SlideShare a Scribd company logo

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf

S
SujanTimalsina5

The document outlines various aspects of computer and internet crime, focusing on ethical issues, types of security incidents, and profiles of perpetrators. It emphasizes the increasing prevalence of cyber attacks and the need for comprehensive security measures, while also discussing the role of computer forensics and legal frameworks in addressing these challenges. Furthermore, it highlights the evolution of hacktivist groups like Anonymous and examines the motivations of different types of cybercriminals.

Law
1 of 97
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Most read
16
17
18
19
20
21
22
23
24
25
26
27
Most read
28
29
30
Most read
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Unit 3 Computer and Internet Crime Information System Ethics Hempal Shrestha LegalTech (IP&IT) & Knowledge Management Specialist Visiting Faculty - Kathmandu University 2023
Objectives 1. What key trade-offs and ethical issues are associated with the safeguarding of data and information systems? 2. Why has there been a dramatic increase in the number of computer-related security incidents in recent years? 3. What are the most common types of computer security attacks? 4. What are some characteristics of common computer criminals, including their objectives, available resources, willingness to accept risk, and frequency of attack?
Objectives… 5. What are the key elements of a multilayer process for managing security vulnerabilities, based on the concept of reasonable assurance? 6. What actions must be taken in response to a security incident? 7. What is computer forensics, and what role does it play in responding to a computer incident?
Unit -03 - Outline 3.1. IT Security Incidents 3.2. Types of Exploits 3.3. Types of Perpetrators 3.4. Implementing Trustworthy Computing 3.5. Risk Assessment
Unit -03 - Outline… 3.6. Establishing a Security Policy 3.7. Educating Employees and Contract Workers 3.7.1. Prevention 3.7.2. Detection 3.7.3. Response Computer Forensic
What Will You Do? Unit 03 - Discussion Questions
1. You are one of the top students in your university’s computer science program of 200 students. You are surprised when you are met after class by two representatives from a federal intelligence agency. Over dinner, they talk to you about the increasing threat of cyberterrorist attacks launched on the United States by foreign countries and the need to counter those attacks. They offer you a position on the agency’s supersecret cyberterrorism unit, at a starting salary 50 percent higher than you know other computer science graduates are being offered. Your role would be to both develop and defend against new zero-day exploits that could be used to plant malware in the software used by the government and military computers. Would such a role be of interest to you? What questions might you ask to determine if you would accept their offer of employment? Unit 03- What will You Do Question?
3. You are a member of the Human Resources Department of a three-year-old software manufacturer that has several products and annual revenue in excess of $500 million. You’ve just received a request from the manager of software development to hire three notorious crackers to probe your company’s software products in an attempt to identify any vulnerabilities. The reasoning is that if anyone could find a vulnerability in your software, they could. This will give your firm a head start on developing patches to fix the problems before anyone can exploit them. You’re not sure, and you feel uneasy about hiring people with criminal records and connections to unsavory members of the hacker/ cracker community. What would you do? Unit 03- What will You Do Question?
7. It appears that someone is using your firm’s corporate directory—which includes job titles and email addresses—to contact senior managers and directors via email. The email requests that the recipient click on a URL, which leads to a Web site that looks as if it were designed by your Human Resources organization. Once at this phony Web site, the employees are asked to confirm the bank and account number to be used for electronic deposit of their annual bonus check. You are a member of IT security for the firm. What can you do? Unit 03- What will You Do Question?
IT Security Incidents Events and Incidents
IT Security Incidents: A Worsening Problem ● Security of information technology is of utmost importance ○ Safeguard; ■ Confidential data ■ Private customer and employee data ○ Protect against malicious acts of theft or disruption ○ Must be balanced against other business needs and issues ● Number of IT-related security incidents is increasing around the world
Why Computer Incidents Are So Prevalent ● Increasing complexity increases vulnerability ○ Computing environment is enormously complex ■ Continues to increase in complexity ■ Number of entry points expands continuously ■ Cloud computing and virtualization software ● Higher computer user expectations ○ Computer help desks under intense pressure ■ Forget to verify users’ IDs or check authorizations ● Computer users share login IDs and passwords
Why Computer Incidents Are So Prevalent… ● Expanding/changing systems equal new risks ○ Network era ■ Personal computers connect to networks with millions of other computers ■ All capable of sharing information ● Information technology ○ Ubiquitous ○ Necessary tool for organizations to achieve goals ○ Increasingly difficult to match pace of technological change
Why Computer Incidents Are So Prevalent… Increased reliance on commercial software with known vulnerabilities ● Exploit ○ Attack on information system ○ Takes advantage of system vulnerability ○ Due to poor system design or implementation ● Patch ○ “Fix” to eliminate the problem ○ Users are responsible for obtaining and installing ○ Delays expose users to security breaches
Why Computer Incidents Are So Prevalent… ● Zero-day attack ○ Before a vulnerability is discovered or fixed ● Companies relying on commercial software with known vulnerabilities
IT Security Incidents: A Worsening Problem ● Computer Emergency Response Team Coordination Center (CERT/CC) ○ Charged with ■ Coordinating communication among experts during computer security emergencies ■ Helping to prevent future incidents ● What about Nepal…
Number of Vulnerabil ities Reported to CERT/CC
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Types of Exploits To Many, Always Evolving & Ever Growing, List Goes On.
Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
Types of Attacks ● Most frequent attack is on a networked computer from an outside source ● Types of attacks ○ Virus ○ Worm ○ Trojan horse ○ Denial of service ○ Rootkit ○ Spam ○ Phishing (spear-phishing, smishing, and vishing) ○ …
Viruses ● Pieces of programming code ● Usually disguised as something else ● Cause unexpected and usually undesirable events ● Often attached to files ● Deliver a “payload”
Viruses… ● Spread by actions of the “infected” computer user ○ Infected e-mail document attachments ○ Downloads of infected programs ○ Visits to infected Web sites ● Macro viruses ○ Most common and easily created viruses ○ Created in an application macro language ○ Infect documents and templates
Worms ● Harmful programs ○ Reside in active memory of a computer ○ Duplicate themselves ● Can propagate without human intervention ● Negative impact of virus or worm attack ○ Lost data and programs ○ Lost productivity ○ Effort for IT workers
Cost Impact of Worms
Trojan Horses ● Malicious code hidden inside seemingly harmless programs ● Users are tricked into installing them ● Delivered via email attachment, downloaded from a Web site, or contracted via a removable media device ● Logic bomb ○ Executes when triggered by certain event
Denial-of-Service (DoS) Attacks ● Malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other small tasks ○ The computers that are taken over are called zombies ● Does not involve a break-in at the target computer ○ Target machine is busy responding to a stream of automated requests ○ Legitimate users cannot get in
Denial-of-Service (DoS) Attacks ● Spoofing generates a false return address on packets ● Ingress filtering - When Internet service providers (ISPs) prevent incoming packets with false IP addresses from being passed on ● Egress filtering - Ensuring spoofed packets don’t leave a network
Rootkits ● Set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge ● Attacker can gain full control of the system and even obscure the presence of the rootkit ● Fundamental problem in detecting a rootkit is that the operating system currently running cannot be trusted to provide valid test results
Spam ● Abuse of email systems to send unsolicited email to large numbers of people ○ Low-cost commercial advertising for questionable products ○ Method of marketing also used by many legitimate organizations ● Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) ○ Software generates tests that humans can pass but computer programs cannot
Phishing ● Act of using email fraudulently to try to get the recipient to reveal personal data ● Legitimate-looking emails lead users to counterfeit Web sites ● Spear-phishing ○ Fraudulent emails to an organization’s employees ● Smishing ○ Phishing via text messages ● Vishing ○ Phishing via voice mail messages
Phishing
Unit 03 - Case 02 Anonymous and Social Hacktivism
Unit 03 - Case 02. Anonymous and Social Hacktivism The popular conception of hackers is one of young men sitting in dark basement rooms for hours upon end, surrounded by empty takeout containers: alone and unaffiliated. Individual hackers rarely influence history, the actions of large corporations, or the governments of the world unless they can somehow work together and form a collective. The hacktivist group Anonymous seems to have achieved this goal.
