IST Chapter 10 1) Key Security Players of the Internet Agea) Every computer is vulnerable to attackb) Security software is big business with many players i) Specialized security companies ii) General technology companies iii) Microsoft software often under attack (1) A leader in computer software business(2) Opportunities to try to attack the leader (3) Flexible to support many platforms(4) Room for vulnerability iv) Microsoft Cyber Crime Software Video 2) Industry Analysis: Cyber cops Track Cybercriminals a) Police departments have been playing catch up with technology, but now making great strides 3) Industrial espionage is widespread, and critical information is always vulnerable to attack4) Computer Crime Learning Objectives a) Computer crimeb) Cyberwar and Cyber terrorism c) Systems securityd) Managing IS security e) Information Systems Controls 5) Threats to IS security a) Accidents and Natural Disasters b) Outside Intrudersc) Email attachments with viruses d) Links to outside business associates e) Employees and consultants 6) What is Computer Crime?a) Targeting a computer while committing an offense i) Unauthorized access of a server to destroy data b) Using a computer to commit an offensei) Using a computer to embezzle fundsc) Using computers to support a criminal activity i) Maintaining books for illegal gambling on a computer 7) Hacking and Crackinga) Hackersi) Anyone with enough knowledge to gain unauthorized access to computers ii) Hackers who aren’t crackers don’t damage or steal information belonging to othersb) Crackersi) Individuals who break into computer systems with the intent to commit crime or do damageii) Hacktivists: Crackers who are motivated by political or ideological goal and who use crackingto promote their interests 8) 2 Major Types of Computer Crimes a) Unauthorized accessi) Stealing information ii) Stealing use of computer resources iii) Accessing systems with the intent to commit “information modification” b) Information Modificationi) Changing data for financial gain (embezzlement) 9) Computer Criminals (All shapes and sizes) a) Current or former employeesb) People with technical knowledge who commit business or information sabotagec) Career criminals who use computers to assist in crimesd) Outside crackers- crackers commit millions of intrusions per year 10) Case Story – Retail Hackinga) Smithsonian Institute Videob) Florida Man convicted of IT crime 11) IS Security Breaches a) Improper institutional care and lack of effective controls i) Passwordsii) Antivirusiii) Information carelessly sharediv) Company files without proper access controlsv) Failure to install firewalls vi) Poor background checks on employeesvii) Employees with unmonitored access to data viii) Fired employees left unmonitored and have access to damage the system 12) Computer Viruses and Other Destructive Codea) Computer viruses b) Worms, trojan horses, time, and logic bombsc) Denial of servicesd) Spyware, spam, and cookiesi) Spyware: to track user data for marketingii) Spam: ejunk mail(1) Phishing- duplicated legit sites to obtain data and often financial in nature, like credit cards numbers(2) Botnets(3) CAPTCHA- effort to prevent bots from online submissionsiii) Cookies: small text files, often used for good, not bad 13) Computer Viruses and Other Destructive Code: Spyware, Spam, and Cookiesa) Spyware, Spam, and Cookies14) Computer Viruses: Denial of service a) Targeted Server- Flood Attack- Intruder 15) Phishing a) Send out Bank of America email to fish for information 16) Identity Theft a) One of the fastest growing “information” crimesb) Usually involves stealing someone’s SSNc) Often attacks senior citizensd) Losses of millions of dollars annually, plus “loss of identity”i) Hard work to get it back 17) Internet Hoaxes and Cybersquattinga) Internet Hoaxesi) False messages circulated about topics of interestii) Users should verify the content of emails before forwardingiii) May be used to harvest emails for SPAM mailingsb) Cybersquattingi) Buying and holding a domain name with the intent to sellii) The 1999 Anti-Cybersquatting Consumer Protection Act makes it a crime if the intent is to profit from the goodwill of a trademark belonging to someone else ]c) Cyberharrasement i) Use of computer to communicate obscene or threatening content that causes a reasonable person to endure distressd) Cyberstalking i) Tracking and individual as a means of harassmente) Cyberbullying i) Deliberately causing emotional distress, typically to a target18) Current State of Cybercrime- 6 trends a) Trend 1:i) Trojan wars will continue b) Trend 2i) Controls needed to prevent unauthorized accessc) Trend 3i) Cyber criminals provide service to the undergroundd) Trend 4i) Dedicated systems for authentication of high risk transactionse) Trend 5i) Rise of hacktivism (1) Need for intelligence driven systems for protection from malwaref) Trend 6i) More effort and awareness in managing cybercrime risks 19) Software policy 20) Federal Laws a) The computer Fraud and Abuse Act of 1986i) A crime to access government computers ii) A crime to export money by damaging computer systemsb) Electronic Communications Privacy Act of 1986i) A crime to break into any electronic communications service, including telephone services ii) Prohibits the interception of any type of electronic communications 21) Federal Bureau of Investigation a) FBIi) Crimes involving espionage, terrorism, banking, organized crime, and threats to national security ii) Crimes can be misdemeanors or felonies b) FBI collaborating with Microsoft Video22) Cyberwar vs Cyber terrorisma) Cyberwari) Organized attempt by a country’s military to disrupt or destroy information and communication systems of another country b) Cyber terrorismi) The use of computers and networks, launched by individuals or groups, to intimidate, threaten or coerce governments or people 23) Cyberwar Vulnerabilitiesa) Military command and control systemsb) Intelligence collection, processing, and distribution systems 24) The New Cold Wara) Cyber Arms Racei) Cyber war gamesii) Project DETER, botnets, and robotics networks, cyber Pearl Harbor, denial of service b) More than 120 nations are developing ways to use internet 25) 3 Concepts of Safeguarding IS Resourcesa) Risk Reductioni) Actively installing countermeasuresb) Risk Acceptancei) Accepting any losses that occurc) Risk Transferencei) Insuranceii) Outsourcing26) Two Categories of Safeguardsa)