1 / 18

Crime and Cyber-crime

Crime and Cyber-crime. Pieter Hartel. Crime. Acts or missions forbidden by law that can be punished […] , against: persons (e.g. rape, assault, murder, suicide) property (e.g. fraud, arson, theft, vandalism) the state (e.g. riot, treason, sabotage, terrorism)

starbuck
Télécharger la présentation

Crime and Cyber-crime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Crime and Cyber-crime Pieter Hartel

  2. Crime • Acts or missions forbidden by law that can be punished […], against: • persons (e.g. rape, assault, murder, suicide) • property (e.g. fraud, arson, theft, vandalism) • the state (e.g. riot, treason, sabotage, terrorism) • morality (e.g. gambling, drugs, obscenity) • Disorder is broader than crime, e.g. • Littering, graffiti, loitering, etc. [Wil98] J. Q. Wilson and R. J. Herrnstein. Crime & Human Nature: The Definitive Study of the Causes of Crime. Free Press, Jan 1998. Cyber-crime Science

  3. Example Cyber-crime Science

  4. Cyber-crime • Crime where computers are used as a tool, target or place: • Computer assisted crime (e.g. Advance fee fraud) • Computer integrity crime (e.g. DDoS attack) • Computer content crime (e.g. Software piracy) [New09] G. R. Newman. Cybercrime. In M. D. Krohn, et al, editors, Handbook on Crime and Deviance. Springer, Nov 2009. http://dx.doi.org/10.1007/978-1-4419-0245-0_25 Cyber-crime Science

  5. Technology and crime • Which of these are “virtual”? • Which of these promote anonymity? Cyber-crime Science

  6. Cyber space vs “meat” space • “virtual” but that’s nothing new (why?) • More easily automated (why?) • Harder to police (why?) Cyber-crime Science

  7. Some examples Cyber-crime Science

  8. Computer assisted crime • Murder • 13-year old US girl bullied into suicide in 2006 • 3-month old Korean child dies from neglect in 2010 • Extortion • Virginia DHP ransom demand 10 M $ in 2009 • BetCris hacker sentenced to 8 years in 2006 • (New business http://www.prolexic.com/ ) Cyber-crime Science

  9. Computer integrity crime • Distributed denial of service (DDoS) • Estonian Cyber war in 2007 • Operation Payback end 2010 – mid 2011 • Hacking • Comcast hackers sentenced to 18 months in 2008 • Sarah Palin email hacker sentenced to 1 year in 2010 • Hundreds of incidents Cyber-crime Science

  10. Computer content crime • Piracy • Pirate Bay four sentenced to 1 year in 2009 • US Software pirate sentenced to 2 years in 2011 • Data base theft • Sony Play station network hack in 2011 exposed 77M accounts, cost 171M$ • Sonypictures.com exposed 1M passwords • TJX Hacker sentenced to 20 years in 2011 Cyber-crime Science

  11. Old Crime Serial Labour intensive Local Geographical place Cyber-crime Can be Simultaneous Can be automated Global Effort? Requires conversion to meat space Differences Cyber-crime Science

  12. Similarities • Most Cyber-crime a variant of old crime • False billing vs Phishing • Click fraud vs Replying to junk mail with bricks • Technology used for new crime before • Printing press for counterfeiting • Telegraph for books by Charles Dickens Cyber-crime Science

  13. Cyber-crime triangle • A motivated offender “attacks” a suitable target in the absence of a capable guardian: • Attacks via vulnerabilities of the users • Attacks via vulnerabilities of the systems • Propagating attacks • Exploiting attacks Cyber-crime Science

  14. Attack vulnerable user • Social engineer a user • 2001 SPAM with AnnaKournikova.jpg.vbs • Phishing (More later) • Hacking into server • Password cracker like L0phtCrack • Intelligence from OSN as in the Palin email hack Cyber-crime Science

  15. Attack vulnerable system • Exploit known vulnerability and install malware on a client • Trojan like Zeus for key logging • Physical access via autorun • Find & exploit vulnerable system • Vulnerability scanner like Acunetix • SQL injection Cyber-crime Science

  16. Propagating attacks • Change the web site on the server • Create a drive by download to infect a client • Create a botnet out of infected clients to: • Send spam • Perpetrate a DDoS attack • Evade detection Cyber-crime Science

  17. Exploiting attacks • Carding • CC theft (skimming, hacking) • trade (forum) • cashing (online auctions, counterfeit cards at ATM) • Online banking fraud • Credential theft (phishing) • trade (forum) • Cashing (money mules) • Cyber crime needs meat space… Cyber-crime Science

  18. Conclusions • Increasing specialisation of offenders • Increasing sophistication of the tools • Key crime opportunities: social engineering, vulnerable systems, and software issues • Motive is now mostly money • How to prevent all this? Cyber-crime Science

More Related