Computer Crime:Computer Crime: Crime of the Crime of the

Information AgeInformation Age

Valerie RussellValerie Russell

CSCI 030CSCI 030

DelahuntyDelahunty

22

What is computer crime?What is computer crime?

Computer crime is Computer crime is classified as a classified as a white-collar crime. white-collar crime.

It is a crime in It is a crime in which computers which computers are used as the are used as the instrument of the instrument of the offense, or in which offense, or in which computers are the computers are the object of the object of the offense. offense.

Computer crimes are generally placed in one of two categories: fraud or abuse.

33

Types of Computer CrimeTypes of Computer CrimeComputer as Computer as InstrumentInstrument

Computer as ObjectComputer as Object

Theft by computerTheft by computer(using computer as a tool (using computer as a tool to steal)to steal)

Damage to Damage to software/hardwaresoftware/hardware(physical or electronic (physical or electronic damage to computers or damage to computers or computer programs)computer programs)

Harassment/extortionHarassment/extortion(using computer as a (using computer as a means for intimidation or means for intimidation or threats)threats)

Data alterationData alteration(changing information for (changing information for undue advantage or undue advantage or revenge)revenge)

44

Areas of Computer CrimeAreas of Computer Crime

Currently, computer Currently, computer crime breaks down crime breaks down into six major areas:into six major areas:

Trespass, 2%Trespass, 2%Theft of or denial of Theft of or denial of

services, 10%services, 10%Alteration of data, 12%Alteration of data, 12%Damage to software, 16%Damage to software, 16%Theft of information or Theft of information or

programs, 16%programs, 16%Theft of money, 44%Theft of money, 44%

(Source: National Center for (Source: National Center for Computer Crime Data)Computer Crime Data)

Occurence of Crimeby percentage

Trespass

Theft of ordenial ofservicesAlteration ofdata

Damage tosoftware

Theft ofinformation orprogramsTheft ofmoney

55

Examples of “bad guy” Examples of “bad guy” trickstricks

BombBomb Data diddlingData diddling Denial of Service Denial of Service

(DOS) attack(DOS) attack PiggybackingPiggybacking Salami techniqueSalami technique ScavengingScavenging TrapdoorTrapdoor Trojan horseTrojan horse Zapping Zapping

66

Types of PerpetratorsTypes of Perpetrators

InsidersInsiders

-Work for the -Work for the company or company or organizationorganization

-Have access to the -Have access to the physical and physical and intellectual property intellectual property of their employersof their employers

-Are -Are trustedtrusted

MotivationsMotivations

-Financial gain-Financial gain

-Revenge-Revenge

-Curiosity-Curiosity

-Challenge of getting -Challenge of getting away with itaway with it

77

Types of Perpetrators Types of Perpetrators cont’dcont’d

OutsidersOutsiders--HackersHackers-Vendors-Vendors-Former employees-Former employees-Competitors-Competitors-Customers-Customers-Employees of associated -Employees of associated

businessesbusinesses-Terrorists-Terrorists-Consultants-Consultants-Political activists-Political activists-Foreign government agents-Foreign government agents

MotivationsMotivations-Same as insider motivations-Same as insider motivations-Revenge of a former -Revenge of a former

employeeemployee-Competitors wanting inside -Competitors wanting inside

informationinformation-New employees who provide -New employees who provide

information relative to information relative to their previous employertheir previous employer

-Political agenda-Political agenda-Nationalistic economic -Nationalistic economic

pressurespressures

88

HackersHackers

US Dept of Justice describes hackers as:US Dept of Justice describes hackers as:• Between 15-45 yrs oldBetween 15-45 yrs old• Predominantly men, with number of women Predominantly men, with number of women

increasingincreasing• No prior criminal recordNo prior criminal record• Target businesses and gov’t agencies’ systemsTarget businesses and gov’t agencies’ systems• Bright, motivated, willing to accept challengesBright, motivated, willing to accept challenges• Fear ridicule, exposure and loss of statusFear ridicule, exposure and loss of status• Usually work aloneUsually work alone• Hold a position of trust, usually first to arrive to Hold a position of trust, usually first to arrive to

work, last to leavework, last to leave• View criminal acts as a gameView criminal acts as a game

99

A Hacker’s MotivationA Hacker’s Motivation

To learn about computers To learn about computers as a hobbyas a hobby

To defy authorityTo defy authority To respond to a challengeTo respond to a challenge To “beat the system”To “beat the system” To cause disruptionTo cause disruption To show contempt for To show contempt for

othersothers To show how smart they To show how smart they

areare

1010

VirusesViruses

Virus software is probably the most Virus software is probably the most widely discussed class of computer widely discussed class of computer threat. threat.

