1 / 51

Chapter 6

Chapter 6. Cybercrimes. Spam. Good marketing points? Cheap Highly effective. Spam. Bad points? Makes up 90% of U.S. e-mail!. Spam Avoidance. Never reply Do not put email address on web site Use alias email address in newsgroups Do not readily give out email address Use spam filter

demitrius
Télécharger la présentation

Chapter 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 6 Cybercrimes

  2. Spam • Good marketing points? • Cheap • Highly effective PgP BUSA331 Chapter 8

  3. Spam • Bad points? • Makes up 90% of U.S. e-mail! PgP BUSA331

  4. Spam Avoidance • Never reply • Do not put email address on web site • Use alias email address in newsgroups • Do not readily give out email address • Use spam filter • Never buy from spam PgP BUSA331

  5. CAN-SPAM • Controlling Assault of Non-Solicited Pornography and Marketing Act • Does not ban sending spam • Due to 1st Amendment, free speech • Some states have more restrictive laws PgP BUSA331

  6. CAN-SPAM Requires • Accurate email headers, valid return address • Opt-out procedures • Why not opt-in? • Clear notice of opt-out • Compliance with opt-out within 10 days • Label commercial email as solicitation • Sender’s valid physical address • Warning labels on sexually oriented material PgP BUSA331

  7. CAN-SPAM Prohibits • Misleading subject lines • Email address harvesting PgP BUSA331

  8. CAN-SPAM Enforcement • FTC • AGs (Attorneys General) • ISPs • No private right of action PgP BUSA331

  9. CAN-SPAM Prosecutions • Illinois, Florida, New York, California • Bottom line-has done little to impede the spam onslaught PgP BUSA331

  10. State SPAM Laws • Patchwork, non uniform • Jurisdictional questions • Opt-in requirements • Limited by first amendment issues PgP BUSA331

  11. Foreign SPAM Laws • Main issue is enforcement PgP BUSA331

  12. Fighting SPAM • FTC-Federal Trade Commission, truth in advertising laws • Trademark infringement • RICO-Racketeer Influenced and Corrupt Organizations Act • Computer Fraud and Abuse Act, unauthorized computer use to get email addresses PgP BUSA331

  13. Murking • Bills vs Laws PgP BUSA331

  14. Mail Bombs • Excessive email to overload server storage • Denial of service attack PgP BUSA331

  15. Permission Based Marketing • Legal, because requested • Opt-in • RSS feed sign up… PgP BUSA331

  16. Social Engineering and Identity Theft

  17. Ultimate Goal • Steal Passwords, Personally Identifiable Information- Your ‘Identity’ • In order to profit • Internet enables this without physical contact PgP BUSA331

  18. Email Spoofing • Forge email header • Appears email came from other than true sender • Why spoof? • Avoid identification under spam laws • Hide identity, avoid liability for illegal activity • Download Trojans to control computers • Obtain confidential information PgP BUSA331

  19. Phishing • Use of official looking emails to trick people into revealing • Usernames • Passwords • Other Personally Identifiable Information • Result- loss of confidence in web transactions PgP BUSA331

  20. Ice Phishing? • No, but there is… • Personalized Phishing-target victim by name, already have some info, hoping to get more • Spear Phishing-Pose as high level executive, demand info • Effective against soldiers • Whaling-Target high level executives • Lesson-think twice before clicking IM or email hyperlink! PgP BUSA331

  21. Pharming • Similar to phishing • Use web sites to obtain personal info • DNS exploits PgP BUSA331

  22. Identity Theft • Goal-obtain key personal info • Falsely obtain goods & services • Sources • Database cracking • Social engineering • Pretexting • Survey • Results-large $ loss • But credit cards safer on web PgP BUSA331

  23. Social Security Numbers • de facto national identifier • Key to a person’s identity • SSNs can be found online in government records PgP BUSA331

  24. Personal Information Safeguard • Dumpster diving • Shred your garbage? • Be mindful of https • Review credit reports • Do not reveal SSN unless a must • Wary of giving personal info • Overwrite old hard drives • Copy machine hard drives? PgP BUSA331

  25. Identity Theft Penalty Enhancement Act • Sounds good-mandatory jail time for possessing identity info with intent of committing crime • Real issue-hold info handlers accountable for data they collect PgP BUSA331

  26. CAAS? • Have you heard of Software as a Service-SAAS? A hot new trend in technology • How about CAAS? • Crimeware as a Service • Criminals Never Stop Innovating PgP BUSA331

  27. Cybercrimes Using Technology

  28. Targets • Computers (like yours!) • Internet Connection PgP BUSA331

  29. Terminology • Beware-cybercrime terms (trojan, virus, malware…) often used interchangeably, but they are different PgP BUSA331

