Computer Crime & Computer Crime & SecuritySecurity
Hackers & Crackers & Worms!Hackers & Crackers & Worms!
Oh my!!Oh my!!
What’s at RiskWhat’s at Risk
Personal InformationPersonal Information Intellectual PropertyIntellectual Property Business InformationBusiness Information National SecurityNational Security
Personal InformationPersonal Information
Identity TheftIdentity Theft Contact the fraud departments of any one of Contact the fraud departments of any one of
the three consumer reporting companies the three consumer reporting companies Close the accounts that you know or believe Close the accounts that you know or believe
have been tampered with or opened have been tampered with or opened fraudulently. fraudulently.
File a report with your local police or the police File a report with your local police or the police in the community where the identity theft took in the community where the identity theft took placeplace
File your complaint with the FTCFile your complaint with the FTC
Intellectual PropertyIntellectual Property
CopyrightCopyright Protects words, music, and other expressions for life of Protects words, music, and other expressions for life of
copyright holder plus 70 yearscopyright holder plus 70 years TrademarkTrademark
Protects unique symbol or words used by a business to Protects unique symbol or words used by a business to identify a product or serviceidentify a product or service
Trade SecretTrade Secret Protects secrets or proprietary informationProtects secrets or proprietary information
PatentPatent Protects an invention by giving the patent holder Protects an invention by giving the patent holder
monopoly on invention for 20 years after patent monopoly on invention for 20 years after patent application has been applied.application has been applied.
Business InformationBusiness Information
Business IntelligenceBusiness Intelligence Collecting & analyzing information in pursuit of Collecting & analyzing information in pursuit of
the business advantage.the business advantage. Competitor IntelligenceCompetitor Intelligence
Business intelligence about the competitor.Business intelligence about the competitor. Counter IntelligenceCounter Intelligence
Protecting your own information from access Protecting your own information from access by a competitor.by a competitor.
Customers’ InformationCustomers’ Information
National SecurityNational Security
Cyber terrorismCyber terrorism Acts of terrorism over the Internet which intimidate or Acts of terrorism over the Internet which intimidate or
harm a populationharm a population
United States Computer Emergency United States Computer Emergency Readiness Team – US CERTReadiness Team – US CERT National Strategy to Secure cyberspaceNational Strategy to Secure cyberspace Prevent cyberattacks on America’s critical Prevent cyberattacks on America’s critical
infrastructuresinfrastructures Reduce national vulnerability to cyberattacksReduce national vulnerability to cyberattacks Minimize damage and recovery time from cyberattacksMinimize damage and recovery time from cyberattacks http://www.us-cert.http://www.us-cert.gov/gov/
Current US Privacy LawsCurrent US Privacy Laws
Consumer Internet Privacy Protection Consumer Internet Privacy Protection Act of 1997Act of 1997
The Children’s Online Privacy The Children’s Online Privacy Protection Act of 2000Protection Act of 2000
Information Protection & Security Act Information Protection & Security Act of 2005of 2005
Notification of Risk of Personal Data Notification of Risk of Personal Data Act 2003Act 2003
Current US Privacy LawsCurrent US Privacy Laws
Identity Theft Protection Act of 2005Identity Theft Protection Act of 2005 Health Insurance Portability & Health Insurance Portability &
Accountability Act (HIPAA) of 1996Accountability Act (HIPAA) of 1996 Sarbanes-Oxley Act (“Sarbox”) of Sarbanes-Oxley Act (“Sarbox”) of
20022002 Gramm-Leach-Bliley Act (GBLA) of Gramm-Leach-Bliley Act (GBLA) of
19991999
Source of Security ThreatsSource of Security Threats
Software/Network VulnerabilitiesSoftware/Network Vulnerabilities User Negligence & TheftUser Negligence & Theft Pirates & PlagiarismPirates & Plagiarism Hackers & CrackersHackers & Crackers Internal ThreatsInternal Threats
Software/Network Software/Network VulnerabilitiesVulnerabilities
Security HolesSecurity Holes Vulnerability of a program or a systemVulnerability of a program or a system Data compromiseData compromise Unauthorized software installationUnauthorized software installation
Software PatchesSoftware Patches Fixes to the softwareFixes to the software Announces the problemAnnounces the problem
User Negligence & TheftUser Negligence & Theft
Data-entry errorsData-entry errors Errors in programsErrors in programs Improper set-up or installationImproper set-up or installation Mishandling of outputMishandling of output Inadequate planning for equipment Inadequate planning for equipment
malfunctionsmalfunctions Inadequate planning for environmentInadequate planning for environment
Pirates & PlagiarismPirates & Plagiarism
PiracyPiracy Illegal copying, use, and distribution of Illegal copying, use, and distribution of
digital intellectual propertydigital intellectual property Warez - Commercial programs made Warez - Commercial programs made
available to the public illegallyavailable to the public illegally PlagiarismPlagiarism
Taking credit for someone else’s Taking credit for someone else’s inellectual propertyinellectual property
Hackers & CrackersHackers & Crackers
HackerHacker Slang term for computer enthusiastSlang term for computer enthusiast May be complementary or derogatoryMay be complementary or derogatory Goal is to gain knowledgeGoal is to gain knowledge
CrackerCracker Someone who breaks into a computer system for Someone who breaks into a computer system for
malicious purposesmalicious purposes
Computer ForensicsComputer Forensics The application of scientifically proven methods to The application of scientifically proven methods to
gather, process, interpret, and to use digital evidence to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber crime activities. provide a conclusive description of cyber crime activities.
