Embed Size (px)
Citation preview
COMPUTER CRIMECOMPUTER CRIME
An OverviewAn Overview
AgendaAgenda
Background and History
Potential Criminals
Ethics Survey
Criminal Activity
Preventative Measures
Background and History
Potential Criminals
Ethics Survey
Criminal Activity
Preventative Measures
Evolution of the Information AgeEvolution of the Information Age
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Growth Projections
Internet
The Inevitable
Growth Projections
Internet
The Inevitable
Escalation and FrequencyEscalation and Frequency5-year increase5-year increase
0
500
1000
1500
2000
2500
1990 1995
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Escalation and FrequencyEscalation and FrequencyFBI Computer Crimes
Division Reports:
•15 security breaches every day
•75% annual increase in recent years
FBI Computer Crimes Division Reports:
•15 security breaches every day
•75% annual increase in recent years
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Escalation and FrequencyEscalation and FrequencyDepartment of Defense StudyDepartment of Defense StudyDepartment of Defense StudyDepartment of Defense Study
7860
7470
390390
10721072
# of successful system# of successful system attacks (8932 attempts)attacks (8932 attempts)
# of detections (out of # of detections (out of 7860 successful attempts)7860 successful attempts)
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Intrusion CostsIntrusion CostsErnst and Young Survey:
• More than 1/2 incurred a loss
• Each loss exceeded $100,000
• Seventeen losses exceeded $1,000,000
Ernst and Young Survey:
• More than 1/2 incurred a loss
• Each loss exceeded $100,000
• Seventeen losses exceeded $1,000,000
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Case StudyCase StudyHacker Penetrates Citibank SystemHacker Penetrates Citibank System
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
Case StudyCase StudyHacker Penetrates Citibank SystemHacker Penetrates Citibank System
I. Background & HistoryI. Background & History I. Background & HistoryI. Background & History
The criminals
The crime
The result
The criminals
The crime
The result
Employees/Ex-employeesEmployees/Ex-employees
% of crimes committed % of crimes committed
80%80%
II. Potential CriminalsII. Potential Criminals II. Potential CriminalsII. Potential Criminals
•UsersUsers•AnalystsAnalysts•ProgrammersProgrammers
20%20%
Case StudyCase StudyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics Survey
# Agreeing % Agreeing
1. A person is justified 11 5%in making copies of
employers software.
2. I would copy software 75 41%(illegally) for my use.
3. A user is justified in 6 3%accessing / using theservices ( of anothercompany’s computer ) to his advantage.
# Agreeing % Agreeing
1. A person is justified 11 5%in making copies of
employers software.
2. I would copy software 75 41%(illegally) for my use.
3. A user is justified in 6 3%accessing / using theservices ( of anothercompany’s computer ) to his advantage.
# Agreeing % Agreeing
1. A person is justified 11 5%in making copies of
employers software.
2. I would copy software 75 41%(illegally) for my use.
3. A user is justified in 6 3%accessing / using theservices ( of anothercompany’s computer ) to his advantage.
# Agreeing % Agreeing
1. A person is justified 11 5%in making copies of
employers software.
2. I would copy software 75 41%(illegally) for my use.
3. A user is justified in 6 3%accessing / using theservices ( of anothercompany’s computer ) to his advantage.
Case StudyCase StudyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics Survey
# Agreeing % Agreeing4. I would crack a com- 15 7%
puter if I knew how.
5. There is nothing wrong 21 10%in writing a virus programto output the message“Have a nice day.”
6. Management can be so 15 7%unfair at times that a person can be justified inerasing files.
# Agreeing % Agreeing4. I would crack a com- 15 7%
puter if I knew how.
5. There is nothing wrong 21 10%in writing a virus programto output the message“Have a nice day.”
6. Management can be so 15 7%unfair at times that a person can be justified inerasing files.
Case StudyCase StudyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics SurveyIII. Ethics Survey
# Agreeing % Agreeing
7. I would adjust a 15 7%system to avoid an account service chargefor an overdrawnchecking account.
8. There is nothing wrong 13 6%
with cracking anothercompany’s computer toidentify other customersto sell to.
# Agreeing % Agreeing
7. I would adjust a 15 7%system to avoid an account service chargefor an overdrawnchecking account.
8. There is nothing wrong 13 6%
with cracking anothercompany’s computer toidentify other customersto sell to.
HackingHacking
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
The technical-minded crime The technical-minded crime
VirusesViruses
Nondestructive or Malevolent
Nondestructive or Malevolent
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
Trojan HorseTrojan Horse History
Vehicle for viruses and logic bombs
History
Vehicle for viruses and logic bombs
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
Fraud and AbuseFraud and Abuse
Case StudiesCase Studies
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
Race Track Trifecta
Huntsville Prison
Robin Hood of Northwest
Race Track Trifecta
Huntsville Prison
Robin Hood of Northwest
TheftTheftUnauthorized
software duplication
Unauthorized software duplication
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
Corporate EspionageCorporate Espionage
Increasing
Threat
Increasing
Threat
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
SabotageSabotage
25% of all crime committed 25% of all crime committed
25%25%
IV. Criminal ActivityIV. Criminal Activity IV. Criminal ActivityIV. Criminal Activity
7575%%
Education and TrainingEducation
and Training A Logical First Step A Logical First Step
V. Preventative MeasuresV. Preventative Measures V. Preventative MeasuresV. Preventative Measures
Education and TrainingEducation and Training10 Suggestions from Ernst and Young:
Confidentiality Statements
Regular Back-Ups
Policies and Procedures
Control Intranet Access.
Boot-level Passwords
10 Suggestions from Ernst and Young:
Confidentiality Statements
Regular Back-Ups
Policies and Procedures
Control Intranet Access.
Boot-level Passwords
V. Preventative MeasuresV. Preventative Measures V. Preventative MeasuresV. Preventative Measures
Education and TrainingEducation and Training10 Suggestions from E & Y (continued):
Control Internet Access
Restrict Use of Internet
Classify Data
Secure All Computers
Require file-level Passwords
10 Suggestions from E & Y (continued):
Control Internet Access
Restrict Use of Internet
Classify Data
Secure All Computers
Require file-level Passwords
V. Preventative MeasuresV. Preventative Measures V. Preventative MeasuresV. Preventative Measures
SoftwareSoftware
A Variety to Choose From
Positive Results
• Indianapolis Power & Light case study
A Variety to Choose From
Positive Results
• Indianapolis Power & Light case study
V. Preventative MeasuresV. Preventative Measures V. Preventative MeasuresV. Preventative Measures
Legal RamificationsLegal Ramifications A Better Prepared Law
Enforcement
New Laws With Harsher Penalties
A Better Prepared Law Enforcement
New Laws With Harsher Penalties
V. Preventative MeasuresV. Preventative Measures V. Preventative MeasuresV. Preventative Measures
