HISTORY OF HACKING AND CYBERCRIME BY BRUCE PHILLIPS CRISSY HUGHES CARLOS BETETTA

HISTO

RY OF

HACKING

AND CYB

ERCRIME

BY

BRUCE P

HI L

L I PS

CR I SSY H

UG

HES

CARLOS B

ETETTA

TECHNOLOGICAL

DEVELOPMENTS

IPad Blackberry

Xbox

TECHNOLOGICAL DEVELOPMENTS

Personal Computers

Internet & Computer Networks

JOHN DRAPER AKA CAPTAIN CRUNCH

JOHN DRAPER AKA CAPTAIN CRUNCHKNOWN AS FATHER OF MODERN HACKING

ORIGINALLY RADAR TECHNICIAN

SUPPOSDLY CALLED NIXON

HACKED PHONE WITH THE USE OF A CAPTAIN CRUNCH CEREAL WHISTLE

TAUGHT STEVE WOZNIAK AND STEVE JOBS HOW TO MAKE “BLUE BOXES”

JOHN DRAPER AKA CAPTAIN CRUNCH70’S SERVED TWO STINTS IN PRISON

CURRENTLY UNEMPLOYED

HACKED FOR THE FUN OF IT, NOT FOR $$$

STEVE WOZNIAK

STEVE WOZNIAKCO-FOUNDER OF APPLE

1970’S WAS A STUDENT AT BERKLEY & MEMBER OF “CALIFORNIA’S HOMEBREW COMPUTER CLUB”

MASS PRODUCED “BLUE BOXES” FOR TWO REASONS

1) GENERATE ENOUGH CASH FOR THEIR STARTUP COMPANY “APPLE”

2) FASCINATION BEHIND “THE POWER OF IDEAS” “THAT TWO TEENAGERS COULD BUILD A SMALL BOX FOR A HUNDRED DOLLARS AND CONTROL HUNDRED MILLIONS OF DOLLARS OF PHONE INFRASTRUCTURE

KEVIN MITNIK

KEVIN MITNIKSTARTED AT AGE 12

HACKED:LA’s BUS PUNCH CARD SYSTEMCELL PHONESFAST FOOD SPEAKER SYSTEMSDEC COMPUTER SYSTEM

WENT ON TWO AND A HALF YEAR HACKING SPREE ACROSS THE COUNTRY

CAUGHT BY “CELLULAR FREQUENCY DIRECTION-FINDING ANTENNA HOOKED UP TO A LAPTOP TO NARROW THE SEARCH TO AN APARTMENT COMPLEX”

SENTENCED TO FIVE YEARS OF PRISON AND EIGHT MONTHS OF SOLITARY

KEVIN MITNIKOWNS HIS OWN COMPUTER SECURITY CONSULTING COMPANY (MITNIK SECURITY CONSULTING, LLC)

NOW CAN LEGALLY HACK INTO SERVERS

STATED “IF I HAD PERFORMED THE SAME HACKS THAT I HAD DONE IN THE PAST TODAY, I WOULD MOST LIKELY BE IN GUANTANAMO BAY, CONSIDERING ALL THE SECURITY LAWS PASSED AFTER 9/11

HACKER LAWS

• Why do we have hacker laws?

• Development of New Technologies for business and / or personal use

•Computers and Microchips

HACKER LAWS

Old Days

Thief’s Tools Crow Bar

HACKER LAWS

Today

Computer Wireless Sniffer Device

FIRST COMPUTER HACKER LAWS

• Computer Fraud and Abuse Act of 1984 to protect from cybercrimes Defined illegal acts with computer Computer EspionageComputer TrespassingDamage and Fraud with Computer

FIRST COMPUTER HACKER LAWS

• Computer Fraud and Abuse Act of 1984 Defined Criminal Conduct Accessing computers without authorization Accessing computers in excess of authority

** Company must have a good DBA and access policy

And using stolen information to cause loss, damage or fraud

FIRST COMPUTER HACKER LAWS

• Computer Fraud and Abuse Act of 1984

• In 1984, why the need for new computer hacker laws?

• Latest High Tech Device: Personal Computer IBM-PC Bill Gates and Windows

FIRST COMPUTER HACKER LAWS

• Computer Fraud and Abuse Act of 1984 In 1984, Expansion of Programming Writing computer code to develop ‘Apps’ (software tools)

Some Programmers succumb to the Dark Side and developed worms and viruses

PATRIOT ACT OF 2001

Disclosure of Electronic Communications to Law Enforcement

Authorities can get permission to intercept communications on Protected Computers

Bypassing Wiretap Statutes Including Computers outside the United States

CALIFORNIA COMPREHENSIVE COMPUTER DATA ACCESS AND FRAUD

ACT State Specific Law

Allows Civil Actions (Lawsuits) and Compensatory Damages

Fines of $10,000 per offense and / or prison time

SARBANES-OXLEY ACT 2002

created to improve corporate and auditing responsibilities

Section 404 establishing and maintaining internal controls

Results: Better internal controls and higher protection standards for all companies

Most companies implemented COSO

CRITICS OF SARBANES-OXLEY ACT 2002

requirements are too strict and waste precious company resources

Association of Certified Fraud Examiners

Argued waste of company resources

2010 Restoring American Financial Stability Act – removed Sect 404 requirement for non-accelerated filers

SARBANES-OXLEY ACT & PCAOB

Audit Standard 5 provides guidance for conducting audits of the effectiveness of Internal Controls of Financial Reporting

Critics complain about the vagueness of the guidance and reporting standards

People are the problem!

Getting Into The Network• Keeping attackers out of your IT network all together provides

the best protection. • Hackers are continually finding new ways to get beyond

corporations’ IT security. • Employee education

•What needs to be protected?•What are the procedures and policies to follow?

• When an attack is successful, data and applications can be affected.

Inside the Network Barrier

USB thumb drives

Laptops

Netbooks

Inside the Network BarrierMP3 players

Digital Cameras

Printers

Scanners

Inside the Network BarrierSmart Phones are carried in and out of corporations on a daily basis.

Inside the Network BarrierCloak and Dagger!

• A hacker disguised as a repairman?

• Do they look like they should be there?

Inside the Network Barrier

Identity Theft• Is your home network safe.• Do you understand and know the threats that are out

there.• Corporate protection of customer data.

Inside the Network BarrierEmployee Threats• Can be intentional or unintentional.• Work stations left unattended.• Allowing a fellow employee access to an unauthorized

area.• Education of employees is essential.

History of Hacking and Cybercrime

• Questions?