Chapter 3 - Computer and Internet Crime 1
Chapter 3
Computer and Internet Crime
Chapter 3 - Computer and Internet Crime 2
Chapter 3 - Objectives 1. Discuss key trade-offs and ethical issues associated
with safeguarding of data and information systems. 2. Identify reasons for the increase in the number of
Internet-related security incidents.3. Describe the most common types of computer
security attacks.4. Outline the characteristics of common perpetrators
including their objectives, available resources, willingness to accept risk, and frequency of attack.
5. Describe a multi-level process for managing Internet vulnerabilities based on the concept of reasonable assurance.
6. Outline the actions that must be taken in response to a security incident.
Chapter 3 - Computer and Internet Crime 3
IT Security IncidentsYear Number of Incidents Reported
20032002
137,529 82,094
20012000
52,658 21,756
1999 9,859
1998 3,734
1997 2,134 Total: 1988-2003: 319,992
Source: CERT Web site at www.CERT.org/stats
Chapter 3 - Computer and Internet Crime 4
Increased Internet Security Incidents
1. Increasing complexity increases vulnerability.
2. Higher computer user error and access to information.
3. Expanding and changing environment introduces new risks.
4. Increased reliance on commercial software with known vulnerabilities.
Chapter 3 - Computer and Internet Crime 5
Types of Internet Attacks
•Virus•Worm•Trojan Horse•Denial-of-Service Attacks
Chapter 3 - Computer and Internet Crime 6
Virus• The term “computer virus” is an
umbrella term used for many types of malicious code.
• A virus is usually a piece of programming code that causes some unexpected and usually undesirable event.
• Most viruses deliver a “payload” or malicious act.
Chapter 3 - Computer and Internet Crime 7
Virus • Viruses may execute and affect your
computer in many different ways. – Replicate themselves – Reside in memory and infect other files– Modify and/or create new files
• Most common viruses are “macro” viruses. These viruses use an application language such as VBScript to infect and replicate documents and templates.
Chapter 3 - Computer and Internet Crime 8
Worm • A worm is a computer program, which
replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. (http://www.easydesksoftware.com/glossary.htm)
• Worms are also harmful and they differ from standard viruses in that they have this ability to “self-propagate” without human intervention.
Chapter 3 - Computer and Internet Crime 9
Trojan Horse• A Trojan horse is a program that
gets secretly installed on a computer, planting a harmful payload that can allow the hacker to do such things as steal passwords or spy on users by recording keystrokes and transmitting them to a third party.
Chapter 3 - Computer and Internet Crime 10
Trojan Horse – Logic Bomb• A logic bomb is a type of Trojan
horse that executes when a specific condition occurs.
• Logic bombs can be triggered by a change in a particular file, typing a specific series of key strokes, or by a specific time or date.
Chapter 3 - Computer and Internet Crime 11
Denial-of-Service Attack
• A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other tasks. SCO and Microsoft – MyDoom.a and .b
• Denial of service does not involve a computer break-in; it simply keeps the target machine so busy responding to the automated requests that legitimate users cannot get work done.
Chapter 3 - Computer and Internet Crime 12
Denial-of-Service Attack
• Zombies are computers that send these requests.
• Spoofing is the practice of putting a false return address on a data packet.
• Filtering is the process of preventing packets with false IP addresses from being passed on.
Chapter 3 - Computer and Internet Crime 13
Classification of Perpetrators of Computer
Crime Type of perpetrator
Objective Resources available to perpetrator
Level of risk taking acceptable to perpetrator
Frequency of Attack
Hacker Test limits of system, gain publicity
Limited Minimal High
Cracker Cause problems, steal data, corrupt systems
Limited Moderate Medium
Insider Financial gain or disrupt company’s information systems
Knowledge of systems and passwords
Moderate Low
Industrial spy Capture trade secrets or gain competitive advantage
Well funded, well trained Minimal Low
Cybercriminal Financial gain Well funded, well trained Moderate Low
Cyberterrorist Cause destruction to key infrastructure components
Not necessarily well funded nor well trained
Very high Low
See: Three Blind Phreaks
Chapter 3 - Computer and Internet Crime 14
Hacker • A hacker is an individual who tests
the limitations of systems out of intellectual curiosity.
