Computer Forensics and Cyber Crime Britz PRENTICE HALL ©2004 Pearson Education, Inc. Chapter Four...

Computer Forensics and Cyber Crime

Britz

PRENTICE HALL

©2004 Pearson Education, Inc.

Chapter FourChapter FourComputers as Targets – Hacking and Beyond


Britz

PRENTICE HALL


Computer as TargetsComputer as Targets

HardwareSoftwareInformation


Britz

PRENTICE HALL


HardwareHardware

Theft and sale of computer components– Black market sale of integrated

circuits, processing chips, memory cards, etc. is increasing

– CPUs, monitors, scanners, printers, etc. are not as easy to conceal, and thus, are decreasing.

– Increasingly global – Hard to prevent and nearly

impossible to trace


Britz

PRENTICE HALL


Markets for Stolen ComponentsMarkets for Stolen ComponentsBlack Market Dealers -

– Most organized– Like full service

restaurantsGrey Market Dealers

– Specialize in made-to-order computers

– Claim innocence


Britz

PRENTICE HALL


ExamplesExamples Both are increasing in prevalence and both

are now involved in counterfeit software and hardware.

– SoftBank (www.cybercrime.gov/williams_wilson.htm)

– IBM


Britz

PRENTICE HALL


Software Piracy - Software Piracy - WarezWarez

Warez - commercial programs that are made available to the public illegally– readily available on the Web – usually created

and maintained by highly sophisticated, well educated administrators

– David LaMacchia and Cynosure and Cynosure II


Britz

PRENTICE HALL


Software – Organized EffortsSoftware – Organized Efforts

Organized units– 2001 – FBI seize over $10 million worth of

counterfeit software

– extremely sophisticated – even included disks with replicas of Microsoft’s new hologram technology

– increasingly common – due to the high costs associated with obtaining licensed copies (Office 2000 - $600)


Britz

PRENTICE HALL


Counterfeit games & softwareCounterfeit games & software


Britz

PRENTICE HALL


Software – Individual PiracySoftware – Individual PiracyThe unauthorized copying of software is

much more costly and more pervasive– exponentially increased after the introduction

of CD-RWsMajor problem – lack of knowledge

regarding licensing requirements


Britz

PRENTICE HALL


Strategies to Combat PiracyStrategies to Combat Piracy

Newest strategy - Shareware – acknowledges the futility of trying to stop people from copying software and instead relies on people’s honesty

Publishers actually encourage users to give copies of programs to friends and colleagues but ask everyone who uses a program regularly to pay a registration fee to the program’s author directly.


Britz

PRENTICE HALL


Hacking and/or theft of Hacking and/or theft of informationinformation

Computer may be the intended target of a criminal or may actually represent the instrumentality of the crime. Hacking activities may fall into either category.


Britz

PRENTICE HALL


Traditional Hacking ProfilesTraditional Hacking Profiles

Young, socially challenged males Started with role playing games, like D&DOriginally started as phreakersAnti-establishment

ideology


Britz

PRENTICE HALL


Hacker EthosHacker Ethos

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for. (The Mentor, Phrack, v1 i7, phile 3, as quoted in Sterling, 1994)


Britz

PRENTICE HALL


Contemporary HackersContemporary Hackers

Contemporary hackers – – have lost much of the ideological

superstructure– many are now criminally motivated– more females have emerged– more unskilled hackers due to the proliferation

of private hacking toolkits and software (NetBus, Back Orifice, Deep Throat)


Britz

PRENTICE HALL


Contemporary DefinitionsContemporary Definitions

While traditional definitions included assumptions of motivation and skill, contemporary definitions have been altered to include any individual who intentionally accesses a computer without or in excess of authorization irrespective of knowledge or stimulus.


Britz

PRENTICE HALL


Continuum of MotivationContinuum of Motivation

BoredomIntellectual ChallengeEconomicInsidersSexual gratificationPolitical


Britz

PRENTICE HALL


Economic and Political Economic and Political MotivationsMotivations

1. not as prevalent2. investigated at higher rate3. personal or political gain


Britz

PRENTICE HALL


A Sampling of Hacker SitesA Sampling of Hacker Sites 06-11-91 Hacking Bank America BANKAMER.ZIP

06-11-91 Hacking Citibank CITIBANK.ZIP06-11-91 How to Hack HACK.ZIP06-11-91 Basics of Hacking HACKBAS.ZIP06-11-91 Hackers Dictionary HACKDICT.ZIP06-11-91 Hackers Handbook HANDHAND.ZIP 06-11-91 Anarchy Files ANARCH.ZIP06-11-91 Anarchist Book ANARCHST.ZIP06-11-91 How To Make Bombs BOMB.ZIP06-11-91 Chlorine Bomb CHLORINE.ZIP06-11-91 Anarchy Cook Book COOKBOOK.ZIP06-11-91 Destroy Stuff DESTROY.ZIP06-11-91 How to Pick Locks LOCK.ZIP06-11-91 Pipe Bomb PIPEBOMB.ZIP06-11-91 Revenge Tactics REVENGE.ZIP


Britz

PRENTICE HALL


Extortion and BlackmailExtortion and BlackmailExtortion and Blackmail - cash for action

or inaction– “Maxus”– Western Union


Britz

PRENTICE HALL


Computer ContaminantsComputer ContaminantsDestruction of DataDestruction of Data

Motivations vary but techniques are the same:– Viruses and Worms– DOS attacks– Trojans


Britz

PRENTICE HALL


Eco-terrorism via computerEco-terrorism via computer

Corporate warefare – not unique or new– traditional methods employed included

attacks on physical structures or tangible objects

– Intangibility of cyberspace has exponentially increased the potential impact (mail bombs are limited, but e-mail bombs are not!)

