Computer Misuse & Crime - Herefordshire and Ludlow Collegewiki.computing.hct.ac.uk/_media/computing/fdsc/module205... · 2012-07-16 · Computer Misuse & Crime ... A Moroccan court

Computer Misuse & Crime

205 Information Security

Len Shand

Computer Misuse & Crime

Computer Misuse ◦ Unauthorized access & use ◦ Deliberate misuse of computer systems ◦ Malicious software

Computers misuse makes the crimes - ◦ easier to commit ◦ more devastating ◦ harder to detect ◦ doable from long distances

Week 2 205 Info Sec 2

What is Computer Crime?

Breaches of physical security ◦ Eavesdropping, dumpster diving

Breaches of Personnel Security ◦ Identity theft

Data Attacks ◦ Unauthorised copying of data

Software Attacks ◦ Viruses, session hijacking, trojans

Breaches of Operations Security ◦ Password sniffing, IP spoofing


Types of Computer Crime

Old Crimes in an environment created by the new technologies – ◦ Paedophilia and Child Abuse ◦ Fraud ◦ Murder ◦ Stalking ◦ Extortion ◦ Identity Theft

New Crimes brought about because of computers – ◦ Hacking ◦ Software Piracy ◦ Telecommunications Fraud ◦ On Line Stalking ◦ Online Auction Fraud


Electronic Infection Viruses

◦ A computer virus passes from computer to computer like a biological virus passes from person to person. It must piggyback on top of some other program or document in order to get executed and then it is then able to infect other programs or documents.

E-mail viruses ◦ An e-mail virus moves around in e-mail messages, and

usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book.

Trojan horses ◦ A Trojan horse is a computer program that claims to do one

thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk). Trojan horses have no way to replicate automatically.

Worms ◦ A worm is a small piece of software that uses computer

networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well.


Examples….

In the summer of 1996, the CIA and US Department of Justice websites were hacked. Their contents were replaced by pornographic material.

In March 1997 a 15 year old Croatian youth penetrated computers at a US Air Force base in Guam.

In 1997 and 1998 an Israeli youth calling himself "The Analyzer? allegedly hacked into Pentagon computers with help from California teenagers. Ehud Tenebaum, 20 was charged in Jerusalem in Feb 1999 with conspiracy and harming computer systems.

In Feb 1999, unidentified hackers seized control of a British military communication satellite and demanded money in return for control of satellite.

In October 2000, unknown hackers broke into Microsoft and over a period of two weeks viewed/copied source code under development for a future product. Microsoft denied reports that intruders accessed source code for its major operating systems products like windows 2000, ME, XP or Office.

In 2001 reports appeared that hackers broke into the Playboy Enterprise Website and stole credit card information for hundred of customers. The hackers threatened to use the information to cause damages totaling $10million in fraud claims to credit cards and insurance companies.


Cracker and Cyber Bank Robbers The Phone Masters Case

Calvin Cantrell and “The phone masters” broke into a number of credit card databases and telephone networks including - ◦ AT&T ◦ BT (the UK one..) ◦ GTE Corp ◦ MCI WorldCom ◦ Southwestern Bell

They had the power to listen in on phone calls, access secure databases (including Whitehouse unlisted numbers), redirect calls at will.

They sold the information to investigators, information

brokers and eventually to the Sicilian mafia. The gang cost various businesses $1.85 million


‘Insider’ Problem

50% of security breaches occurred within organisation

Security policies & training, software & hardware security measures and deterrents

Dishonest employees exploit security loopholes found during their daily work activities


White Collar Criminals

Qualified, tech-savvy professional who is dressed smartly at office

Motives related to acquiring more wealth than they deserve or some financial crisis

Often identified by – ◦ Having multiple bank accounts in different banks or countries

◦ Openly exhibiting a lifestyle far more lavish than the job makes possible


Beware of the Disgruntled Employee October 1999 - A former FAA engineer stole the only copy

of code used to direct jetliners at O‟Hare International Airport – he erased the code from a hard drive and quit the next day.

July 1998 – A former coastguard employee deliberately crashed a key system. It took 115 personnel 1,800 man-hours to restore the system, the recovery cost $40,000

July 1996 – Tim Lloyd, „Omega Man‟. Two weeks after leaving Omega Engineering a logic bomb consisting of 6 lines of code destroyed more than 1000 programs. As Lloyd had been in charge of the backup tapes, this eventually cost the company which supplies NASA & US Navy $10 million.

