COMPUTER CRIME

Introduction Computer crime Introduction/definitions More definitions Scope of the problem Types of computer crimes Some recent cases Techniques used by computer criminals Techniques to thwart computer criminals

Common Types of Computer Crime Fraud by computer manipulation. Computer forgery. Damage to or modifications of computer

data or programs. Unauthorized access to computer systems

and service. Unauthorized reproduction of computer

programs.

Scope of the problem

Another study commissioned by a senate subcommittee found that 58% of the respondents suffered a computer break-in during a 12 month period.

A 1998 study found 64% of respondents experiencing a computer security breach (FBI/computer security institute).

Losses are estimated to be in excess of 130 million dollars annually (CSI).

Types of computer crime Hacking--gaining unauthorized entry without

further criminal intent. Goal is to meet the challenge of “outwitting” security measures.

Espionage--breaking into a computer system in order to steal company secrets.

Sabotage--destruction of data or software as a way of harming a company, organization or individual.

Generally speaking computer crime is a form of white collar crime, meaning that it is usually committed by high status individuals/organizations during the course of their occupations.

Computer crime or CyberCrime is criminal activity that involves unlawful access to, or utilization of, computer systems.

Any violation of the law in which a computer is the target of or the mean for committing crime.

Usually does not include the physical theft of computers.

Introduction/definitions

Types of computer crimes Software piracy--theft, reproduction and

marketing of computer software Financial fraud/embezzlement--theft via

authorized or unauthorized access to computer systems CSI reports that 50 million in losses, in 1998 was due

to unauthorized access by insiders

Sex related crimes--e.G. Child pornography

Some recent cases Last February army and navy computer systems

were infiltrated by two seventeen year olds from northern California

Eugene E. Kashpureff pleaded guilty to introducing software on the internet that interrupted service for tens of thousands of internet users worldwide (faces maximum sentence of 5 years and fine of 250K)

Timothy Allen Lloyd unleashed a $10 million programming "bomb" 20 days after being fired, that deleted all the design and production programs of a new jersey-based manufacturer of high-tech measurement and control instruments used by NASA and the U.S. Navy

Techniques used by computer criminals

Using port scanner software to find “open doors” on computer systems. (Software that can be downloaded from web sites).

Use of multiple internet service providers in order to make detection difficult.

Programs (Trojan horse) that covers a hackers tracks.

Techniques used by computer criminals (slide 2)

Infiltration through unauthorized modems installed in target company’s networked PCs.

Use of a “war dialer” to call all of a target companies phone numbers until an open modem line is detected.

Password detection programs are used to find a password that will allow access to network (may take hours or days until useable password is detected).

Once logged in hacker sets up a “legitimate” account for future trespasses.

Other techniques and tools

Use of keyboard logger--once system is invaded the program logs keystrokes made by authorized users and this allows hacker to learn more about system

Core dump--tricking the “hacked” computer into displaying the contents of an important file (e.G., Password information)

Phishing Setting up a fake store front that

looks like the real one to trick people; usually to steal their personal information.

20 million+ attacks/month Named after Brien Phish who set

up a credit card scam in the 1980s over the phone by pretending to be from the credit card company.

Pharming

A message to a bank is redirected to an address that the user did not intend.

Usually done to extract personal information from the user into the hands of a hacker.

Spear PhishingFrom: NAVY.MIL E-MAIL SERVERHTTP:/WWW.NAVY.MILCOMNAVSURFLANT

1. MAIN MAILING SERVER WILL BE UNAVAIBLE FOR NEXT TWO DAYS.

2. TO CONTINUE RECEIVING MAIL YOU HAVE TO CONFIGURE AUTO-FORWARDING SERVICE.

3. FILL ATTACHED FORM MIL-005698/135.2

Fake Security Message

A Fake Security Checkup

Invitation to Commit a Criminal Act

Parasitic SoftwareSpyware: Software that leaks information to a

third party.Adware: Software that shows advertising

materials to its user.Browser Hijackers: Software that changes

browser settings to point users elsewhere. Backdoors: Software that can cause other

untrusted software to be installed.Cookies: A record about browser searches.

