Cyber Crime: by Ramesh Kumar

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 32

Cyber Crime

By Ramesh Kumar

Introduction
Cyber crime is unlawful acts wherein the computer is either a tool or a target or both. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

In the News.
1 out of 5 children received a sexual solicitation or approach over the Internet in a one-year period of time (www.missingchildren.com) California warns of massive ID theft personal data stolen from computers at University of California, Berkeley (Oct 21, 2004 IDG news service) Microsoft and Cisco announced a new initiative to work together to increase internet security (Oct 18, 2004 www.cnetnews.com)

More cyber criminals than cyber cops Criminals feel safe committing crimes from the privacy of their own homes Brand new challenges facing law enforcement

Most not trained in the technologies Internet crimes span multiple jurisdictions

Computer Crime
Computer used to commit a crime

Child porn, threatening email, assuming someones identity, sexual harassment, defamation, spam, phishing

Computer as a target of a crime

Viruses, worms, industrial espionage, software piracy, hacking

Computer Forensics
What is it?

an autopsy of a computer or network to uncover digital evidence of a crime Evidence must be preserved and hold up in a court of law

Growing field Many becoming computer forensic savvy


FBI, State and Local Police, IRS, Homeland Security Defense attorneys, judges and prosecutors Independent security agencies White hat or Ethical Hackers Programs offered at major universities such as URI
http://homepage.cs.uri.edu/faculty/wolfe/cf

Uncovering Digital Evidence


Smart Criminals dont use their own computers Floppy disks Zip/Jazz disks Tapes Digital cameras Memory sticks Printers CDs PDAs Game boxes Networks Hard drives

Digital Evidence
Not obvious.its most likely hidden on purpose or needs to be unearthed by forensics experts

Criminals Hide Evidence


Delete their files and emails

Forensics Uncover Evidence


Restore deleted files and emails they are still really there! Find the hidden files through complex password, encryption programs, and searching techniques Track them down through the digital trail - IP addresses to ISPs to the offender

Hide their files by encryption, password protection, or embedding them in unrelated files (dll, os etc) Use Wi-Fi networks and cyber cafes to cover their tracks

The Crime Scene


(with Computer Forensics)
Similar to traditional crime scenes

Must acquire the evidence while preserving the integrity of the evidence
No damage during collection, transportation, or storage Document everything Collect everything the first time

Establish a chain of custody

But also different.

Can perform analysis of evidence on exact copy! Make many copies and investigate them without touching original Can use time stamping/hash code techniques to prove evidence hasnt been compromised

Top Cyber Crimes that Attack Business


Spam Viruses/Worms Industrial Espionage and Hackers Wi-Fi High Jacking

Spam
Spam accounts for 9 out of every 10 emails in the United States.
MessageLabs, Inc., an email management and security company based in New York.

We do not object to the use of this slang term to describe UCE (unsolicited commercial email), although we do object to the use of the word spam as a trademark and the use of our product image in association with that term www.hormel.com

Can-Spam Act of 2003


Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam) Signed into law by President Bush on Dec 16, 2003

Took effect Jan 1, 2004

Unsolicited commercial email must:

Be labeled Include Opt-Out instructions No false headers

FTC is authorized (but not required) to establish a do-not-email registry www.spamlaws.com lists all the latest in federal, state, and international laws

Spam is Hostile
You pay for Spam, not Spammers

Email costs are paid by email recipients Never click on the opt-out link!
May take you to hostile web site where mouse-over downloads an .exe

Spam can be dangerous

Tells spammers they found a working address They wont take you off the list anyway Filter it out whenever possible Keep filters up to date If you get it, just delete the email

What should you do?


Viruses and Worms


Different types of ailments Viruses

software that piggybacks on other software and runs when you run something else Macro in excel, word
Transmitted through sharing programs on bulletin boards Passing around floppy disks

An .exe, .com file in your email software that uses computer networks to find security holes to get in to your computer usually in Microsoft OS!! But worm for MAC was recently written

Worms

Hackers are Everywhere


Stealing data

Industrial Espionage Identity theft Defamation A lot of bored 16 year olds late at night To commit crimes Take down networks Distribute porn Harass someone Help break into networks to prevent crimes

Deleting data for fun

Turning computers into zombies


Mafia Boy

Ethical/white hat hackers exist too

Wireless Fidelity (Wi-Fi)


Using antennas to create hot spots Hotspots Internet Access (sometimes free)

Newport Harbor - All the boats in Harbor have internet access San Francisco Giants Stadium Surf the web while catching a game UMass (need to register, but its free) Cambridge, MA Philadelphia, PA just announced entire city by 2006

Wi-Fi High Jacking


60-70% wireless networks are wide open Why are the Wi-Fi networks unprotected?

