Chapter Four: Computer Forensics and Cyber Crime, 2 Ed

Computer Forensics and Cyber Crime, 2
nd
ed.
Britz
2009 Pearson Education, Upper Saddle River, NJ 07458.
All Rights Reserved.
1
Chapter Four
nd
ed.
Britz
2
Explore the current state of Internet crimes in the U.S. &
abroad
Identify emerging trends in Web-based crime.
Develop a working knowledge of the 6 classifications of
motive for modern computer intruders
Become familiar with more computer terms and recent laws
nd
ed.
Britz
3
Not all computer crime involves the use of the
Internet
Advances in printing technologies, software
capabilities, digital cameras, etc. have increased
the sophistication of traditional criminal
activities.
nd
ed.
Britz
4
High End printers, user-friendly graphics programs, and criminal
initiative has resulted in a flood of counterfeit documents. These include,
but are not limited to: payroll checks, tax rebates, and currency. More
sophisticated criminals also use computer programs to generate forged
signatures for authentication.

nd
ed.
Britz
5
Opportunity
Anonymity
Experimentation
Perception of
invulnerability
Lack of
physicality
Reduced
overhead
Elimination of
physical space,
transportation,
etc.
Follow the
Money
Information
E-commerce
E-currency
nd
ed.
Britz
6
Financial losses
Personal security (identity theft, etc.)
Industrial espionage
Government security
Public safety
nd
ed.
Britz
7
Interference with lawful use of computers
Theft of information & copyright infringement
Dissemination of contraband or offensive
materials
Threatening communications
Fraud
Ancillary crimes (money laundering, conspiracy,
etc.)
nd
ed.
Britz
8
Botnets
Keyloggers
Bundlers
DDoS
Packet Sniffers
Rootkits
Spyware
Scripts
Phishing
Trojans
Worms
Viruses

nd
ed.
Britz
9
The Rabbit
(1960s)
Strictly local diminished productivity of
computer systems by cloning themselves
and occupying system resources
Pervading
Animal (1970s)
Attached to executable file
nd
ed.
Britz
10
Classical Era
(1960s-1970s)
Accidental
Pranks
Floppy Era
(1980s-1990s)
Infection via removable media
Lacked sophistication
Easily detected and eliminated
Changed with the emergence of polymorphic viruses
Macro Era
(1990s-2000s)
Infect documents and templates NOT programs
Embedded in macro programming language of popular applications spreads infection when the document is open
Becomes embedded in current and future documents
1
st
Notable example Melissa - $80million
Internet Era
(2000-present)
Method of propagation involves address books
Some capable of scanning Internet for vulnerable machines & infecting
Others can infect even when infected e-mail is simply viewed in Outlooks preview window.
nd
ed.
Britz
11
Disable a large system without necessarily gaining
access to it
Purpose
Mail bombing
Low-level data transmission
Methods
Amazon.com
eBay.com
Yahoo.com
Victims
Personal
Organizational
Political
Motives
nd
ed.
Britz
12
Hasnt changed
Purpose
Botnets & Zombie armies
Methods
SPEWS service (2003)
Blue Frog (2006)
MAFIA playwithAl.com
Victims
Extortion
Terrorism
Revenge, etc.
Motives
Operation Bot Roast FBI identified over 1 million compromised
machines
Examples
nd
ed.
Britz
13
Definition
Abuse of electronic
messaging systems to
randomly or
indiscriminately send
unsolicited bulk
messages
Costs
Consumption of rof
network resources
Lost time
Lost productivity as
much as $22 BILLION!
Legislation
In some cases,
traditional statutes can
be employed (i.e. mail
fraud, wire fraud, e-
mail fraud, money
laundering, etc.)
CAN-SPAM ACT
(2003)
Examples
Daniel Lin first
person convicted
under Can-Spam Act
Advertised generic
viagra and weight
loss patches
Used fraudulent
header information
through zombie
companies
Robert Soloway
Spam King
Operated websites
where he hid spam
tools inside
legitimate software
Used a botnet of 2000
proxy computers
nd
ed.
Britz
14
Prohibition of false or misleading header information (i.e.
routing info, domain name, etc.)
Prohibition of deceptive subject lines
Requirement of opt-out method
Requirement of notification of advertisement and
physical postal address of sender
Enhances penalties for individuals using dictionary
attacks to develop mailing lists
Provides penalties for individuals who gain unauthorized
access to a computer for the purpose of sending spam
nd
ed.
Britz
15
Definition
Malware program which
renders digital resources
inoperable or inaccessible in
extortive scheme.
Keys to success
User education
Sophistication of product
Victim urgency
Secure method of payment
Examples
PC Cyborg/Aids
information trojan
distributed through U.S.
Postal Service via a floppy.
Once installed, replaced
the autoexec.bat file.
Victims forced to pay a
$378 renewal of license fee
to recover hidden and
encrypted data
nd
ed.
Britz
16
Traditional Methods of Information Theft
greatest threat - INSIDERS
Shoulder surfing
Social engineering
Dumpster diving
Theft of equipment
Malware
Maintenance back doors

