1 / 65

NASTY STUFF

NASTY STUFF. Lecture Notes. Cybercrimes and Cybercriminals. There have been many memorable cybercrimes in recent years. Most of the well-known incidents involved hacking.

alisa
Télécharger la présentation

NASTY STUFF

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NASTY STUFF Lecture Notes

  2. Cybercrimes and Cybercriminals • There have been many memorable cybercrimes in recent years. Most of the well-known incidents involved hacking. • These included distributed denial-of-service types of attacks, illegal distribution of proprietary information (e.g., MP3 files containing proprietary music), and new kinds of worms on the Net.

  3. Criminal activity in the 1970s and 1980s was generally the result of disgruntled employees stealing from their companies. • For example, during the 1970s there was the “salami attack” that was incorporated into the movie “Office Space”. • Even in today’s world, where hacking gets most of the attention, computer fraud and abuse are still common.

  4. Criminal computer abuse includes fraud, embezzlement, theft, malicious damage, unauthorized use, denial of service, and misappropriation. • Analysts believe that many computer crimes go unreported because the victims fear the negative repercussions of their admitting that their inadequate security practices were to blame.

  5. A Typical Cybercriminal • We discussed the research of Don Parker, Sarah Palmer, and others during our introductory lectures. • Tom Forester and Perry Morrison characterize typical computer criminals as being either: • Amateur teenage hackers • Professional criminals • Formerly loyal employees unable to resist the temptations offered by cybertechnology. • Now, let’s discuss some notorious cybercriminals.

  6. Kevin Mitnick

  7. Kevin Mitnick’s criminal activities span nearly twenty years. • In 1982 (when he was eighteen years old) he broke into the computer system of the North American Air Defense Command. • Mitnick has been described as a super hacker who stole Digital Equipment Corporation’s entire VMS operating system while security experts at DEC simply watched millions of lines of their code being downloaded, unable to do anything about it.

  8. Mitnick was arrested and convicted for the first time in 1989. • He has been arrested and served jail time on many occasions. • Mitnick’s book “The Art of Deception” focuses on the social engineering techniques that are an important part of the hacker’s craft.

  9. Robert Morris

  10. In 1988 Robert Morris released a worm, now called the Internet Worm, that was a truly historical event. • The CMU Computer Emergency Response Team (CERT) was created as a result of the release of this worm. • The Internet Worm virtually brought activity on the Internet to a halt. • Robert Morris was a Cornell University graduate student at the time.

  11. “I think this guy had an Oedipus complex. His father vas vun of de vorld’s leading experts in Internet security.”

  12. The Internet Worm was a shock to the computing community. • At his trial, Morris said he did not intend to do any damage. • Eventually he was sentenced to probation and community service because the existing legal framework was not clear in terms of how he should be punished. • Robert Morris was the only ACM member (to my knowledge) ever to be expelled from the ACM because of ethical violations.

  13. David Smith

  14. In March 1999 David Smith launched the Melissa virus. • This was a major event in terms of virus distribution. • Internet users received an e-mail with the subject: “Important message from …”. The name of the previous victim was inserted into the subject line. • Usually, the new victim knew the identity of the previous victim and thus would open the e-mail and the attachment.

  15. This was the historical attack that gave e-mail attachments a bad reputation. • If the user opened the attachment and if the user used the Microsoft Outlook e-mail client with either Word 97 or Word 2000, Smith’s macro virus would send the message and the infected attachment to the first 50 contacts in the victim’s e-mail address book. • The virus could also infect new documents created by the victim, documents that used Word’s normal.dot template.

  16. Smith was charged with second-degree interruption of public communications, conspiracy to interrupt public communication, and other charges. • The damages caused by the Melissa virus is estimated at 80 million dollars. • Initially, it was thought that he might serve up to forty years in prison and face fines of up to $480,000. • However, he pleaded guilty and cooperated with authorities, who claim he gave them substantial assistance in tracking down other virus creators. • He was sentenced to twenty months of jail time in 2002.