Unit 03 - Case 02. Anonymous and Social Hacktivism The group’s beginnings can be traced back to 2003, when individual hackers began posting proposals for collective action on an Internet forum called 4-chan, a simple image-based bulletin board where anyone can post comments and share images and one of the least regulated parts of the Internet in the early 2000s. At first, the idea was the adoption of a decentralized online community that could act anonymously, but in a coordinated manner. Group actions were usually aligned toward some nebulous goal, with the primary focus being on the members’ own entertainment. For example, Anonymous members hacked the copy-protect codes of DVDs and video games and posted them online. This action enabled other hackers to disable the copy protection and copy these products for free. As the movement grew, some members began to see the potential for greater social and political activity, and social “hacktivism” was born.
Unit 03 - Case 02. Anonymous and Social Hacktivism Anonymous has no leader or formal decision-making mechanism. “Anyone who wants to can be Anonymous and work toward a set of goals...” a member of Anonymous explained. “We have this agenda that we all agree on and we all coordinate and act, but all act independently toward it, without any want for recognition. We just want to get something that we feel is important done...” Anonymous’ first move toward a political action came in the form of a distributed denial-of-service (DDoS) attack on the Church of Scientology in 2008. The church had made an attempt to remove an interview with Tom Cruise, a famous church member, from the Internet. The church felt the video injured its image. It succeeded in removing the video from YouTube and other Web sites, but Anonymous posted the video on the Gawker Web site. The effort gave Anonymous a sense of the power it could harness.
Unit 03 - Case 02. Anonymous and Social Hacktivism As the movement grew, Anonymous expanded its targets and attracted media attention. After the Web site WikiLeaks, which relied on donations to support its operations, released large collections of classified American military documents and diplomatic cables, PayPal, MasterCard, and Bank of America announced that they would no longer process donations to WikiLeaks. This action threatened to put the WikiLeaks Web site out of business. In response, Anonymous launched major DDoS attacks on the Web sites of these financial companies.
Unit 03 - Case 02. Anonymous and Social Hacktivism In 2012, Anonymous published the names and credit card information of the subscribers to a newsletter published by the international security think tank, Stratfor, which Anonymous viewed as a reactionary force both online and in the real world. Stratfor customer credit cards were used to make over $500,000 in fraudulent donations to various charities.54 Also in 2012, Anonymous attacked the regime of Syrian president Bashar al-Assad. In this instance, Anonymous went beyond DDoS attacks on government sites and actually set up satellite transmission stations in all the major cities across Syria to serve as independent media centers in anticipation of the Syrian government’s efforts to cut off its citizens from the Internet
Unit 03 - Case 02. Anonymous and Social Hacktivism In response to the suicide of Internet activist Aaron Swartz in early 2013, Anonymous briefly corrupted the Web site of the U.S. Sentencing Commission and threatened to release sensitive information concerning the U.S. Department of Justice. Anonymous blamed the justice system for Swartz’s suicide, claiming that prosecutors were pursuing “highly disproportionate sentencing” in cases against some of its members and others, like Swartz, who championed open access to online documents. Swartz was facing federal charges that he stole millions of online documents and could have served up to 35 years in prison.
Unit 03 - Case 02. Anonymous and Social Hacktivism The group’s strategy of using DDoS attacks and publishing personal information is illegal and has exposed numerous members of the collective to police inquiry and legal problems. The Interpol international policing body has been particularly active in its pursuit of Anonymous members. In early 2012, as part of Interpol’s efforts, 25 Anonymous members were arrested in four different countries.57 Furthermore, an influential member of the collective, known online as “Sabu,” was recently outed as an FBI informant. After participating in the Stratfor hack, Sabu gave information to the FBI leading to the arrest of several Anonymous senior members.58 However, after the revelation that one of their own had cooperated with the FBI’s efforts against the group, one member posted the following: “Don’t you get it by now? #Anonymous is an idea. #Anonymous is a movement. It will keep growing, adapting and evolving, no matter what.”?
Unit 03 - Case 02. Anonymous and Social Hacktivism Discussion Questions 1. If you had an opportunity to join Anonymous, would you? Why, or why not? 2. Would you say that Anonymous’ actions in support of WikiLeaks were legal? Were these actions ethical? What about their actions to set up satellite transmission stations across Syria? 3. How serious of a threat does Anonymous pose to organizational and government Web sites?
Types of Perpetrators To Be or Not To Be Criminal / Ethical
Perpetrators ● Motives are the same as other criminals ● Perpetrators include: ○ Thrill seekers wanting a challenge ○ Common criminals looking for financial gain ○ Industrial spies trying to gain an advantage ○ Terrorists seeking to cause destruction
Perpetrators ● Different objectives and access to varying resources ● Different levels of risk to accomplish an objective
Classifying Perpetrators of Computer Crime
Classifying Perpetrators of Computer Crime
Classifying Perpetrators of Computer Crime
Hackers and Crackers ● Hackers ○ Test limitations of systems out of intellectual curiosity ■ Some smart and talented ■ Others inept; termed “lamers” or “script kiddies” ● Crackers ○ Cracking is a form of hacking ○ Clearly criminal activity
Malicious Insiders ● Major security concern for companies ● Estimated 85 percent of all fraud is committed by employees ● Fraud within an organization is usually due to weaknesses in internal control procedures ● Collusion ○ Cooperation between an employee and an outsider
Malicious Insiders ● Insiders are not necessarily employees ○ Can also be consultants and contractors ● Extremely difficult to detect or stop ○ Authorized to access the very systems they abuse ● Negligent insiders have potential to cause damage
Industrial Spies ● Use illegal means to obtain trade secrets from competitors ● Trade secrets are protected by the Economic Espionage Act of 1996 ● Competitive intelligence ○ Uses legal techniques ○ Gathers information available to the public ● Industrial espionage ○ Uses illegal means ○ Obtains information not available to the public
Cybercriminals ● Hack into corporate computers and steal ● Engage in all forms of computer fraud ● Chargebacks are disputed transactions ● Loss of customer trust has more impact than fraud ● To reduce the potential for online credit card fraud: ○ Use encryption technology ○ Verify the address submitted online against the issuing bank ○ Request a card verification value (CVV) ○ Use transaction-risk scoring software
Cybercriminals… ● Smart cards ○ Contain a memory chip ○ Are updated with encrypted data every time the card is used
Hacktivists and Cyberterrorists ● Hacktivism ○ Hacking to achieve a political or social goal ● Cyberterrorist ○ Attacks computers or networks in an attempt to intimidate or coerce a government in order to advance certain political or social objectives ○ Seeks to cause harm rather than gather information ○ Uses techniques that destroy or disrupt services
US Federal Laws for Prosecuting Computer Attacks
Nepal Laws for Prosecuting Computer Attacks ● The Electronic Transactions Act 2063 (ETA ) to regulate cybercrimes. Section 47 of the Act is the most used section to prevent cybercrime in Nepal. This section stipulates that if a person publishes or displays material against morals, etiquette, hatred, or malice on a computer, internet, and other electronic media, the culprit can be punished with a fine of 1 lakh rupees or imprisonment for up to 5 years or both.
Nepal Laws for Prosecuting Computer Attacks ● Section 48 of the Act is also used customarily, which stipulates that if any person who has access to any record, book, register, correspondence, information, documents or any other material under the authority conferred under this Act or Rules framed hereunder divulges or causes to divulge confidentiality of such record, books, registers, correspondence, information, documents or materials to any unauthorized person, he/she shall be liable to the punishment with a fine not exceeding Ten Thousand Rupees or with imprisonment not exceeding two years or with both, depending on the degree of the offense.
Law of Nepal relating to pirating, destroying, or altering computer source data? ● As per the ETA, 2063 (section 44), if any person, knowingly or with malafide intention, pirates, destroys, alters computer sources code to be used for any computer, computer programmer, computer system or computer network or cause, other to do so, he/she shall be liable to the punishment with imprisonment not exceeding three years or with a fine not exceeding two hundred thousand Rupees or with both.
