Ransomware involves the kidnapping of an organization's electronically stored assets. They are sealed with encryption devices that prevent the owner from accessing the data or assets. When the owner p
13
CYBER CRIME
Chapter 4
Objectives
Explore the current state of Internet crimes
Discuss emerging trends in Web-based crime
Describe the six classifications of motive for computer intruders
Become familiar with more computer terms and recent laws that aid the government in cracking down on computer criminals
Gain knowledge of modern terrorists and their use of technology which is changing the face of terrorism
Details
I.Web-Based Criminal Activity: Introduction
Originally “computer crime” referred to theft of computers or components
Cyberage changed the focus to “theft of information”
Combination of the computer and telecommunications has increased crime in cyberspace
The Anonymity factor has expanded the number of offenders
Internet gambling promoted by the Web increased across the country
People who would never walk into an Adult book store view porn at home
Individuals who would be afraid to commit a violent bank robbery would alter bank records or manipulate stock records
People who were reluctant to take revenge through traditional avenues may feel comfortable posting embarrassing or compromising information on the Web
Hackers have become a significant threat to achieve publicity
Hacker group named “ Global Hell” suspected of hacking into Army, FBI and WH
Impact of computer crime
Financial losses
Personal security (Identity theft)
Industrial espionage
International security
Public safety
Eco-terrorism
Traditional competition among companies may have escalated to malicious destruction of data or theft by physical means
The internet introduced interconnectivity of technical devices within corporations which increased the vulnerability of companies’ information assets
Impact of a physical mail bomb (explosive device) was limited to the immediate physical area surrounding the packaging
Impact of an e-mail bomb is potentially very broad and may include a dismantling of the company’s informational infrastructure
Viruses
( 1960’s) first computer virus named, “the rabbit’: reduced productivity of computer systems by cloning themselves and occupying system resources
Rabbits were local and could not spread across systems
Caused by mistakes or pranks by system programmers
Four Distinct Eras of Computer Viruses
Classical Era (1960’s-1970’s); system anomalies; accidents; pranks by system administrators
Floppy Era (1980’s-1990’s); infection of DOS machines spread by removable media; easy to detect, isolate and eliminate
Macro Era (1990’s-2000’s); infect documents and templates, not
programs; virus infects system when user opens the corrupted document
(Microsoft-Macintosh); further spread by e-mails, networks and the
Internet
Melissa Virus (1999); infected 20% of US largest businesses; created by David Smith, advertised to contain password to Adult Web sites; propagated itself by sending virus to victim’s computer address files;
Sentenced to 20 months in federal prison and $5,000 fine
Internet Era ( 2000-present); used infected systems address book to spread infections
CodeRed: scanned internet for vulnerable machines, then infected them
Nimda: infected computers with corrupt e-mails that entered computer if user viewed MS Outlook through a preview window
Denial of Service (DoS) Attacks
Primary objective is to disable a system, not access
Mail bombing: jam system server with voluminous e-mails
Manipulation of phone switches
Low level data transmission
Directed at Amazon, eBay and Yahoo
Distributed Denial of Service (DDoS) Attacks
(1991); first DDoS attacks; use large batches of compromised computers, named Zombies or bots, to increase their impact on victims
Most owners of Zombie computers were unaware that they were compromised
Motivations range from boredom to theft to extortion
Hacktivists have launched DDoS attacks against religious and financial organizations
(2006) Organized crime family was threatened with DDoS attack of the org’s
online gaming site. The org paid protection money (extortion)
Spam: Abuse of electronic messaging systems to randomly or indiscriminately send unsolicited bulk messages
Traditionally used by businesses to advertise
Also used by porn sites
Recent study disclosed significant loss of productivity by businesses caused by workers deleting spam from their computers at work; $22 billion
Attacks increasing: spread viruses; malware, DDoS, identity theft, promote political extremism
(2006) Can Spam Act used to convict Daniel Lin; three years, federal prison; $10,000 fine
Distributed millions of e-mail messages with fraudulent header information through a variety of zombie computers advertising health care products
Ransomeware
Used most often to extort money from victims
Malware program which encrypts or disables computer system until demands are met (extortion)
Originally surfaced in 1989 then went low key until 2005
Greatest risk to cyber criminal is being identified when money is transferred
Create e-shell companies to accept ransom money
Use legitimate online merchant to receive money from victim for commission based referral service
II. Theft of Information, Data Manipulation and Web Encroachment
Two methods of obtaining confidential information- computer system intrusion & employees
Employees are the most vulnerable component
Criminals use deceptive practices through social engineering to gain access to company computers or telephone systems
Criminals disguise themselves as vendors for security system or IT department
Employees fail to protect their passwords due to laziness and lack of security awareness