Internal ThreatsInternal Threats
Threat to System Health & StabilityThreat to System Health & Stability SoftwareSoftware DataData
Information TheftInformation Theft Most information theft internalMost information theft internal Most not reportedMost not reported Accidental unauthorized accessAccidental unauthorized access
Types of ThreatsTypes of Threats
NetworksNetworks Wireless NetworksWireless Networks Internet ThreatsInternet Threats MalwareMalware Scams, Hoaxes, Spam, & FraudScams, Hoaxes, Spam, & Fraud
Network ThreatsNetwork Threats
UsersUsers PermissionsPermissions File OwnershipFile Ownership
SoftwareSoftware DataData Unauthorized use of resourcesUnauthorized use of resources
Wireless Network ThreatsWireless Network Threats
Signals are broadcastSignals are broadcast War drivingWar driving War walkingWar walking PiggybackingPiggybacking
Internet ThreatsInternet Threats
MethodsMethods Key-logging softwareKey-logging software Packet-sniffing softwarePacket-sniffing software Port-scanning softwarePort-scanning software Social engineeringSocial engineering Denial of ServiceDenial of Service Distributed Denial of ServiceDistributed Denial of Service
Internet ThreatsInternet Threats
PurposePurpose Hobby or challengeHobby or challenge VandalismVandalism Gain a platform for an attackGain a platform for an attack Steal information or servicesSteal information or services SpyingSpying
MalwareMalware
VirusesViruses WormsWorms Trojan HorsesTrojan Horses Spyware/AdwareSpyware/Adware Zombies & BotnetsZombies & Botnets
Computer VirusesComputer Viruses
Self-replicatingSelf-replicating Self-executingSelf-executing Delivers a payload Delivers a payload Attaches itself to an existing fileAttaches itself to an existing file
Types of VirusesTypes of Viruses
Boot VirusBoot Virus Direct Action VirusDirect Action Virus Directory VirusDirectory Virus Encrypted VirusEncrypted Virus File VirusFile Virus Logic BombLogic Bomb Macro VirusMacro Virus
Types of VirusesTypes of Viruses
Multipartite VirusMultipartite Virus Overwrite VirusOverwrite Virus Polymorphic VirusPolymorphic Virus Resident VirusResident Virus Time BombTime Bomb Stealth VirusStealth Virus
WormsWorms
Operate on a computer networkOperate on a computer network Uses network to send copies of itselfUses network to send copies of itself Does not attach itself to an existing Does not attach itself to an existing
filefile Exploits network security flawsExploits network security flaws
Types of WormsTypes of Worms
E-mail WormsE-mail Worms Instant Messaging WormsInstant Messaging Worms IRC WormsIRC Worms File-sharing Networks WormsFile-sharing Networks Worms Internet WormsInternet Worms
Trojan HorseTrojan Horse
Disguised as non-harmful softwareDisguised as non-harmful software Non-self replicatingNon-self replicating Types of Trojan HorsesTypes of Trojan Horses
Legitimate program corrupted by Legitimate program corrupted by malicious code insertionmalicious code insertion
Stand alone program masquerading as Stand alone program masquerading as something else, i.e. a game or image filesomething else, i.e. a game or image file
Spyware & AdwareSpyware & Adware
SpywareSpyware Collects informationCollects information Sends information over the InternetSends information over the Internet Can take control of computerCan take control of computer
AdwareAdware Automatically pops-up with advertising Automatically pops-up with advertising
materialmaterial
Zombies & BotnetsZombies & Botnets
ZombieZombie Compromised computer attached to the Compromised computer attached to the
InternetInternet Performs malicious behavior under Performs malicious behavior under
remote controlremote control May be used for Ddos or SpamMay be used for Ddos or Spam
BotnetBotnet Collection of robot computers running Collection of robot computers running
autonomouslyautonomously
Phishing, Spam, & HoaxesPhishing, Spam, & Hoaxes
Phishing & PharmingPhishing & Pharming SpamSpam
http://video.http://video.googlegoogle..com/videoplaycom/videoplay??docid=5627694446211716271docid=5627694446211716271
Hoaxes & Urban LegendsHoaxes & Urban Legends http://www.http://www.snopessnopes.com.com
Securing SystemsSecuring Systems
PasswordsPasswords FirewallsFirewalls ID Devices & BiometricsID Devices & Biometrics Data EncryptionData Encryption Systems MaintenanceSystems Maintenance Wireless SecurityWireless Security
PasswordsPasswords
Secret authenticationSecret authentication Control accessControl access Short enough to be memorizedShort enough to be memorized Good PasswordsGood Passwords
Do use a password with mixed-case alphabetic Do use a password with mixed-case alphabetic characters.characters.
Do use a password with nonalphabetic characters.Do use a password with nonalphabetic characters. Do use a password that is easy to remember.Do use a password that is easy to remember. Do use a password that you can type quickly.Do use a password that you can type quickly.
FirewallsFirewalls
Hardware or SoftwareHardware or Software Port ProtectionPort Protection Packet FilterPacket Filter Network LayerNetwork Layer Application LayerApplication Layer Proxy ServerProxy Server
ID Devices & BiometricsID Devices & Biometrics
ID DevicesID Devices Hardware for authenticationHardware for authentication
BiometricsBiometrics Measure of unique physical Measure of unique physical
characteristic for authenticationcharacteristic for authentication
Data EncryptionData Encryption
Obscuring InformationObscuring Information CipherCipher Encryption SoftwareEncryption Software
Systems MaintenanceSystems Maintenance
Anti-virus softwareAnti-virus software Back-up system and dataBack-up system and data Software updatesSoftware updates Delete temporary filesDelete temporary files
Wireless SecurityWireless Security
Disable SSIDDisable SSID Passwords Passwords DiscriminationDiscrimination Data EncryptionData Encryption
Top Related