Sie sind auf Seite 1von 30

Chapter 5

Cyber Crime: Computer and Internet Fraud

Critical Thinking Exercise

There are 5 different color houses, occupied by people of 5 different nationalities, who smoke 5 different cigar brands, drink 5 different types of alcohol, and have 5 different pets. The houses are lined up in a row. 1. The Brit lives in the red house. 2. The Swede keeps dogs as pets. 3. The Dane drinks tea. 4. The green house is on the left of the white house. 5. The green houses owner drinks coffee. 6. The person who smokes Pall Mall rears birds. 7. The owner of the yellow house smokes Dunhill. 8. The man living in the center house drinks milk. 9. The Norwegian lives in the first house. 10. The man who smokes Blends lives next to the one who keeps cats. 11. The man who keeps the horse lives next to the man who smokes Dunhill. 12. The owner who smokes Bluemasters drinks beer. 13. The German smokes prince. 14. The Norwegian lives next to the blue house. 15. The man who smokes Blends has a neighbor who drinks water. QUESTION: WHO OWNS THE FISH?

3 Eras of Fraudulent Activities

Paleolithic Era
Centered on cash and evading taxes Fraud schemes involved alcohol, gambling, prostitution and drugs

Neolithic Era
Accountants could steal more than mobsters Included cash heavy business to conceal proceeds

Geek-olithic Era
Computers or network of computers involved

Overview of Cyber Crime

The Role of the Computers in Cyber Crime Computer Fraud vs. Computer Crime Losses or Other Damages Related to Computer Crimes International Aspects of Computer Crime

The Role of the Computers in Cyber Crime

Computer Crime
Computer as an Object
Computer or network is target

Computer as a Subject
Computer is used to commit crime

Computer as a Tool
Computer is integral to the act

Computer as a Symbol
Computer adds credibility or is used to deceive

Computer Fraud vs. Computer Crime

Computer Fraud
Access occurs with intent to execute a fraudulent scheme Comprehensive Crime Control Act of 1984 Computer Fraud and Abuse Act (CFAA)

Computer Crime
Hardware, software or data is destroyed or manipulated due to acts which are not intended Computer assisted crimes

Loss or Other Damages Related to Computer Crimes

Economic Loss
Responding to illegal acts Conducting a damage assessment Restoring data or program to original condition Consequential damages occurred

Special Loss
An actual or potential effect on medical care Physical injury to a person Threat to public health or safety Damage to a computer related to the administration of justice, national defense or national security

International Aspects of Computer Crime

International dimensions are increasingly likely Securing electronic evidence is very difficult Complaints dropped, but losses have risen Council of Europe Cybercrime Convention

Frauds and Other Threats in the Digital World of Computers

Insider Threats Computer Hacking
Social Engineering Hacker Computer Manipulations

Computer Viruses
Types of Computer Viruses Virus Carriers and Indicators

Hardware, Software and Data Security

Anti-Virus Software Investigating Virus Infections

Insider Threats
Computer crime from employees inside an organization
Opportunity to commit fraud Aware of holes in the system

Less stringent supervisory controls over IS personnel Computer fraudster characteristics are similar to traditional fraudster
Intelligent Hard working Minimal absences Bored with the routine Egotistical

Computer Hacking
Seek unauthorized access to computer systems Incorporate unsuspecting computer owners Gain access by generating password

Social Engineering
Simple deception to gain access to information Pose as new worker to gain information Retrieve documents from trash

Hacker Computer Manipulations

Trojan Horse Trap Doors Salami Techniques Logic Bombs Data Diddling Scavenging and Dumpster Diving Data Leakage Piggybacking/Impersonation Simulation and Modeling Wire Tapping Network Weaving Altering Password Generation Buffer Overflow Exploits Privilege Escalation Exploits Backdoors HTTP Expoits Anti-Hacker Measures

Computer Viruses
Attack Software Hidden computer programs that shut or slow down system Can ruin data and destroy computer Slow down can overload e-mail networks

Types of Computer Viruses

Macro Virus I Love You virus Boot Sector Viruses Parasitic Viruses TSRAM Viruses Application Software Viruses Multi-Partite Viruses Polymorphic Viruses Stealth Viruses Mutation Engine Viruses Network Viruses Worms

Virus Carriers and Indicators

Carriers Unknown applications Indicators System suddenly slows down

Media brought in by employees

Unsolicited e-mails Vendors/suppliers with infected software

Dramatic decrease in free space

Increase in file size Operating system begins behaving unpredictably

Hardware, Software and Data Security

Effective security ensures availability of data Effective passwords are essential Logical controls to secure network Data encryption Digital signatures

Biometrics Smartcards Virus protection

Antivirus Software
Detect computer viruses and malware Traditional Scanners
Look for known viruses Check recognizable patterns Limited usefulness

Heuristic Scanners
Look for unknown viruses Inspect executable files

Behavior Blocking Scanners

Run continuously Look for behavior linked to virus activity

Change Detection Scanners

Check for changes

Investigating Virus Infections

Virus infections can be investigated by taking the following actions
Isolate the system Run antivirus software Document findings

Audit trail of infection Determine source of virus Protection policies Countermeasures Track costs / damages

Internet Fraud
Electronic Commerce Typical Internet Schemes
Traditional Frauds Adapted for the Computer and Internet Additional Threats and Abuses of the Computer and Internet

Combating Internet Fraud

Electronic Commerce (E-Commerce)

Electronic Signatures
Encryption Smart Cards Memory Cards Processor Cards

Traditional Frauds Adapted for the Computer and Internet

Get Rich Quick Pyramid Schemes Foreign Trusts Prime Bank Note Chain Letters Investment and Securities Fraud Ponzi Scheme

Additional Threats and Abuses of the Computer and Internet

Modem Hijacking Spamming Counterfeit Check Scams Phishing Spear Phishing Pharming Internet Auction Fraud

Combating Internet Fraud

Encrypt confidential information User validation Dont store financial information and customer data on web server Firewalls
Attempt to prevent unauthorized access Control interactions between servers and internet

Complex Frauds and Financial Crimes in Cyberspace

Exploit computer vulnerabilities Hackers use malware to steal information Botnets Distributed Denial of Service (DDos) Why is internet an attractive operational location for criminal enterprises?
Information is power Cyberspace gives criminal worldwide reach World Wide Web is anonymous Difficult to prosecute criminals

Shadowcrew: Web Mobs

Sold stolen and counterfeit credit and identification cards $4 million in losses Can pop up anywhere and disband with little more than keystrokes Work solely in the online world

Money Laundering in Cyberspace

Internet banking makes following money more difficult Enhanced by near anonymity Can be accessed by anywhere in the world Monitoring activity is nearly impossible Gambling of dirty money at cyber-casinos $500 billion annually Cyberspace payment models
Merchant Issuer Model Bank Issuer Model Non-Bank Issuer Model Peer-to-Peer Model

Money Laundering in Cyberspace

International Monetary Fund (IMF) World Bank Financial Sector Assessment Program (FSAP) Map Global Payment Systems Facilitate International Information Sharing
Information Sharing and Analysis Center (ISAC)

Harmonize and Coordinate International Money Movement Regulations

Electronic currency
Backed by gold bullion in allocated storage Global currency

Can be used for money laundering

Anonymous No records No CTRs Circumvent regulated financial institutions

Reporting Cyber Crime, Computer and Internet Fraud

Internet Crime Complaint Center (IC3)
Provides reporting mechanism for victims Alerts authorities to suspected criminal or civil violations Establish effective alliances with industry

National White Collar Crime Center (NW3C)

Research internet related crime complaints