Title: VIRGINIA COMMONWEALTH UNIVERSITY POLICE
1VIRGINIA COMMONWEALTHUNIVERSITY POLICE
Officer Troy C. Ross Webmaster, VCU Police
- THE
- TECHNICAL SIDE OF THE
- INTERNET COMPUTER
- CRIME
2An Introduction to the Net
As of the year 2000, the Internet has become
an international collection of over 9.7 million
computer networks, all very capable of
communicating with one another. Approximately
300 million people world-wide have access to the
Internet (122.6 million of them being in the
United States). So how do each of these
computers connect with one another?
3How Computers Connect
Every computer that is connected to the Internet
depends on Internet Protocol (IP) to communicate
with one another. Each computer has an IP
Address. An example of an IP Address may look
like 128.172.101.102. The first set of digit(s)
in this example, 128, identifies a section of the
main Internet system. The next set of digit(s),
172, identifies a specific network. The next set
of digit(s), 101, identifies a section or
department of the specific network. Finally, the
last set of digit(s), 102, identifies a specific
computer within that network.
4How Computers Connect
ISP Server
128.172.101.102
128.172.101.302
128.172.101.199
ISP Server
ISP Server
Typical Diagram of a Network
5Surfin The Web
Most people who surf the web use browsers, such
as Microsoft Internet Explorer or Netscape
Communicator. These browsers allow your
computer to connect to servers (computers that
store web site files and "serves" them to you
when requested). These communications over the
net are not private. Nearly everything is sent
unencrypted and can be easily read.
6Information Exchange
When computers connect, certain information can
be exchanged. For instance, some web sites can
log your IP address. Others can place on your
hard drive a "cookie" (a text file that is
stored in the hard drive of your computer,
telling the server things about you,
your computer and your activities). Web browsers
can be customized in their settings to accept or
reject the cookie. Passwords stored in your
computer can possibly be read by programs
operated by malicious users, either locally
(physically at your computer) or remotely
(through the web).
7Online Protection
There is no fool-proof way to protect your
computer 100, with the exception of turning it
off. But you can protect it about 99 of the
time, with the right tools. There is a large
amount of software available that can protect
you and your computer. Anti-virus programs can
block trojan files, worm files, and viruses from
infecting your computer. These harmful things
can make it vulnerable to outside attacks by
malicious users. Firewall programs can keep
other computers from connecting to yours through
unguarded ports on your PC. Certain hardware
connected to your computer, such as barricades,
can 'hide' your computer from others on the web.
8An Intro to Computer Crime
The most common Internet crime is online fraud.
This occurs when you go online, make a purchase
from someone, and the product is never delivered.
This often occurs on auction sites. Fraudulent
sites may obtain your credit card information in
order to make purchases on your credit. Some
users may become victim to email pyramid
get-rich-quick schemes. You may unknowingly
become a victim when the damage is already done.
9Malicious Users Online
A 'hacker' is someone who enjoys the challenge
of deciphering programs and stretching the
capabilities of a program or a computer. They
are not necessarily malicious users. A 'cracker'
is a term used for persons who intentionally
codes or utilizes programs to bypass security
functions with the intent to gain private
information or unauthorized access to a computer
or number of computers.
10Malicious Users at Work
There are programs that are available today that
allow malicious users to gain access to other
computers and their programs. They use these
hacks for several purposes, ranging from causing
simple mischief to major damage. One type of
program can 'steal' a password or passwords
allowing the malicious user to do things such as
access your email account, login to an Instant
Messenger program and pretend to be you, or
access your online banking. Another type of
program can connect their computer to yours in a
'stealth mode' where you would not even be aware.
It usually requires that your computer already
be infected by a trojan program so that same
trojan program can open up your computer to
theirs. Once done, and if the program is strong
in capabilities, the malicious user can do most
anything with your computer remotely. They could
access and view all your files on your hard
drive, turn on your microphone or webcam, erase
your hard drive(s) and even turn your computer
off. The fact remains that technology has evolved
greatly from the age of the Abacus. Protection
is what ALL users of the web need most.
11Malicious Users at Work
12Why is Cybercrime Increasing?
- Connectivity is Global - no boundaries
- Numerous vulnerable targets
- Easy concealment - Anonymous Hacks
- Low equipment costs and access
- Less technical skill required
- Ability to obtain tools, exploits, and
vulnerabilities via the Web
13Trends Methods
- Forgery trend growing
- Use of consumer accounts for fraud
- Identity theft - possibly made available by your
computer - Theft of Credit Card numbers
- Online Auction Fraud
- Child Pornography and Exploitation
- Online Banking Fraud
14E-commerce
- E-commerce may reach 13 billion dollars this
year alone - FDIC estimated that most banks currently have web
sites - GAO estimated that 380 banks offer direct dial-in
services - Booz-Allen stated, There were 16 million
cyber-banking customers as of 2000 (and its
growing)
15What are we up Against?
- Transparent technology - you cant touch this
- Assumptions that it will take care of itself
- Unseen background attacks by malicious users
- Lack of Knowledge - I just dont understand this
stuff
16What are the Laws?
17Possession of Child Pornography
Possession of sexually explicit visual material
utilizing or having as a subject a person less
than eighteen years of age Click to view
statute Code of Virginia 18.2-374.11
18Production of Child Pornography
Production, publication, sale, possession with
intent to distribute, financing, distribution,
etc., of sexually explicit items involving
children presumption as to age
severability Click to view statute Code of
Virginia 18.2-374.1
19Seizure and Forfeiture
Seizure and forfeiture of all audio and visual
equipment, electronic equipment, devices and
other personal property used in connection with
the production, distribution, publication, sale,
possession with intent to distribute or making of
child pornography following conviction of 18.2-
374.1 Click to view statute Code of Virginia
18.2-374.2
20Use of communications systems to facilitate
certain offenses
Includes making personal contact or direct
contact through any agent or agency, any print
medium, the United States mail, any common
carrier or communication common carrier, any
electronic communications system, or any
telecommunications, wire, computer, or radio
communications system.