In order to classify as a virus program, In order to classify as a virus program, the code in the program must be able the code in the program must be able to replicate or copy itself so as to to replicate or copy itself so as to spread through the infected machine spread through the infected machine or across to other machines. or across to other machines.

Not all viruses are destructive. Not all viruses are destructive.

1111

Types of VirusesTypes of Viruses

Beneficial virus Beneficial virus programprogram

Benign virus programBenign virus program Beastly virus Beastly virus

programs:programs: Boot infectionsBoot infections System infectorsSystem infectors Application program Application program

infectors infectors Data infectorsData infectors

1212

Typical VirusesTypical Viruses

FormForm MelissaMelissa RipperRipper JunkieJunkie MDMAMDMA Anti-CMOSAnti-CMOS ConceptConcept

MonkeyMonkey Cookie MonsterCookie Monster One_HalfOne_Half WazzuWazzu MichelangeloMichelangelo CascadeCascade JerusalemJerusalem

1313

Magnitude of the Computer Magnitude of the Computer Crime ProblemCrime Problem

The threat of computer crime is growing The threat of computer crime is growing as computers become a bigger part of our as computers become a bigger part of our everyday lives.everyday lives.

U.S. organizations lose billions of dollars U.S. organizations lose billions of dollars each year, but it is difficult to determine each year, but it is difficult to determine exactly how much for several reasons:exactly how much for several reasons:

1414

Magnitude of problem Magnitude of problem cont’d.cont’d.

Difficulty in detecting when a system has Difficulty in detecting when a system has been invaded or affected. been invaded or affected.

Those crimes that are detected are never Those crimes that are detected are never reported to the authorities an estimated reported to the authorities an estimated 85% of the time. 85% of the time.

1515

Investigating Computer Investigating Computer CrimeCrime

Determine that a crime has taken placeDetermine that a crime has taken place Preserve evidencePreserve evidence Estimate financial lossEstimate financial loss Determine expertise needed for Determine expertise needed for

assistanceassistance Identify suspects and witnessesIdentify suspects and witnesses File complaint and claimFile complaint and claim

1616

Prevention and SecurityPrevention and Security Protect with passwords to gain entry to Protect with passwords to gain entry to

system or sitesystem or site Anti-virus software and other security Anti-virus software and other security

softwaresoftware Secured waste, paper shreddingSecured waste, paper shredding Back up filesBack up files Protect personal information and make Protect personal information and make

sure site is securesure site is secure Protect physical areas from unauthorized Protect physical areas from unauthorized

entry, equipment from being accessed, entry, equipment from being accessed, video camerasvideo cameras

Federal legislationFederal legislation

1717

Instances of Computer Instances of Computer CrimeCrime

The U.S. Department of Defense The U.S. Department of Defense computers are attacked more than computers are attacked more than 200,000 times per year.200,000 times per year.

A controller at Halifax Technology A controller at Halifax Technology Services admitted embezzling $15 Services admitted embezzling $15 million by generating corporate checks million by generating corporate checks to herself over a period of three years. to herself over a period of three years.

Of the $40 million of counterfeited Of the $40 million of counterfeited money seized in 1998, $16 million of it money seized in 1998, $16 million of it was computer generated. was computer generated.

1818

Donald Burleson inserted a virus into the computer Donald Burleson inserted a virus into the computer system at a brokerage where he had been fired. The system at a brokerage where he had been fired. The virus erased 168,000 sales commission records.virus erased 168,000 sales commission records.

Robert Morris, released a macrovirus that brought more Robert Morris, released a macrovirus that brought more than 6,000 university, research and military computers than 6,000 university, research and military computers to a standstill, causing millions of dollars in damage.to a standstill, causing millions of dollars in damage.

An executive at Squibb and Sons, Inc., plead guilty to An executive at Squibb and Sons, Inc., plead guilty to fraud in a scheme to steal more than $1 million of fraud in a scheme to steal more than $1 million of merchandise from the company.merchandise from the company.

A brokerage clerk transformed 1700 shares of his own A brokerage clerk transformed 1700 shares of his own stock, worth $1.50 per share, to the same number of stock, worth $1.50 per share, to the same number of shares in another company worth 10 times that much.shares in another company worth 10 times that much.

A 14 year old boy broke into the computer of Citibank A 14 year old boy broke into the computer of Citibank and used access codes to order more than $11,000 of and used access codes to order more than $11,000 of merchandise, and had it sent to a post office box.merchandise, and had it sent to a post office box.

1919

ConclusionConclusion

Because of technological Because of technological advances and society’s advances and society’s growing reliance on growing reliance on computers, computer computers, computer crime is sure to become a crime is sure to become a part of almost all types of part of almost all types of crime in the near future. crime in the near future. Precautionary measures Precautionary measures must be taken.must be taken.