2 iv Microsoft Cyber Crime Software Video Industry Analysis Cyber cops Track Cybercriminals a Police departments have been playing catch up with technology but now making great strides Industrial espionage is widespread and critical information is always vulnerable to attack 3 4 Computer Crime Learning Objectives IST Chapter 10 1 Key Security Players of the Internet Age a Every computer is vulnerable to attack b Security software is big business with many players i Specialized security companies ii General technology companies iii Microsoft software often under attack 1 A leader in computer software business 2 Opportunities to try to attack the leader 3 Flexible to support many platforms 4 Room for vulnerability a Computer crime b Cyberwar and Cyber terrorism c Systems security d Managing IS security e Information Systems Controls 5 Threats to IS security a Accidents and Natural Disasters b Outside Intruders c Email attachments with viruses d Links to outside business associates e Employees and consultants 6 What is Computer Crime a Targeting a computer while committing an offense i Unauthorized access of a server to destroy data b Using a computer to commit an offense i Using a computer to embezzle funds c Using computers to support a criminal activity i Maintaining books for illegal gambling on a computer 7 Hacking and Cracking a Hackers b Crackers i Anyone with enough knowledge to gain unauthorized access to computers ii Hackers who aren t crackers don t damage or steal information belonging to others i Individuals who break into computer systems with the intent to commit crime or do damage ii Hacktivists Crackers who are motivated by political or ideological goal and who use cracking to promote their interests 8 2 Major Types of Computer Crimes a Unauthorized access Stealing information i ii Stealing use of computer resources iii Accessing systems with the intent to commit information modification Information Modification i Changing data for financial gain embezzlement b 9 Computer Criminals All shapes and sizes a Current or former employees b People with technical knowledge who commit business or information sabotage c Career criminals who use computers to assist in crimes d Outside crackers crackers commit millions of intrusions per year 10 Case Story Retail Hacking a Smithsonian Institute Video b Florida Man convicted of IT crime 11 IS Security Breaches a Passwords Information carelessly shared Improper institutional care and lack of effective controls i ii Antivirus iii iv Company files without proper access controls v Failure to install firewalls vi Poor background checks on employees vii Employees with unmonitored access to data viii Fired employees left unmonitored and have access to damage the system 12 Computer Viruses and Other Destructive Code a Computer viruses b Worms trojan horses time and logic bombs c Denial of services d Spyware spam and cookies Spyware to track user data for marketing i ii Spam ejunk mail 1 Phishing duplicated legit sites to obtain data and often financial in nature like credit cards numbers 2 Botnets 3 CAPTCHA effort to prevent bots from online submissions iii Cookies small text files often used for good not bad 13 Computer Viruses and Other Destructive Code Spyware Spam and Cookies a Spyware Spam and Cookies 14 Computer Viruses Denial of service a Targeted Server Flood Attack Intruder 15 Phishing 16 Identity Theft a Send out Bank of America email to fish for information a One of the fastest growing information crimes b Usually involves stealing someone s SSN c Often attacks senior citizens d Losses of millions of dollars annually plus loss of identity i Hard work to get it back 17 Internet Hoaxes and Cybersquatting a False messages circulated about topics of interest Internet Hoaxes i ii Users should verify the content of emails before forwarding iii May be used to harvest emails for SPAM mailings b Cybersquatting Buying and holding a domain name with the intent to sell i ii The 1999 Anti Cybersquatting Consumer Protection Act makes it a crime if the intent is to profit from the goodwill of a trademark belonging to someone else i Use of computer to communicate obscene or threatening content that causes a reasonable c Cyberharrasement person to endure distress d Cyberstalking e Cyberbullying i Tracking and individual as a means of harassment i Deliberately causing emotional distress typically to a target 18 Current State of Cybercrime 6 trends Trojan wars will continue Controls needed to prevent unauthorized access Cyber criminals provide service to the underground a Trend 1 i b Trend 2 i c Trend 3 i d Trend 4 e Trend 5 i i Dedicated systems for authentication of high risk transactions Rise of hacktivism 1 Need for intelligence driven systems for protection from malware f Trend 6 i More effort and awareness in managing cybercrime risks 19 Software policy 20 Federal Laws a The computer Fraud and Abuse Act of 1986 i A crime to access government computers ii A crime to export money by damaging computer systems b Electronic Communications Privacy Act of 1986 i A crime to break into any electronic communications service including telephone services ii Prohibits the interception of any type of electronic communications 21 Federal Bureau of Investigation a FBI i Crimes involving espionage terrorism banking organized crime and threats to national security ii Crimes can be misdemeanors or felonies b FBI collaborating with Microsoft Video 22 Cyberwar vs Cyber terrorism a Cyberwar i Organized attempt by a country s military to disrupt or destroy information and communication systems of another country b Cyber terrorism i The use of computers and networks launched by individuals or groups to intimidate threaten or coerce governments or people 23 Cyberwar Vulnerabilities a Military command and control systems b Intelligence collection processing and distribution systems 24 The New Cold War a Cyber Arms Race Cyber war games i ii Project DETER botnets and robotics networks cyber Pearl Harbor denial of service b More than 120 nations are developing ways to use internet 25 3 Concepts of Safeguarding IS Resources a Risk Reduction b Risk Acceptance i Actively installing countermeasures i Accepting any losses that occur c Risk Transference i Insurance ii Outsourcing 26 Two Categories of Safeguards a Technological Safeguards i Physical access restrictions 1 Something you have a Key smart card 2 Something you are a Biometrics fingerprints retinal scans 3