Chapter 3
22
CHAPTER 3: CYBER CRIMES Network Security Ethics (NTC 1012) by HYMG
Transcript of Chapter 3
CHAPTER 3:CYBER CRIMES
Network Security Ethics (NTC 1012) by HYMG
Objectives
• Definition of cyber crimes• Causes of cyber crimes• Impact of cyber crimes• Who commits cyber crimes• Types of cyber crimes• Preventing cyber crimes• Challenges of cyber crimes
DefinitionCYBER CRIMES
Criminal (illegal) activities committed against or by the use of computer and the Internet
Anybody who uses computer has the potential of being a cyber criminals
Any crime where –• Computer is a target.• Computer is a tool of crime• Computer is incidental to crime
Causes of Cyber Crimes
The growth of the Internet
New OS vulnerabilities
Anonymity
Lack of awareness of user
Impact of Cyber Crimes
Security
Economy
Society
Who Commit?
INSIDERS
HACKERS
VIRUS WRITERS
FOREIGN INTELLIGENCE
TERRORISTS
TEENAGERS
Types of Cyber Crimes
• Purpose: Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset
Examples: hack to steal info., destroy files, disrupt business, crash web sites, investigation etc.
HackingIllegal intrusion into computer system without the permission of the computer owner/user.
Types of Cyber Crimes
Examples: Attacker fills in the victim e-mailbox with spam mails that stops him from accessing the service.
Denial of ServiceAn attack whose purpose to disrupt computer access to an Internet service such as the web or e-mail.
Types of Cyber Crimes
Examples:
Some stalkers keep on sending repeated e-mails asking for various kinds of favors or threaten the victim.
Enter the chat room and frequently posting notes to the victim, making sure the victim is aware that he/she is being followed. Many times they will "flame" their victim (becoming argumentative, insulting) to get their attention.
Cyber StalkingThe repeated acts harassment or threatening behavior of the cyber criminal towards the victim by using Internet services or other electronic communication devices.
Types of Cyber CrimesSpoofing
Getting one computer on a network to pretend to have the identity off another computer, usually one with special access privileges , so as to obtain access to the other computers on the network.
Email spoofing: forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source.
IP spoofing: A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer indicating that the message is coming from a trusted host by spoofing the IP address of that machine.
Types of Cyber Crimes
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.
Examples:
Pull out confidential information from the bank
Scenario: Sara received an e-mail that directs her to visit a website where she is asked to update her personal information such as bank account numbers, credit card and passwords. The website, however is set up only to steal Sara’s information.
PhishingFraudulent attempt to get sensitive information by pretending to be a trustworthy entity usually through e-mail.
- Web page spoofing
Types of Cyber Crimes
From: *****Bank [mailto:support@****Bank.com]Sent: 08 June 2004 03:25To: IndiaSubject: Official information from ***** BankDear valued ***** Bank Customer!For security purposes your account has been randomly chosen for verification. To verify your account information we are asking you to provide us with all the data we are requesting. Otherwise we will not be able to verify your identity and access to your account will be denied. Please click on the link below to get to the bank secure page and verify your account details. Thank you.https://infinity.*****bank.co.in/Verify.jsp
Phishing E-mail
Types of Cyber Crimes
Sniffer: program that able to capture any traffic traveling along the network segment to which it is connected.
monitor and analyze network traffic, detecting bottleneck and problems.
Can be used legitimately or illegitimately to capture data being transmitted on a network
SniffingTechnique that monitors and analyzes network traffic, detecting bottlenecks and problems.
Types of Cyber CrimesSniffing Any network traffic that is transmitted in clear text is
susceptible to sniffing. Telnet, FTP, and other clear-text sessions provide valuable information. The sniffer can capture a complete telnet and FTP session, including the user name and password.
Sniffed e-mail and HTTP traffic may yield actual passwords or clues that enable passwords to be guessed.
Sniffed e-mail may also yield confidential material, legal matters, or other information that should normally be encrypted.
Password sniffing: wiretapping on a network, to gain knowledge of passwords to capture and reveal password.
Anti-sniff: program that can detect sniffers.
Types of Cyber Crimes
• Anybody including children can log on to and access websites with pornographic contents with a click of a mouse.
• Publishing, transmitting any material in electronic form is an offence under the provisions of Malaysian act.
PornographyThe sexually explicit depiction of persons, in words or images, created with the primary, proximate aim, and reasonable hope, of eliciting significant sexual arousal on the part of the consumer of such materials.
Types of Cyber Crimes
Typical action of viruses:• Display a message to prompt an action which may set of the virus • Erase files • Scramble data on a hard disk • Cause erratic screen behavior • Halt the PC • Just replicate itself!
World’s worst virus attack: Love letter(2000), Melissa(1999), Anna Kournikova worm(2001), Nimda(2001), Klez(2001).
Virus DisseminationDissemination of malwares to potentially large numbers of programs on many machines that can cause harm.
Types of Cyber Crimes
Examples:
Software PiracyTheft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original is termed as termed as software piracy.
• End user copying - Friends loaning disks to each other, or organizations underreporting the number of software installations they have made.
• Hard disk loading – Hard disk vendors loads pirated software • Counterfeiting - large-scale duplication and distribution of illegally copied
software. • Illegal downloads from the Internet - By intrusion, cracking serial
numbers etc.
Types of Cyber Crimes
Other words - the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.
Example: Terrorist target the servers of sensitive ministries in the country with the intent of shutting down its critical computer system.
Cyber TerrorismUnlawful use of network resources to attack against computer system and information and cause violence against persons and property
Types of Cyber Crimes
Impact: could range from economic disruption through the interruption of financial networks and systems or used in support of a physical attack to cause further confusion and possible delays in proper response.
Direct Cost Implications• Loss of sales during the disruption • Staff time, network delays, intermittent access for business users • Loss of intellectual property - research, pricing, etc. • Loss of critical communications in time of emergency Indirect Cost Implications• Loss of confidence and credibility in our financial systems • Tarnished relationships & public image globally • Strained business partner relationships - domestic and internationally • Loss of trust in the government and computer industry
Cyber Terrorism
Challenges in Cyber Crimes
ANONIMITY
JURISDICTION
Internet Content Filtering Application
Insufficient Personnel
Technology Evolution
Preventing Cyber Crimes
Law Enforcement
Training and Education
Awareness
Content Filtering Application
Technology Application
Thank You
