History of Computer CrimePrepared by:

Kushagra Ganeriwal(130010111009)

Sweetu Ratnani(130010111048)

Guided by:

Prof.Kiran Macwan (CP Dept.)

Introduction & Traditional Problems

• Criminals have proven to be remarkably innovative.

• The question of vicinage has not been resolved by the court. Thus, both investigative units and prosecutorial teams have not been effective.

• Anonymizer sites – those sites which are designed to mask the identity of a user

Recognizing & Defining Computer Crime

• First computer crime• really unknown – as no written or formal communications were en vogue at

the time

• certainly had to be the theft or destruction of an abacus

• First documented case:• early 19th Century – the sabotage of a computer system developed by textile

manufacturer, Joseph Jacquard.

• This machine, designed to introduce automated tasks, was attacked by individuals fearful of losing employment to computers.

Three Incidents

• Prior to the 1980s, computer crime was considered a non-issue.

• However, three incidents shook American complacency to its core.1) Compromising of Milnet

2) The Morris Worm

3) Crash of AT&T

Compromising of Milnet (1986)

• Berkley – maintained sensitive military info as part of Arpanet

• Soviet employed German hacker hacks and steals sensitive information

• Discovered by a bean counter

who investigated the loss of less than one dollar!

• Immediately after discovery, Internet security

and data protection became a top priority

The Morris Worm (1988)

• Robert Morris – Cornell University student – son of a government agent

• Created a worm to impress his friends, but did not recognize the potentiality for destruction

• Attempted to warn victims – instructing them on how to remove the worm prior to massive destruction

• Too late – caused millions of dollars in damage and crippled 10% of all computers connected to the Internet

• First person convicted under the new Computer Fraud and Abuse Act

AT&T Crash(1989)

• AT&T crashes due to their own failures

• Blame shifted to Legion of Doom

• LEGION OF DOOM• Named after fictional circle of super-villians

• Shamelessly promote themselves, brag of their exploits, and decry the use of force by government

Categorizing Computer Crime – while exhaustive, the categories are not mutually exclusive

• Means or Instrument

• Target

• Incidental

Computer as a means

• Phreaking and Telecom Crime

• Web-cramming

• ISP Jacking

• Internet Scams

• Non-phreaking, neo-traditional crime

Phreaking

• the manipulation of telecommunications carriers to gain knowledge of telecommunications, and/or theft of applicable services – OR – any activity that incorporates the illegal use or manipulation of access codes, access tones, PBX’s, or switches

• initially perpetrated by individuals drawn to the challenge of cracking systems, especially those which claimed to be impenetrable, like DOD

• Became a counterculture – in which conferences and bulletin boards were developed as platforms for braggarts (www.defcon.org) (www.Phrack.org)

• Would build global telecommunications systems using other’s resources

• Law enforcement was helpless to react due to an increase in predatory crime and inadequate resources

Types of Phreaking

• Theft of access codes

• Manipulation of switches

• Manipulation of PBX’s

(Private Branch Exchanges)

Web-cramming

• Accomplished when criminals develop new Web pages for small businesses and non-profit groups for “little” or “no expense”. While advertising their service as free, these criminals actually engage in unauthorized phone charges on their victims’ accounts.

• Most common approach involves the use of “rebate checks.”

• These checks, when cashed, transferred the consumer’s ISP, placing monthly service charges on their telephone bill.

• This activity is possible because telephone companies contract to provide billing and collection services for other companies that sell telecommunications-related services.

ISP-Jacking

• Involves disconnecting individuals users from their selected Internet Service providers and redirecting them to illegitimate servers

• In these cases, users are lured into downloading software which surreptitiously disconnects their chosen Internet service providers, silences their modem, and reconnects them to a remote server..

• 1999 – RCMP uncovered a complicated scam in which Canadian users were rerouted through Moldova (a republic in the Soviet Union) and other international locations to Dallas, Texas resulting in thousands of dollars in long distance charges.

• The success of these scams is largely attributed to the fact that no identifying or credit card information is requested – remember – charges are charged to the victim’s telephone bill.

Nigerian Advance Fee Scam

• 6 steps to 4-1-9 scams• are identified and targeted through sources ranging from trade journals, professional directories,

newspapers, etc.• individual or company receives e-mail from a “government or agency official” (such as a senior

civil servant in one of the Nigerian ministries, like the Nigerian National Petroleum Corporation) • e-mail informs recipient that this government or agency is willing to transfer millions of dollars in

“over invoiced contracts”, if: • recipient provides blank copies of letterhead, banking account information, and telephone/fax

information (these letters, in turn, are used to seduce other victims – these are often used to obtain a travel visa from the American embassy

• as the scam involves cultivating the trust of the recipient, more official documentation is received from the “government or agency” (i.e., authentication letters with official looking stamps, government seals, or logos which support the claims)

• once trust is obtained, up-front fees are requested for taxes, government bribes, attorney fees, or the like (Grennan, Britz, Rush & Barker, 2000).

Non-phreaking, neo-traditional crime (i.e. non-Internet crime)• Not all technologically advanced crime involves the use of the

Internet or electronic communications!

Printing technologies, software capabilities, digital cameras, and the like have increased the sophistication of non-Internet criminal activity.

Traditional methods of counterfeiting currency, defrauding financial institutions, viewing child pornography, and the like, have all been supplanted by more advanced approaches.

IP Spoofing

• IP Spoofing – successfully mimic a victim’s computer identity

• May also be used to redirect Internet traffic

• Domain name hijacking is accomplished by spoofing messages to domain name registrars like Network Solutions.• Has been used against Nike

Cybersquatting

• Cybersquatting - the practice of infringing on trademarked property via electronic means

• Purchase of domain names consistent with established companies or businesses. (i.e. www.toysrus.com , etc.)

• Purchase of domain names which represent common misspellings or typographical errors of same (i.e. www.toysareus.com

• Outlawed by the Anti-Cybersquatting Consumer Protection Act of 1997 – has been characterized as the epitome of techno-capitalism by some, but branded criminal by government authorities

• Effectively used against John Zuccarini who purchased thousands of domain names which represented common misspellings of popular businesses and mousetrapped accidental visitors (opening ad boxes which require users to click on, and therefore look at, the ads to make them go away).

THANK YOU