VIRGINIA COMMONWEALTHVIRGINIA COMMONWEALTHUNIVERSITY POLICEUNIVERSITY POLICE

THETHE

TECHNICAL SIDE OF THETECHNICAL SIDE OF THE

INTERNET & COMPUTERINTERNET & COMPUTER

CRIMECRIME

Officer Troy C. Ross

Webmaster, VCU Police

An Introduction to the NetAn Introduction to the Net

As of the year 2000, the Internet has become an

international collection of over 9.7 million computer

networks, all very capable of communicating with

one another. Approximately 300 million people

world-wide have access to the Internet (122.6 million

of them being in the United States). So how do each

of these computers connect with one another?

How Computers ConnectHow Computers Connect

Every computer that is connected to the Internet depends on Internet

Protocol (IP) to communicate with one another. Each computer has

an IP Address. An example of an IP Address may look like

128.172.101.102. The first set of digit(s) in this example, 128, identifies

a section of the main Internet system. The next set of digit(s), 172,

identifies a specific network. The next set of digit(s), 101, identifies a

section or department of the specific network. Finally, the last set of

digit(s), 102, identifies a specific computer within that network.

How Computers ConnectHow Computers Connect128.172.101.102 128.172.101.302

128.172.101.199

ISPServer

ISP Server

ISPServer

Typical Diagram of a Network

Surfin’ The WebSurfin’ The Web

Most people who surf the web use

browsers, such as Microsoft Internet

Explorer™ or Netscape Communicator™.

These browsers allow your computer to

connect to servers (computers that store

web site files and "serves" them to you

when requested). These communications

over the net are not private. Nearly everything is sent unencrypted and can be

easily read.

Information ExchangeInformation Exchange

When computers connect, certain information can be exchanged. For instance, some web

sites can log your IP address. Others can place on your hard drive a "cookie" (a text file

that is stored in the hard drive of your computer, telling the server things about you, your

computer and your activities). Web browsers can be customized in their settings to accept

or reject the cookie. Passwords stored in your computer can possibly be read by programs

operated by malicious users, either locally (physically at your computer) or remotely

(through the web).

Online ProtectionOnline Protection

There is no fool-proof way to protect your computer 100%, with the exception of turning

it off. But you can protect it about 99% of the time, with the right tools. There is a large

amount of software available that can protect you and your computer. Anti-virus programs

can block trojan files, worm files, and viruses from infecting your computer. These harmful

things can make it vulnerable to outside attacks by malicious users. Firewall programs can

keep other computers from connecting to yours through unguarded ports on your PC.

Certain hardware connected to your computer, such as barricades, can 'hide' your computer

from others on the web.

An Intro to Computer An Intro to Computer CrimeCrime

The most common Internet crime is online fraud. This occurs when you go online,

make a purchase from someone, and the product is never delivered. This often

occurs on auction sites. Fraudulent sites may obtain your credit card information

in order to make purchases on your credit. Some users may become victim to

email pyramid get-rich-quick schemes. You may unknowingly become a victim

when the damage is already done.

Malicious Users OnlineMalicious Users Online

A 'hacker' is someone who enjoys the

challenge of deciphering programs and

stretching the capabilities of a program

or a computer. They are not necessarily

malicious users. A 'cracker' is a term used

for persons who intentionally codes

or utilizes programs to bypass security

functions with the intent to gain private

information or unauthorized access to a computer or number of computers.

Malicious Users at WorkMalicious Users at WorkThere are programs that are available today that allow malicious users to gain access to other

computers and their programs. They use these hacks for several purposes, ranging from causing

simple mischief to major damage. One type of program can 'steal' a password or passwords

allowing the malicious user to do things such as access your email account, login to an Instant

Messenger program and pretend to be you, or access your online banking. Another type of program

can connect their computer to yours in a 'stealth mode' where you would not even be aware. It usually

requires that your computer already be infected by a trojan program so that same trojan program can

open up your computer to theirs. Once done, and if the program is strong in capabilities, the

malicious user can do most anything with your computer remotely. They could access and view all

your files on your hard drive, turn on your microphone or webcam, erase your hard drive(s) and

even turn your computer off. The fact remains that technology has evolved greatly from the age

of the Abacus. Protection is what ALL users of the web need most.

Malicious Users at WorkMalicious Users at Work

Why is Cybercrime Why is Cybercrime Increasing?Increasing?

