Unit 7 SeminarCJ 180 Intro to Private Security

Al Dauser, CPP, CFIAdjunct Professor

School of Criminal Justice

Tonight’s Seminar Question

• In this seminar, we will discuss computer security issues related to hacking, identity theft and viruses. You are encouraged to do a Web search on computer and information security to prepare for the Seminar.

Networks

• Local Area Networks– Local area networks (LANs) consist of two or more

computers physically connected with some type of wire or cable (or wireless connection)

– Your home could be a LAN– protocols • Ethernet• Token Ring• ARCnet

Wireless LANs

• The networks operate on the open air, eliminating hardwire applications and their limitations

• Wireless or Wi-Fi is the standard now. Hardwired computers are giving way to wireless networks at home and in the office

Wide Area Networks

• More powerful networks that can function across wide geographic areas at greater speeds than LANs

• Most WANs are connected via telephone lines, although a variety of other technologies, such as satellite links, are used as well

The Internet

• The Department of Defense started a network in the 1970s called ARPAnet

• This system allowed LANs and WANs to communicate with one another

• The World Wide Web (the Web or WWW) is a hypertext-based tool that allows people to retrieve and display data

• Utilizing both graphics and hypertext (data linked to other data), the Web is one of the most popular tools on the Internet

The Need for Computer Security

• Protecting computers and information from some type of theft

• Computer security must also deal with natural disasters like fires, floods, accidents, and so forth

• The type of crimes committed on a grand scale is often also perpetrated on the small scale

• According to an FBI and Computer Security Institute report the greatest losses were from thefts of proprietary information, costing companies over $6 million in 2002

• The loss is not the computer, but the data on the computer

Web Scams

• Internet auctions• Shop-at-home/catalog sales• Internet access services• Foreign money offers• Internet info/adult services• Business opportunities• Computers• Web site design

Classic Methods for Committing Computer Crimes

• Once connected to the computer, the criminal has a wide range of methods available to disrupt system activity or to observe, steal, or destroy information

Data Manipulation or Theft

• Changing data during or after input into a computer system is the simplest, safest, and most common method of committing computer crime

• Data theft has become a major precursor for identity theft

Salami Technique

• Implies trimming off small amounts of money from many sources and diverting these slices into one’s own or an accomplice’s account

• By creating a new program or altering an existing one, an employee can randomly deduct one to five cents from a few thousand different individual accounts

Trojan Horse

• Although Trojan horse programs are categorized as viruses, they are not true viruses, since they do not replicate. It is a malicious program disguised as something benign, such as a screen saver.

• When loaded onto our machine, a Trojan horse can capture information from our system -- such as user names and passwords--or could allow a malicious hacker to remotely control our computer.

Viruses

• A set of unwanted instructions executed on a computer and resulting in a variety of effects

• McAfee estimates there are over 400,000 known viruses

• Viruses fall into one of four categories based on the type of damage that the virus inflicts– Innocuous viruses, – humorous virus – Altering – catastrophic virus

Worms

• Some people regard worms and viruses as the same type of program

• Each has a replication mechanism, an activation mechanism, and an objective

• Viruses and worms are very different kinds of programs – While viruses just infect programs, worms take over

computer memory and deny its use to legitimate programs

Hostile Applets

• A new danger exists when using the World Wide Web to obtain information

• The danger is from so-called hostile applets that utilize a Java-enabled Web browser

• Just as viruses perform a variety of tasks without the user’s knowledge, so do hostile applets

Bombs

• A bomb is a computer code inserted by a programmer into legitimate software

• Time bombs– A date or time triggers a time bomb,

• Logic bombs– some event, perhaps the copying of a file, triggers

a logic bomb

Trapdoors and Back Doors

• Doors allow programmers extensive access to test systems while they are being developed– allowing programmers access that would normally

be denied

• Trapdoors are intentionally created and are normally inserted during software development

Scavenging Memory

• Information contained in buffers or random access memory is kept until the space is written over or the machine is turned off

• Allows a person gaining access to these areas to search for sensitive data that may be left from previous operations

• Also hard drives from printers, scanners, copy machines

War Driving

• This self-attached term refers to hackers who drive around locating wireless network points of entry

• Anyone with a laptop and powerful wireless card can enter a company’s wireless network

• As the range of the systems increases so do the threats from the war driver

Identity Theft

• Using information stolen from computer databases, criminals are committing criminal acts that impact on the person whose identity is stolen

• Cost to U.S. consumers in 2011 according to the FTC-- $1.52 Billion

Dealing with ID Theft

• Know your thief’s objectives– Open new accounts– Take over existing accounts– Apply for loans– Rent apartments– Establish services with utilities– Write fraudulent checks– Steal and transfer money from exiting accounts– File bankruptcy– Obtain employment

Dealing with ID Theft (cont.)

