computer criminal: $600K / 2%/ 2 yrs min. security
  • 9. Computer Crime: Background Normal computer crime takes less than one second to pull off, and is usually done from another state or foreign country.
  • 10. Computer Crime: Background A 1989 study by the National Center for Computer Crime Data of 3,500 companies found an average loss of $110,000, 365 man-hours, and 26 hours of computer time for each computer crime event discovered. 70% of all events involved theft of money or services.
  • 11. Computer Crime: Background When a computer criminal is caught, it is "because such a large sum of money is taken that even the most ill-prepared system will note the anomaly." (Donn Parker. SRI computer crime expert)
  • 12. Computer Crime: Background "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than a bomb." "To date, we have been remarkably lucky... Unfortunately, there is reason to believe that our luck will soon run out."
  • 13. Computer Crime: Background "The committee is concerned that the development of legislation and case law is being outpaced by the growth of technology and changes in our society." (Source: Computers At Risk, National Research Council, 1991)
  • 14. Computer Crime: Insider Examples Stanley Mark Rifkin hits Security Pacific Bank for $10.2 million using EFT passwords he observed pasted to terminals in the money transfer room of the bank. ('78)
  • 15. Computer Crime: Insider Examples A New York brokerage firm disables the audit trail on their computer system to speed up operations. Shortly after, a clerk disappears to Switzerland with an estimated $28.8 million. ('86)
  • 16. Computer Crime: Insider Examples The computer program that Volkswagen of West Germany used to control its international finance operations was altered so that 5 high-level executives got away with $260 million. No charges filed, but all fired! ('87)
  • 17. Computer Crime: Insider Examples A London bank releases a press statement claiming their banks are not vulnerable to fraud the same day 4 persons are arrested with 1,864 valid, but forged, ATM cards in their possession. ('87)
  • 18. Computer Crime: Insider Examples Seven New York men use stolen EFT codes to embezzle S70 million from the bank accounts of Merrill-Lynch and United Airlines. They are caught only after they cause Merrill-Lynch's account to be overdrawn. ('88)
  • 19. Computer Crime: Insider Examples A Delaware state lottery computer system malfunctions, allowing unscrupulous lottery vendors to help themselves to $555,000 in winning tickets after the numbers had already been drawn. ('89)
  • 20. Computer Crime: Insider Examples The Washington State prison system suspends a program where inmates were allowed to keep PCs in their cells, citing security issues after one prison's main computer system experienced unusual problems. ('89)
  • 21. Computer Crime: Insider Examples 18 inmates working as data entry operators at the Tennessee State Prison guess the password to a payroll system and give themselves raises ranging from $20 to $500 a month. ('90)
  • 22. Computer Crime: Insider Examples U.S. Attorney's Office in Kentucky sells computer at surplus auction for $45, and then realizes that 7 years worth of data on Federal Agents and Witness Protection participants were not erased. ('90)
  • 23. Computer Crime: Insider Examples Laptop computer is stolen from Wing Commander of British military. On the laptop were classified plans for Persian Gulf war. Returned 4 days later in the mail. ('91)
  • 24. Computer Crime: Insider Examples Four Cal Poly University students are arrested after charging $250,000 in goods to MasterCard and Visa cards. They gained access to Equifax, and copied some 1,600 credit reports. They then used the good credit-card numbers to re-program the magnetic data on stolen credit cards. They did this from a laptop in their car. ('91)
  • 25. Computer Crime: Hacker History The term "hacking" was coined by members of the MIT Railroad Club in the mid 1960s. Back then, "hacker" was a term used to show respect for someone's technical expertise. "Hands on imperative" became the Golden Rule.
  • 26. Computer Crime: Hacker History Today, "Hacking" is described by some as the art of young, anti-social males who are arrogant and obsessive. They have hyperactive imaginations that drive them to explore the world of cyberspace, usually returning with other people's money. The goal of today s hacker is to make the rules, not follow them.