July 2009 – Terry Childs held the city, or at least critical parts of its IT network, hostage for several days.


Hacking

An illegal intrusion into a computer system and/or network Hackers write or use ready-made computer programs to

attack the target computer. Some hackers hack for personal monetary gains, such as

to stealing the credit card information, transferring money from various bank accounts to their own account.

They extort money from some corporate giant threatening to publish the stolen information which is critical in nature.

Government websites are the hot targets of the hackers due to the press coverage, it receives.

Hackers enjoy the media coverage.


Some Famous Hackers

Kevin Mitnick: In 1994, was the world's most wanted hacker for breaking into Digital Equipment's computers and stealing source codes. He served some years in prison, then became a book author.

Kevin Poulsen: In 1995, a friend of Mitnick's, broke into FBI computers. He spent some years in prison, and is now a computer security journalist.

"Mafiaboy“: In 2000, this Canadian boy launched denial-of-service attacks on CNN, Yahoo, and other major websites. He ended up under house arrest and was restricted from using the Internet.

Onel DeGuzman: In 2000, this Filipino computer science student unleashed the "ILOVEYOU" virus on the Net. He went unpunished because the Philippines had no law covering the crime.

2006, investigators stated that Farid Essebar, a Dark-side hacker was one of the two masterminds behind the spread of the Zotob Computer virus that targeted Windows 2000 operating systems in 2005. A Moroccan court sentenced Essebar to two years of prison


Denial of Service (DoS) Attack

Criminal act of flooding the bandwidth of the victim‟s network with useless traffic or filling an e-mail box with spam mail.

Renders computer services as useless. For all known DoS attacks, there are

software fixes that system administrators can install to limit the damage caused by the attacks.

However, like viruses, new DoS attacks are constantly being dreamed up by hackers.


DoS Example

In February 2000, computer hackers launched a stream of Denial of Service attacks against popular Internet websites.

On the first day attacks were launched against Yahoo!, which at that time was the most visited site on the Internet. Yahoo! was down for several hours. Over the next few days Ebay, Amazon, CNN and Buy.com were hit.

On the same day two of the top online brokerage firms were attacked and people who used these firms were unable to trade.

While the websites were down they lost hundreds of thousands of dollar in revenue.


Online Extortion Ring Broken Up

Online sports books use sophisticated Web pages to post odds and collect bets on a wide range of sporting events. Online sports betting is illegal in the U.S., but legal in the U.K. and other countries. In the last year, online sports books have become frequent targets of online criminal gangs that are attracted to the cash-rich virtual betting parlors, which often keep between $300 million and $400 million on hand to cover bets. Demands for protection money vary, but typically range from $10,000 for small sites to $40,000 or more for larger operations.

Three men were arrested in Russia are accussed of being part of a ring that uses compromised or "zombie" computers to launch denial of service attacks against online sports betting sites that refuse to pay protection money.

The arrests follow a complaint by Canbet Sports Bookmakers UK, which was forced to pay protection money to prevent its Web site from being attacked.

Many online sports books that serve the U.S. are based in small countries such as Costa Rica and Belize, which lack the resources or expertise to investigate extortion attempts.


Cyber Stalking

Defined as the repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using internet services.

Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.

Most stalking laws require that the perpetrator make a credible threat of violence against the victim.

Cyber stalking does not involve physical contact may create the misperception that it is more benign than physical stalking.

There also have been many instances of cyber stalking by strangers. Given the enormous amount of personal information available through the Internet, a cyberstalker can easily locate private information about a potential victim


A Case…. The victim met the perpetrator at church, and

continually rejected his romantic attempts. The perpetrator, a fifty-year-old security guard, retaliated to her rejection by posting her personal details to the Internet. These included her physical description, address and telephone number, and even including details about how one could bypass her home security system. He also posted false rape and “gang-bang” fantasies to on-line forums.

On approximately half a dozen occasions, men arrived at the victim's home in the hope of “cashing in” on these supposed fantasies. As the victim posted messages to her door stating these requests were false, the perpetrator posted messages on-line stating that these were simply tests to determine who was in fact „worthy‟ of her fantasies.

