Cybercrime and Computer Hacking

8/13/2019 Cybercrime and Computer Hacking

http://slidepdf.com/reader/full/cybercrime-and-computer-hacking 1/35

Cyber Crime and Computer Hacking



Presentation Over:

What is Cyber Crime??? Cyber Criminals

Reasons for Cyber Crime and Classification

Types of Cyber Crime

Hacking, History, Techniques, Types, Needs ofHacker, Successful Hackers

Industry Response

Protect Computers Intrusion Detection

Practical Steps for Prevention of Cyber Crime

Conclusion



The Invisible Criminals AreDangerous Than The Visible One…

What is



What is Cyber Crime?

“He Uses Technology As His Weapon” It Is A Criminal Activity Committed On The Internet .

A Generalized Definition Of Cyber Crime May Be “Unlawful ActsWherein The Computer Is Either A Tool Or Target Or Both” .

Cyber crime offenses against the information technologyinfrastructure.

Such conducts includes:

• Illegal access

• Illegal interception

• System interference

• Data interference

• Misuse of devices

• Fraud

• Forgery



Children and adolescents between the agegroup of 6 – 18 years

Organised hackers

Professional hackers / crackers Discontented employees

Cyber Criminals



Reasons for Cyber Crime

Capacity to store data in small spaceEasy to access

Complex

Negligence

Loss of evidence



Against Individuals Against Individual Property

Against Organization

Against Society at large

Classification



HackingEmail bombingData diddlingSalami attacksDenial of Service attack Virus / worm attacksLogic bombs

Web jacking

Types of Cyber Crime



Hacking

Unauthorized use of computer and network resources.

“Hacker” originally meant a very gifted programmer.

Hacking is a felony in the US and most other countries. When it is done by request and under a contract

between an ethical hacker and an organization, it is OK!

The difference is that the ethical hacker has

authorization to probe the target.

“The number of really gifted hackers in the world is verysmall, but there are lots of wannabes…”(-Dr. Charles C.Palmer, IBM)

What is Hacking?



Who are Hackers?

A school definition for the term hacker. Is someone whonever goes to class, who in fact sleeps all day, and whospends the night pursuing recreational activities ratherthan studying.

There are at least two common interpretations:

Someone who bypasses the system’s access controls bytaking advantage of security weaknesses left in the

system by developersSomeone who is both knowledgeable and skilled atcomputer programming, and who is a member of thehacker subculture, one with it’s own philosophy and code

of ethics



History of Hackers

In December of 1947, the transistor was invented. Captain Crunch

Steve Jobs

Kevin Mitnick AT&T

The Worm- Robert Tappan Morris

Kevin Poulsen (a.k.a. Dark Dante)

Tsumomu Shimomura David Smith

Jon Johansen (a.k.a. DVD Jon)



What Do Hackers Do?

System Access confidential information

Threaten someone from YOUR computer

Broadcast your confidential letters or materials Store illegal or espionage material

Network

Eavesdrop and replay Imposer: server / client

Modify data / stream

Denial-of-Service



Hacker’s Techniques

System hacking

Network hacking

Software hacking



Professional hackers Black Hats – the Bad Guys

White Hats – Professional Security Experts

Underemployed Adult Hackers

Former Script Kiddies

Can’t get employment in the field Want recognition in hacker community

Ideological Hackers

hack as a mechanism to promote some political or ideological purpose

Usually coincide with political events

Criminal Hackers

Real criminals, are in it for whatever they can get no matter who it hurts

Disgruntled Employees

Most dangerous to an enterprise as they are “insiders”

Since many companies subcontract their network services a disgruntledvendor could be very dangerous to the host enterprise

Types of Hackers



Spam

Downloads

Pop-ups

Active X

Top Tools Hackers Use



Successful Hackers

Eric McCarty hacks into USC database Australian hacker attacks sewage control

computers



Most Likely to be Hacked

Small businesses with 10 or feweremployees.

Most vulnerable

Less resources Ignore or unaware of risks

Large businesses with 100 or more

employees Higher profile

Larger network



Computer hacking is broadly defined as any action thatresults in unauthorized interference with a computer, computersystem or network. Computer hacking includes breaking into acomputer with the intent to steal, damage, modify or monitor dataor settings within the system.Significance

Computer hacking is considered a crime in all countries; it isalso a crime under federal and international law. Because acomputer may be accessed from anywhere, a person may becharged with computer hacking on the state, federal andinternational level.Types

Hacking often involves more than just unauthorized accessto a computer. Computer hackers may access a computer in orderto: steal financial information such as credit card access numbers;steal personal information (identity theft); harass (swatting);vandalize; gain access to other computers; launch computer

attacks; or place malicious software (malware).

