cyber security

Computer Forensics and Cyber CrimeBritz

PRENTICE HALL©2004 Pearson Education, Inc.

Introduction


PRENTICE HALL©2004 Pearson Education,

Inc.

Cyberspace and Criminal Behavior

History has shown periods of enlightenment and progress

Industrial revolution – brought automation of tasks, etc.

increased public knowledge (i.e. printing press made information available to the masses

increased medical services due to enhanced communication and transportation



Inc.

Advantages of the Information Revolution: Commerce Research Education Public knowledge Entertainment Public discourse Health Multiculturalism Law enforcement



Inc.

Negative Results Cyber-dependence and incompetence – has decreased the

ability of students to conduct independent research; led to a decrease in verification of sources; obliterated traditional methods of academic inquiry

Erosion of physical health – has created a sedentary lifestyle Reduction of interpersonal communications – has created a

reliance on electronic communication at the expense of interpersonal communication.

Deviance and crime – anonymity promotes deviant behavior while creating elevated levels of vulnerability in unsuspecting users; global interconnectivity enhances potential gain from criminal activity



Inc.

Cyberspace and Criminal Behavior

Cyberspace – the place between

places; the indefinite place

where individuals transact and communicate



Inc.

Intangibility of electronic communications

Not really a new concept – traditional communications have fallen within this existential space

Telephonic communications, for example, cross both time and space and were predated by wire exchanges

However, the physicality of virtual world has increased with the Internet due to the convergence of audio, video, and data

No other medium of communication has provided such potentiality.



Inc.

Privacy vs. protection debate rages over

the level of supervision appropriate in this medium. Privacy advocates include: The Grateful Dead’s David Barlow, and Lotus inventor, Mitchell Kapor – co-founders of the Electronic Frontier Foundation.



Inc.

Government’s position

• Such potentiality must be monitored to prevent the exploitation and victimization of innocents

• Critics – have suggested that the government has been too zealous in its pursuit of security. They have described their approach as Orwellian, citing Steve Jackson Games, Inc. v. U.S. Secret Service as an example.



Inc.

Privacy Advocates Position

• Any supervision and/or government oversight abridges the 1st Amendment, and should be prohibited as a matter of law.

• Critics – have suggested that their position is untenable as it fails to recognize the dangers inherent in anonymous communication. They argue that an unregulated global exchange encourages deviance.



Inc.

No compromise has yet been reached.



Inc.

Clarification of terms



Inc.

Traditional Definitions of

Computer Crime Computer Related Crime

Cybercrime



Inc.

Computer Crime

Any criminal act committed via

computer



Inc.

Computer Related Crime

any criminal act in which a computer is involved, however peripherally



Inc.

Cybercrime

Any abuse or misuse of computer systems which result in direct

and/or concomitant losses



Inc.

Problems with definitions

definitions vary by agency, legislation, and enforcement

can not be used to replace traditional statutes extortion is extortion is extortion regardless

of the method employed to communicate the threat.

TERMS WILL BE USED INTERCHANGEABLY



Inc.

Traditional Problems Associated With Computer Crime

While criminals have always displayed an ability to adapt to changing technologies, law enforcement agencies and government institutions, bound by bureaucracy, have not.

Computer crime, in particular, has proven a significant challenge to LE personnel for a variety of reasons.



Inc.

Traditional Problems Associated with Computer Crime

Physicality and jurisdictional concerns Lack of communication b/w agencies Physicality and jurisdictional concerns Intangibility of physical evidence Lack of communication between

agencies Inconsistency of law and community

standards Intangibility of evidence Cost/benefit to perpetrator



Inc.

Physicality and Jurisdictional Concerns

intangibility of activity and location are not provided for by law – individuals sitting at their desk can enter various countries without the use of passports or documentation.

vicinage – an element necessary for successful prosecution requires the specification of the crime scene (physical not virtual), i.e., “ Where did the crime actually occur?” If a Citadel cadet from 4th Battalion illegally transferred money from The Bank of Sicily to The Bank of London, where did the crime occur? Which laws apply?



Inc.

Jurisdiction

Which agency is responsible for the investigation of a particular incident.

Using the previous example, which agency has primary jurisdiction over the thief?



Inc.

Lack of communication between agencies

i.e., traditional lack of collaboration

further compounded by

the introduction of international

concerns



Inc.

Inconsistency of law and community standards

i.e., definitions of obscenity, criminality, etc. – further complicated on the international level where some societies may tolerate, or even condone, certain behaviors

Example: Antigua, Caracas, and the Dominican Republic all challenge American sovereignty over wagers placed by Americans through online casinos and sports books



Inc.

Intangibility of evidence

patrol officers unsure as to recognition of evidence

patrol officers unsure of method of preservation of evidence



Inc.

Cost/benefit to perpetrator

much less expensive AND the risk of successful prosecution is slight

do not need method of transportation do not need funds do not need storage capabilities are not labor intensive and can be

committed alone

All these significantly decrease the risk to the deviant and severely hamper law enforcement efforts.



Inc.

