Upload
crimelove
View
14
Download
0
Embed Size (px)
DESCRIPTION
computer crime and its defination
Citation preview
1
Philippine College of Criminology 641 Sales Street in Sta. Cruz, Manila
Prepared By: Lover D. Madrilejos
Professor: Dr. Rodolfo Sebastian
INTRODUCTION
Cyber-Crime
2
Crime and criminality have been associated with man since his fall. Crime remains elusive and ever strives to hide itself in the face of development. Different nations have adopted different strategies to contend with crime depending on their nature and extent. One thing is certain, it is that a nation with high incidence of crime cannot grow or develop. That is so because crime is the direct opposite of development. It leaves a negative social and economic consequence.
What is Cyber Crime?
CYBERCRIME
Is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. It is very difficult to classify crimes in general into distinct groups as many crimes evolve on a daily basis. Even in the real world, crimes like rape, murder or theft need not necessarily be separate. However, all cybercrimes involve both the computer and the person behind it as victims; it just depends on which of the two is the main target. Hence, the computer will be looked at as either a target or tool for simplicity’s sake. For example, hacking involves attacking the computer’s information and other resources. It is important to take note that overlapping occurs in many cases and it is impossible to have a perfect classification system.
Cyber-crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber-crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber-crimes when the illegal activities are committed through the use of a computer and the Internet.
Crime ware
A type of malicious software that is designed to commit crimes on the Internet. Crimeware may be a virus, spyware or other deceptive piece of software that can be used to commit identity theft and fraud.
Cyberprise
Slang term used to describe the merging of cyberspace and the enterprise.
The term cyberprise was first trademarked by the company Wall Data Inc., which used the word as its product name. Wall Data's Cyberprise is a suite of tools used for creating multiple online communities that include an enterprise's customers, vendors and partners. In 1999, Wall Data was acquired by NetManage, Inc.
What is Computer Crime?
• Any crime in which computer-related technology is encountered.
• The commission of illegal acts through the use of a computer or against a computer system.
Types of Computer Crime
• Business attacks
• Financial attacks
3
• Terrorist attacks
• Grudge attacks
• Fun attacks
Most Common Computer Crimes
• Fraud by computer manipulation
• Computer forgery
• Damage to or modifications of computer data or programs
• Unauthorized access to computer systems and service
• Unauthorized reproduction of legally protected computer programs
Computer Crimes Are Hard to Prosecute
• Lack of understanding
• Lack of physical evidence
• Lack of recognition of assets
• Lack of political impact
• Complexity of case
• Juveniles
Computer Criminals Are Hard to Catch
Multinational activity
No international laws for computer crimes
Complexity
Networked attacks hard to trace
Spam is Hostile
You pay for Spam, not Spammers
Email costs are paid by email recipients
Spam can be dangerous
Never click on the opt-out link!
May take you to hostile web site where mouse-over downloads an .exe
Tells spammers they found a working address
They won’t take you off the list anyway
4
What should you do?
Filter it out whenever possible
Keep filters up to date
If you get it, just delete the email
Wi-Fi High Jacking
60-70% wireless networks are wide open
Why are the Wi-Fi networks unprotected?
Most people say “Our data is boring”
But… criminals look for wireless networks to commit their crimes
And… the authorities will come knocking on your door…..
Protect your Computers!
Use anti-virus software and firewalls - keep them up to date
Keep your operating system up to date with critical security updates and patches
Don't open emails or attachments from unknown sources
Use hard-to-guess passwords. Don’t use words found in a dictionary? Remember that password cracking tools exist
Back-up your computer data on disks or CDs often
Don't share access to your computers with strangers
If you have a wi-fi network, password protect it
Disconnect from the Internet when not in use
Reevaluate your security on a regular basis
Make sure your employees and family members know this info too!
5
Internet Infrastructure in INDIA
The Complexity of Today’s Network
Changes Brought in IT Large network as backbone for
connectivity across the country Multiple Service providers for
providing links – BSNL, MTNL, Reliance, TATA, Rail Tel
Multiple Technologies to support network infrastructure CDMA, VSAT, DSL
Multiple Applications
6
Trends shaping the future
Ubiquitous computing, networking and mobility
Embedded Computing Security IPv6 VoIP
Cyber Threat Evolution
`
` ` `
` ` `
Network Infrastructure
Router
Extranet Servers
Servers
Laptops
Desktops
BranchOffices
Router
Router
Router
RouterUnmanaged Devices
Home Users
Remote Workers
BranchOffices
PerimeterNetwork
Internet
New PC
UnmanagedDevice
Intranet
InternetRouter
7
Trends of Incidents
Phishing
o Increase in cases of fast-flux phishing and rock-phish
o Domain name phishing and Registrar impersonation
o Crimeware
o Targeting personal information for financial frauds
o Information Stealing through social networking sites
Rise in Attack toolkits
o Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global Attack Trend
VirusIdentity Theft
(Phishing)
Organized crime Data
Theft, DoS/DDoS
Malicious Code (Melissa) (Melissa)
2000 2003-04 2005-06 2007-08
Breaking Web sites
Advanced Worm /Trojan (I LOVE YOU)
1977 1995
8
Availability Authenticity AuthenticityINFORMATION
INFORMATION SECURITY
Top originating countries – Malicious code
9
Different Types of Cyber crime
Spam
• The most common type of cyber-crime is spam. While email spam laws are fairly new, there have been laws on the books regarding "unsolicited electronic communications" for many years.