nd
ed.
Britz
17
Trade secrets & copyrights
Information is valuable in
and of itself
Gillette employee caught
using company equipment
to solicit bids for the design
specifications of the Mach-3
Razor
Actors include: disgruntled
employees, competitors:
and government entities
Political Espionage
FBI estimates more than
120 foreign goverments
working on intelligence
operations targeting U.S.
Victims include:
Clintons e-mail
Netanyahu
nd
ed.
Britz
18
Terrorists
Competitors
Disgruntled employees
Etc.
Offenders
Back doors
Trojans
Malware
Methods
Aggravation
Loss of life (i.e. CDC, water systems, central
dispatch systems)
Mass destruction (i.e. Norad, war, etc.)
Implications
nd
ed.
Britz
19
A deliberate, politically or religiously
motivated attack against data compilations,
computer programs, and/or information
systems which is intended to disrupt and/or
deny service or acquire information which
disrupts the social, physical, or political
infrastructure of a target.
nd
ed.
Britz
20
Definition
- infringement on trademarked property via electronic means
Methods
Purchase of domain names consistent with the names of
established businesses or companies
Purchase of domain names which are similar to domain names
associated with established companies, but with common
misspellings. (e.g. www.toysareus.com or www.tgegap.com)
Legislation
Cybersquatting Consumer Protection Act of 1997 used
against individuals like John Zuccarini who purchased
thousands of domain names with common misspellings of
businesses and mousetrapped them.

nd
ed.
Britz
21
nd
ed.
Britz
22
Definition
hard to define
Generally any visual
depiction of a
lascivious exhibition of
the genitals or pubic
area or sexually
explicit conduct of a
minor
Government
Efforts
Grey Area NAMBLA
& the 1
st
Amendment
All states have statutes
prohibiting CP
Innocent Images
Operation Predator
(ICE)

Title 18 { 2251 and 2252
CPPA struck down
Typology of
Offenders
White males older than
25
Majority have images
of prepubescent
children in situations
involving sexual
penetration
55% had either
committed or
attempted to commit
molestation
Motivations
Pedophilia
Sexual miscreants
Curiosity seekers
Criminal opportunists
nd
ed.
Britz
23
40% of online predators also possess CP
Use chatrooms to identify victims
Often pretend to be teens
Prey on the vulnerable confused or ostracized
kids
Great success with sting operations or
honeypots
Perps believe that the person they are communicating
with are accurately representing
Perps believe that they are completely anonymous

nd
ed.
Britz
24
Used in both legitimate and illegitimate purchases
oPrivacy and convenience
oEase of comparative shopping
oGreater convenience and variety of products
oEasier access to written product information and references to other
sources
Both non-cyber (i.e. Rite Aid) and cyber pharmacies have a
presence
Operation Cyber Chase sold Schedule II V
pharmaceutically controlled substances (e.g. anabolic
steroids, amphetamines, and painkillers) without a
prescription
nd
ed.
Britz
25
Physical Gambling
Government sponsored
Implications of morality
Las Vegas, Atlantic City, Riverboats
Gambling Online
1
st
online casino 1995 Internet Casinos 18 games
Tens of billions of $$
Attraction lack of physicality; continuous operation; accessibility to minors;
increase in e-banking
Legislation
Application of traditional laws unclear (i.e. Wire Act)
Internet Gambling Prohibition & Enforcement Act of 2006

