Embed Size (px)
DESCRIPTION
ch8
Citation preview
Cyber Crimes
Code of Ethics
Cyber Space
• Worldwide network of computers and the equipment that connect them, which by its very design is free and open to the public
• Electronic medium of computer networks, in which online communication takes place
Cyber Crime
• Any crime that involves computers and the network
• Uses the computer to perform the crime• Computer is the target
Why do we need to learn about cyber crime?
• Everybody is using computers• Monetary transactions are moving on to the
internet• Many conventional crimes are being
committed with the help of computers
We have become reliant on the internet from passing emails to hypersensitive data
Types of Cyber Crimes
1. Hacking2. Salami Attack3. Malware dissemination4. Software Piracy5. Forgery6. Obscene or Offensive
Content7. Pornography8. Cyber Sex9. Fraud10. Phishing
11. Spoofing12. Spam13. Denial of Service14. Threatening15. Net Extortion16. Cyber Terrorism17. Drug Trafficking18. Cyber Warfare19. Cyber Stalking20. Cyber Defamation21. IRC Crime
Hacking
• The act of gaining unauthorized access to a computer system or network
• Unauthorized using of this access• Illegal intrusion into the computer system
without the computer owner’s permission
Hacker
• person who finds out weaknesses in the computer and exploits it
• profit, protest, or challenge
Classification of Hacker
• White hat– perform penetration tests and vulnerability assessments within a
contractual agreement• Black hat
– break into secure networks to destroy data or make the network unusable for those who are authorized to use the network
• Grey hat– hack into a computer system for the sole purpose of notifying the
administrator that their system has been hacked• Blue hat
– someone outside computer security consulting firms who is used to bug test a system prior to its launch
Social Status of Hacker
• Elite Hacker• Script Kiddie– non-expert who breaks into computer systems by
using pre-packaged automated tools written by others
• Neophyte• Hacktivist– hacker who utilizes technology to announce a
social, ideological, religious, or political message
Salami Attack
• Penny Shaving. The idea is to make the change small enough that any single transaction will go undetected
• Criminals makes insignificant changes in such a manner that such changes would go unnoticed
• Criminals makes small programs that deducts small amounts like 1php per month from the account of all customers of the bank deposit the same in his account
Malware
• Malicious Software that attach itself to other software
• Infectious Malware– Virus - infecting files on a network file system or a
file system that is accessed by other computers– Worms - uses a computer network to send copies
of itself to other nodes . It does not need to attach itself to an existing program.
Malware
• Concealment Malware– Trojan Horse - make copies of themselves, steal information,
or harm their host computer systems– Rootkits - hide the existence of certain processes or
programs from normal methods of detection and enables continued privileged access to a computer
– Backdoor - method of bypassing normal authentication procedures
– Logic Bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
– Time Bomb
Malware
• Other Malwares– Spyware - collects information about users
without their knowledge– Keystroke logger– Botnets– Adware - automatically renders advertisements
Software Piracy
• Theft of software through illegal copying of genuine programs
• End-user copying: Organizations installing or using software on more computers than they are licensed to support.
• Distribution: Selling or distributing illegally copied software, including counterfeit products.
• Downloading: Making unauthorized copies from the Internet.
Types of Software Piracy
• End User Piracy: This occurs when a company employee or an individual reproduces copies of software without authorization.– Using one licensed copy to install a program on multiple
computers; – Copying disks for installation and distribution; – Taking advantage of upgrade offers without having a legal
copy of the version to be upgraded; – Acquiring academic or other restricted or non-retail
software without a license for commercial use; – Swapping disks in or outside the workplace.
• Client-Server Overuse: This type of piracy occurs when too many employees on a network are using a central copy of a program at the same time. If you have a local-area network and install programs on the server for several people to use, you have to be sure your license entitles you to do so. If you have more users than allowed by the license, that’s “overuse”.
• Internet Piracy: This occurs when software is downloaded from the Internet. The same purchasing rules should apply to online software purchase as for those bought in traditional ways– Pirate websites that make software available for free
download or in exchange for uploaded programs;– Internet auction sites that offer counterfeit, out-of-
channel, infringing copyright software; – Peer-to-Peer networks that enable unauthorized
transfer of copyrighted programs.
