Computer Crime and CyberCrime

1
Computer Crime and CyberCrime

• Why we need Computer Forensics

2
Objectives

• To review the environment of computer crime and
  cybercrime
• To relate to computer forensics practice
• the challenges which need to be addressed and
• the skills and techniques we need to be
  developing

3
Computer Crime Environment

• Cheap and easy access to tools for computer crime
• Skills low skill base required
• Computer systems are badly designed
• Not enough thought given to security or integrity
• Initial detection of crime can be difficult
• Reluctance of victims to prosecute and publicise
  crime
• Lack of knowledge and awareness of victims
• Wider societal issue of haves and have nots

4
Opportunities

• Computers and computer systems offer new
  opportunities for crime
• More people with computer skills, therefore there
  are more potential criminals
• Access to computer crime is very cheap
• Computer systems are badly designed
• Not enough thought given to security or integrity
• Detection becomes much more difficult
• Reluctance of victims to publicise crime

5
Why do People Carry out Computer Crime ?

• Discovery of loopholes, providing opportunity
• Understanding systems (electronic joyriding)
• They think they can get away with the crime
• Majority of thieves are caught by accident
• Ineffectiveness of formal and / or informal
  sanctions
• Computer criminals dont know about Computer
  Forensics
• They think stealing from a large company wont
  hurt
• Financial gain
• Occupationally related - caused by dissatisfied
  employees
• Masqueraders (those who operate under the
  identity of another user)
• Clandestine users (those who evade access
  controls and auditing)
• Misfeasors (those who have legitimate
  authorisation but misuse their privileges)
• Technology provides easier, quicker and larger
  opportunity
• Issue in pornography and paedophile rings
• Perception of victimless crime

6
Computer Crime and Cybercrime

• Computer crime
• A crime in which the perpetrator uses special
  knowledge about computer technology
• Cybercrime
• A crime in which the perpetrator uses special
  knowledge of cyberspace

From Furnell (2002)
7
Further Definitions (UK Audit Commission)

• Computer assisted crimes
• Cases in which the computer is used in a
  supporting capacity, but the underlying crime or
  offence either predates the emergence of the
  computer or could be committed without them. The
  headings of fraud, theft, unauthorised private
  work, misuse of personal data, sabotage and
  pornography can all be considered to fit into
  this category
• Computer focussed crimes
• Cases in which the category of crime has emerged
  as a direct result of computer technology and
  there is no direct parallel in other sectors.
  From the Audit Commissions headings, the
  problems of hacking and viruses clearly fall
  within this category
• This categorisation in no way indicates any
  difference in levels of seriousness between
  assisted and focussed, indeed financial losses
  from fraud dwarf all other categories of crime in
  terms of scale

8
Example
Can further categorise by splitting into
computer based (PC based) and Internet
9
Categorisation by Victim

• Against organisations (source nhtcu)
• sabotage of data or networks, virus attacks,
  financial fraud, theft of proprietary
  information, denial of service, unauthorised
  website access / misuse, spoofing, theft of
  hardware, telecomms fraud
• By organisations against employees and / or
  public
• misuse of funds (eg pensions), false accounting,
  industrial espionage
• Against individuals
• Cyber-stalking, e-mail issues (phishing, flaming,
  defamation, harassment), access to personal data
  (identity theft), manipulation and / or loss of
  data, economic theft

10
(No Transcript)
11
CRIME SCENE CRIME SCENE CRIME SCENE
12
Computer Security Institute Categorisations

• Theft of proprietary information
• Sabotage of data or networks
• Telecom eavesdropping
• System penetration by outsider
• Insider abuse of Net access
• Financial fraud
• Denial of service

• Spoofing
• Virus
• Unauthorised insider access
• Telecom fraud
• Active wiretapping
• Laptop theft

Source CSI/FBI Computer Crime and Security Survey
(2001)
13
Social Engineering

• Weakest point in any computer or information
  system is the human
• Social engineering is a con game persuading
  another person to do what you want them to do
• Based on the premise that as humans we want to be
  helpful
• Look the part (could be technical could be
  physical) and ask the question

14
Implications for Computer Forensics Practice

• We need to be aware of the range of threats and
  types of attack
• Awareness of the types of digital evidence we
  seek
• Skills and techniques we need to be developing

15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
Is action always a crime ?

• Hacking example
• Is hacking always a crime or are there situations
  when it is acceptable behaviour?

21
Case against Hacking

• It is difficult to detect when a hack has
  occurred
• Misconception that because there is no victim no
  crime has occurred !
• Difficulty in accepting concept of apparent crime
• Often hacking is not enough, alteration or
  destruction or planting of a virus / logic bomb
  is the next stage !
• Public announcements of hacking may effect
  customer trust

22
Case to support Hacking

• All information should be free
• if it were free there would be no need for
  intellectual property or security
• Break-ins show security problems
• allows designers to do something about it
• Hackers are doing no harm and changing nothing
• merely learning how systems operate
• Hackers break into systems to watch for instances
  of data abuse and to help keep Big Brother at bay
• Skill in penetration testing helps
  organisations

23
Hackers and their Motivations
24
Summary

• New opportunities and instances of computer crime
  and cyber crime are developing all the time
• We need to be aware of the threat
• As well as developing protection we need to be
  able gather appropriate digital evidence
• Implications for CPD