computer crimes

Chapter 3 - Computer and Internet Crime*

Chapter 3 - Computer and Internet Crime

Discuss key trade-offs and ethical issues associated with safeguarding of data and information systems. Identify reasons for the increase in the number of Internet-related security incidents.Describe the most common types of computer security attacks.Outline the characteristics of common perpetrators including their objectives, available resources, willingness to accept risk, and frequency of attack. Describe a multi-level process for managing Internet vulnerabilities based on the concept of reasonable assurance. Outline the actions that must be taken in response to a security incident. Chapter 3 - Computer and Internet Crime*


Chapter 3 - Computer and Internet Crime*Source: CERT Web site at www.CERT.org/stats


Increasing complexity increases vulnerability.Higher computer user expectationsExpanding and changing environment introduces new risks.Increased reliance on commercial software with known vulnerabilities.



VirusWormTrojan HorseBotnetsDenial-of-Service AttacksRootkitsSpamPhishing



The term computer virus is an umbrella term used for many types of malicious code. A virus is usually a piece of programming code that causes some unexpected and usually undesirable event. Most viruses deliver a payload or malicious act. Chapter 3 - Computer and Internet Crime*


Viruses may execute and affect your computer in many different ways. Replicate themselves Reside in memory and infect other filesModify and/or create new files Most common viruses are macro viruses. These viruses use an application language such as VBScript to infect and replicate documents and templates. Chapter 3 - Computer and Internet Crime*


A worm is a computer program, which replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. (http://www.easydesksoftware.com/glossary.htm)Worms are also harmful and they differ from standard viruses in that they have this ability to self-propagate without human intervention. Chapter 3 - Computer and Internet Crime*


A Trojan horse is a program that gets secretly installed on a computer, planting a harmful payload that can allow the hacker to do such things as steal passwords or spy on users by recording keystrokes and transmitting them to a third party. Chapter 3 - Computer and Internet Crime*


A logic bomb is a type of Trojan horse that executes when a specific condition occurs. Logic bombs can be triggered by a change in a particular file, typing a specific series of key strokes, or by a specific time or date.



A botnet is a large group of computers controlled from one or more remote locations by hackers without the knowledge or consent of their owners. They are frequently used to distribute spam and malicious code.Chapter 3 - Computer and Internet Crime*


A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other tasks. SCO and Microsoft MyDoom.a and .bDenial of service does not involve a computer break-in; it simply keeps the target machine so busy responding to the automated requests that legitimate users cannot get work done.Chapter 3 - Computer and Internet Crime*


Zombies are computers that send these requests.Spoofing is the practice of putting a false return address on a data packet.Filtering is the process of preventing packets with false IP addresses from being passed on. Chapter 3 - Computer and Internet Crime*


A rootkit is a set of programs that enables its user to gain administrator level access to a computer without the end users consent or knowledge. Once installed, the attacker can gain full control of the system and even obscure the presence of the rootkit from legitimate system administrators.Attackers can use the rootkit to execute files, access logs, monitor user activity, and change the computers configuration.Chapter 3 - Computer and Internet Crime*


E-mail Spam is the abuse of e-mail systems to send unsolicited e-mail to large numbers of people.Most spam is a form of low-cost commercial advertising, sometimes for questionable products such as pornography, phony get-rich-quick schemes, and worthless stock.Spam is also an extremely inexpensive method of marketing used by many legitimate organizations.Chapter 3 - Computer and Internet Crime*


Phishing is the act of using e-mail fraudulently to try to get the recipient to reveal personal data. In a phishing scam, con artists send legitimate looking e-mails urging the recipient to take action to avoid a negative consequence or to receive a reward. The requested action may involve clicking on a link to a Web site or opening an e-mail attachment. Chapter 3 - Computer and Internet Crime*


Chapter 3 - Computer and Internet Crime*See: Three Blind Phreaks


A hacker is an individual who tests the limitations of systems out of intellectual curiosity. Unfortunately, much of what hackers (and crackers) do is illegal.Breaking into networks and systems.Defacing web pages.Crashing computers.Spreading harmful programs or hate messages.



Crackers are hackers who break code.Malicious insiders are a security concern for companies. Insiders may be employees, consultants, or contractors. They have knowledge of internal systems and know where the weak points are.