• Hard-Disk Loading: This occurs when a business who sells new computers loads illegal copies of software onto the hard disks to make the purchase of the machines more attractive
• Software Counterfeiting: This type of piracy is the illegal duplication and sale of copyrighted material with the intent of directly imitating the copyrighted product
Source of Software Piracy
• P2P networks• Search engines• IRC cracking channels• Street CDs• Friends
Software Piracy Motives
• Pricing – unwillingness or inability to pay the price requested by the legitimate sellers
• Unavailability – no legitimate sellers providing the product in the country of the end-user
• Usefulness – the legitimate product comes with various means of restricting legitimate use
Effects of Software Piracy
• Reduces profits for the software developer– Loss of jobs– Increased prices for software
• reduces development money for future products
• individual who uses pirated software cannot receive technical support
• Risks to malware• Risks to file corruption
Forgery
• Counterfeiting legal documents using computers, printers and scanners– Currency notes– Postage– Revenue stamps– Mark sheets– Checks
Obscene or offensive content
• Most common to websites that violates limitations on certain speech, being racist, blasphemous, politically subversive, libellous or slanderous, seditious, or inflammatory material that tends to incite hate crimes
Pornography & Cybersex
• Publishing, transmitting any material in electronic form which is lascivious in content
• Explicit portrayal of sexual subject matter for the purposes of sexual arousal and erotic satisfaction
Use of Internet Pornography and Cybersex
• To get information• To observe and contact victims• To develop fantasies and get aroused• To overcome own inhibitions• To seduce victims and make them sexually aroused• To produce pornographic material with their
victims• To exchange this material with and sell it to others• To contact other offenders
Characteristics of Internet Pornography and Cyber Sex
• Easy access: at home, every time, cheap, anonymous• Variability of the pornographic material: photos, films,
texts, message-systems, chats (with two or more persons), audio-visual communication (microphone, webcam)
• Unlimited market: continuously new material• More deviant, violent pornography (magazines < videos
< internet)• World wide spectators and auditorium• Low risk of detection and prosecution of illegal activities
• Interactive communication with reciprocal influence on fantasies and ‘real’ behaviour - immediate or delayed
• Space to experiment between fantasy and „real life“-behaviour
• Virtual identities • Facilitates addictive consumption, habituation,
desensitization• Easy, unlimited networking (esp. for minorities),
anonymous contacts between ‘perpetrator’ and ‘victim’ and between different ‘perpetrators’
Effects of Pornography
• Family– Married men who are involved in pornography feel less satisfied
with their conjugal relations and less emotionally attached to their wives. Wives notice and are upset by the difference.
– Pornography use is a pathway to infidelity and divorce, and is frequently a major factor in these family disasters.
– Among couples affected by one spouse's addiction, two-thirds experience a loss of interest in sexual intercourse.
– Both spouses perceive pornography viewing as tantamount to infidelity.
– Pornography viewing leads to a loss of interest in good family relations.
• Individual– Pornography is addictive– Users tend to become desensitized to the type of pornography
they use and seek for more perverse forms of pornography. – Men who view pornography regularly have a higher tolerance for
abnormal sexuality, including rape, and sexual aggression. – Prolonged consumption of pornography by men produces
stronger notions of women as commodities or as "sex objects." – Pornography engenders greater sexual permissiveness, which in
turn leads to a greater risk of out-of-wedlock births and STDs.
– Child-sex offenders are more likely to view pornography regularly or to be involved in its distribution.
– Many adolescents who view pornography initially feel shame, diminished self-confidence, and sexual uncertainty, but these feelings quickly shift to unadulterated enjoyment with regular viewing.
• Society– The presence of sexually oriented businesses
significantly harms the surrounding community, leading to increases in crime and decreases in property values.
Preventive Measures against Internet Pornography
• Sexual education starting before adolescence and puberty• Active support of youth in exploring the Internet• Teaching youth not to disclose their identity (e-mail address,
telephone-no. etc.)• Teaching youth not to respond to hostile, soliciting, inadequate, or
unwanted contacts• No Internet access in the youth private rooms• Limiting time youth spend in the Internet• Installation of filtering/blocking/tracking software• Caregivers should know online friends of their children• Keeping children out of chat-rooms or control their communication• Counselling and therapy for those with problematic internet
pornography behaviour
Fraud
• Any dishonest representation of fact intended to let another to do or refrain from doing something which causes loss
• Done by fraudster
Some Types of Fraud
• Credit Card Fraud– Theft and fraud using a credit card or any similar payment
mechanisms a fraudulent source of funds and transactions• False Advertising– use of false or misleading statements in advertising– Example: Hidden Charges
• Identity Theft– form of stealing another person's identity in which
someone pretends to be someone else by assuming that person's identity
Internet Fraud
• Purchase fraud – occurs when a criminal approaches a merchant and proposes a
business transaction, and then uses fraudulent means to pay for it
– Example: Online auction and retail schemes• Work-at-home schemes
– A job is offered to work at home, with the fraudster claiming to represent a real corporation. They must purchase a software to work there and a money must be paid via western union. Of course the fraudster keeps the money, and there is no real job. Victims have called the company afterwards, but the fraudster never actually worked for or represented the company.