Perceived insignificance and stereotypes

stereotypes of computer criminals often involve non-threatening, physically challenged individuals (i.e., “computer geeks”)

stereotypes of computer crimes usually involve hacking and improper use



Inc.

Prosecutorial Reluctance

Apathy (or perhaps laziness)

Lack of concern of constituents

Lack of cooperation in extradition requests

Victim’s reluctance to prosecute

Labor intensive nature of case preparation

Lack of resources for offender tracking



Inc.

Lack of Reporting Fortune 500 companies

have been electronically compromised to the tune of at least $10 Billion/year

Although this number is increasing, early studies indicated that only 17% of such victimizations were reported to the police.



Inc.

Reasons for non-reporting:

Consumer confidence – must assure consumers that their personal data is safe. (ex., Citibank)

Corporate interests – do not want to lose control over their investigation. They wish to control level of access and scope of investigation. They naively believe that if criminal activity is uncovered, they can simply report their findings to the police.

Cost/benefit analysis – believe that the low likelihood of enforcement and prosecution vs. the high likelihood of lost consumer confidence is simply not worth it

Jurisdictional uncertainty – many companies are unclear as to which agency to report to.



Inc.

Jurisprudential inconsistency

The Supreme Court has denied certiorari on the vast majority of cases, resulting in a patchwork of law across the United States.



Inc.

Lack of Resources

1. Traditional budget constraints2. Nature of technology3. Cost of training4. Cost of additional personnel5. Cost of hardware6. Cost of software7. Cost of laboratory8. Inability to compete with private industry



Inc.

Traditional Budget Constraints

Law enforcement has always been significantly under funded: the public unwilling to expend community funds on LE training, personnel, and technology.



Inc.

Nature of technology

Always changing requires perpetual training.

(ex. Wireless technologies and emerging encryption and steganography programs are increasingly common and have complicated LE efforts)

Thus, training soon becomes obsolete



Inc.

Cost of Training

Extremely expensive – NTI, for example, charges more than $1500 per person. Coupled with per diem expenses and the cost of software licenses, this training is all but out of reach for many agencies.



Inc.

Cost of additional personnel

For every officer transferred to technology crime, another must be recruited, hired, and trained to take his/her place.



Inc.

Cost of hardware

equipment soon becomes obsolete, precluding the purchase of pricey components



Inc.

Cost of software Forensic software is extremely

expensive. Products by Guidance Software, NTI, and AccessData packages exceed several hundred dollars for a single license! Minimum requirements include: data duplication, data verification, data capture, data recovery, data preservation, and data analysis. In addition, password cracking, text searching, and document viewing tools are needed.



Inc.

Cost of laboratory

Must find appropriate, unallocated space within or outside of the department (discussed in detail in Chapter 9)



Inc.

Inability to compete with corporations

Individuals with forensic training are highly prized by corporations. Since they can afford to offer high salaries and lucrative benefit packages, they can successfully lure officers into private practice.



Inc.

Extent of the problem

Computer crimes range in severity from nuisance activity (i.e., spamming, etc.) to computer-assisted criminal activity (i.e., burglary, fraud, etc.) to computer-initiated criminal activity (i.e., embezzlement, fraud, etc.).

Purposes include: white collar crime, economic espionage, organized crime, foreign intelligence gathering, terrorism, sexual deviance, and technologically innovated traditional crime.



Inc.

Computers as targets

Phreaking Viruses and worms Trojans and hacking Miscellaneous



Inc.

Phreaking

phreaking – activity in which telecommunications systems are manipulated and ultimately compromised – the precursor to contemporary hacking



Inc.

Viruses and worms

viruses and worms – increasingly popular, they pose significant concerns for individuals, businesses, universities, and governments. (ex. “Love Bug” affected at least 45 million computers and caused billions of dollars in damages.



Inc.

Trojans and hacking

Tools for stealing data are readily available for download from the Internet (including, BackOrifice, NetBus, and DeepThroat). Such theft poses significant concern for corporations and governments, as trade secrets and public infrastructures are at risk.



Inc.

Other Activities

Software piracy, trafficking in stolen goods, etc. (discussed in detail in Chapter 4)



Inc.

Computers as instruments

(discussed in detail in chapter 4)

a. Embezzlementb. Stalkingc. Gamblingd. Child pornographye. Counterfeitingf. Fraud



Inc.

Computers as incidentals

(discussed in detail in Chapter 4)

a. bookmakingb. narcotics trafficking c. homicide



Inc.

Estimates of Computer Crime Estimates of computer crime are poor at

best: Actual costs range from $15 to $250 billion Businesses affected range from 25% to 99% More than ½ of businesses spend 5% or less of their IT budget on security. A 185% increase in KP cases in one year!

Estimated that one KP bulletin board was accessed by over 250 users a day.



Inc.

Extent of business victimization

25% of respondents detected external system penetration

27% detected denial of service 79% detected employee abuse of Internet

privileges 85% - detected viruses 19% suffered unauthorized use 19% reported 10 or more incidents 35% reported 2-5 incidents 64% of those acknowledging an attack

reported Web-site vandalism 60% reported denial of service over 260 million dollars in damages were

reported by those with documentation

Documents

cyber security