  17. Onel de Guzman

  18. On May 3, 2000, Onel de Guzman allegedly launched a computer virus that eventually became known as the Love Bug (or, the ILOVEYOU virus). • It wreaked havoc for computer users worldwide. • Guzman, who lives in the Philippines, could not be extradited under the existing cybercriminal laws. • He was never prosecuted.

  19. Mafia Boy • In early 2000 a fifteen year old Canadian resident whose Internet alias was “Mafia Boy” launched a series of “denial of service” attacks on e-commerce sites owned and operated by American companies. • The result was billions of dollars in losses. • Because Mafia Boy was underage, his true identity was not revealed.

  20. Dimitri • A Russian teenager, code-named Dimitri, took advantage of a bug (defect!) in a Microsoft program to break into computers at Microsoft. • Dimitri took advantage of the fact that Microsoft did not apply a particular patch to its own system.

  21. Curador and Identity Theft • Rafael Grey, a teenager living in England who used the hacker code name “Curador” stole thousands of credit card numbers. • His arrest was probably due to his boasting on-line about his exploits. • He did not use the stolen credit card numbers. • The identity theft problem in this country is gloomy to the extreme.

  22. Defining Cybercrime • The criteria used for determining what should be labeled “computer crimes” in the media are neither clear nor consistent. • Don Gotterbarn has criticized much of the media hype surrounding computer-related crimes as a new species of “yellow journalism”.

  23. Gotterbarn concludes that crimes involving computers are not necessarily issues in computer ethics any more than a murder committed with a surgeon’s scalpel is an issue in medical ethics. • Lawmakers, however, have determined that it is necessary to enact specific laws for crimes involving computers and cybertechnology.

  24. Tavani proposes a definition of genuine cybercrime as a crime in which the criminal act can be carried out only through the use of cybertechnology and can take place only in the cyberrealm. • This definition rules out cases in which individuals used computers and computer devices to commit traditional crimes such as filing a fraudulent income tax return or physically assaulting one or more persons.

  25. Cyberpiracy • Cyberpiracy can be defined as using cybertechnology in unauthorized ways to: • Reproduce copies of proprietary software and proprietary information, or • Distribute proprietary information (in digital form) across a computer network. • For example, distributing MP3 files that contain proprietary material constitutes cyberpiracy.

  26. Cybertrespass • Cybertrespass involves using cybertechnology to gain unauthorized access to: • An individual’s or an organization’s computer system. • A password-protected Web site.

  27. Cybervandalism • Cybervandalism involves using cybertechnology to unleash one or more programs that: • Disrupt the transmission of electronic information across one or more computer networks, or • Destroy data resident in a computer or damage a computer system’s resources or both.

  28. Cyberrelated Crimes • Cyberrelated crimes can be divided into two subcategories: • Cyber-exacerbated crimes • Cyber-assisted crimes • Cyber-exacerbated crimes include • Cyberstalking • Internet pedophilia • Internet pornography

  29. Cyber-assisted crimes include: • Income tax cheating using on-line filing • Physical assault with a computer (e.g., hitting someone over the head with a keyboard) • Property damage using a computer (e.g., throwing a monitor through a window).

  30. Another issue is the role of organized crime in cyberspace. • Career criminals are using cyberspace to conduct gambling, drug trafficking, and racketeering scams. • These “old style” crimes receive far less attention in the popular media than those perpetrated by teenage hackers.

  31. Richard Power believes that youthful hacker stereotypes provide a convenient foil for both professional criminals and foreign intelligence agents. • Since professional criminals have superior skills, they are less likely than amateur hackers to get caught in carrying out their criminal acts.

  32. Government Technologies • Keystroke monitoring, even remotely using sensors, is now old news. • Then, there is Echelon, reputedly from the NSA. • There are lots of rumors about Echelon, but it is supposed to be a system for monitoring voice and data communication worldwide. • Then, the FBI has …

  33. Carnivore!

  34. The USA Patriot Act (October 2001) and the Homeland Security Act (November 2002) gave increased powers to law enforcement agencies to track down suspected terrorists and criminals. • These acts allow increased monitoring of e-mail communications and cell phone conversations.