• Dating Fraud– the con artist develops a relationship with their victim
and convinces them to send money to the fraudster• Internet marketing and retail fraud – The victim is tricked, by a legitimate-looking site and
effective marketing, into giving their credit card information or sending funds by other means in exchange for what they believe to be goods or services. The goods never arrive, turn out to be fake, or are products worth less than those advertised.
• Internet ticket fraud– A variation of Internet marketing fraud offers
tickets to sought-after events such as concerts, shows, and sports events. The tickets are fake, or are never delivered.
• Pharming – is a hacker's attack aiming to redirect a website's
traffic to another, bogus site.
Phishing
• Fraudulent process of attempting to acquire sensitive information such as username and passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication
Phishing Example
Spoofing
• The process of deception by which an individual or system alters its identity or creates additional entities, thereby causing another person or system to act incorrectly
• Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to other computers on a network
• Example:– Upload a song over a site, advertise it to be downloaded, but
once download it is non listenable
Preventive Measures against Internet Fraud
• Shipping– Use postal insurance– Use package tracking services– Use a trusted courier that requires the recipient's signature on delivery– Suspend the delivery if you become suspicious of fraud– Don't ship an order until additional identity and payment checking is
complete • Orders
– Validate all the details of each order– Keep records of order statistics so you can build up a picture of typical
orders– If you've identified patterns of fraud, make sure alerts are triggered
when an order fits the pattern
• Customers– Make sure the customer genuinely exists– Keep records on customers with good purchase
histories and on those you've had trouble with– Use a means such as AVS (Address Verification
System) to make sure the customer's physical address is valid
– Make sure both the billing and shipping addresses are valid, especially if they are different
– Keep records of all contact you have with customers
– Use a means such as online phone books to check that a supplied phone number is valid
– Ensure any email or web addresses are valid and reputable
– Ring the customer to verify their order– Make it clear to all customers that orders and payments
will be authenticated before shipping– Warn customers that their transaction details and their
IP number (Internet address) will be recorded– Keep records of customer purchases to establish their
typical buying patterns
• Credit cards– If in doubt, ask for an independent copy of the customer's signature– Ask the customer to fax the front of their credit card– Keep a record of credit card numbers you've had problems with or
suspicions about in the past– Find out the card's issuing bank and country of origin and make
sure they match the information you've been given by the customer
– Use a means such as CVV2, SecureCode or CID (depending on the credit card vendor) to help make sure the card information hasn't been stolen
– Call the issuing bank and verify the customer's details
Spam
• Unsolicited sending of bulk emails for commercial purposes, is unlawful to varying degrees
• Done using zombie computers– zombie is a computer connected to the Internet
that has been compromised by a cracker, computer virus or Trojan horse and can be used to perform malicious tasks of one sort or another under remote direction.
• It happens in different media:– Email– Instant messaging– Newsgroup– Forums– Mobile Phone– Online game messaging– Spam targeting search engines– Blogs– Guestbook– Spam targeting video sharing sites– SPIT (Spam over internet telephony) or VOIP spam
Denial of Service
• Act of flooding the bandwidth of the victims network depriving him the services he is entitled to access or provide
• Involves flooding of computer resources with more requests than it can handle causing the resource to crash thereby denying the authorized users the service offered by the resources
Threatening / Cyber Bullying
• The criminals sends threatening email or comes in contact in chat rooms with victim
Net Extortion
• the victim is threatened to hand over goods or property, or else damage to their reputation or other harm or violence against them may occur
• Copying the company’s confidential data in order to extort said company for huge amount
Cyber Stalking
• Repeated acts of harassment or threatening behaviour of the cyber criminal towards the victim by using internet services
• Harassment– Following the victim– Making harassment phone calls– Vandalizing the property– Leaving written messages or objects
Cyber defamation
• The criminals sends emails containing defamatory matters on a website
• Defamatory– Statements that makes a claim, expressly stated or
implied to be factual, that may give anyone a negative image
Cyber Terrorism
• An act of terrorism committed through the cyberspace
• Example– Scattering news that there will be a bomb attack in
a location on this date– Collecting information for ruining peoples live
Drug Trafficking
• Drug Traffickers are increasingly taking advantages of the internet to sell their illegal substances through encrypted e-mail and other Internet Technology
• Drug traffickers arrange deals at internet cafes, and use courier web sites to track their deals
Cyber Warfare
• form of information warfare• Actions by a nation or state to penetrate
another nation’s computer to cause damage or disruption
IRC Crimes
• Inter Relay Chat servers have chat rooms in which people from anywhere the world can come together and chat with each other
• Criminals use it for meeting co-conspirators• Hackers use it for exploiting• Paedophiles use it for luring children
The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist
may be able to do more damage with a keyboard than with a bomb