– DOS attacks – attempt to disable a large system without necessarily gaining access to it


Britz

PRENTICE HALL


DOS AttacksDOS Attacks mail bombing – jamming a system’s server with

voluminous e-mail other methods: manipulation of phone switches or

the more sophisticated method of low level data transmission

attacks have included: www.amazon.com, www.ebay.com, www.yahoo.com

Fortunately, few have been political in nature – thus, national infrastructures have remained relatively unscathed

However, they do pose a threat to national security. Imagine the chaos that would result if all of the electric utilities up and down the Eastern seaboard were shut down as a result.


Britz

PRENTICE HALL


VirusesVirusesViruses range in destruction from mere

inconvenience to mass destruction.– Anna Kournikova virus – simply scrambled text

within MS Word Documents– Chernobyl virus – attacked the hard disk by

erasing a portion of the hard disk that makes it impossible to access the disk, even if booting from a floppy

– Others may attack the FAT of the first partition, making it impossible for the disk to assemble data logically.


Britz

PRENTICE HALL


Computer Giants VictimizedComputer Giants Victimized Both Apple and IBM have been

victimized– IBM’s e-mail system was

compromised on five continents– Apple Computer reported that

intruders may have reverse engineered the secret code for its operating system, while a virus released in its electronic mail system caused organizational chaos by erasing all company voice-mail.


Britz

PRENTICE HALL


Contemporary EnvironmentContemporary Environment May be unskilled and use canned virus software, like

the VBS Worm Generator Federal and state legislatures have developed a variety

of laws to punish those responsible for computer contaminates.

Not the case in foreign countries


Britz

PRENTICE HALL


Data Piracy – Industrial Data Piracy – Industrial Espionage and TerrorismEspionage and Terrorism

May be committed by insiders (e.g., Gillette example) or criminal outsiders, industry competitors, or government entities

– Gillette– French Government


Britz

PRENTICE HALL


Theft of Information – Electronic Theft of Information – Electronic EspionageEspionage

Cold War ended caution of U.S., but not others– Telrad and Nortel

2000 – FBI estimate - 120 foreign governments were actively working intelligence operations currently targeting the U.S.


Britz

PRENTICE HALL


Theft of Information – Physical MeansTheft of Information – Physical MeansLaptops have created significant problems,

including a new black market. – London – U.S. – Others – Airport

Solutions – greater education and awareness for employees. All of these are attributed to carelessness!


Britz

PRENTICE HALL


Terrorism and Data ManipulationTerrorism and Data Manipulation

Traditionally, terrorism was directed at physical or human targets.

Currently, changing their method of operation – using technology to enhance communication, elicit funding, spread propaganda, formulate strategies, and terrorize their intended target– Ramzi Yousef –stored detailed plans to destroy U.S.

airliners on encrypted files on his laptop computer long before 9/11


Britz

PRENTICE HALL


CyberterrorismCyberterrorism

a deliberate, politically or religiously motivated attack against data compilations, computer programs, and/or information systems which is intended to disrupt and/or deny service or acquire information which disrupts the social, physical, or political infrastructure of a target.– May be employed to target a nation’s infrastructure or

critical databanks. (i.e., ConnEdison or CDC) Think of the blackout in the Northeast in the summer of 2003. Think of the cases in Britain and Italy where viruses wiped out

vital information from lengthy hematology studies and one year’s worth of AIDS research.


Britz

PRENTICE HALL


CyberterrorismCyberterrorism

Organized groups are starting to emerge.“Internet Black Tigers” Pose significant danger


Britz

PRENTICE HALL


Hacking 101 – How They Do ItHacking 101 – How They Do It Single greatest threat – careless or uninformed

employees despite precautions taken by employers

– Social engineering– Shouldering surfing – Role playing– Background inquiries– Dumpster diving– More sophisticated approaches


Britz

PRENTICE HALL


ConclusionsConclusions Five contributing facts to computer intrusions

– Computers act as the technical equivalent of storage warehouses

– Increasing connectivity and interdependence of government and poorly regulated public infrastructures

– The decline of necessary technical expertise – Increasing number of threat groups with sophisticated

methodologies and advanced technology– Government apathy and disregard for protecting digital

systems

Computer Forensics and Cyber Crime Britz PRENTICE HALL ©2004 Pearson Education, Inc. Chapter Four...

Documents

Transcript of Computer Forensics and Cyber Crime Britz PRENTICE HALL ©2004 Pearson Education, Inc. Chapter Four...