• Unfortunately, much of what hackers (and crackers) do is illegal.– Breaking into networks and systems.– Defacing web pages.– Crashing computers.– Spreading harmful programs or hate
messages.
Chapter 3 - Computer and Internet Crime 15
Hacker• Crackers are hackers who break
code.• Malicious insiders are a security
concern for companies. Insiders may be employees, consultants, or contractors. They have knowledge of internal systems and know where the weak points are.
Chapter 3 - Computer and Internet Crime 16
Forms of Computer Criminals
• Malicious insiders are the number one security concern for companies.
• Industrial spies use illegal means to obtain trade secrets from the competitors of firms for which they are hired.
• Cybercriminals are criminals who hack into computers and steal money.
• Cyberterrorists are people who intimidate or coerce a government to advance their political or social objectives by launching attacks against computers and networks.
Chapter 3 - Computer and Internet Crime 17
Legal Overview • Fraud is obtaining title to property
through deception or trickery. • To prove fraud four elements must
be shown:– The wrongdoer made a false
representation of the material fact. – The wrongdoer intended to deceive the
innocent party.– The innocent party justifiably relied on
the misrepresentation.– The innocent party was injured.
Chapter 3 - Computer and Internet Crime 18
Reducing Internet Vulnerabilities • Risk assessment is an organization’s review of
the potential threats to its computer and network and the probability of those threats occurring.
• Establish a security policy that defines the security requirements of an organization and describes the controls and sanctions to be used to meet those requirements.
• Educate employees, contractors, and part-time workers in the importance of security so that they will be motivated to understand and follow security policy.
Chapter 3 - Computer and Internet Crime 19
Prevention • Install a corporate firewall.• Install anti-virus software on personal computers. • Implement safeguards against attacks by
malicious insiders.• Address the ten most critical Internet security
threats (10 each in Windows and UNIX): Top Twenty List
• Verify backup processes for critical software and databases.
• Conduct periodic IT security audits.• See: Tourbus Virus Solution or locally• MS Patch for IE—CNET News. Implications of
changes, speed of reaction
Chapter 3 - Computer and Internet Crime 20
Detection • Intrusion detection systems monitor
system and network resources and activities and, using information gathered from theses sources, they notify authorities when they identify a possible intrusion.
• Honeypot is a computer on your network that contains no data or applications critical to the company but has enough interesting data to lure intruders so that they can be observed in action.
Chapter 3 - Computer and Internet Crime 21
Response • Incident notification is the plan and
process used to notify company individuals when a computer attack has happened. In addition, your company should be prepared to: – Protect evidence and activity logs– Incident containment – Incident eradication– Incident follow-up
Chapter 3 - Computer and Internet Crime 22
Summary • Business managers, IT
professionals, and IT users all face a number of ethical decisions regarding IT security.
• The increased complexity of the computing environment has led to an increase in the number of security related issues.
Chapter 3 - Computer and Internet Crime 23
Summary • Common computer attacks
include viruses, worms, Trojan horses, and denial-of-service attacks.
• Computer hackers include general hackers, crackers, and malicious insiders.
Chapter 3 - Computer and Internet Crime 24
Summary • A strong security program is a
safeguard for a company’s systems and data.
• An incident response plan includes:
– Protect evidence and activity logs.– Incident containment. – Incident eradication.– Incident follow-up.
Chapter 3 - Computer and Internet Crime 25
Case 1 Cybercrime: Even Microsoft is
Vulnerable• On October 27, 2000, Microsoft
acknowledges that its security had been breached and that outsiders using a Trojan house virus had been able to view source code for computer programs under development .
Chapter 3 - Computer and Internet Crime 26
Case 2Visa Combats Online Credit
Card Fraud • Visa-branded credit cards generate
almost $2 trillion in annual volume and are acceptable at over 22 million location around the world. Visa is reviewing new ways of authenticating user transactions.
Chapter 3 - Computer and Internet Crime 27
In the News, and more…
• Teen Hacker avoids jail sentence• The Register: Security and Viruses• Google News: Hacking, Computer
Security, etc