nd
ed.
Britz
26
Problems
Lack of public cooperation
morals are historically
difficult to enforce
Lack of international
cooperation some govts
actively court such
enterprise
WTO has ruled counter to
protecting U.S. interests in
prohibition
Provisions
Shifted the burden of
oversight and regulation to
individual banks and
credit-issuing institutions
Authorized state and
federal LE to seek
injunctions against those
facilitating illegal Internet
gambling (some media
giants have ceased
advertising due to this
provision)
nd
ed.
Britz
27
THREATENING & HARASSING COMMUNICATIONS:
CYBER-STALKING
Motivations of stalkers
Obsessional - (re-establish connection w/former partner)
Love-obsession - (have low self-esteem and target victim they hold in high
regard i.e. Hinkley/Jodie Foster
Erotomaniacs delusional, perceive victim has a relationship with them i.e.
Margaret Ray/David Letterman
Vengeance/Terrorist motivated by economic gain or revenge
Statistics
1 million women & 400K U.S. men victimized per year
78% of victims/females while 87% of perpetrators are male
69% of females & 81% of males with a protective order experienced repeated
contact
81% of females stalked by a domestic partner were physically assault & 31%
were sexually assaulted
2/3 of stalkers pursue their victims at least once a week
Definition
Willful, malicious, and repeated following and/or harassing another person
in an effort to inflict or cause fear of actual harm through words or deeds
committed via electronic means
Legislation
Interstate Stalking Punishment & Prevention Act of 1996
nd
ed.
Britz
28
Focuses on actual harm suffered
Not treated as harshly
Distinction between the two is subtle
More attention is afforded stalking
Perception of either is that it is not as serious as physical
stalking or harassment
THREATENING & HARASSING COMMUNICATIONS:
CYBER-HARASSMENT
nd
ed.
Britz
29
Examples:
Gary Dellapenta solicitation of rape
Jeanne Mentavolos altered photographs
Problems with Enforcement:
Courts reluctant to abridge speech or to identify certain
communications as threatening
No universal definition or perception of what constitutes
threatening
Ex. Jake Baker (AKA Abraham Jacob Alkhabaz) electronically
communicated stories about the rape and torture of a fellow
classmate, and fantasies about the abduction, bondage, torture,
humiliation, mutilation, rape, sodomy, murder, and necrophilia
about a neighbor of Bakers.
Court ruled that these communications did not constitute a
threat as they were not communicated to the victim

CYBER-STALKING and CYBER-HARASSMENT, contd
nd
ed.
Britz
30
Prevalence
Almost $200 million in losses
Hundreds of thousands of
complaints filed
Average loss per complainant
$724
Offenders
are male
are located in seven states
(CA; NY; FL; TX; IL; PA; TN)
Majority of offenders reside in
U.S. although perps exist
globally
Typologies
Auction fraud (most common)
Non-delivery of merchandise
and/or payment
Check fraud
Credit/debit card fraud
Computer fraud
Confidence fraud (Nigerians)
Financial institution fraud
nd
ed.
Britz
31
WEB-CRAMMING ISP JACKING
Definition
The unauthorized charging of
consumers via monthly
telecommunication fees.
Methods
Promote free services, but
have hidden fees and charges

Definition
Disconnecting individual users
from their selected Internet
service providers and redirecting
them to illegitimate servers
Results in long distance
charges for those using dial-up
Often overlooked as it is not
seen as dangerous and fewer
individuals connect via dial-up
nd
ed.
Britz
32
Any method of fraud via data manipulation (usually involves redirect or
reroute data representing monies or economic exchanges)
Committed by company or government insiders.
Salami technique
Data diddling
Manipulation of packets to mimic a third party
IP SPOOFING
Day trading
False information
Insider trading
Securities Fraud & Stock Manipulation
nd
ed.
Britz
33
Definition
An enterprise or practice of engaging in deliberate financial transactions to
conceal the identity, source, and/or destination of income
Process
Placement
Layering
Integration
History
Murray Camel Humphries Chicago laundromats
Traditional Methods Gambling, real estate, irregular funding,
corruption of officials or non-profits, captive businesses
Fighting money laundering
3 Fs Finding, Freezing, Forfeiture
nd
ed.
Britz
34
Hold Internet service providers accountable for
failure to maintain adequate records
Make financial institutions responsible for
inadequate security
Enforce Know Your Customers regulations

nd
ed.
Britz
35
Technology both enhances & threatens modern
society.
Computer crime in increasing for a variety of reasons:
Computers are equivalent to a storage warehouse
Increasing connectivity & interdependence of infrastructures
Technical expertise is decreasingly important
Increasing number of threat groups with sophisticated
methodologies & advance technology
Government apathy

Chapter Four: Computer Forensics and Cyber Crime, 2 Ed

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Chapter Four: Computer Forensics and Cyber Crime, 2 Ed

Загружено:

Авторское право:

Доступные форматы

Computer Forensics and Cyber Crime, 2

Вам также может понравиться