Cyber CrimesCyber Crimes

M. A. Taherkhani

Dec. 2013

M. A. Taherkhani

Dec. 2013

2

AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study

– Identity Theft– Social Engineering – Malwares– Denial of Services

• References

• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study

– Identity Theft– Social Engineering – Malwares– Denial of Services

• References

3

Concepts & DefinitionsConcepts & Definitions

• Cyber Crime: Any crime conducted viacyber infrastructures– computer networks: Internet– some other inter-communication networks

• Cyber Crime: Any crime conducted viacyber infrastructures– computer networks: Internet– some other inter-communication networks

4

Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):

– Household with Internet Access:(Ref: ITU: Annual Report. 2013)

• Current Trends (Technical):– Household with Internet Access:

(Ref: ITU: Annual Report. 2013)

5

Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):

– Household with Internet Access– Increasing no. Vulnerabilities (Ref: Xforce-

2012)

Vulnerability: An error or weakness in design, implementation or operation

• Current Trends (Technical):– Household with Internet Access– Increasing no. Vulnerabilities (Ref: Xforce-

2012)

Vulnerability: An error or weakness in design, implementation or operation

6

Concepts & DefinitionsConcepts & Definitions• Current Trends (Technical):

– Household with Internet Access– Increasing no. Vulnerabilities– Increasing no. of Security Incidents

• CERT/CC, CSIRT

• Current Trends (Technical):– Household with Internet Access– Increasing no. Vulnerabilities– Increasing no. of Security Incidents

• CERT/CC, CSIRT

7

Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)

– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via

the IC3 Web site:

• Current Trends (Case Study)– Internet Crime Compliant Center: IC3

• Yearly Comparison Complaints Received viathe IC3 Web site:

8

Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)

– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via

the IC3 Web site• Yearly Dollar Loss (in millions) of Referred

Complaints

• Current Trends (Case Study)– Internet Crime Compliant Center: IC3

• Yearly Comparison Complaints Received viathe IC3 Web site

• Yearly Dollar Loss (in millions) of ReferredComplaints

9

Concepts & DefinitionsConcepts & Definitions• Current Trends (Case Study)

– Internet Crime Compliant Center: IC3• Yearly Comparison Complaints Received via

the IC3 Web site• Yearly Dollar Loss (in millions) of Referred

Complaints– FBI Report (2005)

• 9 out of 10 businesses affected bycybercrime

• $67.2 billion per year is lost to cybercrime inthe USA

• Current Trends (Case Study)– Internet Crime Compliant Center: IC3

• Yearly Comparison Complaints Received viathe IC3 Web site

• Yearly Dollar Loss (in millions) of ReferredComplaints

– FBI Report (2005)• 9 out of 10 businesses affected by

cybercrime• $67.2 billion per year is lost to cybercrime in

the USA

10

Concepts & DefinitionsConcepts & Definitions• Security Metrics

– Confidentiality• The asset can only be viewed by

authorized entities– Integrity

• The asset is protected from accidental ordeliberate modification

– Availability• The asset is available for legitimate

entities– Non-Repudiation

• proves the origin of the data/service

• Security Metrics– Confidentiality

• The asset can only be viewed byauthorized entities

– Integrity• The asset is protected from accidental or

deliberate modification– Availability

• The asset is available for legitimateentities

– Non-Repudiation• proves the origin of the data/service

11

AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:

– Identity Thefts – Social Engineering – Malwares– Denial of Services

• Security Mechanism• References

• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:

– Identity Thefts – Social Engineering – Malwares– Denial of Services

• Security Mechanism• References

12

Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Theoretical aspects of Attacks

– Waiting for receiving message m (Ref: EyadAlshareef)

• Theoretical aspects of Attacks– Waiting for receiving message m (Ref: Eyad

Alshareef)

m

Internet

x y

Ref: Eyad Alshareef’s Slides

13

Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Interruption:

– Adversary (A) can discard (m) in its transit• Interruption:

– Adversary (A) can discard (m) in its transit

Ref: Eyad Alshareef’s Slides

m

x y

A

14

Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Interception:

– Adversary (A) can get a copy of (m) when (m)passes by

• Interception:– Adversary (A) can get a copy of (m) when (m)

passes by

Ref: Eyad Alshareef’s Slides

m

x y

m

m

A

15

Theoretical Aspects of AttacksTheoretical Aspects of Attacks• Modification:

– Adversary (A) can arbitrarily modify the contentof (m) to become (m’)

• Modification:– Adversary (A) can arbitrarily modify the content

of (m) to become (m’)

Ref: Eyad Alshareef’s Slides

m

x y

m’

A

16

Concepts & Definitions:Concepts & Definitions:• Fabrication:

– Adversary (A) can arbitrarily fabricate a message(m), pretending that (m) was sent by (x)

• Fabrication:– Adversary (A) can arbitrarily fabricate a message

(m), pretending that (m) was sent by (x)

Ref: Eyad Alshareef’s Slides

x y

m

src: xdst: yA

17

Concepts & Definitions:Concepts & Definitions:• Normal Flow:• Interruption:

– Attack on Availability• Interception:

– Attack on Confidentiality• Modification:

– Attack on Integrity• Fabrication:

– Attack on Non-Repudiation

• Normal Flow:• Interruption:

– Attack on Availability• Interception:

– Attack on Confidentiality• Modification:

– Attack on Integrity• Fabrication:

– Attack on Non-RepudiationRef: Eyad Alshareef’s Slides

18

AgendaAgenda• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:

– Identity Theft– Social Engineering – Malwares– Denial of Services

• References

• Concept & Definitions• Theoretical Aspects of Attacks• Cyber Attacks: A Case Study:

– Identity Theft– Social Engineering – Malwares– Denial of Services

• References

19

Cyber AttacksCyber Attacks– Case Study

• Target: Your User Account – Case Study

• Target: Your User Account

Ref: http://www.ipa.go.jp

20

Cyber Attacks Cyber Attacks • Identity Theft:

– Password Sniffing• Eavesdropping network traffic

– Password Cracking

• Identity Theft: – Password Sniffing

• Eavesdropping network traffic– Password Cracking

Computer

switch

Computer

Computer Computer

21

Cyber AttacksCyber Attacks• Social Engineering Attacks

– Phishing– Pharming

• Social Engineering Attacks – Phishing– Pharming

Ref: http://www.ipa.go.jp

22

Cyber Attacks Cyber Attacks • Malware

– Virus– Worms– Rootkits– Trojan Horses- Etc.

• Malware– Virus– Worms– Rootkits– Trojan Horses- Etc.

Ref: http://www.ipa.go.jp

23

Cyber Attacks Cyber Attacks • Denial of Service

– Distributed DoS • Denial of Service

– Distributed DoS

attacker

attacker

attacker

attacker

victim

attacker

24

ReferencesReferences• ITU Annual Report (2012)• IC3 Report (2009) • FBI Cyber Report (2005) • Network Security Essentials

• ITU Annual Report (2012)• IC3 Report (2009) • FBI Cyber Report (2005) • Network Security Essentials