Malicious insiders are the number one security concern for companies. Industrial spies use illegal means to obtain trade secrets from the competitors of firms for which they are hired.Cybercriminals are criminals who hack into computers and steal money.Cyberterrorists are people who intimidate or coerce a government to advance their political or social objectives by launching attacks against computers and networks.



Fraud is obtaining title to property through deception or trickery. To prove fraud four elements must be shown:The wrongdoer made a false representation of the material fact. The wrongdoer intended to deceive the innocent party.The innocent party justifiably relied on the misrepresentation.The innocent party was injured.



Competitive intelligence uses legal techniques to gather information that is available to the public.Participants gather and analyze information from financial reports, trade journals, public filings, and printed interviews with company officials.Trustworthy computing is a method of computing that delivers secure, private, and reliable computing experiences based on sound business practices; this is what organizations worldwide are demanding today.Chapter 3 - Computer and Internet Crime*


Risk assessment is an organizations review of the potential threats to its computer and network and the probability of those threats occurring. Establish a security policy that defines the security requirements of an organization and describes the controls and sanctions to be used to meet those requirements. Educate employees, contractors, and part-time workers in the importance of security so that they will be motivated to understand and follow security policy. Chapter 3 - Computer and Internet Crime*


Intrusion prevention system work to prevent an attack by blocking viruses, malformed packets, and other threats from getting into the protected network.Install a corporate firewall. Install anti-virus software on personal computers. Anti-virus software scans for a specific sequence of bytes, known as a virus signature, that indicates the presence of specific virus. Implement safeguards against attacks by malicious insiders.Address the most critical Internet security threats.Conduct periodic IT security audits that evaluates whether an organization has a well-considered security policy in place and if it is being followed.Chapter 3 - Computer and Internet Crime*


Intrusion detection systems monitor system and network resources and activities and, using information gathered from theses sources, they notify authorities when they identify a possible intrusion. Honeypot is a computer on your network that contains no data or applications critical to the company but has enough interesting data to lure intruders so that they can be observed in action. Chapter 3 - Computer and Internet Crime*


Incident notification is the plan and process used to notify company individuals when a computer attack has happened. In addition, your company should be prepared to: Protect evidence and activity logsAn organizations should document all details of a security incident as it works to resolve the incident. It is especially important to capture all system events, the specific actions taken (what, when, and who), and all external conversations (what, when, and who) in a logbook. Because this may become court evidence, an organization should establish a set of document handling procedures using the legal department as a resource.



Incident containment It is necessary to act quickly to contain an attack and to keep a bad situation from becoming even worse. The response plan should clearly define the process for deciding if an attack is dangerous enough to warrant shutting down or disconnecting critical systems from the network.



Incident eradicationBefore the IT security group begins the eradication effort, it must collect and log all possible criminal evidence from the system, and then verify the all necessary backups are current, complete, and free of any virus. Creating a forensic disk image of each compromised system on write-only media both for the later study and as evidence can be very useful.Chapter 3 - Computer and Internet Crime*


Incident follow-upAn essential part of follow-up is to determine how the organizations security was compromised so that it does not happen again. Often the fix is as simple as getting a software patch from product vendor. A review should be conducted after an incident to determine exactly what happened and to evaluate how the organization responded.Chapter 3 - Computer and Internet Crime*


Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security.The increased complexity of the computing environment has led to an increase in the number of security related issues.



Common computer attacks include viruses, worms, Trojan horses, and denial-of-service attacks.Computer hackers include general hackers, crackers, and malicious insiders.



A strong security program is a safeguard for a companys systems and data. An incident response plan includes:Protect evidence and activity logs.Incident containment. Incident eradication.Incident follow-up.



On October 27, 2000, Microsoft acknowledges that its security had been breached and that outsiders using a Trojan house virus had been able to view source code for computer programs under development .



Visa-branded credit cards generate almost $2 trillion in annual volume and are acceptable at over 22 million location around the world. Visa is reviewing new ways of authenticating user transactions. Chapter 3 - Computer and Internet Crime*


*Example Microsoft has pledged to deliver on a trustworthy computing initiative designed to improve trust in its software products. 4 pillars of trustworthy computing-Security, Privacy Reliability and Business Integrity.***

*

computer crimes

Documents