CYBER CRIME

COMPUTER AND INTERNET FRAUD

BY: KIM HONG (123101038)

Master of Accounting Program Trisakti University Jakarta

1

FRAUD TRANSITION ERAS

NO. 1. FRAUD ERA Paleolithic Era (1920-1960) CHARACTERISTICS Individual to mob such as Al Capone, God Father; Illegal activities such as alcohol, gambling, prostitution, guns, and drugs; Criminal activities centered on bribes, kickbacks, laundering cash, and evading taxes. College graduates (accountant) and sons of mobsters (SMOB); Illegal activities such as casino, legitimate & illegitimate businesses; Criminal activities centered on tax evasion and money laundering. Computer specialist, attorneys, MBAs, Wall Street professionals, etc.; Illegal activities focuses on cyber crimes; Criminal activities centered on tax evasion, money laundering, computer and internet frauds.
2

2.

Neolithic Era (1960-1980)

3.

Geek-olithic Era (1980-present)

COMPUTER FRAUD
Computer fraud is any defalcation or embezzlement accomplished by tampering with computer programs, data files, operations, equipment, or media, and resulting in losses sustained by the organization whose computer system was compromised. The intention is to execute a fraudulent scheme or financial criminal act. It can be difficult to detect by fraud examiner or forensic professional because it:
. Lacks a traditional paper audit trail; . Requires understanding of the technology used to commit the crime; . Requires an understanding of the technology of the victim computer; . Requires use computer specialists to assist the fraud examiner.
3

COMPUTER CRIME
Computer crime is an act where the computer hardware, software, or data is altered, destroyed, manipulated, or compromised due to acts that are not intended. It is a crime that is committed where the computer or electronic data device is integral to the criminal act. The function of computer in crime is fourfold:
. As an Object: physical sabotage, theft, or destruction of information; . As a Subject: technologists use to commit the crime such as virus attacks, illegal access, etc.; . As a Tool: electronic device is used to commit the crime such as embezzlement, theft of information, or hacking; . As a Symbol: it is as a victim into investment, pyramid, other traditional fraud schemes adapted to digital environment.
4

CYBER CRIME FACT

NORTON CYBER CRIME SURVEY

CYBER CRIME IN INDONESIA Based on Symantec Corporation Survey: Conducted in April 2010; 499 respondents (male and female= 6:4); Attacked at least 86% internet users; Completion of cyber crime cases was 36 days; Average cost IDR11,558,945 (USD1,265).
SURVEY
7

CYBER CRIME ATTACK

CYBER CRIME FACTS

COMPUTER HACKING
Hacker= computer enthusiast; someone seeking unauthorized access to computer systems & its information. Hackers include employees, individuals operating alone, hacker gangs, and entrepreneurial hackers who seek financial reward for their illegal acts. Hacking: . Breaking computer systems guess users access codes; . Social engineering: enter a company to reveal information.
10

HACKING METHODS
Trojan Horse Virus: converting instruction to unauthorized access; Trap Doors: inserting instruction in a program to circumvent control hackers take advantage of it; Salami Techniques: unauthorized program to steal small amount from asset, e.g. interest rounding at banking; Logic Bombs: executing at specific event, e.g. deleting payroll if the user name is removed; Data Diddling: changing data before or during entry into computer system, e.g. replacing valid disk with modified ones; Scavenging & Dumpster Diving: obtaining data from the trash by knowing user name; Data Leakage: removing, smuggling, hiding information from facility; Piggybacking/Impersonation: gaining restricted area using users password & tapping to terminal link;
11

HACKING METHODS
Simulation & Modeling: manipulation to plan or control criminal act; Wire Tapping: taking transmitted data between computers. Encryption can minimize it; Network Weaving: looping using network to avoid detection; Altering Password Generation: using randomizer to generate name and password; Buffer Overflow Exploits: overflowing a program to alter system files, installing backdoors, etc.; Privilege Escalation Exploits: unauthorized access to exploit grand administrator or root level access to users; Backdoors: remote access to the system at a point time; HTTP Exploits: performing malicious activities to web server applications; Anti-hacker Measures: remote access to customers, vendors, and suppliers to companys server.
12

HACKER DETECTION PROGRAM

Print & review log files; Administer passwords; Maintain security software; Review system activity reports; Follow up on potential security violations; Review telecommunication security.
13

COMPUTER VIRUSES
Computer virus is a hidden computer programs that use computer resources or other computer activities to shut down or slow the system significantly. Infected computers resources to replicate itself and spread the infection to other computer systems on a network, internet, email, text messages, infected software, shared program application, demonstration software, freeware, and shareware. Diversity from harmless (displaying a message or greeting) to those that shut down entire computer network, ruin data, or destroy the ability of computer function.
14

TYPES OF COMPUTER VIRUSES

Macro virus; Boot sector virus; Parasitic virus; TSRAM virus; Application software virus; Multi-partite virus; Tequila virus; Polymorphic virus; Stealth virus; Mutation engine virus; Network virus; Worm.
15

VIRUS ATTACK INDICATORS

Decreasing free space; System slow down; An increase size of some files; Operating system behaving abnormal; Unusual messages and graphics; Inability to boot system and access files; Unexplained and repeated maintenance repairs; System or data file disappeared or fragmented; Unexplained changes in memory & program sizes; Displaying messages that virus has been encountered.

