Embed Size (px)
Citation preview
Cybercrime
What is it, what does it cost, & how is it regulated?
What is Cybercrime?
Uses Computer & Internet to get between organizations/people & their money
Estimates of 69% of all Internet activity involves criminal intent Low Risk Low Cost Online Communities sharing tips & tools
http://www.businessedge.ca/article.efm/newsID/t0118.cfm
Costs of Cybercrime
Estimates of FBI value damages to US at $400 billion in 2004
Virus attacks still the source of the greatest financial loss – 32% of all cybercrime losses reported
http://www.businessweek.com/print/magazine
Net Fraud
Users give up resources to online criminal Typically, the result of greed or unwariness
on victim’s part Include bank fraud, online auctions, sales
of goods purchased with stolen resources “Phishing” - fraudulent emails appear to
come from a familiar service provider wanting sensitive personal information
Unauthorized Access 4 Traditional Methods of Access
Modem Attack – Unauthorized Modems Installed
Software Bugs – Port Scanning Trusted Server – Zone Transfer
(periodic updates) /IP Spoofing Social Engineering – Deceive
Employee
Denial of Service
Explicit attempt by attackers to prevent legitimate users of a service from using that service
3 Modes of Attack Consumption of scarce, limited, or
non-renewable resources Destruction or alteration of
configuration information Physical destruction or alteration of
network components
Virus Attacks
A program that runs on your computer system without your permission
3 Purposes for Virus InfectionUsing your computer’s resources or information Destroying your files Disclosing files to others who aren't otherwise allowed to see them
http://www.cert.org/nav/index_main.html
Additional Cybercriminal Acts
Spoofing – Misappropriation of another’s identity
Bot (Computer Robot) Usage for searching without authorization
Chaffing – Sending hidden messages across the internet
Steganography – Hidden files inside digital photos or .wav files
International Law Currently no International Laws in
place governing the world’s information technology
3 Options proposed by the United Nations seminar
Self-regulating Market Market guided by National Authorities International Regime Regulation
http://www.un.org/esa/socdev/enable/disinet1.htm
Federal RegulationFederal Statute
Title of Code Focus of Statute Loss Criteria
18 U.S.C. 1029
Fraud and Related Activity in Connection With Access Devices
Prevent use of counterfeit access devices to get account numbers, mobile ID, card, or PIN to steal funds or make fund transfers
The theft must be for $1,000 or more during any one-year period. The loss includes the cost of responding to an offense, doing a damage assessment, restoring the system, revenue losses, cost incurred, or other damages because of an interruption of service
18 U.S.C. 1030
Fraud and Related Activity in Connection With Computers
Under the statute a “protected computer” is any PC attached to the Internet that is used to access files at financial institutions, the U.S. government, or a PC used in interstate commerce. A criminal act against a “protected computer” is the sending of code that causes damage, trafficking in passwords, threatening with the intent to commit extortion and/or accessing files without authorization or without proper authorization.
Slight variation with the criminal activity, but is generally considered to be at $5,000 per year. The law also allows victims to bring civil actions against a perpetrator.
18 U.S.C. 2701
Unlawful Access to Stored Communications
Unauthorized access to an electronic communication service and the alternation of stored files.
None listed
Source: Journal of Forensic Accounting ©R.T. Edwards, Inc.
State Statutes
Each state has enacted some legislation regarding computer related crime
Most states added to existing property offense or criminal statutes.
Legislation not limited to the cybercrime covered in this presentation
Some additional crimes covered: cyber-stalking, crimes against children, spam
Knowledge, Skills, Abilities Build an Internet audit trail Collect “usable” courtroom electronic
evidence Trace an unauthorized system user Ability to recommend or review security
policies Current computer fraud techniques in
use Ability to place valuation on incurred
losses
More KSAs
Understanding of information collectable from various computer logs
Technical familiarity with the Internet, web servers, firewalls, attack methodology, security procedures & penetration testing
Organizational & legal protocols for incident handling
Established relationship with law enforcement
Additional ResourcesInvesigating and Prosecuting Network Intrusions, Smith, Johnhttp://www.sgrm.com/art-4.htm
Forensic Computing: A look at evidenceAnd how to handle it, McCrone, Johnhttp://www.sgrm.com/art10.htm
Computer Crime, Justice, Law and Societyhttp://www.infosyssec.net/infosyssec/security/compcrim1.htm
Computer Crime Research Centerhttp://www.crime-research.org/latestnews/
Free Data Recovery Toolshttp://www.freebyte.com/filediskutils/#datarecovery
