Upload
er-umesh-thoriya
View
12
Download
1
Tags:
Embed Size (px)
Citation preview
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education, Inc.
Introduction
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cyberspace and Criminal Behavior
History has shown periods of enlightenment and progress
Industrial revolution – brought automation of tasks, etc.
increased public knowledge (i.e. printing press made information available to the masses
increased medical services due to enhanced communication and transportation
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Advantages of the Information Revolution: Commerce Research Education Public knowledge Entertainment Public discourse Health Multiculturalism Law enforcement
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Negative Results Cyber-dependence and incompetence – has decreased the
ability of students to conduct independent research; led to a decrease in verification of sources; obliterated traditional methods of academic inquiry
Erosion of physical health – has created a sedentary lifestyle Reduction of interpersonal communications – has created a
reliance on electronic communication at the expense of interpersonal communication.
Deviance and crime – anonymity promotes deviant behavior while creating elevated levels of vulnerability in unsuspecting users; global interconnectivity enhances potential gain from criminal activity
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cyberspace and Criminal Behavior
Cyberspace – the place between
places; the indefinite place
where individuals transact and communicate
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Intangibility of electronic communications
Not really a new concept – traditional communications have fallen within this existential space
Telephonic communications, for example, cross both time and space and were predated by wire exchanges
However, the physicality of virtual world has increased with the Internet due to the convergence of audio, video, and data
No other medium of communication has provided such potentiality.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Privacy vs. protection debate rages over
the level of supervision appropriate in this medium. Privacy advocates include: The Grateful Dead’s David Barlow, and Lotus inventor, Mitchell Kapor – co-founders of the Electronic Frontier Foundation.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Government’s position
• Such potentiality must be monitored to prevent the exploitation and victimization of innocents
• Critics – have suggested that the government has been too zealous in its pursuit of security. They have described their approach as Orwellian, citing Steve Jackson Games, Inc. v. U.S. Secret Service as an example.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Privacy Advocates Position
• Any supervision and/or government oversight abridges the 1st Amendment, and should be prohibited as a matter of law.
• Critics – have suggested that their position is untenable as it fails to recognize the dangers inherent in anonymous communication. They argue that an unregulated global exchange encourages deviance.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
No compromise has yet been reached.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Clarification of terms
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Traditional Definitions of
Computer Crime Computer Related Crime
Cybercrime
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Computer Crime
Any criminal act committed via
computer
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Computer Related Crime
any criminal act in which a computer is involved, however peripherally
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cybercrime
Any abuse or misuse of computer systems which result in direct
and/or concomitant losses
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Problems with definitions
definitions vary by agency, legislation, and enforcement
can not be used to replace traditional statutes extortion is extortion is extortion regardless
of the method employed to communicate the threat.
TERMS WILL BE USED INTERCHANGEABLY
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Traditional Problems Associated With Computer Crime
While criminals have always displayed an ability to adapt to changing technologies, law enforcement agencies and government institutions, bound by bureaucracy, have not.
Computer crime, in particular, has proven a significant challenge to LE personnel for a variety of reasons.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Traditional Problems Associated with Computer Crime
Physicality and jurisdictional concerns Lack of communication b/w agencies Physicality and jurisdictional concerns Intangibility of physical evidence Lack of communication between
agencies Inconsistency of law and community
standards Intangibility of evidence Cost/benefit to perpetrator
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Physicality and Jurisdictional Concerns
intangibility of activity and location are not provided for by law – individuals sitting at their desk can enter various countries without the use of passports or documentation.
vicinage – an element necessary for successful prosecution requires the specification of the crime scene (physical not virtual), i.e., “ Where did the crime actually occur?” If a Citadel cadet from 4th Battalion illegally transferred money from The Bank of Sicily to The Bank of London, where did the crime occur? Which laws apply?
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Jurisdiction
Which agency is responsible for the investigation of a particular incident.
Using the previous example, which agency has primary jurisdiction over the thief?
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Lack of communication between agencies
i.e., traditional lack of collaboration
further compounded by
the introduction of international
concerns
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Inconsistency of law and community standards
i.e., definitions of obscenity, criminality, etc. – further complicated on the international level where some societies may tolerate, or even condone, certain behaviors
Example: Antigua, Caracas, and the Dominican Republic all challenge American sovereignty over wagers placed by Americans through online casinos and sports books
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Intangibility of evidence
patrol officers unsure as to recognition of evidence
patrol officers unsure of method of preservation of evidence
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost/benefit to perpetrator
much less expensive AND the risk of successful prosecution is slight
do not need method of transportation do not need funds do not need storage capabilities are not labor intensive and can be
committed alone
All these significantly decrease the risk to the deviant and severely hamper law enforcement efforts.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Perceived insignificance and stereotypes
stereotypes of computer criminals often involve non-threatening, physically challenged individuals (i.e., “computer geeks”)
stereotypes of computer crimes usually involve hacking and improper use
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Prosecutorial Reluctance
Apathy (or perhaps laziness)
Lack of concern of constituents
Lack of cooperation in extradition requests
Victim’s reluctance to prosecute
Labor intensive nature of case preparation
Lack of resources for offender tracking
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Lack of Reporting Fortune 500 companies
have been electronically compromised to the tune of at least $10 Billion/year
Although this number is increasing, early studies indicated that only 17% of such victimizations were reported to the police.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Reasons for non-reporting:
Consumer confidence – must assure consumers that their personal data is safe. (ex., Citibank)
Corporate interests – do not want to lose control over their investigation. They wish to control level of access and scope of investigation. They naively believe that if criminal activity is uncovered, they can simply report their findings to the police.
