Computer & Internet Crime

KT44103
Ethics and Law in ICT
Sem 1: 2021/2020
1 November 2021
 Contents

 IT Security Incidents: A Major Concern

 Why Computer Incidents Are So Prevalent
 Types of Exploits
 Types of Perpetrators
 Implementing Trustworthy Computing
 Plan & Prevention
 Computer Forensics
IT Security Incidents: Major Concerns

 Security IT is of utmost importance

 Safeguard:
 Confidential business data
 Private customer and employee data
 Protect against malicious acts theft or disruption
 Balance against other business needs and issues
 Number of IT-related security incidents is increasing
around world
 Number of IT-related security incidents is increasing
around world (example: Lets us collect the example
you know)
 Why Computer Incidents Are So
Prevalent

 Increasing complexity increases vulnerability

 Computing environment is enormously complex
 Continues to increase in complexity
 No. of entry points expands continuously
 Cloud computing
 Higher computer user expectations
 Computer users share login IDs and passwords
 Why Computer Incidents Are So
Prevalent

 Expanding/changing systems equal new risks

 Network era (Sharing information)
 Information technology (Ubiquitous, need of
technology tool, increase of technology)
 Increased reliance on commercial software with
known vulnerabilities
 Type of Exploits

 Virus
 Worm
 Trojan horse
 Distributed denial of service
 Rootkit
 Spam
 Phishing & pharming
 Viruses

 Pieces of programming code

 Usually disguised as something else
 Cause unexpected and undesirable behavior
 Often attached to files
 Spread by actions of the “infected” computer user
 Infected e mail document attachements
 Downloads of infected programs
 Visits to infected Web sites
 Worms

 Harmful programs
 Reside in active memory of a computer
 Duplicate themselves
 Can propagate without human intervention
 Negative impact of worm attack
 Lost data and programs
 Lost productivity
 Additional effort for IT workers
 Trojan Horses

 Malicious code hidden inside seemingly harmless

programs
 Users are tricked into installing them
 Delivered via email attachment, downloaded from a
Web site, or contracted via a removable media device
 Logic bomb
 Executes when triggered by certain event
Distributed Denial of Service (DDoS)
Attacks

 Malicious hacker takes over computers on the Internet

and causes them to flood a target site with demands
for data and other small tasks.
 The computers that are taken over are called zombies
 Botnet is a very large group of such computers
 Does not involve a break in at the target computer.
 Target machine is busy responding to a stream of
automated requests
 Legitimate users cannot access target machine
 Rootkits

 Set of programs that enables its user to gain

administrator level access to a computer without the
end user’s consent or knowledge
 Attacker can gain full control of the system and even
obscure the presence of the rootkit
 Fundamental problem in detecting a rootkit is that
the operating system currently running cannot be
trusted to provide valid test results
 Spam

 Abuse of email systems to send unsolicited email to

large numbers of people
 Low cost commercial advertising for questionable
products
 Method of marketing also used by many legitimate
organizations
 Phishing & Pharming

 Phishing
 Act of using email fraudulently to try to get the recipient to
reveal personal data
 Legitimate looking emails lead users to counterfeit Web sites
 Spear-phishing (Fraudulent emails to an organization’s employees)
 Smishing (via text messages)
 Vishing (via voice mail messages)
 Pharming – attack intended to redirect a website’s traffic to
another, fake site by installing a malicious program on
computer
 Types of Perpetrators

 Perpetrators include:
 Thrill seekers wanting a challenge
 Common criminals looking for financial gain
 Industrial spies trying to gain an advantage
 Terrorists seeking to cause destruction
 Different objectives and access to varying resources
 Willing to take different levels of risk to accomplish an
objective
Types of Perpetrators
 Hackers & Crackers

 Hackers
 Test limitations of systems out of intellectual curiosity
 Some smart and talented
 Others inept; termed “lamers” or “script kiddies”
 Crackers
 Cracking is a form of hacking
 Clearly criminal activity
 Malicious Insiders

 Major security concern for companies.

 Fraud within an organization is usually due to weaknesses in
internal control procedures
 Collusion
 Cooperation between an employee and an outsider
 Insiders are not necessarily employees
 Can also be consultants and contractors
 Extremely difficult to detect or stop
 Authorized to access the very systems they abuse
 Negligent insiders have potential to cause damage
 Industrial Spies

 Use illegal means to obtain trade secrets from

competitors
 Competitive intelligence
 Uses legal techniques
 Gathers information available to the public
 Industrial espionage
 Uses illegal means
 Obtains information not available to the public
 Cybercriminals

 Hack into corporate computers to steal

 Engage in all forms of computer fraud
 Chargebacks are disputed transactions
 Loss of customer trust has more impact than fraud
 To reduce potential for online credit card fraud:
 Use encryption technology
 Verify the address submitted online against the
 issuing bank
 Use transaction risk scoring software
 Hacktivists and Cybertrrorists

 Hacktivism
 Hacking to achieve a political or social goal
 Cyberterrorist
 Attacks computers or networks in an attempt to
intimidate or coerce a government in order to advance
certain political or social objectives
 Seeks to cause harm rather than gather information
 Uses techniques that destroy or disrupt services
Implementing Trustworthy Computing

 Trustworthy computing
 Delivers secure, private, and reliable computing
 Based on sound business practices
 Plan and Prevention

 Risk Assessment
 Process of assessing security-related risks
 Identify investments that best protect from most likely and serious
threats
 Focus security efforts on areas of highest payoff
 Establishing a Security Policy – defines organization’s security
requirements, and controls & sanctions needed to meet
requirements
 Delineates responsible & expected behavior
 Outlines what needs to be done
 Written policies
 Plan and Prevention

 Educating Employees, Contractors, and Part Time Workers

 Educate and motivate users to understand and follow policy
 Discuss recent security incidents
 Help protect information systems by:
 Guarding passwords
 Not allowing sharing of passwords
 Applying strict access controls to protect data
 Reporting all unusual activity
 Protecting portable computing and data storage
 devices
 Plan and Prevention

 Prevention
 Implement a layered security solution
 Make computer break ins harder
 Installing a corporate firewall
 Limits network access
 Intrusion prevention systems
 Block viruses, malformed packets, and other threats
 Installing antivirus software
 Scans for sequence of bytes or virus signature
 Plan and Prevention

 Safeguards against attacks by malicious insiders

 Departing employees and contractors
 Promptly delete computer accounts, login IDs, and passwords
 Carefully define employee roles and separate key responsibilities
 Create roles and user accounts to limit authority
 Defending against cyberterrorism
 Conduct periodic IT security audits
 Evaluate policies
 Review access and levels authority
 Test system safeguards
 Plan and Prevention

 Detection
 Detection systems
 Catch intruders in the act
 Instruction detection system
 Monitors system/networks resource and activities
 Notifies the proper authority when identifies:
 Possible instructions
 Misues from within organization
 Knowledge and behavior –based approach
 Plan and Prevention

 Response
 Response plan (in advance –approved by legal and management)
 Primary goal : Regain control and limit damage
 Incident notification (who to notify and not to notify)
 Document all details of a security incident
 Act quality to contain attack
 Eradication effort (collect, verify necessary backups and create new backups)
 Follow-up
 Review
 Weight carefully the amount of effort required to capture the perpetrator
 Consider the potential for negative publicity
 Legal precedent
 Computer Forensics

 Combines elements of law and computer science to

identify, collect, examine, and preserve data and
preserve its integrity so it is admissible as evidence
 Computer forensics investigation requires extensive
training and certification and knowledge of laws that
apply to gathering of criminal evidence