  • 27. Computer Crime: Hacker Profile Profile of a typical hacker is a white or Asian male, age 14 to 20, with average to below-average grades, an introvert who does not relate well to even his peers, has no father in the home, and has a personal life that is severely disorganized.
  • 28. Computer Crime: Hacker Profile Hackers will spend 200 to 300 hours a month on the phone exchanging messages with other hackers, as well as trying to gain entry to computer systems world wide.
  • 29. Computer Crime: Malicious Hackers AF-OSI nabs 14 year old for hacking into computers at the Pentagon and downloading several unclassified documents. Use of an "800" number allowed him to be traced. ('89)
  • 30. Computer Crime: Malicious Hackers Kevin Mitnick, the "Darth Vader of Hackers," hacks into DEC and copies the security software (loss, $4 million) they use to protect their systems. When arrested, he had 16 stolen MCI codes in his possession. He also shut down 911 service in California ('89)
  • 31. Computer Crime: Malicious Hackers Republican Party staff member from New Jersey hacks into the Democratic Party computer system and copies confidential files. Files showed that state workers were using state time for campaign work. ('90)
  • 32. Computer Crime: Malicious Hackers The Legion of Doom is credited with planting a virus in the AT&T Switching Network. The system was down for 9 hours. 25 million long distance phone calls get busy signal. (Jan 15, 1990 - MLK holiday)
  • 33. Computer Crime: Malicious Hackers Johnson Space Center denies it has lost $12 million over two years due to abuse of their phone system. One stolen access code was distributed to hundreds of hackers. ('90)
  • 34. Computer Crime: Malicious Hackers Leslie Lynne Douchette (AKA, Kyrie), ring-leader of nationwide group of hackers, is sentenced to 27 months. Losses directly tied to her pivot on 481 MCI access codes in her possession that accounted for S595,000 in long-distance phone fraud. ('90)
  • 35. Computer Crime: Malicious Hackers "Hacker Heaven": Belgium, Greece, Italy and the Netherlands. As of August 1991, they had no laws that made unauthorized access/tampering of computers a crime.
  • 36. Computer Crime: Malicious Hackers U.S. vendor of secure modems issues challenge to hackers: "Hack into my system and I will give you cash reward." 8,000 hackers tried. ('91)
  • 37. Computer Crime: Viruses & Worms A "virus" is software that hides itself inside of other legitimate software programs. A virus can not exist on its own, it requires a host. A "worm" is software, which does not hide itself in other programs, but rather is self-sufficient, stand-alone code.
  • 38. Computer Crime: Viruses & Worms The goal of both viruses and worms is to replicate themselves. They may, or may-not trigger on some external event that causes them to be annoying or destructive.
  • 39. Computer Crime: Viruses & Worms Of the 1,000 or so core viruses known to researchers, we only know the origin of about 40%. Most common origins: Minnesota, Italy, and Bulgaria.
  • 40. Computer Crime: Viruses & Worms The public attitude toward viruses is changing. They are now seen as a bizarre form of industrial sabotage, rather than a technological version of a practical joke.
  • 41. Computer Crime: Viruses & Worms "Christmas Tree" virus forces IBM to shut down 350,000 internal communications networks world- wide for nearly three days to permit location and removal of the virus. ('87)
  • 42. Computer Crime: Viruses & Worms The Internet Unix worm, written by Robert Morris, caused 6,200 computer systems to crash, it took 1 million hours to repair the damage, at an estimated cost of $97 million.
  • 43. Computer Crime: Viruses & Worms Convicted, Morris could have gotten five years and a $250,000 fine, but instead a U.S. District Court Judge gave him 400 hours of community service, a $10,000 fine and 3 years probation . ('88)
  • 44. Computer Crime: Viruses & Worms A survey of 200 businesses in the U.S. found that 25% hat been hit with a virus. ('90) A survey of 950 businesses in England revealed that 50% had been hit with a virus. ('90)
  • 45. Computer Crime: Viruses & Worms One of the most common viruses, the "Friday the 13th," was written by a programmer in the Middle East as a protest against the 40-year anniversary of the founding of Israel.