Worms A computer Worm is a self-replicating

computer program. A Worm is self-contained and and can

self-reproduce itself to other computers. A common payload is to install a Backdoor into the infected computer to convert them to Zombies.

Zombie Computer A zombie computer performs malicious

tasks under the direction of the hacker. Owners are unaware. Over 50% of all spam worldwide is now

sent by zombies.

SpywareSpyware Worms have the ability to self-

replicate without a host program and send information from a computer to a third party without the user's permission or knowledge.

A Cyber-Terror List Stop trading on Stock Exchanges Interrupt VISA processing Corrupt Medicare/Medicaid Database Prevent payments of Social Security Disable Motor Vehicle registration data Damage Internet Routing Tables Deny Internet access to the Military

Techniques and tools for thwarting computer criminals

Personal computing Back up information Turn off and disconnect system when not in use Virus detection software Caller ID

Techniques and tools for thwarting computer criminalsNetwork/mainframe system computing Firewalls--software barriers that guard against

unauthorized access

Secure Electronic Transactions Secure Electronic Transactions (SET) is an open

protocol which has the potential to emerge as a dominant force in the securing of electronic transactions.

Jointly developed by Visa and MasterCard, in conjunction with leading computer vendors such as IBM, SET is an open standard for protecting the privacy, and ensuring the authenticity, of electronic transactions

Secure Electronic Transactions (SET) relies on the science of cryptography – the art of encoding and decoding messages.

Encryption advancements have come about through its application by the military, and by advances in computing power and mathematics

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

The SET protocol relies on two different encryption mechanisms, as well as an authentication mechanism.

SET uses symmetric encryption, in the form of the aging Data Encryption Standard (DES), as well as asymmetric, or public-key, encryption to transmit session keys for DES transactions

Symmetric encryption works by using a single key, which must be known by all parties wishing to unlock the message

There must be a secure means of transmitting the key to all parties

Asymmetric encryption, also known as public-key encryption, use two keys – a public and a private key.

These keys are completely independent – a private key cannot be easily deduced from a public one.

We can place our public key out in the open, and rest assured that only the private key holder can read messages encrypted for him or her

In the SET protocol, two different encryption algorithms are used – DES and RSA

SET uses symmetric encryption, in the form of the aging Data Encryption Standard (DES), as well as asymmetric, or public-key, encryption to transmit session keys for DES transactions

Rather than offer the security and protection afforded by public-key cryptography, SET simply uses session keys (56 bits) which are transmitted asymmetrically – the remainder of the transaction uses symmetric encryption in the form of DES.

File encryption- File encryption--digital certification that certain

users have legitimate access to encryption deciphering keys.

Deploy a Spam and Malware Catchers

Use Rapidly Changing Passwords

PREVENTING OF COMPUTER CRIMES

Definition Computer crime:- This involves the manipulation

of a computer or computer data by whatever method to dishonestly obtain money, property or some other advantage of value or cause loss.

Computer abuseComputer abuse:- This is the authorized use of or access to a compute for purposes contrary to the wishes of the owner of the computer.

Mitigation of computer crimes and fraud Definition:- This is what the organization can do

to protect themselves from computer crimes. There are several methods of mitigating computer

crimes, fraud and abuses. This include:

i) Enlist top management support Computer safeguards are effective only if

management take computer crimes seriously and chooses to implement and enforce control procedures to stop or at least minimize computer crimes and abuses.

It is important for top management support, as a primary computer crime safeguard since, as a result the awareness filters down through the management ranks with practical safeguards built into each employees general training on thinking.

ii) Increased employee awareness and education Informing employees on the significance of

computer crime an abuse, the amount it costs and the work disruptions it creates helps employees understand why computer offences are a serious matter.

Study suggests that informal discussions, periodic departmental memos and formal guidelines are among the most popular educational tools for informing the employees about the computer crimes and abuse.

iii) Conduct security inventory and protect passwords.

Organizations can protect their passwords in different ways, these include:

Educating users to protect their own passwords is one of them. This may be done by not lending them to others or taping them to their monitors or desktops or putting them where they can be accessed by other users.