Most people say Our data is boring But criminals look for wireless networks to commit their crimes And the authorities will come knocking on your door..

Protect your Computers!


Use anti-virus software and firewalls - keep them up to date Keep your operating system up to date with critical security updates and patches Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Dont use words found in a dictionary. Remember that password cracking tools exist Back-up your computer data on disks or CDs often Don't share access to your computers with strangers

If you have a wi-fi network,


password protect it Disconnect from the Internet when not in use Reevaluate your security on a regular basis Make sure your employees and family members know this info too!

Cybercrime Cases

Two Major categories of Cybercrime


Crimes committed via internet
Examples : Spreading Virus, Hacking, Illegal Access, Illegal interception, Data Interference and communication Interference.

Non-Reconstructable Network Packet

Network Packet

Crime operation methods Traditional crimes committed via Internet.


Examples: Internet Auction fraud, trafficking in contraband goods, Internet sexual assault, internetadvertising bank loans fraud

Evidence from

Reconstructable network Packet

Cybercrime Investigation Steps


An initial complaint is received and background intelligence information checks are completed

Technical support is requested and the level is determined according to the case contents

Task Force Team

21

Case Study of Cybercrime


1. 2. 3. 4. 5. 6. 7. Crime Time Crime location Corpus delicti Crime method Perpetrator Analysis Criminal damage Criminal charges

Evidence
Collection

Internet Interception

Search Seizure Complete Forensic analysis and interpret the evidence found for legal/courtroom setting

Collection of Cyber Crime Information


1. Computer Audit Record Collection : To collect the login audit records of the victim including DNS, IP, Account details, MAC and local times etc.. 2. User Login credential authentication: To check users login credentials including user account, name, address, phone etc.. 3. To obtain the computer communication record and contents: including E-mail, IM chat, web browsing and file transfers etc.. 4. Suspects statements : criminal offence etc 5. The seizure of the suspects computer audit records : Web, IP, account, MAC and time etc
Email MSN FTP URL

Time IP Mac Account

Internet advertising bank loan fraud case-1


In May 2009 KCGPB (Kaohsiung City Government Police Bureau) announced that they had received a number of bank reports alleging forged documents fraudulently representing bids for credit. This resulted in bank loan frauds with huge financial losses. An in-depth investigation revealed that the offenders flooded xx shares with others to form the fraud group. They used a domestic portal website for free web space to falsely post or sticker advertising published in the Office of credit and information. This was done to attract the much-needed cash flow of the head customer. The members of the Group forged tax, payroll and other documents to falsely strengthen the lender's financial resources and created documents to mislead the head bank customer whose credit bid to financial institutions was caught in an error of the approved loan, the group charged the customer exorbitant fees to gain large profits of financial fraud.

Internet advertising bank loan fraud case

Forensics tools
To assist in the forensic acquisition of digital evidence, it is essential that every computer crime investigator has access to the correct forensic hardware and software tools. This plays a critical role in the detection of computer related crimes as well as the collection and analysis of evidence.

Network Packet Forensics Classification


1.
Viruses & Worms, Hacking & Trojans ... ...

Non-Reconstructable Network Packet

2.
Reconstructable Network Packet

Email , Web Mail ,IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Games, Telnet

Function of Forensics Tool


Forensics tools

By using Forensic Tools, we can obtain supporting evidence like log, files and records from both victim and suspect computers.

Internet Interception

Capturing network packets to reconstruct Email , Web Mail , IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Game, Telnet

Network Packet Forensics Tool


By Using Off-Line packet reconstruction software to reconstruct the recorded traffic data
Off-Line packet reconstruction software

Network Packet

To produce forensic results

Digital Evidence

Court

Forensic Analysis

Forensic Reports

Total Solutions for Cyber Forensics


1. Wired packet reconstruction 2. Wireless (802.11 a/b/g/n) packet reconstruction 3. HTTPS/SSL interceptor 4. VOIP packet reconstruction 5. Off-line packet reconstruction software 6. Network packet forensics analysis training
For more information www.digi-forensics.com

Thank you!

You might also like