16

VIRUS INVESTIGATION & PREVENTION

Isolating systems and all media; Running virus software; Document finding; Interviewing system custodian & all users to identify its symptoms, damage, & system mall function; Following audit trail of infection; Determining source of virus; Do not use external device to boot the system; Do not install unauthorized software; Use anti virus software to detect potential viruses; Back up program & files; Be caution in opening attachment.
17

INTERNET FRAUD SCHEMES

NO. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. INTERNET SCHEMES Online auction General merchandise sales Nigerian money offers False checks Lotteries/lottery clubs Phishing Advance fee loans Information/adult services Work at home plans Internet access services % COMPLAINTS 42% 30% 8% 6% 4% 2% 1% 1% 1% 1%
18

INTERNET FRAUD PERSPECTIVES

Over 1 billion internet users, 16% of worlds population (June 2006); In US, 69% of population was online, approximately 227 million users; Internet growth increased 189% (2000-2005); In US, identity fraud, decreased from 10.1 million people to 8.9 million people but the average fraud loss increased from $5,249 to $6,383; In US, total one year cost of identity fraud increased from $53.2 billion to $56.6 billion (20032006); 68% of identity fraud victims incur no out of pocket expenses;
19

INTERNET FRAUD PERSPECTIVES

To resolve identity fraud cases increased from 33 hours (2003) to 40 hours (2006); 30% identity theft from lost/stolen wallets, checkbooks, credit cards; 47% identity theft by friends, neighbors, in-home employees, family members, or relatives; Nearly 70% from consumers shredding documents, now less than 1%; 2.3% was the smallest rate of identity fraud victims at age 65+; 35-44 age group had the highest average fraud amount i.e. $9,435.

20

TRADITIONAL INTERNET FRAUD SCHEMES

Get Rich Quick: desire to make easy money; Pyramid Schemes: marketing or investment referral fraud; Foreign Trusts: getting tax less life for evasion; Prime Bank Note: offering high yield investment schemes; Chain Letters: intimidating un-fortune events if not donate certain amounts; Investment & Securities Fraud: offering advice by manipulating stock price for fraudsters advantage; Ponzi Scheme: high financial return by using subsequent investors amount to initial investor;
21

NEW THREAT INTERNET FRAUD SCHEMES

Modem Hijacking: long distance connection from ISPs victim; Spamming: sending email to subscriber on the list; Counterfeit Check Scams: taking money by offering goods and asking the down payment; Phishing: tricking business into providing passwords, account numbers, other sensitive data; Spear Phishing: fooling employee to get user name and password to access corporate network; Pharming: fooling into entering sensitive data into a malicious website; Internet auction fraud: offering auction via internet.
22

COMBATING INTERNET FRAUD Encrypt confidential information; Validate user names and password into its protocol; Do not put financial information, customer data, and other valuable databases on the web server; Put firewall to prevent unauthorized access.
23

MONEY LAUNDERING IN CYBER SPACE

Accounted $500 billion (1996); 4 models: merchant issuer, bank issuer, non-bank issuer, and peer to peer models; E-gold can be used for money laundering in the type of transactions: e-commerce, business to business payments, point of service sales, person to person payments, payroll, bill payments, and charitable donations; Combating money laundering through nonanonymous financial transactions, mapping global payment systems, facilitating international information sharing, knowing your customers, harmonizing and coordinating international money movement regulations.
24

REPORTING CYBER CRIMES

Law enforcement agencies: Federal Bureau of Investigation (FBI); US Secret Service; US Immigration & Customs Enforcement (ICE); US Postal Inspection Service; Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF); Internet Crime Complaint Center (IC3) serves as a means to receive internet-related criminal complaints; In Indonesia, Electronic Information and Transaction Law no. 11 2008 had been approved to be the reference computer-related events. It is ruled from article 27 to article 37. Any violation against the rules will be charged according to criminal law as stated from article 42 until article 52.
25

SUMMARY & CONCLUSION

1. Crimes has grown to cyber crimes centered on tax evasion, money laundering, computer and internet frauds. 2. Cyber crimes use computer to take advantage from the technology weaknesses to enrich personal wealth. 3. Top 5 cyber crimes: virus, worms, or other malicious code (53%), Spyware (41%), Phishing (38%), Unauthorized access (35%), Unintentional exposure of sensitive information (34%). 4. Security tools and watch can be used to reduce the risk of cyber crimes. 5. Reporting cyber crimes to the authorities is important as a way to investigate and take further actions. 6. Electronic Information and Transaction Law no. 11 2008 is the reference to computer-related criminal actions in Indonesia.
26