  35. TECHNOLOGIES ANDTOOLS FOR COMBATTING CYBERCRIME • Encryption technologies: We will give a “gentle introduction” to cryptography later in the course. • Biometrics: We will take a look at face recognition technology and biometrics later in the course.

  36. Firewall technology. A firewall is a system or combination of systems that enforces a boundary between two or more networks. • Firewalls are often compared to moats around a castle. • We will discuss problems with firewall administration later in the course. • Antivirus software. Antivirus software is designed to inoculate computer systems against viruses, worms, and other forms of malware.

  37. Antivirus software is usually based on signatures of known malware. • The software scans the system for these known signatures. • Intrusion detection systems: This technology is evolving and we will discuss the basic ideas later in the course. • Computer immunology: The idea of getting computers to recognize the difference between self and non-self, like a biological immune system.

  38. Social Engineering • Here are some definitions of social engineering: • The art and science of getting people to comply with your wishes. • An outside hacker’s use of psychological tricks on legitimate users of a computer system in order to obtain information he/she needs to gain access to the system. • Getting needed information (e.g., a password) from a person rather than breaking into a system.

  39. Social engineering generally involves a hacker’s clever manipulation of the natural human tendency to trust. • The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a system.

  40. Many experienced security experts emphasize this fact: No matter how many articles are published about network holes, patches, and firewalls, security experts can only reduce the threat so much. • Beyond that, it is up to those who have access to the system not to allow themselves to be taken advantage of.

  41. Social engineering attacks are often easier than a technical hack and even a skilled hacker might choose the social engineering approach because it is often so much easier. • Sometimes the physical environment is the key to a social engineering attack, rather than the subtleties of persuasion and human psychology. • Examples include going through the trash, finding passwords lying around, or watching an employee entering a password at his or her computer.

  42. Social Engineering by Phone • The most prevalent type of social engineering attack is conducted by phone. • A hacker will call up and imitate someone who is either in a position of authority or an otherwise relevant person and gradually pull the information out of the target of the attack (on the other end of the line).

  43. A scenario from CSI: “They’ll call you in the middle of the night: ‘Have you been calling Egypt for the last six hours?’ ‘No.’ ‘Well, we have a call that’s actually active right now, it’s on your calling card, and it’s to Egypt and as a matter of fact, you’ve got about $2,000 worth of charges from somebody using your card. You’re responsible for the $2,000, you have to pay that …’

  44. Then, the attacker will add: ‘I’m putting my job on the line by getting rid of this $2,000 charge for you, but you need to read off that AT&T card number and PIN and then I’ll get rid of the charge for you.’ • According to the CSI, people fall for it.

  45. Help desks are a gold mine for social engineering because they are there to help people with their problems. • Most help desk employees are minimally educated in the area of security. • This can create a huge security hole.

  46. Dumpster Diving • A huge amount of information can be collected through company dumpsters. • Potential security leaks in the trash include: • Company phone books: names and numbers of people the attacker can impersonate. • Company policy manuals: show hackers how secure or insecure the company really is. • Calendars of various kinds: tell the attacker when people might be out of town.

  47. Printouts of sensitive data or login names and passwords. • Printouts of source code. • Outdated hardware: particularly hard drives. • Organization charts: shows people who are in positions of authority.

  48. On-Line Social Engineering • The Internet is fertile ground for social engineers looking to harvest passwords. • The primary weakness is that many users often repeat the use of one simple password on every account. • One way in which hackers have been known to obtain passwords is through on-line forms. Naïve users are asked to provide a name, e-mail address, and password.

  49. Hackers may also obtain information by pretending to be the network administrator, sending e-mail through the network and asking for a user’s password. • Another attack causes a pop-up window to appear. This may look like a request for the user to re-enter his username and password in order to fix some kind of problem.

  50. Another scenario: “The hacker called AOL’s tech support and spoke with the support person for an hour. During the conversation, the hacker mentioned that his car was for sale – real cheap! The tech supporter was interested, so the hacker sent an e-mail attachment with a picture of the car. Instead of a car photo, the mail executed a backdoor exploit that opened a connection out from AOL through the firewall.”

More Related