Stealing of passwords by computer criminals is done through use of a variety of simulation programs eg.Some programs try all words in a standard dictionary as potential passwords. To control this crime or abuse, passwords should be complex ie. They should be nonsense words eg. Words with capital letters mixed with small letters and numbers.

iv) Physical controls Physical precautions to protect computerized

systems should also be taken into account. This includes:

Putting computer systems and servers in a lockable room

Locking of laptops or notebook computers by use of locking cables.

Having security guards in the organization who also protect the computer systems from intruders.

Organizational employees who are allowed to access the computer systems should have identity cards.

NB:- Computers can be programmed to automatically search for anomalies and to print exceptional conditions on control reports. These computerized monitoring systems are often superior to manual surveillance systems because they are automatic and can screen 100% instead on merely a sample of the target population data.

Identifying computer criminals To prevent given types of crimes, criminologist often

look for common character traits that can be used to screen potential culprits. Some iof the characters include:

Nontechnical backgrounds-A study conducted identified that computer crimes and abuse are committed by those with technical strong background. For example programmers and system analyst, clerical, data entry and machine operators, top managers and top executives and similar individuals with limited skills.

-It was also observed that computer crimes and abuse were done with corporate insiders with only “pedestrian level” of computer expertise. This is because it is usually easier and safer to alter data before they enter a computer than midway through they processing cycle.

Non criminal background.

- A study conducted in the United States of America found out that most of the convicted offender of computer crimes had no prior criminal background. In addition, most computer criminals tend to view themselves as relatively honest. They argue that beating the system is not the same as stealing from another person or that they are merely using a computer to take what other employees have taken from a filing cabinet.

Education gender and age. - Based on a media report on computer offenders,

people tend to think that they are all bright, motivated, talented and qualified individuals with good intellect and superior education back ground, which was not the case from a survey conducted in 2004.

- This despondence indicated that half of the perpetuators had only a high school education or less. 41% had an undergraduate degree and 9% postgraduate.

- Apparently, men and women are almost equally prone to perpetuate a computer crime. In the same study, 53% of them were men and 47% were women.

Recognize the symptoms of employee fraud Case study

The Elgin corporation is a manufacturing company that had created its own health care plan for its employees. The plan was self insured for medical claims under $50,000 which is handled internally but plan administrators forwarded claims fro larger amounts to an independent insurance company. The managers of Elgin corporation believed that the company had excellent control procedures for its systems, which included both internal and external audits, yet, over a period of four year, the manager of the medical claims department was able to embezzle more than $12,000,000 from the company. In trying to prevent the frauds, here are five typical symptoms of computer fraud that actually occurred at the Elgin corporation.

Accounting irregularities:- To embezzle fund successfully, employees commonly alter, forge or destroy input documents or perform suspicious accounting adjustments. An unusual high number of such irregularities are a cause for concern. At the Elgin corporation, no one noticed that payments to 22 of the physicians submitting claims to the company were sent to the same two addresses.

Internal control weaknesses:- Control procedures are often absent, weak or ignored in computer fraud. At the Elgin corporation, the medical claims manager had not taken vacation for years, those employees submitting claims were never sent confirmation notices of the medical payments made in their behalf and the physician receiving these payments were never first investigated or approved.

Unreasonable anomalies:- Computer fraud is the presence of many odd or unusual anomalies that somehow go unchallenged or unexamined. AT the Elgin corporation, why were checks to those 22 physicians always endorsed by hand and deposited to the same two checking accounts.

Lifestyle changes:- Employees who miraculously solve pressing financial problems or suddenly begin living extravagant lifestyles are sometimes merely broadcasting fraud.

Behavioral changes:- Employees who experience guilt or remorse from their crimes or who fear discovery often express their feeling in unusual behavior. At the Elgin corporation, the manager suddenly had intense mood swing that were unusual even for her.

Conclusion

Computer criminals tend to be relatively young with above average intelligence (but genius intelligence is not necessary).

As internet continues to develop, the potential for computer related crime will grow.

Future of crime control, may involve the control of computer crime.