Chapter 3 Computer and Internet Crime

1
Chapter 3Computer and Internet Crime
2
Chapter 3 - Objectives

• Discuss key trade-offs and ethical issues
  associated with safeguarding of data and
  information systems.
• Identify reasons for the increase in the number
  of Internet-related security incidents.
• Describe the most common types of computer
  security attacks.
• Outline the characteristics of common
  perpetrators including their objectives,
  available resources, willingness to accept risk,
  and frequency of attack.
• Describe a multi-level process for managing
  Internet vulnerabilities based on the concept of
  reasonable assurance.
• Outline the actions that must be taken in
  response to a security incident.

3
IT Security Incidents
Source CERT Web site at www.CERT.org/stats
4
Increased Internet Security Incidents

• Increasing complexity increases vulnerability.
• Higher computer user error and access to
  information.
• Expanding and changing environment introduces new
  risks.
• Increased reliance on commercial software with
  known vulnerabilities.

5
Types of Internet Attacks

• Virus
• Worm
• Trojan Horse
• Denial-of-Service Attacks

6
Virus

• The term computer virus is an umbrella term
  used for many types of malicious code.
• A virus is usually a piece of programming code
  that causes some unexpected and usually
  undesirable event.
• Most viruses deliver a payload or malicious
  act.

7
Virus

• Viruses may execute and affect your computer in
  many different ways.
• Replicate themselves
• Reside in memory and infect other files
• Modify and/or create new files
• Most common viruses are macro viruses. These
  viruses use an application language such as
  VBScript to infect and replicate documents and
  templates.

8
Worm

• A worm is a computer program, which replicates
  itself and is self-propagating. Worms, as opposed
  to viruses, are meant to spawn in network
  environments. (http//www.easydesksoftware.com/glo
  ssary.htm)
• Worms are also harmful and they differ from
  standard viruses in that they have this ability
  to self-propagate without human intervention.

9
Trojan Horse

• A Trojan horse is a program that gets secretly
  installed on a computer, planting a harmful
  payload that can allow the hacker to do such
  things as steal passwords or spy on users by
  recording keystrokes and transmitting them to a
  third party.

10
Trojan Horse Logic Bomb

• A logic bomb is a type of Trojan horse that
  executes when a specific condition occurs.
• Logic bombs can be triggered by a change in a
  particular file, typing a specific series of key
  strokes, or by a specific time or date.

11
Denial-of-Service Attack

• A denial-of-service attack is one in which a
  malicious hacker takes over computers on the
  Internet and causes them to flood a target site
  with demands for data and other tasks. SCO and
  Microsoft MyDoom.a and .b
• Denial of service does not involve a computer
  break-in it simply keeps the target machine so
  busy responding to the automated requests that
  legitimate users cannot get work done.

12
Denial-of-Service Attack

• Zombies are computers that send these requests.
• Spoofing is the practice of putting a false
  return address on a data packet.
• Filtering is the process of preventing packets
  with false IP addresses from being passed on.

13
Classification of Perpetrators of Computer Crime
See Three Blind Phreaks
14
Hacker

• A hacker is an individual who tests the
  limitations of systems out of intellectual
  curiosity.
• Unfortunately, much of what hackers (and
  crackers) do is illegal.
• Breaking into networks and systems.
• Defacing web pages.
• Crashing computers.
• Spreading harmful programs or hate messages.

15
Hacker

• Crackers are hackers who break code.
• Malicious insiders are a security concern for
  companies. Insiders may be employees,
  consultants, or contractors. They have knowledge
  of internal systems and know where the weak
  points are.

16
Forms of Computer Criminals

• Malicious insiders are the number one security
  concern for companies.
• Industrial spies use illegal means to obtain
  trade secrets from the competitors of firms for
  which they are hired.
• Cybercriminals are criminals who hack into
  computers and steal money.
• Cyberterrorists are people who intimidate or
  coerce a government to advance their political or
  social objectives by launching attacks against
  computers and networks.

17
Legal Overview

• Fraud is obtaining title to property through
  deception or trickery.
• To prove fraud four elements must be shown
• The wrongdoer made a false representation of the
  material fact.
• The wrongdoer intended to deceive the innocent
  party.
• The innocent party justifiably relied on the
  misrepresentation.
• The innocent party was injured.

18
Reducing Internet Vulnerabilities

• Risk assessment is an organizations review of
  the potential threats to its computer and network
  and the probability of those threats occurring.
• Establish a security policy that defines the
  security requirements of an organization and
  describes the controls and sanctions to be used
  to meet those requirements.
• Educate employees, contractors, and part-time
  workers in the importance of security so that
  they will be motivated to understand and follow
  security policy.

19
Prevention

• Install a corporate firewall.
• Install anti-virus software on personal
  computers.
• Implement safeguards against attacks by malicious
  insiders.
• Address the ten most critical Internet security
  threats (10 each in Windows and UNIX) Top Twenty
  List
• Verify backup processes for critical software and
  databases.
• Conduct periodic IT security audits.
• See Tourbus Virus Solution or locally
• MS Patch for IECNET News. Implications of
  changes, speed of reaction

20
Detection

• Intrusion detection systems monitor system and
  network resources and activities and, using
  information gathered from theses sources, they
  notify authorities when they identify a possible
  intrusion.
• Honeypot is a computer on your network that
  contains no data or applications critical to the
  company but has enough interesting data to lure
  intruders so that they can be observed in action.

21
Response

• Incident notification is the plan and process
  used to notify company individuals when a
  computer attack has happened. In addition, your
  company should be prepared to
• Protect evidence and activity logs
• Incident containment
• Incident eradication
• Incident follow-up

22
Summary

• Business managers, IT professionals, and IT users
  all face a number of ethical decisions regarding
  IT security.
• The increased complexity of the computing
  environment has led to an increase in the number
  of security related issues.

23
Summary

• Common computer attacks include viruses, worms,
  Trojan horses, and denial-of-service attacks.
• Computer hackers include general hackers,
  crackers, and malicious insiders.

24
Summary

• A strong security program is a safeguard for a
  companys systems and data.
• An incident response plan includes
• Protect evidence and activity logs.
• Incident containment.
• Incident eradication.
• Incident follow-up.