ICT MODULE 1_B.pptx
-
Upload
khushal-singh -
Category
Documents
-
view
250 -
download
2
Transcript of ICT MODULE 1_B.pptx
-
8/10/2019 ICT MODULE 1_B.pptx
1/33
GALGOTIAS UNIVERSITY UTTER PRADESH, YAMUNA EXPRESSWAY, GAUTAM BUDH NAGAR, UP, INDIA
And
INSTITUTE OF ACCOUNTANCY ARUSHA, ARUSHA, TANZANIA
ITM-09331(Cyber Crimes and Computer Laws )
Mr. Khushal Singh
(Assistant Professor , School of Computing Science & Engineering)
-
8/10/2019 ICT MODULE 1_B.pptx
2/33
2
Information Warfare
Any attempt to manipulate information in
pursuit of a military or political goal:
Use computers to gather information.
Use computers to disseminate propaganda.
-
8/10/2019 ICT MODULE 1_B.pptx
3/33
3
Information Warfare (cont.)
Propaganda:
Any group could use what appears to be an
Internet news Web site.
Many people believe and repeat what they see on
the Internet.
-
8/10/2019 ICT MODULE 1_B.pptx
4/33
4
Information Warfare (cont.)
Disinformation
Locate false information behind relatively secure
systems, but not secure enough to keep out
enemy.
The work the enemy has to do to acquire the
disinformation will convince them of its value.
-
8/10/2019 ICT MODULE 1_B.pptx
5/33
5
Actual Cases
Many influential people do not believe in
cyber warfare.
These events appear to contradict them:
The Peoples Liberation Army [China] has
formulated an official cyber warfare doctrine.
-
8/10/2019 ICT MODULE 1_B.pptx
6/33
6
Actual Cases (cont.)
In Tehran [Iran], the armed forces and
technical universities joined to create
independent cyber R & D centers and train
personnel in IT skills.
Tehran seeks to buy IT technical assistance
and training from Russia and India.
-
8/10/2019 ICT MODULE 1_B.pptx
7/33
7
Future Trends
Positive Trends
Cyberterrorism Preparedness Act of 2002
$350,000,000 over 5 years for improving network
security
Cybersecurity Research and Education Act of 2002
$50,000,000 over 4years for training IT specialists
in IT security
-
8/10/2019 ICT MODULE 1_B.pptx
8/33
INTERNATIONAL INITIATIVES To
Combat High-tech Crime
To meet the challenge posed by new kinds ofcrime made possible by computer technologyincluding telecommunication, many countrieshave also reviewed their respective domestic
criminal laws so as to prevent computer relatedcrimes.
Some of these countries are USA,Denmark,France Germany, Greece, Finland, Italy, Turkey,
Sweden, Switzerland, Australia, Canada, India,Japan, Spain, Portugal, UK, Malaysia andSingapore.
-
8/10/2019 ICT MODULE 1_B.pptx
9/33
-
8/10/2019 ICT MODULE 1_B.pptx
10/33
Principles to Combat High-Tech Crime
1. There must be no safe havens for those who abuseinformation technologies.
2. Investigation and prosecution of international high-tech crimes must be coordinated among all concernedStates, regardless of where harm has occurred.
3. Law enforcement personnel must be trained andequipped to address high-tech crimes.
4. Legal systems must protect the confidentiality,integrity, and availability of data and systems fromunauthorized impairment and ensure that seriousabuse is penalized.
-
8/10/2019 ICT MODULE 1_B.pptx
11/33
Principles to Combat High-Tech
Crime(Contd.)5. Legal systems should permit the preservation of and quick
access to electronic data, which are often critical to thesuccessful investigation of crime.
6. Mutual assistance regimes must ensure the timelygathering and exchange of evidence in cases involvinginternational high-tech crime.
7. Trans-border electronic access by law enforcement topublicly available (open source) information does notrequire authorization from the State where the dataresides.
8. Forensic standards for retrieving and authenticatingelectronic data for use in criminal investigations andprosecutions must be developed and employed.
-
8/10/2019 ICT MODULE 1_B.pptx
12/33
Principles to Combat High-Tech
Crime(Contd.)
9. To the extent practicable, information andtelecommunications systems should be
designed to help prevent and detect networkabuse, and should also facilitate the tracing ofcriminals and the collection of evidence.
10. Work in this area should be coordinated withthe work of other relevant international forato ensure against duplication of efforts.
-
8/10/2019 ICT MODULE 1_B.pptx
13/33
Action Plan to Combat High-Tech
Crime
In support of the PRINCIPLES, we are directing ourofficials to:
1. Use our established network of knowledgeablepersonnel to ensure a timely, effective response totransnational high-tech cases and designate a point-of-contact who is available on a twenty-four hour basis.
