Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
Crime and criminality have been associated with man since his fall. Crime remains elusive and ever strives to hide itself in the face of development. Different nations have adopted different strategies to contend with crime depending on their nature and extent. One thing is certain, it is that a nation with high incidence of crime cannot grow or develop. That is so because crime is the direct opposite of development. It leaves a negative social and economic consequence.
Crime ware
A type of malicious software that is designed to commit crimes on the Internet. Crimeware may be a virus, spyware or other deceptive piece of software that can be used to commit identity theft and fraud.
Cyberprise
Slang term used to describe the merging of cyberspace and the enterprise. The term cyberprise was first trademarked by the company Wall Data Inc., which used the word as its product name. Wall Data's Cyberprise is a suite of tools used for creating multiple online communities that include an enterprise's customers, vendors and partners. In 1999, Wall Data was acquired by NetManage, Inc. What is Computer Crime? Any crime in which computer-related technology is encountered. The commission of illegal acts through the use of a computer or against a computer system.
Most Common Computer Crimes Fraud by computer manipulation Computer forgery Damage to or modifications of computer data or programs Unauthorized access to computer systems and service Unauthorized reproduction of legally protected computer programs
Computer Crimes Are Hard to Prosecute Lack of understanding Lack of physical evidence Lack of recognition of assets Lack of political impact Complexity of case Juveniles
Spam is Hostile
You pay for Spam, not Spammers Email costs are paid by email recipients Spam can be dangerous Never click on the opt-out link! May take you to hostile web site where mouse-over downloads an .exe Tells spammers they found a working address They wont take you off the list anyway
4 What should you do? Filter it out whenever possible Keep filters up to date If you get it, just delete the email
Changes Brought in IT
Large network as backbone for connectivity across the country Multiple Service providers for providing links BSNL, MTNL, Reliance, TATA, Rail Tel Multiple Technologies to support network infrastructure CDMA, VSAT, DSL Multiple Applications
Ubiquitous computing, networking and mobility Embedded Computing Security IPv6 VoIP
Intranet
Perimeter Network
Branch
Desktops New PC Router
` `
Laptops
Router
Branch Offices
` ` `
Servers
Router
Internet
Remote Workers
`
Virus
1977
1995
2000
2003-04
2005-06
2007-08
Trends of Incidents
Phishing
o o o o o
Increase in cases of fast-flux phishing and rock-phish Domain name phishing and Registrar impersonation Crimeware Targeting personal information for financial frauds Information Stealing through social networking sites
Toolkits like Mpack and Neospolit can launch exploits for browser and client-side vulnerabilities against users who visit a malicious or compromised sites
INFORMATION SECURITY
Availability Authenticity INFORMATION SECURITY Authenticity
Security Policy
People
Regulatory Compliance
User Awareness Program
Access Control
Process
Technology
Three faces of cyber crime
Organized Crime Terrorist Groups Nation States
Fraud
Credit fraud is another common form of cyber-crime. Certain computer viruses can log keystrokes on your keyboard and send them to hackers, who can then take your Social Security number, credit card number and home address. This information will be used by the hacker for his own means.
Cyber Bullying
Harassment, or cyber bullying, is a growing problem among teenagers. Many countries in Europe and several states in the United States have laws to punish those who consistently harass somebody over the Internet.
10
Drug Trafficking
Believe it or not, drug trafficking is happening over the Internet. Many traffickers use encrypted email or password-protected message boards to arrange drug deals.
Cyber terrorism
There are many forms of cyber terrorism. Sometimes it's a rather smart hacker breaking into a government website, other times it's just a group of like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal.
Piracy
Far and away the most talked about form of cybercrime is thievery. Yes, downloading music from peer-to-peer websites is illegal and therefore a form of cybercrime Mail Bombing
Similar in some ways to a DoS attack A stream of large-sized emails are sent to an address, overloading the destination account This can potentially shut-down a poorly-designed email system or tie up the telecom channel for long periods Defense: email filtering
Break-Ins
Hackers are always trying to break-in into Internet-connected computers to steal info or plant malicious programs Defense: Intrusion detectors
Credit Card Fraud (2) Alternatively, the thief may auction the credit card info on certain Web sites setup just for that purpose Defense: Use single-use credit card numbers for your Internet transactions Using a piece of SW without the authors permission or employing it for uses not allowed by the author is SW piracy For whatever reason, many computer users do not consider it to be a serious crime, but it is!
Software Piracy (2) Only the large rings of illegal SW distributors are ever caught and brought to justice Defense: Various authentication schemes. They, however, are seldom used as they generally annoy the genuine users
11
Industrial Espionage
Spies of one business monitoring the network traffic of their competitors They are generally looking for info on future products, marketing strategies, and even financial info Defense: Private networks, encryption, network sniffers
Web Store Spoofing A fake Web store (e.g. an online bookstore) is built Customers somehow find that Web site and place their orders, giving away their credit card info in the process The collected credit card info is either auctioned on the Web or used to buy goods and services on the Web
Viruses (1)
Self-replicating SW that eludes detection and is designed to attach itself to other files Infects files on a computers through: Floppy disks, CD-ROMs, or other storage media The Internet or other networks
Viruses (2)
Viruses cause tens of billions of dollars of damage each year One such incident in 2001 the LoveBug virus had an estimated cleanup/lost productivity cost of US$8.75 billion The first virus that spread world-wide was the Brain virus, and was allegedly designed by someone in Lahore
Neutral
May display an annoying, but harmless message
Helpful
May hop from one computer to another while searching for and destroying malicious viruses
12
Transmission Mechanism
Viruses attach themselves to other computer programs or data files (termed as hosts) They move from one computer to another with the hosts and spring into action when the host is executed or opened
Payload
The part of the virus that generally consists of malicious computer instructions The part generally has two further components: Infection propagation component:
This component transfers the virus to other files residing on the computer Actual destructive component:
Download SW from trusted sites only Do not open attachments of unsolicited emails Use floppy disks and CDROMs that have been used in trusted computers only When transferring files from your computer to another, use the write-protection notches
Antivirus SW
1. 2. Designed for detecting viruses & inoculating Continuously monitors a computer for known viruses and for other tell-tale signs like: 1. 2. 3. 3. Most but, unfortunately not all viruses increase the size of the file they infect Hard disk reformatting commands Rewriting of the boot sector of a hard disk
The moment it detects an infected file, it can automatically inoculate it, or failing that, erase it
13
Trojan Horses
1. 2. 3. Unlike viruses, they are stand-alone programs The look like what they are not They appear to be something interesting and harmless (e.g. a game) but when they are executed, destruction results
Logic- or Time-Bombs
1. 2. It executes its payload when a predetermined event occurs Example events: 1. A particular word or phrase is typed A particular date or time is reached
2. Worms
1.
Harmless in the sense that they only make copies of themselves on the infected computer Harmful in the sense that it can use up available computer resources (i.e. memory, storage, processing), making it slow or even completely useless
2.