The victim was eventually forced from her home, suffered ill health, lost her job, and developed a fear of going outside of her home


Child Pornography

Paedophiles often contact children/teens in chat rooms or social networking sites and then use a false identity in order to befriend them.

Extract personal information from the child/teen by winning their confidence, for example, the e-mail address and starts making more personal contact with the victim.

Starts sending pornographic images/text to the victim including child pornographic images in order to help child/teen shed his inhibitions so that a feeling is created in the mind of the victim that what is being fed to him is normal and that everybody does it.

Finally, the paedophile will set up a meeting with the victim.


Phishing

The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The e-mail directs the user to visit a bogus Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

By spamming large groups of people, the “phisher” counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with legitimately.

Phishing e-mails appear to be from a reputable source or company, complete with logo and language, and often ask for personal data.



Is Computer Crime a Problem?

Report based on 407 organisations of which 46% reported cases of ICT fraud and abuse in the last 3 years (2001 – 2004). .



Viewing nude pictures from the Web.

Giving a copy of software to a friend.

Reading someone else's email.

Browsing through other user’s or system directories.

Sharing a computer account with another person.

Copying software from work to home.

Downloading music tracks for personal use

Setting up a personal server on your work machine.

Are these Computer Crimes?

Why Computer Crime? A slim chance of getting caught or punished. If crimes are reported to the police, they have little

chance of being successfully prosecuted. ◦ Law enforcement has much higher priorities ◦ Limited resources for chasing computer crime ◦ The ability to pursue overseas criminals often depends on

personal contacts in foreign police forces, rather than any formalised system for sharing information.

Many big companies that fall victim, notably the banks,

often choose to sweep the event under the carpet rather than face the shame of admitting they have been hacked. If they catch the culprit, they are likely to let him go free in exchange for keeping his mouth shut.


Computer Crime Clues

Clues to the identity of a cyber criminal often exist in cyberspace and in the real world if the investigator knows where to look.

Computer systems usually keep track of all authorized and unauthorized access attempts. Records, called computer logs, provide useful and often critical clues that a trained agent or computer specialist can use as the starting point to trace the route taken from computer to computer through the worldwide web, to discover the one computer out of the millions in the world from which an intrusion was conducted.

All computers using the Internet are assigned a different numeric Internet Protocol (IP) address while online, similar to country, city, street, and number addresses for houses. Unless the criminal alters the victim's logs once he or she gains unauthorized access, the victim's logs should list the precise computer address from which unauthorized access was gained. That address may not be the criminal's own computer, but instead another computer that the criminal has hijacked or an account that he owns on a third party's computer, as discussed in more detail below.

Lookup tools are available online to identify the owner of the network through which an attack was launched. To see how this works, see www.arin.net, operated by the American Registry of Internet Numbers.


Obstacles to Identifying the Criminal

A criminal might hide or "spoof" his Internet Protocol (IP) address, or might intentionally bounce his communications through many intermediate computers scattered throughout the world before arriving at a target computer. The investigator must then identify all the bounce points to find the location of the hacker, but usually can only trace the hacker back one bounce point at a time. Court orders to each bounce point may be necessary to identify the hacker.

Some victims don't keep logs or don't discover a hacker's

activities until it is too late to obtain records from the hacker's Internet Service Provider (ISP). A victim who has no record of the IP address of the computer from which unauthorized access was gained limits law enforcement officers to traditional investigative techniques.

Some ISP's don't keep records or don't keep them long enough to

be of help to law enforcement officers. When the investigator determines the identity of an ISP from which records will be needed, the prosecutor should send a retention letter requiring the ISP to preserve the records while a court order or other process is being obtained.

Some computer hackers alter the logs upon gaining unauthorized access, thereby hiding the evidence of their crimes.


Global Issues - USA

USA is not only responsible for more spam than any other nation, it is actually far worse than the rest of the current top 10 put together. Though much US spam has traditionally travelled via China, the US does certainly harbour some of the most prolific spammers in the world, as well as the world's three worst ISPs for relaying spam.

Recent figures suggest almost one-fifth (18.1 per cent) of

all compromised machines are located in the US - and it's a good assumption that many of those doing the infecting are also US-based.

The US also accounted for about one-fifth of internet

attacks and probes last year, according to figures from Kaspersky Labs. It was second only to China.


Global Issues - China China leads the way in terms of originating internet

attacks, accounting for just over one-quarter of all reports last year of internet attacks and probes.