Unauthorized access to computer materials, a cybercrime ● Unauthorized Access is an offense punishable by law. If any person to have access to any program, information, or data of any computer, uses such a computer without authorization of the owner of or the person responsible for such a computer or even in the case of authorization, performs any act to have access in any program, information or data contrary to from such authorization, such a person shall be liable to the punishment with the fine not exceeding Two Hundred thousand rupees or with imprisonment not exceeding three years or with both depending on the seriousness of the offense.[Section 45, ETA 2063]
Provisions regarding damage to any computer and information system ● If any person knowingly and with a mala fide intention to cause wrongful loss or damage to any institution destroys, damages, deletes, alters, disrupts any information of any computer source by any means or diminishes value and utility of such information or affects it injuriously or causes any person to carry out such an act, such a person shall be liable to the punishment with the fine, not exceeding two thousand Rupees and with imprisonment not exceeding three years or with both.[Section 46, ETA 2063]
Publication of illegal materials in electronic form ● If any person publishes or displays any material in electronic media including computer, internet which is prohibited to publish or display by the prevailing law or which may be contrary to public morality or decent behavior or any type of material that may spread hate or jealousy against anyone or which may jeopardize the harmonious relations subsisting among the peoples of various castes, tribes and communities shall be liable to the punishment with the fine not exceeding One Hundred Thousand Rupees or with the imprisonment not exceeding five years or with both.[Section 47, ETA 2063]
Provisions of the law of Nepal regarding computer fraud ● If any person, intending to commit any fraud or any other illegal act, creates, publishes, or otherwise provides a digital signature certificate or acquires benefit from the payment of any bill, the balance amount of any one's account, any inventory or ATM card in connivance of or otherwise by committing any fraud, amount of the financial benefit so acquired shall be recovered from the offender and be given to the person concerned and such an offender shall be liable to the punishment with a fine not exceeding one hundred thousand Rupees or with imprisonment not exceeding two years or with both.[Section 52, ETA2063]
Person who abets others to commit a computer-related offense ● If any person abuts another to commit an offense relating to computer under ETA Act or who attempts or is involved in a conspiracy to commit such an offense shall be liable to the punishment of a fine not exceeding fifty thousand Rupees or imprisonment not exceeding six months or with both, depending on the degree of the offense.[Section 53, ETA 2063]
Punishment for an offence committed outside Nepal ● If any person commits any act which constitutes an offense under ETA Act and which involves the computer, computer system, or computer network system located in Nepal, even though such an act is committed while residing outside Nepal, a case may be filed against such a person and shall be punished accordingly. [Section 55, ETA 2063]
Implementing Trustworthy Computing Trust & Worthy
Implementing Trustworthy Computing ● Delivers secure, private, and reliable computing ● Based on sound business practices
Implementing Trustworthy Computing ● Security of any system or network ○ Combination of technology, policy, and people ○ Requires a wide range of activities to be effective ● Systems must be monitored to detect possible intrusion ● Clear reaction plan addresses: ○ Notification, evidence protection, activity log maintenance, containment, eradication, and recovery
Risk Assessment Assess the Risk in Advance
Risk Assessment ● Process of assessing security-related risks: ○ To an organization’s computers and networks ○ From both internal and external threats ● Identifies investments that best protect from most likely and serious threats ● Focuses security efforts on areas of highest payoff
Risk Assessment… Eight-step risk assessment process ● #1 Identify assets of most concern ● #2 Identify loss events that could occur ● #3 Assess likelihood of each potential threat ● #4 Determine the impact of each threat ● #5 Determine how each threat could be mitigated ● #6 Assess feasibility of mitigation options ● #7 Perform cost-benefit analysis ● #8 Decide which countermeasures to implement
Risk Assessment…
Risk Assessment…
Establishing a Security Policy Policy and Practice in Place
Establishing a Security Policy ● A security policy defines: ○ Organization’s security requirements ○ Controls and sanctions needed to meet the requirements ● Delineates responsibilities and expected behavior ● Outlines what needs to be done ○ Not how to do it ● Automated system policies should mirror written policies
Establishing a Security Policy… ● Trade-off between: ○ Ease of use ○ Increased security ● Areas of concern ○ Email attachments ○ Wireless devices ● VPN uses the Internet to relay communications but maintains privacy through security features ● Additional security includes encrypting originating and receiving network addresses
Educating Employees and Contract Workers Educate and Empower
Educating Employees, Contractors, and Part-Time Workers ● Educate and motivate users to understand and follow policy ● Discuss recent security incidents ● Help protect information systems by: ○ Guarding passwords ○ Not allowing sharing of passwords ○ Applying strict access controls to protect data ○ Reporting all unusual activity ○ Protecting portable computing and data storage devices
Prevention Prevention is @gain the Best Policy
Prevention ● Implement a layered security solution ○ Make computer break-ins harder ● Installing a corporate firewall ○ Limits network access ● Intrusion prevention systems ○ Block viruses, malformed packets, and other threats ● Installing antivirus software ○ Scans for sequence of bytes or virus signature ○ United States Computer Emergency Readiness Team (US-CERT) serves as clearinghouse
Prevention…
Prevention…
Prevention…. ● Safeguards against attacks by malicious insiders ● Departing employees and contractors ○ Promptly delete computer accounts, login IDs, and passwords ● Carefully define employee roles and separate key responsibilities ● Create roles and user accounts to limit authority
Prevention… ● Defending against cyberterrorism ○ Department of Homeland Security and its National Cyber Security Division (NCSD) is a resource ■ Builds and maintains a national security cyberspace response system ■ Implements a cyber-risk management program for protection of critical infrastructure, including banking and finance, water, government operations, and emergency services ● How about Nepal?
Prevention… ● Conduct periodic IT security audits ○ Evaluate policies and whether they are followed ○ Review access and levels of authority ○ Test system safeguards ○ Information Protection Assessment kit is available from the Computer Security Institute
Detection Detect if can’t Prevent
Detection ● Detection systems ○ Catch intruders in the act ● Intrusion detection system ○ Monitors system/network resources and activities ○ Notifies the proper authority when it identifies: ■ Possible intrusions from outside the organization ■ Misuse from within the organization ○ Knowledge-based approach ○ Behavior-based approach
Response If you Detect, Response, React
Response ● Response plan ○ Develop well in advance of any incident ○ Approved by: ■ Legal department ■ Senior management ● Primary goals ○ Regain control and limit damage ○ Not to monitor or catch an intruder ● Only 56% have response plan
Response… ● Incident notification defines: ○ Who to notify ○ Who not to notify ● Security experts recommend against releasing specific information about a security compromise in public forums ● Document all details of a security incident ○ All system events ○ Specific actions taken ○ All external conversations
Response… ● Act quickly to contain an attack ● Eradication effort ○ Collect and log all possible criminal evidence ○ Verify necessary backups are current and complete ○ Create new backups ● Follow-up ○ Determine how security was compromised ■ Prevent it from happening again
Response… ● Review ○ Determine exactly what happened ○ Evaluate how the organization responded ● Weigh carefully the amount of effort required to capture the perpetrator ● Consider the potential for negative publicity ● Legal precedent ○ Hold organizations accountable for their own IT security weaknesses
Computer Forensic F1 It Helps!
Computer Forensics ● Combines elements of law and computer science to identify, collect, examine, and preserve data and preserve its integrity so it is admissible as evidence ● Computer forensics investigation requires extensive training and certification and knowledge of laws that apply to gathering of criminal evidence
So the Summary
Summary ● Ethical decisions in determining which information systems and data most need protection ● Most common computer exploits ○ Viruses ○ Worms ○ Trojan horses ○ Distributed denial-of-service attacks ○ Rootkits ○ Spam ○ Phishing, spear-fishing, smishing, vishing
Summary… ● Perpetrators include: ○ Hackers ○ Crackers ○ Malicious insider ○ Industrial spies ○ Cybercriminals ○ Hacktivist ○ Cyberterrorists
Summary… ● Must implement multilayer process for managing security vulnerabilities, including: ○ Assessment of threats ○ Identifying actions to address vulnerabilities ● User education ● IT must lead the effort to implement: ○ Security policies and procedures ○ Hardware and software to prevent security breaches ● Computer forensics is key to fighting computer crime in a court of law