  • 46. Computer Crime: Pedophiles Pedophiles are increasingly using microcomputers and BBS technology to share child pornography and to identify potential victims. The ability of microcomputers to display high-resolution graphics makes them ideal vehicles for the distribution of child pornography. The BBS networks give pedophile's anonymity and make them difficult to track.
  • 47. Computer Crime: Pedophiles Medford, Massachusetts Police raided a child pornography video operation and discovered a major computer BBS network. There were over 1,000 users on the system from across the U.S. , and many international users. (‘90)
  • 48. Computer Crime: Pedophiles Alameda County, California District Attorney’s Office prosecuted two males on pedophilia-related charges after an investigation revealed the suspects were running a travel service for pedophiles to Thailand. The contact information was kept in Casio databank watches. (‘86)
  • 49. Computer Crime: Pedophiles The pedophile victim profile is very similar to the computer hacker profile, making electronic networks a fertile hunting ground for pedophiles.
  • 50. Computer Crime: Pedophiles Mr. Roger Deitz of Fremont, California told newspapers and TV stations that he posed as a 13 year old homosexual male and was able to make contact with 20 - 30 pedophiles using America On-Line service. The service is assisting the FBI in a subsequent investigation but does not monitor private E-Mail. (New York Times 3/92)
  • 51. Computer Crime: Pedophiles A San Jose, California detective posing as a pedophile on a BBS system was solicited by pedophiles Dean Lambey and Daniel Depew to participate in a kidnapping and "snuff flick" of a 12-year-old. FBI officials arrested both Lambey and Depew when they made an overt act to further the conspiracy. (Los Angeles Times 10/91)
  • 52. Data Diddling Simplest Safest Most Common Method Used in discovered Cases Involves changing Data Before or During Input Process Can Be accomplished by anyone having access to the data
  • 53. Data Diddling: Attack Points Creating Recording Transporting Encoding Examination Checking Converting Transforming
  • 54. Data Diddling: Examples Counterfeiting Documents Exchanging Valid computer tapes, cards, disks with prepared replacements Source data entry procedure violations (entering wrong data)
  • 55. Data diddling: Detection Transaction Participant: Data comparison Data Preparers: Document Validation Source data suppliers: Manual controls
  • 56. Trojan horse: Definition The covert placement of computer instructions in a program so that the computer will perform unauthorized functions. But usually still will allow the basic program to perform its intended purpose
  • 57. Trojan horse: Common method for prevention or detection Typical business application program can consist of 100,000 + instructions Operating system can consist of 5 to 6 million instructions Poor system documentation and maintenance practices aids perpetrators
  • 58. Trojan horse: Detection Programmers: Program code comparisons
  • 59. Trojan horse: Sources Employees Vendor programs Contract programmers User community
  • 60. Salami Technique: Definition Theft of small amounts of assets from a larger number of sources Individual losses small and often unnoticed Requires a large amount of accounts be accessible to the perpetrator Random selection of target accounts reduces detection probability
  • 61. Salami Technique: Most common targets Savings accounts Margin accounts Mortgage accounts Trust accounts Payroll Most common method used is the round down
  • 62. Salami Technique: Detection Programmers: Application test User community: Detailed data analysis Former employees: Program comparisons Contractors: Transaction audits Vendors: Financial status of possible suspect
  • 63. Superzapping A program that permits the user to bypass all normal system controls. It makes possible the disclosure and/or modification of any program or data resident in the system.
  • 64. Trap Doors/Back doors Computer instructions (part of a program) that allows users to access the program and/or data without initializing the program in the normal fashion. (Go in the back door)
  • 65. Logic bomb Special unauthorized instruction imbedded in computer routines that determine process conditions or system status.
  • 66. Scavenging: Definition Obtaining information that may be resident in or around a computer system
  • 67. Scavenging: Sources Discarded listings Carbon paper Source documents Scratch paper Company Phone books

Editor's Notes

  • #2: File Name: Scope.ppt This presentation provides the student with an overview of the computer crime problem.