Click to view statute Code of Virginia
18.2-374.3
21Virginia Computer Crime Act
- 18.2-152.8 Property capable of embezzlement
- 18.2-152.9 Limitation of prosecution
- 18.2-152.10 Venue for prosecution
- 18.2-152.11 Article not exclusive
- 18.2-152.12 Civil relief damages
- 18.2-152.13 Severability
- 18.2-152.14 Computer as instrument of forgery
- 18.2-152.15 Encryption used in criminal activity
- 18.2-152.2 Definitions
- 18.2-152.3 Computer fraud
- 18.2-152.4 Computer trespass
- 18.2-152.5 Computer invasion of privacy
- 18.2-152.6 Theft of computer services
- 18.2-152.7 Personal trespass by computer
- 18.2-152.71 Harassment by computer
Click to view statute
22Cyber Stalking
Any person who on more than one occasion engages
in conduct directed at another person with the
intent to place, or when he knows or reasonably
should know that the conduct places that other
person in reasonable fear of death, criminal
sexual assault, or bodily injury to that other
person or to that other person's family or
household member Click to view statute Code of
Virginia 18.2-60
23Cyber Threats
Any person who knowingly communicates, including
an electronically transmitted communication a
threat to kill or do bodily injury to a person
Click to view statute Code of Virginia 18.2-60
24Harassment by Computer
Any person, with the intent to coerce,
intimidate, or harass any person, shall use a
computer or computer network to communicate
obscene, vulgar, profane, lewd, lascivious, or
indecent language, or make any suggestion or
proposal of an obscene nature, or threaten any
illegal or immoral act Click to view
statute Code of Virginia 18.2-152.71
25Communicating Identifying Information
Any person, with the intent to coerce,
intimidate, or harass another person, publishes
the person's name or photograph along with
identifying information as defined in clauses
(iii) through (ix), or clause (xii) of subsection
C of 18.2-186.3 Click to view statute Code
of Virginia 18.2-186.4
26Hacked Statistics
- Of 2738 organizations, 90 reported security
breaches in past 12 months - 70 detected serious breaches - info theft,
fraud, outside penetration - 74 reported financial loss
- only 42 could estimate losses - 265,589,940
total (based on 2000 CSI survey)
27Is it Investigated?
- 36 of respondents in CSI survey reported the
computer crime(s) to Law Enforcement (a
significant increase from the year 2000 when only
25 reported any offenses) - Law Enforcement needs to know to investigate
28HOW DO I PROTECT MYSELF
- MY FAMILY, AND MY COMPUTER?
29Software Protection
At a very basic level, everyone using the
Internet should have software installed on their
computer to protect it. Virginia Commonwealth
University does not endorse these commercial
providers or products unless otherwise noted.
http//www.zonealarm.com/
http//www.at.vcu.edu/faq/nav.html
http//www.mcafee.com/
30Hardware Protection
At the next level, everyone using the Internet
may want to have hardware installed on their
computer to protect it. Virginia Commonwealth
University does not endorse these commercial
providers or products unless otherwise noted.
NetGear FS105 - http//www.netgear.com
SMC Barricade - http//www.smc.com/
31What your Network should Be
Your Computer with Anti-Virus and
Firewall Software Installed (Excellent Protection)
Your PC connects to the router or switch via
Ethernet cable
Your ISPs Server connects you to the rest of
the World Wide Web
Your Router or Switch - Hardware Protection at
Best
Router or Switch connects to Cable Modem or
Direct Ethernet to your ISP Server
32Online Safety Tips
- Register your PC with Operation PC-ID
- Never leave a notebook PC unattended in public -
its an easy steal - When not in use - shutdown PC
- Close a program when not in use
- Never save or store passwords on a PC
- Use STRONG passwords - no easy guess
WEBLINK OPERATION PC-ID
33More Online Safety Tips
- Beware of file attachments - Trojans
- Purchase online from reputable businesses with
secured Browser - Beware of get-rich-quick emails
- Update anti-virus software weekly
- Set browser options to maximum protection
- Never give out personal information!
34Informational Videos
Web Surfing, Security, and Privacy Online
Internet Security, Hacks, and Trojan Horses
Are You Protected? Find Out! Test Your System
Using ShieldsUP to learn how to Secure your System
Is Your Firewall doing its Job? Find Out!
These links connect to videos online. Steve
Gibson (Internet Security Expert), Leo Laporte
(ZDTV), and Kate Botello discuss Internet
Security, information your PC is revealing, and
ways you can test your system for safety and
privacy. These videos are in Windows Media
format. Please allow time for buffering.
35Test Your PC Now
Privacy Analysis of Your Connection
Test the Security of Your PC Online
Test Your Computers Firewall Online
These online tests can actually tell you how
vulnerable your computer system is online. If you
wonder what information your computer is sending
out to the world, these links will tell you.
These sites are 100 safe and fully tested. The
test results are accurate.
36Reading Resources
Latest Internet Fraud Trends
Internet Fraud Preventative Measures
How You Are Being Traced Over the Net
The IP Address - Your Internet Identity
37Brought to you by
WWW.VCU.EDU/POLICE
VCU POLICE DEPARTMENT 918 W. FRANKLIN
STREET RICHMOND, VA. 23834 (804) 828-1196
PRESENTATION BY OFFICER TROY C. ROSS WEBMASTER,
VCUPD UNIT 1420