More Related Content

PDF
20CS2024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
PPTX
Q1 new
Shawn Invento
 
PPTX
الأمن السيبراني (2).pptx
BushraBushra44
 
PDF
Integración de sistemas y Firewalls
Óscar Humberto Díaz Jurado
 
PPTX
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 
PDF
Information security
Sina Bagherinezhad
 
PPT
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
PPTX
Software management in linux
nejadmand
 
20CS2024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Q1 new
Shawn Invento
 
الأمن السيبراني (2).pptx
BushraBushra44
 
Integración de sistemas y Firewalls
Óscar Humberto Díaz Jurado
 
COMPUTER SECURITY AND OPERATING SYSTEM
faraz hussain
 
Information security
Sina Bagherinezhad
 
Threats, Vulnerabilities & Security measures in Linux
Amitesh Bharti
 
Software management in linux
nejadmand
 

What's hot (19)

PDF
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
PPT
Network Security
Sayantan Sur
 
PPT
Lecture 3
Education
 
PDF
Hackathon Problem Statements with (1).pdf
2328401
 
PDF
Information Security Awareness
Ali Hassan Ba-Issa
 
PDF
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
 
PPT
Web security
Muhammad Usman
 
PPTX
Windows File Systems
primeteacher32
 
PDF
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
PPTX
Chapter1 2
Honeyennyl
 
PDF
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
ODP
Ethical hacking ppt
himanshujoshi238
 
PPTX
Tecnicas de criptografia
Tensor
 
PPTX
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
PPTX
Ethical hacking : Its methodologies and tools
chrizjohn896
 
PDF
امن المعلومات الشخصية
Ahmed Al-farra AbuOmar
 
PPT
15 funcioneshash
Roberto Moreno Doñoro
 
PDF
Computer Security Lecture 1: Overview
Mohamed Loey
 
PPTX
امن الشبكات المخاطر والحلول
SaadDongus
 
Cisco cybersecurity essentials chapter - 2
Mukesh Chinta
 
Network Security
Sayantan Sur
 
Lecture 3
Education
 
Hackathon Problem Statements with (1).pdf
2328401
 
Information Security Awareness
Ali Hassan Ba-Issa
 
Ceh v5 module 03 scanning
Vi Tính Hoàng Nam
 
Web security
Muhammad Usman
 
Windows File Systems
primeteacher32
 
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Chapter1 2
Honeyennyl
 
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
Ethical hacking ppt
himanshujoshi238
 
Tecnicas de criptografia
Tensor
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Ethical hacking : Its methodologies and tools
chrizjohn896
 
امن المعلومات الشخصية
Ahmed Al-farra AbuOmar
 
15 funcioneshash
Roberto Moreno Doñoro
 
Computer Security Lecture 1: Overview
Mohamed Loey
 
امن الشبكات المخاطر والحلول
SaadDongus
 
Ad

Similar to Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf (20)

PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
PDF
Why My E Identity Needs Protection
ecarrow
 
PPTX
c13 Security and Ethics(1)(1)(1).pptsasdax
ShaonKhan12
 
PPTX
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
PPT
Rainer+3e Student Pp Ts Ch03
kbzdox ivanovich
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPT
Cyber security & Importance of Cyber Security
Mohammed Adam
 
PDF
cybersecurity-180303131014.pdf
yashgupta810747
 
PPT
Cyber crime and forensic
SANTANU KUMAR DAS
 
PPT
Hackers
Mohamed Boudchiche
 
PPTX
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
DOCX
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 
PDF
Need For Ethical & Security Issue In It
Sonali Srivastava
 
PDF
security_threats.pdf and control mechanisms
ronoelias98
 
DOCX
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
PDF
The Evolving Landscape on Information Security
Simoun Ung
 
PPT
Cybercrime
Keller Williams Lynchburg
 
PDF
Cyber Security Notes Unit 2 for Engineering
nctitacademic
 
PPTX
USG_Security_Awareness_Primer (1).pptx
ssuser59e4b8
 
PPTX
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Why My E Identity Needs Protection
ecarrow
 
c13 Security and Ethics(1)(1)(1).pptsasdax
ShaonKhan12
 
What's New In CompTIA Security+ - Course Technology Computing Conference
Cengage Learning
 
Rainer+3e Student Pp Ts Ch03
kbzdox ivanovich
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Cyber security & Importance of Cyber Security
Mohammed Adam
 
cybersecurity-180303131014.pdf
yashgupta810747
 
Cyber crime and forensic
SANTANU KUMAR DAS
 
Hackers
Mohamed Boudchiche
 
CYBERSECURITY | Why it is important?
RONIKMEHRA
 
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 
Need For Ethical & Security Issue In It
Sonali Srivastava
 
security_threats.pdf and control mechanisms
ronoelias98
 
The uniqueness of the text61.5SHOW ALL MATCHESPage addre.docx
arnoldmeredith47041
 
The Evolving Landscape on Information Security
Simoun Ung
 
Cybercrime
Keller Williams Lynchburg
 
Cyber Security Notes Unit 2 for Engineering
nctitacademic
 
USG_Security_Awareness_Primer (1).pptx
ssuser59e4b8
 
USG_Security_Awareness_Primer.pptx
BilmyRikas
 
Ad

More from SujanTimalsina5 (9)