Is Computer Hacking a Crime???



Refers to sending a large number of emails to the victim resulting in the victim's

Email account (in case of an individual)

or

Mail servers (in case of a company or anemail service provider) crashing.

Email Bombing



Altering raw data just before it isprocessed by a computer and thenchanging it back after the processing

is completed.

Electricity Boards in India have been

victims to data diddling programs insertedwhen private parties were computerizingtheir systems.

Data Diddling



Used for the commission of financialcrimes.

Key here is to make the alteration so insignificant that in a single case itwould go completely unnoticed.

E.g. a bank employee inserts a program, intothe bank's servers, that deducts a small amount of

money (say Rs. 5 a month) from the account ofevery customer. No account holder will probablynotice this unauthorized debit, but the bankemployee will make a sizable amount of moneyevery month.

Salami Attacks



Involves flooding a computer resource with more requests than it can handle.

Causes the resource (e.g. a web server) tocrash thereby denying authorized users the service offered by the resource.

Denial of Service Attack



Programs that attachthemselves to a computer or afile

Circulate themselves to otherfiles and to other computers ona network

Affect the data on a computer,either by altering or deleting it

Virus Attacks



Do not need the host to attachthemselves to.

Make functional copies ofthemselves and do thisrepeatedly till they eat up all the

available space on a computer'smemory.

Worm Attacks



Event dependent programs. Programs are created to do something only

when a certain event (known as a triggerevent) occurs.

E.g. even some viruses may be termed logicbombs because they lie dormant all through theyear and become active only on a particular date (like the Chernobyl virus).

Logic Bombs



Occurs when someoneforcefully takes control ofa website (by cracking the

password and laterchanging it).

Web Jacking





Financial fraud 11% Sabotage of data/networks 17%

Theft of proprietary information 20%

System penetration from the outside 25% Denial of service 27%

Unauthorized access by insiders 71%

Employee abuse of internet privileges 79%

Viruses 85%

Types of Cyber attacks by %(Source- FBI)



Industry Response

Software analyst meet todiscuss the latesttechnology

Demand for security

professionals Many companies have

spent money on securityand repairs

Microsoft estimated fivebillion dollars in 2010

www.Getsafeonline.com

http://www.homeoffice.gov.uk/



Use anti-virus software and firewalls - keep them up to date Keep your operating system up to date with critical security

updates and patches Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Don’t use words found in a

dictionary. Remember that password cracking tools exist Don't share access to your computers with strangers Back-up your computer data on disks or CDs often If you have a Wi-Fi network, password protect it Disconnect from the Internet when not in use Reevaluate your security on a regular basis Make sure your employees and family members know this

info too!

Protect your Computers



Intrusion Detection

Intrusion detection systems are the nextgeneration of security beyond firewall protection

Host Based IDS: For servers that contain sensitive

information.

Network Based IDS: Monitors certain networksegments.

Gives administrators a more proactive approach tostopping a potential threat.



Introduction to Detection



HOW TO DEALWITH THIS PROBLEM

International Agreements and Cooperation –Essential due to the Worldwide Nature of theInternet

Software and Hardware defenses

(e.g., antispam, antivirus software, firewalls)

Other practical steps….

Practical Steps for prevention of



Avoid disclosing any information pertaining tooneself.

Avoid sending any photograph online particularlyto strangers.

Use latest and up date anti virus software.

Keep back up volumes.

Never send your credit card number to any site

that is not secured.

Use of firewalls may be beneficial.

Practical Steps for prevention ofCyber Crime



Conclusion

User awareness is key to a secure computer/network Do not open suspicious files/emails

Verify ActiveX/Java prompts

Avoid using P2P programs

Avoid downloading freeware

If attacked, disconnect the network. Do not turn off the computer

Without Careful Attention To These Issues, TheUncontrolled Interconnection Of Existing Systems, On

Which People And Organizations Are Critically Dependent,Will Continue To Create Huge, Ill-defined And DefenselessSuper - Systems.

So We Must Pay Attention To All Those Issues And ProtectThe World From Cyber Crime.

Documents

Cybercrime and Computer Hacking