Chapter 3 - Computer and Internet Crime

Chapter 3 - Computer and
Internet Crime
1.
2.
3.
4.
5.
6.
Discuss key trade-offs and ethical issues associated

with safeguarding of data and information systems.
Identify reasons for the increase in the number of
Internet-related security incidents.
Describe the most common types of computer
security attacks.
Outline the characteristics of common perpetrators
including their objectives, available resources,
willingness to accept risk, and frequency of attack.
Describe a multi-level process for managing
Internet vulnerabilities based on the concept of
reasonable assurance.
Outline the actions that must be taken in response
to a security incident.

Internet Crime
Year
Number of Incidents Reported
2003
2002
137,529
82,094
2001
2000
52,658
21,756
1999
9,859
1998
3,734
1997
2,134
Total: 1988-2003: 319,992
Source: CERT Web site at www.CERT.org/stats

Internet Crime
1.
2.
3.
4.
Increasing complexity increases

vulnerability.
Higher computer user
expectations
Expanding and changing
environment introduces new
risks.
Increased reliance on
commercial software with known
vulnerabilities.
Internet Crime
Virus
Worm
Trojan
Horse
Botnets
Denial-of-Service Attacks
Rootkits
Spam
Phishing
Internet Crime
The
term computer virus is an

umbrella term used for many
types of malicious code.
A virus is usually a piece of
programming code that causes
some unexpected and usually
undesirable event.
Most viruses deliver a payload
or malicious act.
Internet Crime
Viruses
may execute and affect

your computer in many different
ways.
Replicate themselves
Reside in memory and infect other
files
Modify and/or create new files
Most common viruses are macro viruses.

These viruses use an application language
such as VBScript to infect and replicate
documents and templates.
Internet Crime
A worm is a computer program, which

replicates itself and is self-propagating.
Worms, as opposed to viruses, are meant to
spawn in network environments.
(http://www.easydesksoftware.com/glossary.htm)
Worms are also harmful and they differ from
standard viruses in that they have this ability
to self-propagate without human
intervention.

Internet Crime
Trojan horse is a program that

gets secretly installed on a
computer, planting a harmful
payload that can allow the hacker
to do such things as steal
passwords or spy on users by
recording keystrokes and
transmitting them to a third party.
Internet Crime
logic bomb is a type of Trojan

horse that executes when a
specific condition occurs.
Logic bombs can be triggered by
a change in a particular file,
typing a specific series of key
strokes, or by a specific time or
date.
Internet Crime
10
A botnet is a large group of computers

controlled from one or more remote
locations by hackers without the knowledge
or consent of their owners.
They are frequently used to distribute spam
and malicious code.

Internet Crime
11
A denial-of-service attack is one in which a

malicious hacker takes over computers on
the Internet and causes them to flood a
target site with demands for data and other
tasks.
SCO and Microsoft MyDoom.a and .b
Denial of service does not involve a
computer break-in; it simply keeps the
target machine so busy responding to the
automated requests that legitimate users
cannot get work done.
Internet Crime
12
Zombies
are computers that send

these requests.
Spoofing is the practice of putting
a false return address on a data
packet.
Filtering is the process of
preventing packets with false IP
addresses from being passed on.
Internet Crime
13
A rootkit is a set of programs that enables its

user to gain administrator level access to a
computer without the end users consent or
knowledge.
Once installed, the attacker can gain full
control of the system and even obscure the
presence of the rootkit from legitimate system
administrators.
Attackers can use the rootkit to execute files,
access logs, monitor user activity, and change
the computers configuration.

Internet Crime
14
E-mail Spam is the abuse of e-mail systems

to send unsolicited e-mail to large numbers
of people.
Most spam is a form of low-cost commercial
advertising, sometimes for questionable
products such as pornography, phony getrich-quick schemes, and worthless stock.
Spam is also an extremely inexpensive
method of marketing used by many
legitimate organizations.

Internet Crime
15
Phishing is the act of using e-mail

fraudulently to try to get the recipient to
reveal personal data.
In a phishing scam, con artists send
legitimate looking e-mails urging the
recipient to take action to avoid a negative
consequence or to receive a reward.
The requested action may involve clicking
on a link to a Web site or opening an e-mail
attachment.

Internet Crime
16
Type of
perpetrator
Objective
Resources available to
perpetrator
Level of risk
taking
acceptable to
perpetrator
Frequency of
Attack
Hacker
Test limits of system, gain publicity
Limited
Minimal
High
Cracker
Cause problems, steal data, corrupt

systems
Limited
Moderate
Medium
Malicious
Insider
Financial gain or disrupt companys

information systems
Knowledge of systems
and passwords
Moderate
Low
Industrial spy
Capture trade secrets or gain

competitive advantage
Well funded, well trained
Minimal
Low
Cybercriminal
Financial gain
Well funded, well trained
Moderate
Low
Cyberterrorist
Cause destruction to key

infrastructure components
Not necessarily well

funded nor well trained
Very high
Low
See: Three Blind Phreaks

Internet Crime
17
hacker is an individual who

tests the limitations of systems
out of intellectual curiosity.
Unfortunately, much of what
hackers (and crackers) do is
illegal.
Breaking into networks and systems.