Cost/benefit analysis – believe that the low likelihood of enforcement and prosecution vs. the high likelihood of lost consumer confidence is simply not worth it
Jurisdictional uncertainty – many companies are unclear as to which agency to report to.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Jurisprudential inconsistency
The Supreme Court has denied certiorari on the vast majority of cases, resulting in a patchwork of law across the United States.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Lack of Resources
1. Traditional budget constraints2. Nature of technology3. Cost of training4. Cost of additional personnel5. Cost of hardware6. Cost of software7. Cost of laboratory8. Inability to compete with private industry
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Traditional Budget Constraints
Law enforcement has always been significantly under funded: the public unwilling to expend community funds on LE training, personnel, and technology.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Nature of technology
Always changing requires perpetual training.
(ex. Wireless technologies and emerging encryption and steganography programs are increasingly common and have complicated LE efforts)
Thus, training soon becomes obsolete
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost of Training
Extremely expensive – NTI, for example, charges more than $1500 per person. Coupled with per diem expenses and the cost of software licenses, this training is all but out of reach for many agencies.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost of additional personnel
For every officer transferred to technology crime, another must be recruited, hired, and trained to take his/her place.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost of hardware
equipment soon becomes obsolete, precluding the purchase of pricey components
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost of software Forensic software is extremely
expensive. Products by Guidance Software, NTI, and AccessData packages exceed several hundred dollars for a single license! Minimum requirements include: data duplication, data verification, data capture, data recovery, data preservation, and data analysis. In addition, password cracking, text searching, and document viewing tools are needed.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Cost of laboratory
Must find appropriate, unallocated space within or outside of the department (discussed in detail in Chapter 9)
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Inability to compete with corporations
Individuals with forensic training are highly prized by corporations. Since they can afford to offer high salaries and lucrative benefit packages, they can successfully lure officers into private practice.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Extent of the problem
Computer crimes range in severity from nuisance activity (i.e., spamming, etc.) to computer-assisted criminal activity (i.e., burglary, fraud, etc.) to computer-initiated criminal activity (i.e., embezzlement, fraud, etc.).
Purposes include: white collar crime, economic espionage, organized crime, foreign intelligence gathering, terrorism, sexual deviance, and technologically innovated traditional crime.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Computers as targets
Phreaking Viruses and worms Trojans and hacking Miscellaneous
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Phreaking
phreaking – activity in which telecommunications systems are manipulated and ultimately compromised – the precursor to contemporary hacking
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Viruses and worms
viruses and worms – increasingly popular, they pose significant concerns for individuals, businesses, universities, and governments. (ex. “Love Bug” affected at least 45 million computers and caused billions of dollars in damages.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Trojans and hacking
Tools for stealing data are readily available for download from the Internet (including, BackOrifice, NetBus, and DeepThroat). Such theft poses significant concern for corporations and governments, as trade secrets and public infrastructures are at risk.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Other Activities
Software piracy, trafficking in stolen goods, etc. (discussed in detail in Chapter 4)
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Computers as instruments
(discussed in detail in chapter 4)
a. Embezzlementb. Stalkingc. Gamblingd. Child pornographye. Counterfeitingf. Fraud
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Computers as incidentals
(discussed in detail in Chapter 4)
a. bookmakingb. narcotics trafficking c. homicide
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Estimates of Computer Crime Estimates of computer crime are poor at
best: Actual costs range from $15 to $250 billion Businesses affected range from 25% to 99% More than ½ of businesses spend 5% or less of their IT budget on security. A 185% increase in KP cases in one year!
Estimated that one KP bulletin board was accessed by over 250 users a day.
Computer Forensics and Cyber CrimeBritz
PRENTICE HALL©2004 Pearson Education,
Inc.
Extent of business victimization
25% of respondents detected external system penetration
27% detected denial of service 79% detected employee abuse of Internet
privileges 85% - detected viruses 19% suffered unauthorized use 19% reported 10 or more incidents 35% reported 2-5 incidents 64% of those acknowledging an attack
reported Web-site vandalism 60% reported denial of service over 260 million dollars in damages were
reported by those with documentation