2. Take appropriate steps to ensure that a sufficientnumber of trained and equipped law enforcement
personnel are allocated to the task of combating high-tech crime and assisting law enforcement agencies ofother States.
-
8/10/2019 ICT MODULE 1_B.pptx
14/33
-
8/10/2019 ICT MODULE 1_B.pptx
15/33
Action Plan to Combat High-Tech
Crime(Contd.)
5. Continue to examine and develop workablesolutions regarding: the preservation of evidenceprior to the execution of a request for mutual
assistance; computer searches of data where thelocation of that data is unknown.
6. Develop expedited procedures for obtainingtraffic data from all communications carriers in
the chain of a communication and to study waysto expedite the passing of this datainternationally.
-
8/10/2019 ICT MODULE 1_B.pptx
16/33
Action Plan to Combat High-Tech
Crime(Contd.)
7. Work jointly with industry to ensure that newtechnologies facilitate our effort to combat high-tech crime by preserving and collecting critical
evidence.8. Ensure that we can, in urgent and appropriatecases, accept and respond to mutual assistancerequests relating to high-tech crime by expedited
but reliable means of communications, includingvoice, fax, or e-mail, with written confirmation tofollow where required.
-
8/10/2019 ICT MODULE 1_B.pptx
17/33
-
8/10/2019 ICT MODULE 1_B.pptx
18/33
Attacks
Non-Technical attacks
Example Social engineering
Pretexting
Phishing
Cause
Low user awareness or missing policies/routines
Technical attacks
Example See following slides
Cause Transitive trust
Bugs and configuration errors in apps and OS
Vulnerabilities in protocols and Network Infrastructure18
-
8/10/2019 ICT MODULE 1_B.pptx
19/33
-
8/10/2019 ICT MODULE 1_B.pptx
20/33
A Quote from Kevin Mitnick
You could spend a fortune purchasing
technology and services from every exhibitor,
speaker and sponsor at the RSA Conference,
and your network infrastructure could stillremain vulnerable to old-fashioned
manipulation.
-
8/10/2019 ICT MODULE 1_B.pptx
21/33
-
8/10/2019 ICT MODULE 1_B.pptx
22/33
Social engineering Attack
Social engineering can be broken down into foursub-groups:
Intimidation The "angry supervisor"
technique , the hacker convinces the personwho answers the phone that their job is indanger unless they help them. At this point,many people accept that the hacker is asupervisor and give them the information theyseek.
-
8/10/2019 ICT MODULE 1_B.pptx
23/33
Social engineering(Contd.)
Helpfulness: The opposite of intimidation,helpfulness exploits many people's naturalinstinct to help others solve problems. Rather
than acting angry, the hacker acts distressedand concerned. The help desk is the mostvulnerable to this type of social engineering,as (a.) its general purpose is to help people;
and (b.) it usually has the authority to changeor reset passwords, which is exactly what thehacker wants.
-
8/10/2019 ICT MODULE 1_B.pptx
24/33
Social engineering(Contd.)
Name-dropping: The hacker uses names of
authorized users to convince the person who
answers the phone that the hacker is a
legitimate user him or herself. Some of thesenames, such as those of webpage owners or
company officers, can easily be obtained
online. Hackers have also been known toobtain names by examining discarded
documents (so-called "dumpster diving").
-
8/10/2019 ICT MODULE 1_B.pptx
25/33
Social engineering(Contd.)
Technical: Using technology is also a way to
get information. A hacker can send a fax or
email to a legitimate user, seeking a response
that contains vital information. The hackermay claim that he or she is involved in law
enforcement and needs certain data for an
investigation, or for record-keeping purposes.
-
8/10/2019 ICT MODULE 1_B.pptx
26/33
Social engineering(Contd.)
So we can divided the Social Engineering Attack
into two type:
(1)Human Based
Impersonation
Important User
ThirdParty Authorization Tech-Support
-
8/10/2019 ICT MODULE 1_B.pptx
27/33
Social engineering(Contd.)
(1)Human Based(Contd.)
In Person
Dumpster-diving Shoulder-Surfing
(2) Computer Based
Popup Window
Mail Attachments
-
8/10/2019 ICT MODULE 1_B.pptx
28/33
-
8/10/2019 ICT MODULE 1_B.pptx
29/33
-
8/10/2019 ICT MODULE 1_B.pptx
30/33
Attack Model
-
8/10/2019 ICT MODULE 1_B.pptx
31/33
-
8/10/2019 ICT MODULE 1_B.pptx
32/33
Other Thoughts
What damage has been done? What damage
can still be done?
Has a crime actually taken place?
-
8/10/2019 ICT MODULE 1_B.pptx
33/33