The Future of High Tech Crime

1
The Future of High Tech Crime

• CJUS 453 - Dr. William Tafoya
• Governor State University
• Cynthia Hetherington, MLS

2
Overview

• Past
• Present
• Future

3
The Past

• Tri-corder Palm Pilots
• Communications Badge GPS Location Cell Phone
• Multi Quadrant Communications Channels Internet
• Secure Channel LT. Capt. J. T. Kirk
• Multimedia viewing Video Phones
• More?

4
The Present

• Pros vs. Cons
• Fruitcakes

5
Pros vs. Cons

• The Professors
• Gene Spafford
• Purdue CERIAS (Center for Education and Research
  in Information Assurance and Security)
• Dorothy Denning
• Computer Science at Georgetown University
  (Cryptography Information Warfare)

6
Pros vs. Cons

• The Professionals
• Donn Parker
• Automated Crime
• Fred Cohen
• Cyberforensics
• Dan Farmer
• Satan
• Phil Zimmerman
• PGP

7
Pros vs. Cons

• The Protectors
• Winn Schwartau
• Infowar was not falling
• High Tech Crime Investigation Association
• Cybercops
• Robert Steele and other defectors

8
CONS

• Disgruntled Employees
• Malicious Crackers
• Ethical Hackers
• Newbies
• Terrorists
• Criminals

9
Cons Contacts

• Kevin Mitnick - www.freekevin.com
• http//www.defcon.org/
• http//www.zdnet.com/zdtv/cybercrime/
• http//www.lopht.com/
• http//www.hackernews.com/
• http//www.astalavista.box.sk
• http//www.antionline.com

10
Cons. Who is a hacker?

• An informal idea
• A talented and persistent individual with a
  knowledge of computer systems.
• A system administrator or programmer.
• A nuisance or genius.
• Wannabe
• Not all deviant computer users are hackers, not
  all hackers are deviant.
• A GOOD hacker talks about code, not dress code.

11
Some Famous Hackers

• Bill Cheswick, Bell Labs
• Firewalls and Fixes
• http//www.wavelet.org/cm/cs/who/ches/index.html
• Cult of the Dead Cow
• Back Orifice and BO2K
• Lopht and Mudge
• Lophts tools, Antisniff
• More.. http//www.antionline.com/features/WhoRU/

12
The Future

• Information Security Magazine, November 1999
• That pain in the neck librarian requesting
  information.

13
BILL CHESWICK

• More denial of service attacks.
• Worse viruses that spread further.
• Attacks on the Internet infrastructure
• Infowar will be
• Real
• Noticeable
• Soon
• Especially during wars and military police
  actions.
• Smart criminals will continue to remain almost
  un-catchable on the net, hidden by anonymity.
• People will realize the Internet isnt as
  reliable as their telephone service.

14
A. PADGETT PETERSON

• The increasing population of telecommuters leads
  to further social and cultural polarization.
  Attempts by cities to attract affluent residents
  will fail. Like-minded people will tend to
  cluster in self-sufficient residences.
• Technological anarchy is exacerbated by the
  continuing lack of skilled security
  professionals. Salaries lag behind until demand
  reaches a critical stage.

15
BRUCE SCHNEIER

• As systems get more complex and interconnected,
  security will get worse.
• Unless manufacturers are held liable for security
  failures, security will get worse.
• In the short term, the best course of action for
  enterprises is to outsource security to companies
  that have the expertise to understand the systems
  being secured.

16
WILLIAM H. MURRAY

• The end of PC-based computing and the emergence
  of appliance-based, network-centric computing are
  in sight.
• We will not secure the Net by patching UNIX. We
  will have to add structure and use
  strong-authentication and end-to-end encryption.

17
E. EUGENE SCHULTZ

• Denial-of-service attacks will escalate in
  comparison to other types of attacks, resulting
  in several widespread incidents.
• Intrusion detection will become more
  sophisticated. Incident response methods that are
  less reliant on human intervention will emerge.

18
HARRY DeMAIO

• "Set and forget" integrated security suites will
  remain more desire than fact.
• Telecommuting for some portion of the workweek
  will be normal for most information workers,
  resulting in longer work weeks.
• Reliable and wider-band wireless communication
  will take "telecomputing" to a higher level of
  mobility, making strong, easy-to-use
  authentication a critical factor.

19
SARAH GORDON

• Advances will include an increasingly large
  selection of network-aware viruses.
• There will be a sharp increase in the prevalence
  of worms.
• Without significant changes in antivirus
  protection, a virus will bring down large
  portions of cyberspace without warning.

20
PETER TIPPETT

• Designed-in security isnt
• Best practices arent
• Firewalls dont
• 1024-bit crypto wont
• Antivirus never was
• Risk analysis almost never is

21
ALAN PALLER

• Virtual private networks will offer a new feature
  that requires minimum acceptable security before
  allowing a new user to connectand the check will
  be completely automated.
• Some corporations will refuse to do business with
  suppliers that do not demonstrate they have
  achieved minimum acceptable levels of security.

22
DONN B. PARKER

• Those who abuse and misuse information will
  continue to benefit from our inept information
  security folk art unless we achieve a new and
  complete information security business and
  engineering discipline.
• Complete and perfect automated crimes packaged in
  single computer programs will be the next
  challenge we must defeat using completely
  automated security.