PDF
02-HCI Designs.pdf by Sujan TImalsina @CS
SujanTimalsina5
 
PDF
01-Introduction to HCI.pdfxzcnkzdcdncnccn
SujanTimalsina5
 
PPT
03-Guidelines, Principles, and Theories.ppt
SujanTimalsina5
 
PPTX
Projet Concept Note Presentation slides.pptx
SujanTimalsina5
 
PDF
Ch_10.pptx.pdf
SujanTimalsina5
 
PDF
Memory Management.pdf
SujanTimalsina5
 
PDF
Virtual Memory.pdf
SujanTimalsina5
 
PDF
Unit 1 Basic structureCOA.pdf
SujanTimalsina5
 
PDF
Data communications_Network_Model (1).pdf
SujanTimalsina5
 
02-HCI Designs.pdf by Sujan TImalsina @CS
SujanTimalsina5
 
01-Introduction to HCI.pdfxzcnkzdcdncnccn
SujanTimalsina5
 
03-Guidelines, Principles, and Theories.ppt
SujanTimalsina5
 
Projet Concept Note Presentation slides.pptx
SujanTimalsina5
 
Ch_10.pptx.pdf
SujanTimalsina5
 
Memory Management.pdf
SujanTimalsina5
 
Virtual Memory.pdf
SujanTimalsina5
 
Unit 1 Basic structureCOA.pdf
SujanTimalsina5
 
Data communications_Network_Model (1).pdf
SujanTimalsina5
 

Recently uploaded (20)

PDF
Plausibility - A Review of the English and EPO cases
Jane Lambert
 
PPTX
Lecture Notes on Family Law - Knowledge Area 5
Frimpong Eric
 
PPT
Over view on IPR and its components :ppt
jyotsnarani13
 
PPTX
Law of Torts , unit I for BA.LLB integrated course
theworthlessone69
 
DOCX
FOE Reviewer 2022.docxhgvgvhghhghyjhghggg
ibrahimnorlainie
 
PDF
Vinayaka Mission Law School Courses and Infrastructure.pdf
monash2629
 
PPTX
prenuptial agreement ppt my by a phd scholar
rajuyadav42111
 
PPT
Criminal law and civil law under of collage corriculum
HerobrinediamondPane1
 
PDF
Trademark, Copyright, and Trade Secret Protection for Med Tech Startups.pdf
Ortynska Law PLLC
 
PPTX
POSH Awareness and policy ppt with all design covering .
asvnandan
 
PPT
Cyber-Crime-in- India at Present day and Laws
rajmohanjangid
 
PDF
Nancy Gorby Sucessor Trustee Invoice.pdf
VOLUNTÁRIA CAUSA SOCIAL
 
PPTX
Peter Maatouk Is Redefining What It Means To Be A Local Lawyer Who Truly List...
Maatouks Law Group
 
PPTX
Income under income Tax Act..pptx Introduction
Vaishali Sharma
 
PDF
New York State Bar Association Journal, September 2014
LexArchive
 
PPTX
Digital Security in Cyber Law and Mitigating Cyberxrimes
Shibly Ahamed
 
PDF
OpenAi v. Open AI Summary Judgment Order
Mike Keyes
 
PDF
Notes on Plausibility - A Review of the English and EPO Cases
Jane Lambert
 
PDF
algor mortis or cooling of body after death THANATOLOGY
AfnanGill
 
PDF
AHRP LB - Quick Look of the Newly-initiated Koperasi Merah Putih (KMP).pdf
AHRP Law Firm
 
Plausibility - A Review of the English and EPO cases
Jane Lambert
 
Lecture Notes on Family Law - Knowledge Area 5
Frimpong Eric
 
Over view on IPR and its components :ppt
jyotsnarani13
 
Law of Torts , unit I for BA.LLB integrated course
theworthlessone69
 
FOE Reviewer 2022.docxhgvgvhghhghyjhghggg
ibrahimnorlainie
 
Vinayaka Mission Law School Courses and Infrastructure.pdf
monash2629
 
prenuptial agreement ppt my by a phd scholar
rajuyadav42111
 
Criminal law and civil law under of collage corriculum
HerobrinediamondPane1
 
Trademark, Copyright, and Trade Secret Protection for Med Tech Startups.pdf
Ortynska Law PLLC
 
POSH Awareness and policy ppt with all design covering .
asvnandan
 
Cyber-Crime-in- India at Present day and Laws
rajmohanjangid
 
Nancy Gorby Sucessor Trustee Invoice.pdf
VOLUNTÁRIA CAUSA SOCIAL
 
Peter Maatouk Is Redefining What It Means To Be A Local Lawyer Who Truly List...
Maatouks Law Group
 
Income under income Tax Act..pptx Introduction
Vaishali Sharma
 
New York State Bar Association Journal, September 2014
LexArchive
 
Digital Security in Cyber Law and Mitigating Cyberxrimes
Shibly Ahamed
 
OpenAi v. Open AI Summary Judgment Order
Mike Keyes
 
Notes on Plausibility - A Review of the English and EPO Cases
Jane Lambert
 
algor mortis or cooling of body after death THANATOLOGY
AfnanGill
 
AHRP LB - Quick Look of the Newly-initiated Koperasi Merah Putih (KMP).pdf
AHRP Law Firm
 

Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf

  • 1. Unit 3 Computer and Internet Crime Information System Ethics Hempal Shrestha LegalTech (IP&IT) & Knowledge Management Specialist Visiting Faculty - Kathmandu University 2023
  • 2. Objectives 1. What key trade-offs and ethical issues are associated with the safeguarding of data and information systems? 2. Why has there been a dramatic increase in the number of computer-related security incidents in recent years? 3. What are the most common types of computer security attacks? 4. What are some characteristics of common computer criminals, including their objectives, available resources, willingness to accept risk, and frequency of attack?
  • 3. Objectives… 5. What are the key elements of a multilayer process for managing security vulnerabilities, based on the concept of reasonable assurance? 6. What actions must be taken in response to a security incident? 7. What is computer forensics, and what role does it play in responding to a computer incident?
  • 4. Unit -03 - Outline 3.1. IT Security Incidents 3.2. Types of Exploits 3.3. Types of Perpetrators 3.4. Implementing Trustworthy Computing 3.5. Risk Assessment
  • 5. Unit -03 - Outline… 3.6. Establishing a Security Policy 3.7. Educating Employees and Contract Workers 3.7.1. Prevention 3.7.2. Detection 3.7.3. Response Computer Forensic
  • 6. What Will You Do? Unit 03 - Discussion Questions
  • 7. 1. You are one of the top students in your university’s computer science program of 200 students. You are surprised when you are met after class by two representatives from a federal intelligence agency. Over dinner, they talk to you about the increasing threat of cyberterrorist attacks launched on the United States by foreign countries and the need to counter those attacks. They offer you a position on the agency’s supersecret cyberterrorism unit, at a starting salary 50 percent higher than you know other computer science graduates are being offered. Your role would be to both develop and defend against new zero-day exploits that could be used to plant malware in the software used by the government and military computers. Would such a role be of interest to you? What questions might you ask to determine if you would accept their offer of employment? Unit 03- What will You Do Question?
  • 8. 3. You are a member of the Human Resources Department of a three-year-old software manufacturer that has several products and annual revenue in excess of $500 million. You’ve just received a request from the manager of software development to hire three notorious crackers to probe your company’s software products in an attempt to identify any vulnerabilities. The reasoning is that if anyone could find a vulnerability in your software, they could. This will give your firm a head start on developing patches to fix the problems before anyone can exploit them. You’re not sure, and you feel uneasy about hiring people with criminal records and connections to unsavory members of the hacker/ cracker community. What would you do? Unit 03- What will You Do Question?
  • 9. 7. It appears that someone is using your firm’s corporate directory—which includes job titles and email addresses—to contact senior managers and directors via email. The email requests that the recipient click on a URL, which leads to a Web site that looks as if it were designed by your Human Resources organization. Once at this phony Web site, the employees are asked to confirm the bank and account number to be used for electronic deposit of their annual bonus check. You are a member of IT security for the firm. What can you do? Unit 03- What will You Do Question?
  • 11. IT Security Incidents: A Worsening Problem ● Security of information technology is of utmost importance ○ Safeguard; ■ Confidential data ■ Private customer and employee data ○ Protect against malicious acts of theft or disruption ○ Must be balanced against other business needs and issues ● Number of IT-related security incidents is increasing around the world
  • 12. Why Computer Incidents Are So Prevalent ● Increasing complexity increases vulnerability ○ Computing environment is enormously complex ■ Continues to increase in complexity ■ Number of entry points expands continuously ■ Cloud computing and virtualization software ● Higher computer user expectations ○ Computer help desks under intense pressure ■ Forget to verify users’ IDs or check authorizations ● Computer users share login IDs and passwords
  • 13. Why Computer Incidents Are So Prevalent… ● Expanding/changing systems equal new risks ○ Network era ■ Personal computers connect to networks with millions of other computers ■ All capable of sharing information ● Information technology ○ Ubiquitous ○ Necessary tool for organizations to achieve goals ○ Increasingly difficult to match pace of technological change
  • 14. Why Computer Incidents Are So Prevalent… Increased reliance on commercial software with known vulnerabilities ● Exploit ○ Attack on information system ○ Takes advantage of system vulnerability ○ Due to poor system design or implementation ● Patch ○ “Fix” to eliminate the problem ○ Users are responsible for obtaining and installing ○ Delays expose users to security breaches
  • 15. Why Computer Incidents Are So Prevalent… ● Zero-day attack ○ Before a vulnerability is discovered or fixed ● Companies relying on commercial software with known vulnerabilities
  • 16. IT Security Incidents: A Worsening Problem ● Computer Emergency Response Team Coordination Center (CERT/CC) ○ Charged with ■ Coordinating communication among experts during computer security emergencies ■ Helping to prevent future incidents ● What about Nepal…
  • 19. Types of Exploits To Many, Always Evolving & Ever Growing, List Goes On.
  • 21. Types of Attacks ● Most frequent attack is on a networked computer from an outside source ● Types of attacks ○ Virus ○ Worm ○ Trojan horse ○ Denial of service ○ Rootkit ○ Spam ○ Phishing (spear-phishing, smishing, and vishing) ○ …
  • 22. Viruses ● Pieces of programming code ● Usually disguised as something else ● Cause unexpected and usually undesirable events ● Often attached to files ● Deliver a “payload”
  • 23. Viruses… ● Spread by actions of the “infected” computer user ○ Infected e-mail document attachments ○ Downloads of infected programs ○ Visits to infected Web sites ● Macro viruses ○ Most common and easily created viruses ○ Created in an application macro language ○ Infect documents and templates
  • 24. Worms ● Harmful programs ○ Reside in active memory of a computer ○ Duplicate themselves ● Can propagate without human intervention ● Negative impact of virus or worm attack ○ Lost data and programs ○ Lost productivity ○ Effort for IT workers
  • 25. Cost Impact of Worms
  • 26. Trojan Horses ● Malicious code hidden inside seemingly harmless programs ● Users are tricked into installing them ● Delivered via email attachment, downloaded from a Web site, or contracted via a removable media device ● Logic bomb ○ Executes when triggered by certain event
  • 27. Denial-of-Service (DoS) Attacks ● Malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other small tasks ○ The computers that are taken over are called zombies ● Does not involve a break-in at the target computer ○ Target machine is busy responding to a stream of automated requests ○ Legitimate users cannot get in
  • 28. Denial-of-Service (DoS) Attacks ● Spoofing generates a false return address on packets ● Ingress filtering - When Internet service providers (ISPs) prevent incoming packets with false IP addresses from being passed on ● Egress filtering - Ensuring spoofed packets don’t leave a network
  • 29. Rootkits ● Set of programs that enables its user to gain administrator-level access to a computer without the end user’s consent or knowledge ● Attacker can gain full control of the system and even obscure the presence of the rootkit ● Fundamental problem in detecting a rootkit is that the operating system currently running cannot be trusted to provide valid test results
  • 30. Spam ● Abuse of email systems to send unsolicited email to large numbers of people ○ Low-cost commercial advertising for questionable products ○ Method of marketing also used by many legitimate organizations ● Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) ○ Software generates tests that humans can pass but computer programs cannot
  • 31. Phishing ● Act of using email fraudulently to try to get the recipient to reveal personal data ● Legitimate-looking emails lead users to counterfeit Web sites ● Spear-phishing ○ Fraudulent emails to an organization’s employees ● Smishing ○ Phishing via text messages ● Vishing ○ Phishing via voice mail messages
  • 33. Unit 03 - Case 02 Anonymous and Social Hacktivism
  • 34. Unit 03 - Case 02. Anonymous and Social Hacktivism The popular conception of hackers is one of young men sitting in dark basement rooms for hours upon end, surrounded by empty takeout containers: alone and unaffiliated. Individual hackers rarely influence history, the actions of large corporations, or the governments of the world unless they can somehow work together and form a collective. The hacktivist group Anonymous seems to have achieved this goal.