  30. Computer Cybercrime-Cookie Poisoning • Cookies-data to enhance web browsing experience • Cookie downside-tracking • Cookie poisoning-attacker modifies cookie • For protection, encrypt cookies • Cookie Background at GRC PgP BUSA331

  31. Computer Cybercrime-Spyware • Tracks and forwards data without user consent • Uses computer for malicious purposes • Also slows performance, crashes computer • FTC investigates, has prosecuted under federal computer privacy laws • Sears has used spyware on customers-oops • Steal user stock account login • Sell portfolio • Manipulate stocks using account • Avoid public computers, change passwords often PgP BUSA331

  32. Computer Cybercrime-Drive-by Download • Program download without consent • Viewing web site or email • Similar to spyware • Form of computer trespass • Avoid by using security software PgP BUSA331

  33. Computer Cybercrime-Malware • Virus-copies itself, infects computer • Worm-self replicating virus • Trojan horse-malicious program within harmless program, like spyware-non-self-replicating • Used to take control PgP BUSA331

  34. Internet Connection Cybercrime-Wardriving • Using Wi-Fi laptop to map Wireless Access Points • Subsequent use of Internet connection is telecommunications theft. PgP BUSA331

  35. Internet Connection Cybercrime-Piggy-backing • Using wireless internet connection without permission • State laws vary • Countries vary PgP BUSA331

  36. Internet Connection Cybercrime-Issues • Others use your internet connection to commit cybercrimes • Downloading child pornography • Is a business liable for the unauthorized use of their unsecured wireless internet connection to commit a crime? • Courts not yet involved • Solution-secure / encrypt wireless access! PgP BUSA331

  37. What’s Next? • Electromagnetic Keyboard Sniffing • Steal computer keypress/keystrokes from 65 feet away wirelessly! • http://en.wikipedia.org/wiki/Keystroke_logging#Electromagnetic_emissions PgP BUSA331

  38. Cybercrimes and Individuals

  39. Mule Scam • Victim/mule (usually unknowingly) helps launder stolen online funds • Uses mule’s PayPal account to transfer defrauded victim’s funds, • Mule paid commission from % of defrauded victim’s funds • Defrauded victim contacts mule seeking funds back • eBay will require mule to pay innocent defrauded victim PgP BUSA331

  40. Cyberstalking • Using email, IM, blog… to harass victim • Also incite others against victim • Can be combined with real world stalking PgP BUSA331

  41. Corporate Cyberstalking • Corporation stalking ex customer or ex employee • Or vice versa, but less likely PgP BUSA331

  42. Cyberstalking Law • No federal law • State law varies • Harassment vs stalking • Harassment barred by 41 states PgP BUSA331

  43. Federal Statutes-Securities • Spam, message boards and chat rooms used to hype stocks, trying to manipulate prices • Also violate state securities laws • SEC estimates 100 million stock spam messages per week • IPO quiet time (90 day) can be violated by blog or tweet PgP BUSA331

  44. USA PATRIOT Act • Rushed response to 9/11 attacks • Amended many federal statutes • Civil liberty protections suffered • Lessened standard for government to intercept electronic messages • Broad reach, beyond terrorists PgP BUSA331

  45. USA PATRIOT Act • Subpoena of bank account and credit card numbers from ISPs • Request ISP to release customer info voluntarily • Danger in government labeling someone terrorist • Expansive search warrant powers • Secret ‘National Security Letters’ without court order! • Declared unconstitutional in 2004 • FBI eavesdrops on computer traffic PgP BUSA331

  46. Online Gambling • Est 2006 revenue-$12 billion • Est 2010 revenue-$25 billion-half from U.S. • State regulated • Internet issues- may be legal in other locations, but not where bet is placed • Eight states outlaw online gambling • British online gambling execs arrested on U.S. soil PgP BUSA331

  47. Gambling Types • Casino • Sports PgP BUSA331

  48. International Level • No agreement, legal is some countries • Countries complain about U.S. • WTO declares U.S. out of compliance • Either let citizens gamble online • Or total ban (including lottery tickets) PgP BUSA331

  49. Wire Wager Act of 1961 • Prohibits use of wire transmission in interstate or foreign commerce of bets, wagers, information on them • Government must prove • Engaged in gambling • Interstate transmission of bets… • Used wire communication facility • Acted knowingly PgP BUSA331

  50. Unlawful Internet Gambling Enforcement Act-2006 • Congress goes after money, not gamblers • Illegal to process gambling payments • But U.S. gamblers may use off-shore payment processors PgP BUSA331

More Related