23
CHARLES CRESSON WOOD

• Security Officers will be called upon to act as
  traffic cops and mediators, and to make sense of
  what is quickly becoming an information-overloaded
  workplace.
• Job titles will change to reflect significantly
  higher-level management positions.
• Salaries will increase at least 20 percent in the
  next year to attract more high-caliber people to
  the field.

24
RUSS COOPER

• As their connection to the Net becomes more
  threatened than the deadbolt on their front
  doors, consumers will demand action.
• If consumers were to demand greater security,
  together with more realistic software licenses,
  vendors would, inevitably, supply this demand by
  providing what consumers want.

25
FRED COHEN

• Digital forensics will adopt a marketing model to
  gather more in-depth criminal evidence.
• Massive data collection and analysis capabilities
  will become available to law enforcement to
  combat cybercrime.
• In the cyber-realm, individual privacy rights
  will whither and die on the vine.
• Same ol crimes, new venue.

26
WINN SCHWARTAU

• The United Nations will examine cyberwar issues
  as a distinct aspect of the international law of
  war, pre-emption and escalation.
• Frustrated by the inability and unwillingness of
  law enforcement to protect them, companies will
  strike back at online attackers, and will be
  prosecuted by an aspiring U.S. attorney for their
  actions. Congress will rewrite the laws so that
  companies can protect themselves.

27
IRA WINKLER

• Industry and government will continue to under
  fund their administration staffs. As a result,
  both will continue to suffer very preventable
  losses.
• There will be some very noticeable and
  preventable attacks against key government
  systems.
• Government efforts to obtain voluntary industry
  cooperation in securing the infrastructure will
  fail.
• Insurance companies will establish computer
  security requirements.
• Computer security budgets will eventually
  increase.

28
PETER NEUMANN

• Commercial developments will continue to be very
  slow in providing truly robust systems and
  networks in the face of realistic adversities.
• Systems will continue to fall apart on their own,
  without attacks. In addition, willful misuse will
  accelerate, including seriously malicious
  activities.
• Moreover, in the absence of that massive Y2K
  hype, it is likely that there would have been
  serious disasters.

29
DOROTHY DENNING

• The administration will open up exports to all
  forms of encryption software, including source
  code and toolkits, of unlimited key sizes and
  with or without key recovery.
• Although most encryption products will be
  exportable everywhere other than to the seven
  countries that support terrorism, the export
  regime will not be eliminated. Products will
  still need to undergo a one-time technical
  review. Business will still be required to report
  exports.
• Americans will remain free to use any encryption
  of their choice.

30
LANCE HOFFMAN

• The market for personal information will grow, as
  half-a-million people or more sell their personal
  information to marketers.
• Armed with your personal data, new portal tools
  will be able to seamlessly integrate details
  about your life and habits.
• Two-thirds of computer users will choose utility
  and ease-of-use over security, but a vocal
  minority will complain, forcing Web sites to slim
  down their data requirements.

31
RICHARD THIEME

• Fully computerized homes will be as hackable as
  Web sites.
• With the network always "on," there will no way
  to unplug.
• Embedded systems, such as spoken languages, will
  become filters for primary experience.

32
JOHN GILMORE

• Every light bulb, stereo and parking meter will
  be on the Net.
• Programmers will need to design code for at least
  10 million simultaneous connections.
• Neither manual administration, nor rebuilding
  infrastructure later, will save us if we default
  to lousy encryption now.

33
EUGENE SPAFFORD

• As network perimeters disappear, security will
  become more and more focused on hosts.
• Computer crime will explode, as theft of
  proprietary data, sabotage of competitors and
  attacks against law enforcement systems become
  major problems.
• Consumers and end-users will take more
  responsibility for host security, while security
  practitioners will become more specialized.

34
Protectors Speak

• From Australia - We are going to have a better
  generation of hackers and crackers. 
• From US - The future of high tech crime is in the
  movement of traditional organized crime
  syndicates to use this medium. 
• Weaker" organizations (third world countries,
  terrorist cells) using the computer and Internet
  to gain power.

35
Protectors Speak

• Financial crimes will rise significantly.
• Traditional crimes(i.e..Narcotics) will benefit
  from strong keyless encryption.
• Denial of Service attacks will be used routinely
  for corporate espionage.
• Employee damage will increase as computer
  literacy increases.
• Voice over IP without adequate encryption will be
  a nightmare.

36
Law Enforcements Future

• Local L.E. will have to take a far greater role.
  Federal LE can not handle the problem nor should
  they be considered the primary contact. Some type
  of structure needs to be created to allow local
  and state agencies to investigate cases easier
  that cross state lines. LE must change it's
  hiring practices and recruit computer science
  majors.

37
Common Sense Approach

• The lack of loyalty displayed in the workplace is
  going to cripple the integrity of internal
  security measures over the next 5 years.
• CI analysts are finding it easier to interview
  new hires.
• Deja.com!
• Shortages create desperate hiring practices.
• It is easy to break in, but terribly difficult to
  protect.

38
Cyber-Futuristic

• All that is needed to create the product is the
  desire.
• An intelligent individual has no boundaries to
  create whatever they wish.
• Use your imagination. There will be virtual
  crime, on another dimension. There will be
  persona defenses.
• Think ahead.

39
Summary

• Legislation will need a major overhaul in order
  to meet the speed and flexibility of digital
  crimes. Jurisdiction needs definition.
• Cybercops need money and support.
• System Administrations need money and support.
• Software vendors need to be held responsible.
• Hiring practices need drastic improvement.

40
Questions?