Fraud
• Credit fraud is another common form of cyber-crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.
Cyber Bullying
• Harassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet.
Drug Trafficking
• Believe it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.
Availability Authenticity AuthenticityINFORMATION
Three faces of cyber crime
• Organized Crime• Terrorist Groups• Nation States
10
Cyber terrorism
• There are many forms of cyber terrorism. Sometimes it's a rather smart hacker breaking into a government website, other times it's just a group of like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal.
Piracy
• Far and away the most talked about form of cybercrime is thievery. Yes, downloading music from peer-to-peer websites is illegal and therefore a form of cybercrime
Mail Bombing
• Similar in some ways to a DoS attack
• A stream of large-sized emails are sent to an address, overloading the destination account
• This can potentially shut-down a poorly-designed email system or tie up the telecom channel for long periods
• Defense: email filtering
Break-Ins
• Hackers are always trying to break-in into Internet-connected computers to steal info or plant malicious programs
• Defense: Intrusion detectors
Credit Card Fraud (1)
• A thief somehow breaks into an ecommerce server and gets hold of credit numbers and related info
• The thief then uses that info to order stuff on the Internet
Credit Card Fraud (2)
• Alternatively, the thief may auction the credit card info on certain Web sites setup just for that purpose
• Defense: Use single-use credit card numbers for your Internet transactions
Software Piracy (1)
• Using a piece of SW without the author’s permission or employing it for uses not allowed by the author is SW piracy
• For whatever reason, many computer users do not consider it to be a serious crime, but it is!
Software Piracy (2)
• Only the large rings of illegal SW distributors are ever caught and brought to justice
• Defense: Various authentication schemes. They, however, are seldom used as they generally annoy the genuine users
Industrial Espionage
• Spies of one business monitoring the network traffic of their competitors
11
• They are generally looking for info on future products, marketing strategies, and even financial info
• Defense: Private networks, encryption, network sniffers
Web Store Spoofing
• A fake Web store (e.g. an online bookstore) is built
• Customers somehow find that Web site and place their orders, giving away their credit card info in the process
• The collected credit card info is either auctioned on the Web or used to buy goods and services on the Web
Viruses (1)
• Self-replicating SW that eludes detection and is designed to attach itself to other files
• Infects files on a computers through:
• Floppy disks, CD-ROMs, or other storage media
• The Internet or other networks
Viruses (2)
• Viruses cause tens of billions of dollars of damage each year
• One such incident in 2001 – the LoveBug virus – had an estimated cleanup/lost productivity cost of US$8.75 billion
• The first virus that spread world-wide was the Brain virus, and was allegedly designed by someone in Lahore
One Way of Classifying Viruses
• Malicious
– The type that grabs most headlines
– May destroy or broadcast private data
– May clog-up the communication channels
– May tie-up the uP to stop it from doing useful work
• Neutral
– May display an annoying, but harmless message
• Helpful
– May hop from one computer to another while searching for and destroying malicious viruses
Anatomy of a Virus
A virus consists of 2 parts:
12
• Transmission mechanism
• Payload
Transmission Mechanism
• Viruses attach themselves to other computer programs or data files (termed as hosts)
• They move from one computer to another with the hosts and spring into action when the host is executed or opened
Payload
• The part of the virus that generally consists of malicious computer instructions
• The part generally has two further components:
• Infection propagation component:
• This component transfers the virus to other files residing on the computer
• Actual destructive component:
• This component destroys data or performs or other harmful operations
Commonsense Guidelines (1)
Download SW from trusted sites only
Do not open attachments of unsolicited emails
Use floppy disks and CDROMs that have been used in trusted computers only
When transferring files from your computer to another, use the write-protection notches
Commonsense Guidelines (2)
1. Stay away from pirated SW
2. Regularly back your data up
3. Install Antivirus SW; keep it and its virus definitions updated
Antivirus SW
1. Designed for detecting viruses & inoculating
2. Continuously monitors a computer for known viruses and for other tell-tale signs like:
1. Most – but, unfortunately not all – viruses increase the size of the file they infect
2. Hard disk reformatting commands
3. Rewriting of the boot sector of a hard disk
3. The moment it detects an infected file, it can automatically inoculate it, or failing that, erase it
Other Virus-Like Programs
1. There are other computer programs that are similar to viruses in some ways but different in some others
13
2. Three types:
1. Trojan horses
2. Logic- or time-bombs
3. Worms
Trojan Horses
1. Unlike viruses, they are stand-alone programs
2. The look like what they are not
3. They appear to be something interesting and harmless (e.g. a game) but when they are executed, destruction results
Logic- or Time-Bombs
1. It executes its payload when a predetermined event occurs
2. Example events:
1. A particular word or phrase is typed
2. A particular date or time is reached
Worms
1. Harmless in the sense that they only make copies of themselves on the infected computer
2. Harmful in the sense that it can use up available computer resources (i.e. memory, storage, processing), making it slow or even completely useless