Defacing web pages.
Crashing computers.
Spreading harmful programs or hate messages.
Internet Crime
18
Crackers
are hackers who break
code.
Malicious insiders are a security
concern for companies.
Insiders may be employees,
consultants, or contractors.
They have knowledge of
internal systems and know
where the weak points are.
Internet Crime
19
Malicious insiders are the number one

security concern for companies.
Industrial spies use illegal means to obtain
trade secrets from the competitors of firms for
which they are hired.
Cybercriminals are criminals who hack into
computers and steal money.
Cyberterrorists are people who intimidate or
coerce a government to advance their
political or social objectives by launching
attacks against computers and networks.

Internet Crime
20
Fraud is obtaining title to property through

deception or trickery.
To prove fraud four elements must be
shown:
The wrongdoer made a false representation of

the material fact.
The wrongdoer intended to deceive the innocent
party.
The innocent party justifiably relied on the
misrepresentation.
The innocent party was injured.

Internet Crime
21
Competitive intelligence uses legal

techniques to gather information that is
available to the public.
Participants gather and analyze information
from financial reports, trade journals, public
filings, and printed interviews with company
officials.
Trustworthy computing is a method of
computing that delivers secure, private, and
reliable computing experiences based on
sound business practices; this is what
organizations worldwide are demanding
today.

Internet Crime
22
Risk assessment is an organizations review of

the potential threats to its computer and
network and the probability of those threats
occurring.
Establish a security policy that defines the
security requirements of an organization and
describes the controls and sanctions to be used
to meet those requirements.
Educate employees, contractors, and part-time
workers in the importance of security so that
they will be motivated to understand and follow
security policy.

Internet Crime
23
Intrusion prevention system work to prevent an

attack by blocking viruses, malformed packets, and
other threats from getting into the protected
network.
Install a corporate firewall.
Install anti-virus software on personal computers.
Anti-virus software scans for a specific sequence of
bytes, known as a virus signature, that indicates the
presence of specific virus.
Implement safeguards against attacks by malicious
insiders.
Address the most critical Internet security threats.
Conduct periodic IT security audits that evaluates
whether an organization has a well-considered
security policy in place and if it is being followed.
Internet Crime
24
Intrusion detection systems monitor

system and network resources and
activities and, using information gathered
from theses sources, they notify authorities
when they identify a possible intrusion.
Honeypot is a computer on your network
that contains no data or applications
critical to the company but has enough
interesting data to lure intruders so that
they can be observed in action.

Internet Crime
25
Incident notification is the plan and process

used to notify company individuals when a
computer attack has happened. In addition,
your company should be prepared to:
Protect evidence and activity logs

An organizations should document all details of a
security incident as it works to resolve the
incident. It is especially important to capture
all system events, the specific actions taken
(what, when, and who), and all external
conversations (what, when, and who) in a
logbook. Because this may become court
evidence, an organization should establish a
set of document handling procedures using the
legal department as a resource.
Internet Crime
26
Incident containment
-
It is necessary to act quickly to contain an

attack and to keep a bad situation from
becoming even worse.
The response plan should clearly define the
process for deciding if an attack is dangerous
enough to warrant shutting down or
disconnecting critical systems from the
network.

Internet Crime
27
Incident eradication
Before the IT security group begins the
eradication effort, it must collect and log all
possible criminal evidence from the system,
and then verify the all necessary backups
are current, complete, and free of any virus.
Creating a forensic disk image of each
compromised system on write-only media
both for the later study and as evidence can
be very useful.

Internet Crime
28
Incident
-
follow-up
An essential part of follow-up is to determine

how the organizations security was
compromised so that it does not happen
again. Often the fix is as simple as getting a
software patch from product vendor.
A review should be conducted after an
incident to determine exactly what happened
and to evaluate how the organization
responded.
Internet Crime
29
Business
managers, IT
professionals, and IT users all
face a number of ethical
decisions regarding IT security.
The increased complexity of the
computing environment has led
to an increase in the number of
security related issues.
Internet Crime
30
Common computer attacks

include viruses, worms, Trojan
horses, and denial-of-service
attacks.
Computer hackers include
general hackers, crackers, and
malicious insiders.
Internet Crime
31
A strong security program is a

safeguard for a companys
systems and data.
An incident response plan
includes:
Protect evidence and activity logs.

Incident containment.
Incident eradication.
Incident follow-up.

Internet Crime
32
On
October 27, 2000, Microsoft

acknowledges that its security
had been breached and that
outsiders using a Trojan house
virus had been able to view
source code for computer
programs under development .
Internet Crime
33
Visa-branded
credit cards generate

almost $2 trillion in annual volume
and are acceptable at over 22
million location around the world.
Visa is reviewing new ways of
authenticating user transactions.
Internet Crime
34

Chapter 3 - Computer and Internet Crime

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Chapter 3 - Computer and Internet Crime

Încărcat de

Drepturi de autor:

Formate disponibile

Chapter 3 - Computer and

Discuss key trade-offs and ethical issues associated