• Be proactive– Invest in a personal paper shredder– Purchase a mailbox with a locking mechanism– Review monthly bills in a timely manner– Keep a record of all accounts– Opt out of pre-approved credit cards– Minimize the amount of personal information on your

person– Limit the number of credit cards and cancel others

So what is ‘phishing’?

• Phishing e-mail messages are designed to steal your identity. They ask for personal data, or direct you to Web sites or phone numbers to call where they ask you to provide personal data

What does a phishing email look like?

• Phishing e-mail messages take a number of forms:• They might appear to come from your bank or financial

institution, a company you regularly do business with, such as Microsoft, or from your social networking site.

• They might appear to be from someone you know. Spear phishing is a targeted form of phishing in which an e-mail message might look like it comes from your employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or IT.

What does a phishing email look like?

• They might ask you to make a phone call. Phone phishing scams direct you to call a customer support phone number. A person or an audio response unit waits to take your account number, personal identification number, password, or other valuable personal data. The phone phisher might claim that your account will be closed or other problems could occur if you don't respond.

What does a phishing email look like?

• They might include official-looking logos and other identifying information taken directly from legitimate Web sites, and they might include convincing details about your personal information that scammers found on your social networking pages.

• They might include links to spoofed Web sites where you are asked to enter personal information

Here is an example of what a phishing scam in an e-mail message might look like

From the example on the last slide

• Example of a phishing e-mail message, which includes a deceptive Web address that links to a scam Web site.

• To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but actually takes you to a phony scam site (2) or possibly a pop-up window that looks exactly like the official site

Some examples

• "Verify your account." • Businesses should not ask you to send

passwords, login names, Social Security numbers, or other personal information through e-mail.

• If you receive an e-mail message from Microsoft asking you to update your credit card information, do not respond: this is a phishing scam.

Some examples

• "You have won the lottery." • The lottery scam is a common phishing scam

known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part. The lottery scam often includes references to big companies, such as Microsoft. There is no Microsoft lottery

Some examples

• “ I am the widow of General XXXXXX”• These are the oldies but goodies of the

phishing scams• Probably the oldest scams out there• Some people have actually lost their lives

because of this scam

Some examples

• "If you don't respond within 48 hours, your account will be closed."

• These messages convey a sense of urgency so that you'll respond immediately without thinking. A phishing e-mail message might even claim that your response is required because your account might have been compromised.

What does a phishing link look like?

• Sometimes phishing e-mails direct you to spoofed web sites. Here’s an example of the kind of phrase you might see in an e-mail message that directs you to a phishing Web site:

• "Click the link below to gain access to your account."

• HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site.

What does a phishing link look like?

• Phishing links that you are urged to click in e-mail messages, on Web sites, or even in instant messages may contain all or part of a real company’s name and are usually masked, meaning that the link you see does not take you to that address but somewhere different, usually an illegitimate Web site

What does a phishing link look like?

• Notice in the following example that resting (but not clicking) the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's Web address, which is a suspicious sign.

Example of a masked Web address• Con artists also use Web addresses that resemble the

name of a well-known company but are slightly altered by adding, omitting, or transposing letters. For example, the address "www.microsoft.com" could appear instead as:

• www.micosoft.com • www.mircosoft.com • www.verify-microsoft.com • This is called "typo-squatting" or "cyber squatting

• http://www.microsoft.com/protect/fraud/phishing/symptoms.aspx (Source information)

Recent news

• Kaspersky Lab, a developer of secure content management solutions, has released a report on spam for the first quarter of 2010.

According to the report, the number of phishing attacks on social networking sites has increased with Facebook being the most popular targets for phishing (fourth overall). The top organization for phishing attacks was PayPal with 52.2 percent of all attacks. eBay was second with 13.3 percent of attacks.

Recent News• Phishing Schemes Are Becoming Sneakier in Targeting Doctors

American Medical News (01/25/10) Dolan, Pamela Lewis

Cunning phishers are using "spearphishing" tactics to fool physicians into giving them sensitive information by sending them emails that purport to be from parties that they routinely do business with. Identity theft consultant Robert Siciliano says there are a number of warning signs that an email may be from a phisher. One such telltale is an email that comes from a company with which the doctor has no business; another is an email address or URL that does not quite jibe with the apparent source. Siciliano advises physicians not to click on a link sent through an email, but rather bookmark commonly visited sites, and use that link whenever they get an email requesting that they click through. Calling to confirm the source named in the email is a good idea, according to Jorge Rey with Kaufman, Rossin & Co.; he also cautions against downloading files sent via email no matter what the extension.

Questions??

• What questions do you have???