The country also has a reputation for relaying large

quantities of spam. China boasts a huge population and a rapid rate of

internet adoption. Therefore, China will originate more internet attacks than the UK, for example, as it has more than double the number of internet users.

China's mechanisms for dealing with the problem and

its government's willingness to address the issue are also at a less mature stage than other countries. Such factors make the process of understanding the scale of each country's liability difficult and make comparisons largely impossible.


Global Issues – Russia & Baltic States

Despite the popular myth that 'The Russians' are the greatest threat to internet security, Russia accounted for only two per cent of internet attacks and probes last year. That puts the country down in sixth place.

Nonetheless, the reputation of Russia and the Baltic States has certainly been tarnished in recent years by a growing trend towards blackmail with threats of denial of service attacks. And while this is in no way unique to these parts of the former Soviet Union experts claim it is a crime that was pioneered in the region - though targets were often based in the US or Western Europe.


Estonia

Estonia, one of the most internet-savvy states in the EU, has been under sustained attack from hackers since the ethnic Russian riots sparked in late April 2007 by its removal of a Soviet war memorial from Tallinn city centre.

Websites of the Estonia's government, political parties, media and business community have had to shut down temporarily after being hit by denial-of-service attacks.

Some sites were defaced to redirect users to images of Soviet soldiers and quotations from Martin Luther King about resisting "evil".

While the government in Tallinn has not blamed the Russian authorities directly for the attacks, its foreign ministry has published a list of IP addresses "where the attacks were made from". The alleged offenders include addresses in the Russian government and presidential administration.

While most Estonian ministry websites are now functioning normally after technicians blocked hostile internet portal addresses, some companies in the banking and media sector say they are still encountering problems.


Global issues - Europe Europe, like the US, plays a twin role in the world of cyber

crime as it is the home to perpetrators but is also a common victim. It makes sense that many of the countries with the most attractive economies will attract criminals who are increasingly spurred on by a financial incentive.

Europe also has a very active hacker network and recent

years have seen a number of European virus writers arrested in relation to serious attacks.

Criminals within a number of accession countries to the EU

have been linked with crimes such as denial of service attacks as well as the distribution of malware.

As with the US, Europe is also guilty of relaying a great deal

of malware infections via unguarded home PCs and large ISPs.

France, Germany, Italy, Spain and the UK are all in top 10 of

nations originating Trojan infections.


Global Issues - Others West Africa has become synonymous with electronic fraud in the

wake of so-called 419 email scams and other internet-based fraud originating from Nigeria. Many of these scams are crude but it's reasonable to expect them to follow the same learning curve of increasing sophistication that other areas have witnessed.

South America has seen many instances of website defacements and there has been a spate of such attacks coming out of Brazil and the country still has a very active hacker community.

In less politically stable regions, such as the Middle East, we have seen several websites vandalised as well as sites defaced with a political message - often called 'hacktivism', though this is small scale and lacks the severity of impact that other attacks have.

Also in the Middle East there is a strong growing association between Israel and the use of spyware. Similarly the use of Trojans and other spying technologies appears to have found some popularity in Israel but again it is far from unique to the one country.


Panda Security Report Q2 2011


BREAK!!!!!!


What is Cyberterrorism?

“Cyberterrorism is the premeditated, politically motivated attack against information, computer systems, computer programs, and data which result in violence against non-combatant targets by sub-national groups or clandestine agents."

Mark Pollitt, Special Agent FBI

“The use of serious violence against persons or property, or the threat to use such violence, to intimidate or coerce a government, the public or any section of the public for political, religious or ideological ends”

British Home Office


Al Qaeda Al Qaeda will likely become more active in cybercrime.

"They‟re trying to recruit experts in the appropriate technology to help overcome their money supply issues”. Action taken by the authorities since the 9/11 terrorist attacks has stemmed much of the organization‟s flow of money.

Peter Warren, Cyber Alert (ISBN 1-904 132-62-6), Vision

Al Qaeda has turned to organized crime groups for their money

laundering expertise. A Russian cyber crime expert, Dr Galeotti claims Al Qaeda are looking to buy in expertise rather than depend on people they have indoctrinated because it is easier and quicker and there are less links. 'Al Qaeda is paying three times what Russian organized crime is charging the Cosa Nostra, which means paying interest at about 75%.‟ A „senior former intelligence source‟ also claims that Al Qaeda recruited „top-grade‟ computer experts to hack on its behalf against Western targets. Al Qaeda also tried to recruit computer professors from Eastern Bloc countries, with the aim of taking them to African countries, from where they were supposed to hack into key Western targets. These included systems controlling airports and power and water supplies.