  • 35. Unit 03 - Case 02. Anonymous and Social Hacktivism The group’s beginnings can be traced back to 2003, when individual hackers began posting proposals for collective action on an Internet forum called 4-chan, a simple image-based bulletin board where anyone can post comments and share images and one of the least regulated parts of the Internet in the early 2000s. At first, the idea was the adoption of a decentralized online community that could act anonymously, but in a coordinated manner. Group actions were usually aligned toward some nebulous goal, with the primary focus being on the members’ own entertainment. For example, Anonymous members hacked the copy-protect codes of DVDs and video games and posted them online. This action enabled other hackers to disable the copy protection and copy these products for free. As the movement grew, some members began to see the potential for greater social and political activity, and social “hacktivism” was born.
  • 36. Unit 03 - Case 02. Anonymous and Social Hacktivism Anonymous has no leader or formal decision-making mechanism. “Anyone who wants to can be Anonymous and work toward a set of goals...” a member of Anonymous explained. “We have this agenda that we all agree on and we all coordinate and act, but all act independently toward it, without any want for recognition. We just want to get something that we feel is important done...” Anonymous’ first move toward a political action came in the form of a distributed denial-of-service (DDoS) attack on the Church of Scientology in 2008. The church had made an attempt to remove an interview with Tom Cruise, a famous church member, from the Internet. The church felt the video injured its image. It succeeded in removing the video from YouTube and other Web sites, but Anonymous posted the video on the Gawker Web site. The effort gave Anonymous a sense of the power it could harness.
  • 37. Unit 03 - Case 02. Anonymous and Social Hacktivism As the movement grew, Anonymous expanded its targets and attracted media attention. After the Web site WikiLeaks, which relied on donations to support its operations, released large collections of classified American military documents and diplomatic cables, PayPal, MasterCard, and Bank of America announced that they would no longer process donations to WikiLeaks. This action threatened to put the WikiLeaks Web site out of business. In response, Anonymous launched major DDoS attacks on the Web sites of these financial companies.
  • 38. Unit 03 - Case 02. Anonymous and Social Hacktivism In 2012, Anonymous published the names and credit card information of the subscribers to a newsletter published by the international security think tank, Stratfor, which Anonymous viewed as a reactionary force both online and in the real world. Stratfor customer credit cards were used to make over $500,000 in fraudulent donations to various charities.54 Also in 2012, Anonymous attacked the regime of Syrian president Bashar al-Assad. In this instance, Anonymous went beyond DDoS attacks on government sites and actually set up satellite transmission stations in all the major cities across Syria to serve as independent media centers in anticipation of the Syrian government’s efforts to cut off its citizens from the Internet
  • 39. Unit 03 - Case 02. Anonymous and Social Hacktivism In response to the suicide of Internet activist Aaron Swartz in early 2013, Anonymous briefly corrupted the Web site of the U.S. Sentencing Commission and threatened to release sensitive information concerning the U.S. Department of Justice. Anonymous blamed the justice system for Swartz’s suicide, claiming that prosecutors were pursuing “highly disproportionate sentencing” in cases against some of its members and others, like Swartz, who championed open access to online documents. Swartz was facing federal charges that he stole millions of online documents and could have served up to 35 years in prison.
  • 40. Unit 03 - Case 02. Anonymous and Social Hacktivism The group’s strategy of using DDoS attacks and publishing personal information is illegal and has exposed numerous members of the collective to police inquiry and legal problems. The Interpol international policing body has been particularly active in its pursuit of Anonymous members. In early 2012, as part of Interpol’s efforts, 25 Anonymous members were arrested in four different countries.57 Furthermore, an influential member of the collective, known online as “Sabu,” was recently outed as an FBI informant. After participating in the Stratfor hack, Sabu gave information to the FBI leading to the arrest of several Anonymous senior members.58 However, after the revelation that one of their own had cooperated with the FBI’s efforts against the group, one member posted the following: “Don’t you get it by now? #Anonymous is an idea. #Anonymous is a movement. It will keep growing, adapting and evolving, no matter what.”?
  • 41. Unit 03 - Case 02. Anonymous and Social Hacktivism Discussion Questions 1. If you had an opportunity to join Anonymous, would you? Why, or why not? 2. Would you say that Anonymous’ actions in support of WikiLeaks were legal? Were these actions ethical? What about their actions to set up satellite transmission stations across Syria? 3. How serious of a threat does Anonymous pose to organizational and government Web sites?
  • 42. Types of Perpetrators To Be or Not To Be Criminal / Ethical
  • 43. Perpetrators ● Motives are the same as other criminals ● Perpetrators include: ○ Thrill seekers wanting a challenge ○ Common criminals looking for financial gain ○ Industrial spies trying to gain an advantage ○ Terrorists seeking to cause destruction
  • 44. Perpetrators ● Different objectives and access to varying resources ● Different levels of risk to accomplish an objective
  • 45. Classifying Perpetrators of Computer Crime
  • 46. Classifying Perpetrators of Computer Crime
  • 47. Classifying Perpetrators of Computer Crime
  • 48. Hackers and Crackers ● Hackers ○ Test limitations of systems out of intellectual curiosity ■ Some smart and talented ■ Others inept; termed “lamers” or “script kiddies” ● Crackers ○ Cracking is a form of hacking ○ Clearly criminal activity
  • 49. Malicious Insiders ● Major security concern for companies ● Estimated 85 percent of all fraud is committed by employees ● Fraud within an organization is usually due to weaknesses in internal control procedures ● Collusion ○ Cooperation between an employee and an outsider
  • 50. Malicious Insiders ● Insiders are not necessarily employees ○ Can also be consultants and contractors ● Extremely difficult to detect or stop ○ Authorized to access the very systems they abuse ● Negligent insiders have potential to cause damage
  • 51. Industrial Spies ● Use illegal means to obtain trade secrets from competitors ● Trade secrets are protected by the Economic Espionage Act of 1996 ● Competitive intelligence ○ Uses legal techniques ○ Gathers information available to the public ● Industrial espionage ○ Uses illegal means ○ Obtains information not available to the public
  • 52. Cybercriminals ● Hack into corporate computers and steal ● Engage in all forms of computer fraud ● Chargebacks are disputed transactions ● Loss of customer trust has more impact than fraud ● To reduce the potential for online credit card fraud: ○ Use encryption technology ○ Verify the address submitted online against the issuing bank ○ Request a card verification value (CVV) ○ Use transaction-risk scoring software
  • 53. Cybercriminals… ● Smart cards ○ Contain a memory chip ○ Are updated with encrypted data every time the card is used
  • 54. Hacktivists and Cyberterrorists ● Hacktivism ○ Hacking to achieve a political or social goal ● Cyberterrorist ○ Attacks computers or networks in an attempt to intimidate or coerce a government in order to advance certain political or social objectives ○ Seeks to cause harm rather than gather information ○ Uses techniques that destroy or disrupt services
  • 55. US Federal Laws for Prosecuting Computer Attacks
  • 56. Nepal Laws for Prosecuting Computer Attacks ● The Electronic Transactions Act 2063 (ETA ) to regulate cybercrimes. Section 47 of the Act is the most used section to prevent cybercrime in Nepal. This section stipulates that if a person publishes or displays material against morals, etiquette, hatred, or malice on a computer, internet, and other electronic media, the culprit can be punished with a fine of 1 lakh rupees or imprisonment for up to 5 years or both.
  • 57. Nepal Laws for Prosecuting Computer Attacks ● Section 48 of the Act is also used customarily, which stipulates that if any person who has access to any record, book, register, correspondence, information, documents or any other material under the authority conferred under this Act or Rules framed hereunder divulges or causes to divulge confidentiality of such record, books, registers, correspondence, information, documents or materials to any unauthorized person, he/she shall be liable to the punishment with a fine not exceeding Ten Thousand Rupees or with imprisonment not exceeding two years or with both, depending on the degree of the offense.
  • 58. Law of Nepal relating to pirating, destroying, or altering computer source data? ● As per the ETA, 2063 (section 44), if any person, knowingly or with malafide intention, pirates, destroys, alters computer sources code to be used for any computer, computer programmer, computer system or computer network or cause, other to do so, he/she shall be liable to the punishment with imprisonment not exceeding three years or with a fine not exceeding two hundred thousand Rupees or with both.