Criminals use shoulder surfing as a method to gain confidential information: watching over someone’s shoulder as they log on or input data into their computer
Employees discard confidential information in common garbage receptacles instead of designated Confidential Bins or paper shredders
Business and government entities do not set employee training as a high priority
Trade Secrets and Copyrights
Some criminals sell proprietary information to industry competitors for personal gain or national patriotism
Gillette corporation employee was caught using company equipment to solicit bids for the design specs for Gillette’s Mach-3 razor
French government ( Intelligence Service) used eavesdropping devices on French planes to obtain confidential information from an American company that was competing against a French company for business contracts
Political Espionage
Advanced technology has also increased the threats to the nation’s public infrastructure from communications to banking
Theft of information is a significant threat
Government entities have been criticized for not investing enough money to protect secrets technologically stored or created
Recent audit of laptop computers for US State Department:
did not have an accurate accounting for classified and unclassified laptop computers in bureaus covered in the audit
27 laptops were missing
35 were not available for inspection
57 had been disposed
215 laptops were inspected for encryption protection: 172 failed
FBI estimates at least 120 foreign governments actively pursuing information in the US
Traditional methods of stealing CPU’s, employee laptops and other devices are very common
Employees failed to adequately safeguard the laptops in many cases
III. Cyberterrorism:
politically or religiously motivated attack against data compilations, computer programs, and/or information systems
intended to disrupt and/or deny service or acquire information
which disrupts the social, physical, or political infrastructure of a target
Computers may be the target or be incidental to the activity i.e. the means of retrieving the information
Attacks may be in the form of hackng, DDoS, viruses, worms
Centers of Disease Control (CDC)
Altering small portion of a formula for a vaccination
Changing labeling instructions for biological contaminants
Systematically removing years of priceless research or patients records
Introduction of viruses or worms could wreak havoc on public health
A virus destroyed over 40% of patient’s records in one US hospital
Terrorist Organization Propaganda Dissemination
International (Nation of Islam) and domestic (White Aryan Resistance) use virtual platforms to spread their messages
Solicit funds and recruit new members
Communicate with each other via e-mails using strong encryption protections
Ramzi Yousef (WTC bombing conspirator had bombing plans in encrypted files on his laptop computer)
Launching of DDoS and defacement of Web sites of foreign governments
Chinese hackivists threatened to launch DoS attacks against American financial institutions and government sites following the crash of a US spy plane and Chinese fighter plane
Neotraditional Crime
Dissemination of Contraband
Child Pornography: Many pedophiles and child porn peddlers meet on the electronic bulletin boards and chat rooms
They are protected under the First Amendment because they have the same “common carrier” status as the telephone company and post office
Example: NAMBLA (North American Man Boy Love Association) has a Web-site
Motivations for child pornography possession
Pedophilia or hebephilia: satisfies sexual fantasies or provide gratification for those individuals who are sexually interested in prepubescent children or adolescents
Sexual miscreants: satisfies a new and different sexual stimuli
Curiosity seekers: possession satisfies a peculiar curiosity
Criminal opportunists: possession and subsequent distribution is designed for economic profit
Profile of Offenders ( Office of Juvenile Justice and Delinquency Prevention & National Center for Missing and Exploited Children)
White males older than 25
Majority (83%) had images of prepubescent children engaging in sex
More than 20% depicted sexual violence toward the children
40% arrested for child porn were considered “dual offenders” (also sexually victimized children)
15% attempted to sexually victimize children by soliciting undercover police who posed online as minors
Most of the child porn cases (60 %) originated from local and state agencies; balance by federal and international authorities
Above statistics are based upon arrest records only so extent of online victimization of children via the Internet is difficult to determine
On Line Victim Profile
Children who express frustration with parental controls or appear naïve or vulnerable
Children are confused about their sexuality
Children who express feelings of being outsiders from their peer groups
Children who enjoy unsupervised computer communications
Many children actively seek association with adult suitors but many are lured into fictional relationships that encourage dangerous liaisons
Online Pharmacies
Convenient in terms of shopping and ordering
Many operate illegally w/o licenses or dispense medicines in states where they are not licensed
Some don’t require a valid prescription
Some dispense medicine on demand w/o prescription
“ Operation Cyber Chase” 2005
Illegal online pharmaceutical sales operation based in India
Supplied drugs for 200 Web sites
Sold $20 million worth of controlled substances w/o prescriptions global customers
FBI and DEA arrested individuals from India, Canada and US
Seized $7 million from banks and 7 million doses of drugs
Online Gambling
First online gambling casino launched (Internet Casinos, Inc.)
