Crime

Chapter 5

Hacking – some definitionsHackerTrophy hackingPhone phreakingCrackerWhite-hat hackers & black-hat hackersScript kiddiesSniffersSocial engineering

Hacking Cases1970s – John Draper (“Captain Crunch”)Kevin Mitnick

http://www.readwriteweb.com/archives/is_atts_denial_of_service_to_hacker_justifi.php

April 27, 1987 – “Captain Midnight” Good Evening HBO from Captain Midnight. $12.95 a

month? No way! (Show-time/Movie Channel, Beware!)

Late 1980s – “Fry Guy”Russian man & Citicorp1991 – “Michelangelo” virus

Viruses, time bombs, logic bombsGambling web siteAir traffic controllers in England1999 – “Melissa” virus2000 – The “Love Bug” or “ILOVEYOU” virus

Whose Laws Rule the Web?

ILOVEYOU virus infected millions of computers worldwide, destroying files, collecting passwords, and shutting down computer systems at major corporations and government agencies this was the one written by a student from the

Phillippines – charges were dropped because they had no laws against releasing a virus at the time … what should happen to him if he were to travel to the U.S., Canada, France, Germany, or any other country where the virus did damage?

Other cases in the book… pages 293-294

Hacking Cases2000 – Mafiaboy

Denial of service attack (DoS); distributed denial of service attack (DDoS); Trojan Horses

10.10.08 PCWorld article: http://www.pcworld.com/businesscenter/article/152176/mafiaboy_grows_up_a_hacker_seeks_redemption.html

2001 – Hacktivism2001 – “Code Red” worm

worm2003 – “Sapphire” worm or “Slammer”2003 – “Blaster” worm2004 – “Sasser” worm2001 – “Choke” & “Hello” worms2008 – Sarah Palin’s email hacked

http://news.yahoo.com/s/ap/20081008/ap_on_el_pr/palin_hacked

2009 – credit cards breached http://www.bankrate.com/blogs/credit-cards/3-charged-for-card-breach.aspx

Firewalls

Windows Firewall – Start, Control Panel, SecurityMacOS – System Preferences, Personal Security3rd Party Firewalls

Zone Alarm (free version – http://www.zonelabs.com)PC Magazine page with more info:

http://www.pcmag.com/category2/0,2806,4722,00.asp Top 5:

http://www.all-internet-security.com/top_10_firewall_software.html

First Amendment

Software is a form of speech.The First Amendment does not protect some

kinds of speech, such as inciting a riot.Should virus software on the Web be

protected under the First Amendment or should it be considered in the same class as that of inciting a riot?

Virus Code OnlineThe families of two hospital patients that died as the

result of a virus in a hospital computer are suing each of the people listed below and urging the government to bring criminal charges for negligence against each of them:

1.A student in a course on computer security at a small college who posted a copy of the virus program on the class Web site, with a discussion of how it works.

2.The student who activated the virus and released it onto the Internet.

3.The president of the college.4.The president of the college’s ISP.5.The director of the hospital whose computer system

the virus infected, causing the patient medical records to be unavailable for a full day, resulting in the deaths of the two patients.

Identity Theft

Stolen credit/debit card numbers to purchase things with or to sell

SSN numbers used to open new accountsTake out loans in someone else’s nameRaid the victim’s bank accountPass bad checks

Methods of Identity TheftPhishing

http://www.sonicwall.com/phishing/ VishingPharmingWhalingResumes onlineSSNsDumpster divingMailbox theftPretextingShoulder surfing

Methods of Identity TheftSocial networking sitesFilesharing and peer-to-peer softwareBogus job offersFake sweepstakes or lotteriesHackingLost or stolen propertyWorkers in your homeChanging your addressCopying information from a transactionCredit reportsRFID readers

How the Victim is AffectedMay result in monetary lossesAnguish, disruption of his or her lifeLegal feesLoss of a good credit ratingBe prevented from borrowing money or cashing

checksLose a jobUnable to rent an apartmentSued by creditors to whom the criminal owes

moneyAnd… the authorities are slow to act on your

behalf

How To Protect YourselfDon’t carry checkbook, SSN card, or all your

credit cards with you all the timeKeep your SSN privateShred your credit card offers, etc.Use updated anti-spyware/anti-theft software

on your computerNever give out personal info over the phoneMonitor your credit reportsBe careful of using your credit cards in

restaurants

If You Think You’ve Been a Victim of Identity Theft:

1. Police report2. Fraud alert3. Credit freeze

What Are Your Rights?Truth in Lending – Federal law passed in 1968 that

protects consumers in credit transactions by requiring clear disclosure of key terms of the lending agreement and all costs

Fair Credit Reporting Act – originally passed in 1970; enforced by the FTC - regulates the collection, dissemination, and use of consumer information.

Fair Credit Billing Act – an amendment to the Truth In Lending Act, passed in 1986, to protect consumers from unfair billing practices and to provide a mechanism for dealing with billing errors; applies to “open end” credit accounts, such as credit cards and other revolving charge accounts. Examples of errors and other info: http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre16.shtm

The Credit Card Act of 2009The latest update of the Truth In Lending Act to protect

consumers from abusive tactics used by credit card companies:1. 45 day advance notice of change in rates or late fees2. No more retroactive interest rate hikes3. No more raising interest rates based on other, unrelated

cards or utility bills4. Payment due dates must be at least 21 days after mailing

of bill5. Extra payment above minimum due must be applied to

higher rate balances6. Must “opt-in” to over-the-limit fees; plus other fee

restrictions7. Must disclose to consumers how long it will take to pay off;

also payments for paying off within 12, 24, or 36 months8. Restricts card issuance to students9. Gift card protections

Establishing Good CreditCollege students are (used to be) targetsChecking accountDepartment store cardsPrepaid cardsCo-signer on applicationshttp://www.annualcreditreport.com http://www.myfico.com

Crime Fighting vs Privacy & Civil Liberties

4th Amendment requires that search warrants be specific about what is to be searched or seized

… so what happens when authorities are searching a computer for one thing and finds other illegal activities, or illegal activities by other people who use that same computer? http://www.post-gazette.com/pg/07016/754173-28.stmhttp://www.law.com/jsp/article.jsp?id=1202433381364

… or when a computer technician is servicing someone’s computer and finds what he believes is illegal material on the person’s computer – see if you can find out whatever happened in the Washington State vs Westbrook case, where this happened and the technician reported it to authoritieshttp://w2.eff.org/Privacy/westbrook_brief_final.pdf