US hosting Terrorist Web sites!

Many terrorist group sites are hosted in the United States.

Hamas site is hosted in Connecticut and Chicago. State University of New York (SUNY) at Binghampton was hosting the

Web site of the Revolutionary Armed Forces of Colombia (FARC) in 1997. SUNY officials promptly shut down the FARC site when discovered.

Tupac Amaru (MRTA) solidarity site was operating out of the University of California at San Diego (UCSD). In San Diego it was decided to err on the side of free speech and the Tupac Amaru site remains in operation. Interestingly, the FARC site now also operates out of UCSD.

It is not illegal to host such a site as long as a site is not seeking financial contributions nor providing financial support to the group. Other content is generally considered to be protected speech under the First Amendment of the Constitution of the United States.


Computer Terrorism threats

Potential computer terrorism threats come in three broad categories: -

Denial of Service

◦ the computer system is simply made to shut down. ◦ Telephone systems going down, computer trains stopping in their

tracks, stock market trading being halted.

Malicious Action ◦ Where computer system does things it was not intended to do. ◦ Examples include banking systems making unauthorized transfers or

flight control software causing airplanes to crash.

Theft of information ◦ credit card numbers, social security numbers, corporate plans.



Cyberterrorist attack fails

By Rob Lever WASHINGTON

A major attack on "a crucial piece of the Internet infrastructure" failed to cripple the Web, but could be a precursor to a more aggressive effort, security experts said.

Analysts said the denial of service attack targeted the 13 root servers that direct traffic on the Internet, bombarding the computers with requests that eventually shut them down.

"It was definitely a major attack," said French Caldwell, an Internet security specialist. "This is close to what we call a cyberterrorist attack, but a failed cyberterrorist attack.“…

http://www.metimes.com/2K2/issue2002-43/net/cyberterrorist_attack_fails.htm

Computer Programming accidents

Problems in the software controlling the Therac-25 radiation therapy machine caused the system to fry patients, resulting in deaths and serious injuries. Some patients received more than 100 times the amount of radiation they were supposed to get.

A software failure in the bond processing system at the Bank of

New York halted Treasury bond payments for more than a day, triggering a panic in the precious metals market.

Programming errors have caused both European Arianne and

American Delta III rockets carrying satellites to explode, resulting in losses of hundreds of millions of dollars.

If simple programming errors can cause this level of damage,

imagine what could be accomplished through deliberate malicious action.


CNI dependency on IT

Every Critical National Infrastructure entity is heavily dependant

on IT and/or automated processing to conduct it‟s day to day functions.

Banking and Finance, Insurance Loan processing and payments,

interest calculations and payroll ◦ Payouts due to disaster that allow business continuity ◦ UK Threat - National Social Security computer in Newcastle

Chemical, Oil and Gas, Energy production & distribution, components and manufacturing ◦ Processing chemicals vital to other CNI

Electricity, Energy production and distribution

Law Enforcement, Emergency services

◦ Intelligence databases


SCADA Systems

SCADA (Supervisory Control And Data Acquisition) is a software application program for process control i.e. the gathering of data in real time from remote locations in order to control equipment and conditions.

Used in electricity power plants, oil and gas refining, telecommunications, transportation, and water and waste control.

Tend to be complicated systems that are specifically written for the industry/sector

Use the internet to gather information and to monitor its locations

Warns when conditions become hazardous by sounding alarms.


Tools of the Trade

Few people besides a company's own employees possess the specific technical know-how required to run a specialized SCADA system.

In April 2002, an Australian man used an Internet connection to release a million gallons of raw sewage along Queensland's Sunshine Coast after being turned down for a government job. When police arrested him, they discovered that he had worked for the company that designed the sewage treatment plant's control software.

In 1998, a 12-year-old boy successfully hacked into the controls for the huge Roosevelt Dam on the Salt River in Arizona, USA. He might have released floodwaters that would have inundated Mesa and Tempe, endangering at least 1 million people.


“The Most Monumental Non-Nuclear Explosion

and Fire Ever Seen From Space."