Revenues for 2005 were $10 billion; projected to increase to $180 billion by 2015
Significant support from politicians, labor unions and community groups
Lack of physicality makes online casinos accessible to any user with a computer, Iphone or IPAD
Continuous operation makes them accessible 24/7
Accessibility to minors increase the consumer base as proper age verification is not attempted
Increase in e-banking allows users to access funds w/o leaving their chair; psychological intangibility of e-cash encourages customers to overspend
Risks to individuals and communities
Addiction
Bankruptcy
Crime
Fail to create jobs or other revenue
Threatening and Harassing Communications
Stalking: willful, malicious, and repeated following and/or harassing another person in an effort to inflict or cause fear of actual harm through words or deeds
Offender profile: White males(18-35)
Victim profile: Females or Children
Categories of Motivation
Obsessional Stalkers: re-establish relationship with unwilling partner and are considered to be the most dangerous
Love Obsession Stalker: individuals have low self-esteem and target victim they hold in high regard
Erotomaniacs: stalkers are delusional and believe victims are in love with them or had a previous relationship with them
Vengeance or Terrorist Stalker: economic gain or revenge
Cyberstalking: same definition as stalking but done by electronic means
Activities may be threatening or may result in injury
Sending barrage of threatening e-mails
Cyberharassment
Activities are threatening, harassing or injurious on their face
Focuses on actual harm suffered including defacement of character
Posting fictitious or slanderous information in a public forum
Courts have been reluctant to establish electronic boundaries of the First Amendment and have narrowly interpreted cyberstalking and cyberharassment legislation
Cyberbullying: Aggressive, intentional act carried out by a group or individual, using electronic forms of contact, repeatedly and over time against a victim who cannot easily defend themselves
May be committed using e-mails, social networking sites, Web pages, blogs, chat rooms, or instant messaging
Case example: 10/17/2006, Megan Meier, 13, committed suicide after receiving hateful e-mails and IM’s from an adult female (mother of former friend and classmate of Megan) posing as a teen-age boy. Suspect was indicted on several charges and found guilty on one misdemeanor violation of the “Computer Fraud and Abuse Act”, subsequently overturned
Online Fraud: fraud is the intentional deception, misrepresentation, or falsehood made with the intention of receiving unwarranted compensation or gratification
Internet has provided cybercriminals anonymity and accessibility to the global community of citizens and businesses
Auction Fraud: common fraudulent activity on the Internet: 4 types
Nondelivery: accepts payment for item, fails to deliver
Misrepresentation: deceives bidder on condition of item
Fee-stacking: adds hidden charges to the advertised price of an item (ship-handling)
Shill bidding: seller drives up price of their own item by making bids on their own items
Case Example: page 10
Online Credit Card Fraud
Skimming: fraudsters install devices on card readers located in ATM’s, gas pumps, restaurants wherever magnetic strip credit card readers are employed. The information is transferred to another card for downloading
Radio Frequency Identification (RFID): fraudsters use them to copy credit card information as they walk past individuals in street, subways, malls, concerts, etc.
Information gleaned from the above techniques may be sold on carding sites where other criminals can purchase credit card dumps
Securities Fraud
Manipulating stock prices by posting false information on fraudulent Web sites and legitimate Web sites
Page 104-105 for cases
Insider Trading
Individuals using chat rooms to provide others with material non-public information on companies
Note case on page 105
e-Fencing: sale of stolen goods through tech means
organized retail theft rings post stolen goods on online auction sites
Fraudulent Instruments: Counterfeiting & Forgery
Counterfeiting: act of creating a fraudulent document with criminal intent
Forgery: act of falsifying a document with criminal intent
Made easier with high-level graphics software and hardware advances
Create fraudulent payroll checks and generate forged signatures for authentication
Ancillary Crimes
Money Laundering: enterprise or practice of engaging in deliberate financial transactions to conceal the identity, source, and/or destination of income.
Three stages
Placement: initial point of entry for illicit funds (open account)
Layering: develop complex network of transactions to obscure source of illegal funds
Integration: return funds to legitimate economy