Connectivity is Global - no boundariesConnectivity is Global - no boundaries Numerous vulnerable targetsNumerous vulnerable targets Easy concealment - Anonymous HacksEasy concealment - Anonymous Hacks Low equipment costs and accessLow equipment costs and access Less technical skill requiredLess technical skill required Ability to obtain tools, exploits, and Ability to obtain tools, exploits, and

vulnerabilities via the Webvulnerabilities via the Web

Trends & MethodsTrends & Methods

Forgery trend growingForgery trend growing Use of consumer accounts for fraudUse of consumer accounts for fraud Identity theft - possibly made available Identity theft - possibly made available

by your computerby your computer Theft of Credit Card numbersTheft of Credit Card numbers Online Auction FraudOnline Auction Fraud Child Pornography and ExploitationChild Pornography and Exploitation Online Banking FraudOnline Banking Fraud

E-commerceE-commerce

E-commerce may reach $13 billion E-commerce may reach $13 billion dollars this year alonedollars this year alone

FDIC estimated that most banks FDIC estimated that most banks currently have web sitescurrently have web sites

GAO estimated that 380 banks offer GAO estimated that 380 banks offer direct dial-in servicesdirect dial-in services

Booz-Allen stated, “There were 16 Booz-Allen stated, “There were 16 million cyber-banking customers as of million cyber-banking customers as of 2000” (and it’s growing)2000” (and it’s growing)

What are we up Against?What are we up Against?

Transparent technology - you can’t Transparent technology - you can’t touch thistouch this

Assumptions that “it will take care Assumptions that “it will take care of itself”of itself”

Unseen background “attacks” by Unseen background “attacks” by malicious usersmalicious users

Lack of Knowledge - “I just don’t Lack of Knowledge - “I just don’t understand this stuff”understand this stuff”

What are the Laws?What are the Laws?

“Possession of sexually explicit visual material utilizing or having as a subject a person less than

eighteen years of age”

Click to view statute:Code of Virginia § 18.2-374.1:1

Possession of Child Possession of Child PornographyPornography

Production of Child Production of Child PornographyPornography

Production, publication, sale, possession with intent to distribute, financing, distribution, etc., of sexually explicit items involving children; presumption as to

age; severability

Click to view statute:Code of Virginia § 18.2-374.1

Seizure and ForfeitureSeizure and Forfeiture

Seizure and forfeiture of all audio and visual equipment, electronic equipment, devices and other

personal property used in connection with the production, distribution, publication, sale, possession

with intent to distribute or making of child pornography following conviction of §18.2- 374.1

Click to view statute:Code of Virginia § 18.2-374.2

Use of communications Use of communications systems to facilitate certain systems to facilitate certain

offensesoffenses

Click to view statute:Code of Virginia § 18.2-374.3

Includes making personal contact or direct contact through any agent or agency, any print medium, the

United States mail, any common carrier or communication common carrier, any electronic

communications system, or any telecommunications, wire, computer, or radio communications system.

Virginia Computer Crime ActVirginia Computer Crime Act

§§18.2-152.218.2-152.2 Definitions Definitions

§§1818.2-152.3.2-152.3 Computer fraud Computer fraud

§§18.2-152.418.2-152.4 Computer trespass Computer trespass

§§18.2-152.518.2-152.5 Computer invasion Computer invasion of privacy of privacy

§§18.2-152.618.2-152.6 Theft of computer Theft of computer services services

§§18.2-152.718.2-152.7 Personal trespass Personal trespass by computerby computer

§§18.2-152.7:118.2-152.7:1 Harassment by Harassment by computercomputer

§§18.2-152.818.2-152.8 Property capable of Property capable of embezzlement embezzlement

§§18.2-152.918.2-152.9 Limitation of Limitation of prosecution prosecution

§§18.2-152.1018.2-152.10 Venue for Venue for prosecution prosecution

§§18.2-152.1118.2-152.11 Article not exclusive Article not exclusive

§§18.2-152.1218.2-152.12 Civil relief; damages Civil relief; damages

§§18.2-152.1318.2-152.13 Severability Severability

§§18.2-152.1418.2-152.14 Computer as Computer as instrument of forgery instrument of forgery

§§18.2-152.1518.2-152.15 Encryption used in Encryption used in criminal activitycriminal activity Click to view statute

Cyber StalkingCyber Stalking

Any person who on more than one occasion engages in conduct directed at another person with the intent to

place, or when he knows or reasonably should know that the conduct places that other person in reasonable fear of

death, criminal sexual assault, or bodily injury to that other person or to that other person's family or

household member

Click to view statute:

Code of Virginia § 18.2-60

Cyber ThreatsCyber Threats

Any person who knowingly communicates, including an electronically transmitted communication a threat to kill

or do bodily injury to a person

Click to view statute:

Code of Virginia § 18.2-60

Harassment by ComputerHarassment by Computer

Any person, with the intent to coerce, intimidate, or harass any person, shall use a computer or computer

network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any

suggestion or proposal of an obscene nature, or threaten any illegal or immoral act

Click to view statute:

Code of Virginia § 18.2-152.7:1

Communicating Communicating Identifying InformationIdentifying Information

Any person, with the intent to coerce, intimidate, or harass another person, publishes the person's name or

photograph along with identifying information as defined in clauses (iii) through (ix), or clause (xii) of

subsection C of § 18.2-186.3

Click to view statute:

Code of Virginia § 18.2-186.4

““Hacked” StatisticsHacked” Statistics

Of 2738 organizations, 90% reported Of 2738 organizations, 90% reported security breaches in past 12 monthssecurity breaches in past 12 months

70% detected serious breaches - info 70% detected serious breaches - info theft, fraud, outside penetrationtheft, fraud, outside penetration

74% reported financial loss74% reported financial loss only 42% could estimate losses - only 42% could estimate losses -

$265,589,940 total (based on 2000 $265,589,940 total (based on 2000 CSI survey)CSI survey)

Is it Investigated?Is it Investigated?

36% of respondents in CSI survey 36% of respondents in CSI survey reported the computer crime(s) to reported the computer crime(s) to Law Enforcement (a significant Law Enforcement (a significant increase from the year 2000 when increase from the year 2000 when only 25% reported any offenses)only 25% reported any offenses)

Law Enforcement needs to know to Law Enforcement needs to know to investigateinvestigate

HOW DO I PROTECT HOW DO I PROTECT MYSELFMYSELF

MY FAMILY, AND MY MY FAMILY, AND MY COMPUTER?COMPUTER?

Software ProtectionAt a very basic level, everyone using the Internet should have software installed

on their computer to protect it. Virginia Commonwealth University does not

endorse these commercial providers or products unless otherwise noted.

http://www.at.vcu.edu/faq/nav.htmlhttp://www.mcafee.com/

http://www.zonealarm.com/

Hardware ProtectionAt the next level, everyone using the Internet may want to have hardware

installed on their computer to protect it. Virginia Commonwealth University

does not endorse these commercial providers or products unless otherwise noted.

NetGear FS105 - http://www.netgear.comSMC Barricade - http://www.smc.com/

What your Network should What your Network should BeBe

Your Computerwith Anti-Virus

and FirewallSoftware Installed

(Excellent Protection)

Your PC connects tothe router or switchvia Ethernet cable

Your Router orSwitch - HardwareProtection at Best

Router or Switch connects to CableModem or Direct Ethernet to your ISP Server

Your ISP’sServer

connects you tothe rest of theWorld Wide

Web

Online Safety TipsOnline Safety Tips

Register your PC with Operation PC-IDRegister your PC with Operation PC-ID Never leave a notebook PC unattended in Never leave a notebook PC unattended in

public - it’s an easy stealpublic - it’s an easy steal When not in use - shutdown PCWhen not in use - shutdown PC Close a program when not in useClose a program when not in use Never save or store passwords on a PCNever save or store passwords on a PC Use STRONG passwords - no easy guessUse STRONG passwords - no easy guess

WEBLINK: OPERATION PC-ID

More Online Safety TipsMore Online Safety Tips

Beware of file attachments - TrojansBeware of file attachments - Trojans Purchase online from reputable Purchase online from reputable

businesses with secured Browserbusinesses with secured Browser Beware of get-rich-quick emailsBeware of get-rich-quick emails Update anti-virus software weeklyUpdate anti-virus software weekly Set browser options to maximum Set browser options to maximum

protectionprotection Never give out personal information!Never give out personal information!

Informational VideosInformational Videos

Web Surfing, Security, and Privacy Online

Internet Security, Hacks, and Trojan Horses

Are You Protected? Find Out! Test Your System

Using ShieldsUP to learn how to Secure your System

Is Your Firewall doing its Job? Find Out!

These links connect to videos online. Steve Gibson (Internet Security Expert), Leo Laporte (ZDTV), and Kate Botello discuss Internet Security, information your PCis revealing, and ways you can test your system for safety and privacy. These videosare in Windows Media format. Please allow time for buffering.

Test Your PC NowTest Your PC Now

Privacy Analysis of Your Connection

Test the Security of Your PC Online

Test Your Computer’s Firewall Online

These online tests can actually tell you how vulnerable your computer system is online.If you wonder what information your computer is sending out to the world, these linkswill tell you. These sites are 100% safe and fully tested. The test results are accurate.

Reading ResourcesReading Resources

Latest Internet Fraud Trends

Internet Fraud Preventative Measures

How You Are Being Traced Over the Net

The IP Address - Your Internet Identity

Brought to you byBrought to you by

VCU POLICE DEPARTMENT918 W. FRANKLIN STREET

RICHMOND, VA. 23834(804) 828-1196

PRESENTATION BY:OFFICER TROY C. ROSS

WEBMASTER, VCUPDUNIT 1420

WWW.VCU.EDU/POLICE