Thomas C. Reed, Ronald Regan‟s Secretary of the Air Force, described in his book how the United States arranged for the Soviets to receive intentionally flawed process control software for use in conjunction with the USSR's natural gas pipelines, pipelines which were to generate critically needed hard currency for the USSR. Reed stated that "The pipeline software that was to run the pumps, turbines, and values was programmed to go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds." The result? A three-kiloton blast in a remote area of Siberia in 1982, which, only by some miracle, apparently didn't result in any deaths.


Worm crashes nuclear network


Bad Data destroys Transformer Bank


Other possible terrorist uses of the Internet

Clandestine communication and Propaganda

◦ E-mail

◦ Websites

◦ Internet Chat Rooms

◦ Bulletin Boards

◦ Fund raising

◦ Funds distribution

Intelligence gathering

◦ Identifying and researching targets

◦ Recruitment

◦ Acquisition of weaponry and dual use goods

◦ Researching defensive and offensive operational techniques


Now…. Several years on from 9/11 and despite the numerous terror

attacks in Bali, Turkey and Iraq, the consensus among security experts is that there has never been a recorded act of cyberterrorism pre- or post-September 11th.

Although there has never actually been an act of cyberterrorism, there have been plenty of instances of politically motivated hacking incidents that sit outside the realm of simple cybercrime.

Researchers are still unclear whether the ability to

communicate online worldwide has resulted in an increase or a decrease in terrorist acts. It is agreed, however, that online activities substantially improve the ability of such terrorist groups to raise funds, lure new faithful, and reach a mass audience. The most popular terrorist sites draw tens of thousands of visitors each month.



Thai Military upset by Google

Thailand, afraid that detailed Google Earth satellite pictures available on the Internet threaten its national security, may ask Google Inc. to block images of important government buildings vulnerable to attack.

A Thai Armed Forces spokesman Maj Gen Weerasak Manee-in said -

“We are looking for possible restrictions on these detailed pictures, especially state buildings,"


Nakhon Ratchasima, military

installation, Thailand

New Chinese Ballistic Missile Submarine Spotted


The submarine appears to be about 35 feet longer than the unsuccessful Xia-class sub

because of an extended midsection that houses the missile launch tubes and part of the

reactor compartment.

Hans M. Kristensen, Strategic Security blog

AK's weblog, March 28. 2005

The goal was to identify a nuclear power plant in the United States of America on a satellite picture. First of all, I searched for a list of nuclear power plants in the US. That was easy - http://www.insc.anl.gov/pwrmaps/map/united_states.html The "International Nuclear Safety Center" is so kind to put up a good overview over the power plants in the US. I chose one of the power plants, namely the one in Oyster Creel N.J. After a few minutes of searching, I also found a topographical map of exactly that area showing where the nuclear power plant was on the map.

And from that on, it was all very easy. The coordinates are about -74.19621 longitude and 39.81927 latitude (the online interface where I retrieved the topo map from gave me those coordinates) and I was able to retrieve a few more detailed images from Terraserver-USA


http://synflood.at/blog/exit.php?url_id=526&entry_id=380



Top Vulnerabilities

Number of password-stealing Web sites will increase using fake sign-in pages for popular online services

Volume of spam, particularly bandwidth-eating image spam, will rise

Popularity of video sharing (MySpace, YouTube) on the Web makes it inevitable that hackers will target MPEG files

Mobile phone attacks will become more prevalent as mobile devices become smarter

Adware will go mainstream Identity theft and data loss will continue to be a public issue The use of bots (computer programmes that perform

automated tasks) will increase as a tool favoured by hackers Parasitic malware, or viruses that modify existing files on a

disk, will make a comeback Vulnerabilities will continue to cause concern fueled by the

underground market for vulnerabilities


Types of Security Requirements

Identification and access control (physical locks, passwords, call back systems, data encryption)

Protect programs and data (backups, strict procedures and organisation controls for staff, regular audits, security policy)

Disaster prevention (plan for disaster recovery, uninterruptible power supply, hardware redundancy, backups, preventative maintenance, fire/flood alarms)



You are here!

Questions ?


Documents

Computer Misuse & Crime - Herefordshire and Ludlow Collegewiki.computing.hct.ac.uk/_media/computing/fdsc/module205... · 2012-07-16 · Computer Misuse & Crime ... A Moroccan court