  • 59. Unauthorized access to computer materials, a cybercrime ● Unauthorized Access is an offense punishable by law. If any person to have access to any program, information, or data of any computer, uses such a computer without authorization of the owner of or the person responsible for such a computer or even in the case of authorization, performs any act to have access in any program, information or data contrary to from such authorization, such a person shall be liable to the punishment with the fine not exceeding Two Hundred thousand rupees or with imprisonment not exceeding three years or with both depending on the seriousness of the offense.[Section 45, ETA 2063]
  • 60. Provisions regarding damage to any computer and information system ● If any person knowingly and with a mala fide intention to cause wrongful loss or damage to any institution destroys, damages, deletes, alters, disrupts any information of any computer source by any means or diminishes value and utility of such information or affects it injuriously or causes any person to carry out such an act, such a person shall be liable to the punishment with the fine, not exceeding two thousand Rupees and with imprisonment not exceeding three years or with both.[Section 46, ETA 2063]
  • 61. Publication of illegal materials in electronic form ● If any person publishes or displays any material in electronic media including computer, internet which is prohibited to publish or display by the prevailing law or which may be contrary to public morality or decent behavior or any type of material that may spread hate or jealousy against anyone or which may jeopardize the harmonious relations subsisting among the peoples of various castes, tribes and communities shall be liable to the punishment with the fine not exceeding One Hundred Thousand Rupees or with the imprisonment not exceeding five years or with both.[Section 47, ETA 2063]
  • 62. Provisions of the law of Nepal regarding computer fraud ● If any person, intending to commit any fraud or any other illegal act, creates, publishes, or otherwise provides a digital signature certificate or acquires benefit from the payment of any bill, the balance amount of any one's account, any inventory or ATM card in connivance of or otherwise by committing any fraud, amount of the financial benefit so acquired shall be recovered from the offender and be given to the person concerned and such an offender shall be liable to the punishment with a fine not exceeding one hundred thousand Rupees or with imprisonment not exceeding two years or with both.[Section 52, ETA2063]
  • 63. Person who abets others to commit a computer-related offense ● If any person abuts another to commit an offense relating to computer under ETA Act or who attempts or is involved in a conspiracy to commit such an offense shall be liable to the punishment of a fine not exceeding fifty thousand Rupees or imprisonment not exceeding six months or with both, depending on the degree of the offense.[Section 53, ETA 2063]
  • 64. Punishment for an offence committed outside Nepal ● If any person commits any act which constitutes an offense under ETA Act and which involves the computer, computer system, or computer network system located in Nepal, even though such an act is committed while residing outside Nepal, a case may be filed against such a person and shall be punished accordingly. [Section 55, ETA 2063]
  • 66. Implementing Trustworthy Computing ● Delivers secure, private, and reliable computing ● Based on sound business practices
  • 67. Implementing Trustworthy Computing ● Security of any system or network ○ Combination of technology, policy, and people ○ Requires a wide range of activities to be effective ● Systems must be monitored to detect possible intrusion ● Clear reaction plan addresses: ○ Notification, evidence protection, activity log maintenance, containment, eradication, and recovery
  • 68. Risk Assessment Assess the Risk in Advance
  • 69. Risk Assessment ● Process of assessing security-related risks: ○ To an organization’s computers and networks ○ From both internal and external threats ● Identifies investments that best protect from most likely and serious threats ● Focuses security efforts on areas of highest payoff
  • 70. Risk Assessment… Eight-step risk assessment process ● #1 Identify assets of most concern ● #2 Identify loss events that could occur ● #3 Assess likelihood of each potential threat ● #4 Determine the impact of each threat ● #5 Determine how each threat could be mitigated ● #6 Assess feasibility of mitigation options ● #7 Perform cost-benefit analysis ● #8 Decide which countermeasures to implement
  • 73. Establishing a Security Policy Policy and Practice in Place
  • 74. Establishing a Security Policy ● A security policy defines: ○ Organization’s security requirements ○ Controls and sanctions needed to meet the requirements ● Delineates responsibilities and expected behavior ● Outlines what needs to be done ○ Not how to do it ● Automated system policies should mirror written policies
  • 75. Establishing a Security Policy… ● Trade-off between: ○ Ease of use ○ Increased security ● Areas of concern ○ Email attachments ○ Wireless devices ● VPN uses the Internet to relay communications but maintains privacy through security features ● Additional security includes encrypting originating and receiving network addresses
  • 77. Educating Employees, Contractors, and Part-Time Workers ● Educate and motivate users to understand and follow policy ● Discuss recent security incidents ● Help protect information systems by: ○ Guarding passwords ○ Not allowing sharing of passwords ○ Applying strict access controls to protect data ○ Reporting all unusual activity ○ Protecting portable computing and data storage devices
  • 79. Prevention ● Implement a layered security solution ○ Make computer break-ins harder ● Installing a corporate firewall ○ Limits network access ● Intrusion prevention systems ○ Block viruses, malformed packets, and other threats ● Installing antivirus software ○ Scans for sequence of bytes or virus signature ○ United States Computer Emergency Readiness Team (US-CERT) serves as clearinghouse
  • 82. Prevention…. ● Safeguards against attacks by malicious insiders ● Departing employees and contractors ○ Promptly delete computer accounts, login IDs, and passwords ● Carefully define employee roles and separate key responsibilities ● Create roles and user accounts to limit authority
  • 83. Prevention… ● Defending against cyberterrorism ○ Department of Homeland Security and its National Cyber Security Division (NCSD) is a resource ■ Builds and maintains a national security cyberspace response system ■ Implements a cyber-risk management program for protection of critical infrastructure, including banking and finance, water, government operations, and emergency services ● How about Nepal?
  • 84. Prevention… ● Conduct periodic IT security audits ○ Evaluate policies and whether they are followed ○ Review access and levels of authority ○ Test system safeguards ○ Information Protection Assessment kit is available from the Computer Security Institute
  • 86. Detection ● Detection systems ○ Catch intruders in the act ● Intrusion detection system ○ Monitors system/network resources and activities ○ Notifies the proper authority when it identifies: ■ Possible intrusions from outside the organization ■ Misuse from within the organization ○ Knowledge-based approach ○ Behavior-based approach
  • 88. Response ● Response plan ○ Develop well in advance of any incident ○ Approved by: ■ Legal department ■ Senior management ● Primary goals ○ Regain control and limit damage ○ Not to monitor or catch an intruder ● Only 56% have response plan
  • 89. Response… ● Incident notification defines: ○ Who to notify ○ Who not to notify ● Security experts recommend against releasing specific information about a security compromise in public forums ● Document all details of a security incident ○ All system events ○ Specific actions taken ○ All external conversations
  • 90. Response… ● Act quickly to contain an attack ● Eradication effort ○ Collect and log all possible criminal evidence ○ Verify necessary backups are current and complete ○ Create new backups ● Follow-up ○ Determine how security was compromised ■ Prevent it from happening again
  • 91. Response… ● Review ○ Determine exactly what happened ○ Evaluate how the organization responded ● Weigh carefully the amount of effort required to capture the perpetrator ● Consider the potential for negative publicity ● Legal precedent ○ Hold organizations accountable for their own IT security weaknesses
  • 93. Computer Forensics ● Combines elements of law and computer science to identify, collect, examine, and preserve data and preserve its integrity so it is admissible as evidence ● Computer forensics investigation requires extensive training and certification and knowledge of laws that apply to gathering of criminal evidence
  • 95. Summary ● Ethical decisions in determining which information systems and data most need protection ● Most common computer exploits ○ Viruses ○ Worms ○ Trojan horses ○ Distributed denial-of-service attacks ○ Rootkits ○ Spam ○ Phishing, spear-fishing, smishing, vishing
  • 96. Summary… ● Perpetrators include: ○ Hackers ○ Crackers ○ Malicious insider ○ Industrial spies ○ Cybercriminals ○ Hacktivist ○ Cyberterrorists
  • 97. Summary… ● Must implement multilayer process for managing security vulnerabilities, including: ○ Assessment of threats ○ Identifying actions to address vulnerabilities ● User education ● IT must lead the effort to implement: ○ Security policies and procedures ○ Hardware and software to prevent security breaches ● Computer forensics is key to fighting computer crime in a court of law