Embed Size (px)
Citation preview
Computer Fraud, Identity Theft, and Computer Forensics
Presented by Scott R. EllisManager, Forensic and Litigation Technologies Practice
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?
The Old TricksYou’ve been Hacked
What NOT to DoWhat TO DoCheckmateContact Info
What is Identity Theft?
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?
The Old Tricks You’ve been Hacked
What NOT to DoWhat TO Do Checkmate Contact Info
Victim v. Opponent
• Qualities of a victim:– Inexperienced user– Experienced user– Suspecting/unsuspecting Users– Insecure system– Secure system– Access to email– Uses online banking or other common services– Any type of person! (except maybe one)
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. Opponent
What is an Opponent?The Old Tricks
You’ve been Hacked What NOT to Do
What TO Do Checkmate Contact Info
Qualities of an Opponent
– Doesn’t want you to know about him.– The bigger the trick and the older the trick the
easier it is to pull. There are two reasons this works.
– Wants to reassure you, wants you to feel safe.– The more sophisticated the game, the more
sophisticated the opponent.– He is generous (seemingly).– When you question it, you will question yourself.
YOU can’t be wrong, right?
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?
The Old TricksYou’ve been Hacked
What NOT to DoWhat TO Do Checkmate Contact Info
The Old Tricks
• The Mole– The Mole Might be Your Mother
(or mine!)
The NigerianHow you can get a million dollars for a small investment of $4,000?
Bait and SwitchCheck the URL!
Boiler Room (Do they even know the depth of the con?)Cross Site Scripting
The power or right clicking on linksPower of look-alike pop-ups
Methods of the “Modern” Trick
• When you are being victimized:– In every con there is a victim and an opponent.– The more control you think you have, the less you
have.– You will be fed pieces. (Something free).– You will have likely installed the malware on your
computer yourself, knowingly and willingly.– The opponent will have complete control of the
environment.– Checkmate. When it comes you will know it.
Method (continued)
• Your weakness will be located with the following “tricks”: – Searches– Banner ads– Pop-ups– Emails from people you know -- enough spam to
enough people, will trigger a response– Certified letters– (eventually one will compel you)
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?
The Old Tricks
You’ve been HackedWhat NOT to Do
What TO Do Checkmate Contact Info
You’ve been Hacked
• How do you know?• Symptoms:
– Erratic Behavior – windows closing, software that won’t start, antivirus stops functioning or won’t update, etc…
– Errors at unusual times– Long boot up times
• Poison Ivy – complete system control, microphone, webcam control, desktop access.
• Undetectable root kits.• Metasploit – allows hackers to generate payloads in many formats. • DNS Poisoning:
– Used to replace content for a set of victims– Replaces it with the opponents own, malicious web site
• SQL Injection
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?
The Old TricksYou’ve been Hacked
What NOT to DoWhat TO DoCheckmateContact Info
What NOT to Do
• Do not Panic. Stay Calm.• Do not continue to use the computer for
transactions.• In certain situations, do not even reboot.• Do not call me (unless you want a forensic
investigation of the incident!)• If an identity of the opponent is involved, do not
attempt to initiate contact.• Do not think the problem will go away.
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?You’ve been Hacked
What NOT to Do
What TO DoCheckmateContact Info
What TO Do• Call your credit card companies. All of them.• Be Honest. “Yes officer, I really did believe I
could help this man retrieve his lost fortune and make a nice commission for myself in the process by simply depositing $4000 in his checking account.”
• EVERY DETAIL HELPS• They just might know his MO.• Report cybercrime to cybercrime.gov• Learn to be safe.
Credit Reporting Agencies(notice “free credit report” .com is not one of them)• TransUnion
Fraud Victim Assistance Department Phone: 800-680-7289
EquifaxConsumer Fraud Division Phone: 800-525-6285 or: 404-885-8000
• Experian Experian's National Consumer AssistancePhone: 888-397-3742
Computer Fraud and Identity TheftWhat is Identity Theft
Victim v. OpponentWhat is an Opponent?You’ve been Hacked
What NOT to DoWhat TO Do
CheckmateContact Info
Checkmate
• Don’t live in fear.• Be Safe – Don’t Click on anything. • The Hardest Person to Con?• The most difficult person to con is an honest one. The honest person believes in working for his reward.
Nothing worth having is free.
• But just because you are honest doesn’t mean you will win at chess!
Contact Info
For a copy of this presentation and other articles published by Scott Ellis, please contact him at:
