HISTO
RY OF
HACKING
AND CYB
ERCRIME
BY
BRUCE P
HI L
L I PS
CR I SSY H
UG
HES
CARLOS B
ETETTA
TECHNOLOGICAL
DEVELOPMENTS
IPad Blackberry
Xbox
TECHNOLOGICAL DEVELOPMENTS
Personal Computers
Internet & Computer Networks
JOHN DRAPER AKA CAPTAIN CRUNCH
JOHN DRAPER AKA CAPTAIN CRUNCHKNOWN AS FATHER OF MODERN HACKING
ORIGINALLY RADAR TECHNICIAN
SUPPOSDLY CALLED NIXON
HACKED PHONE WITH THE USE OF A CAPTAIN CRUNCH CEREAL WHISTLE
TAUGHT STEVE WOZNIAK AND STEVE JOBS HOW TO MAKE “BLUE BOXES”
JOHN DRAPER AKA CAPTAIN CRUNCH70’S SERVED TWO STINTS IN PRISON
CURRENTLY UNEMPLOYED
HACKED FOR THE FUN OF IT, NOT FOR $$$
STEVE WOZNIAK
STEVE WOZNIAKCO-FOUNDER OF APPLE
1970’S WAS A STUDENT AT BERKLEY & MEMBER OF “CALIFORNIA’S HOMEBREW COMPUTER CLUB”
MASS PRODUCED “BLUE BOXES” FOR TWO REASONS
1) GENERATE ENOUGH CASH FOR THEIR STARTUP COMPANY “APPLE”
2) FASCINATION BEHIND “THE POWER OF IDEAS” “THAT TWO TEENAGERS COULD BUILD A SMALL BOX FOR A HUNDRED DOLLARS AND CONTROL HUNDRED MILLIONS OF DOLLARS OF PHONE INFRASTRUCTURE
KEVIN MITNIK
KEVIN MITNIKSTARTED AT AGE 12
HACKED:LA’s BUS PUNCH CARD SYSTEMCELL PHONESFAST FOOD SPEAKER SYSTEMSDEC COMPUTER SYSTEM
WENT ON TWO AND A HALF YEAR HACKING SPREE ACROSS THE COUNTRY
CAUGHT BY “CELLULAR FREQUENCY DIRECTION-FINDING ANTENNA HOOKED UP TO A LAPTOP TO NARROW THE SEARCH TO AN APARTMENT COMPLEX”
SENTENCED TO FIVE YEARS OF PRISON AND EIGHT MONTHS OF SOLITARY
KEVIN MITNIKOWNS HIS OWN COMPUTER SECURITY CONSULTING COMPANY (MITNIK SECURITY CONSULTING, LLC)
NOW CAN LEGALLY HACK INTO SERVERS
STATED “IF I HAD PERFORMED THE SAME HACKS THAT I HAD DONE IN THE PAST TODAY, I WOULD MOST LIKELY BE IN GUANTANAMO BAY, CONSIDERING ALL THE SECURITY LAWS PASSED AFTER 9/11
HACKER LAWS
• Why do we have hacker laws?
• Development of New Technologies for business and / or personal use
•Computers and Microchips
HACKER LAWS
Old Days
Thief’s Tools Crow Bar
HACKER LAWS
Today
Computer Wireless Sniffer Device
FIRST COMPUTER HACKER LAWS
• Computer Fraud and Abuse Act of 1984 to protect from cybercrimes Defined illegal acts with computer Computer EspionageComputer TrespassingDamage and Fraud with Computer
FIRST COMPUTER HACKER LAWS
• Computer Fraud and Abuse Act of 1984 Defined Criminal Conduct Accessing computers without authorization Accessing computers in excess of authority
** Company must have a good DBA and access policy
And using stolen information to cause loss, damage or fraud
FIRST COMPUTER HACKER LAWS
• Computer Fraud and Abuse Act of 1984
• In 1984, why the need for new computer hacker laws?
• Latest High Tech Device: Personal Computer IBM-PC Bill Gates and Windows
FIRST COMPUTER HACKER LAWS
• Computer Fraud and Abuse Act of 1984 In 1984, Expansion of Programming Writing computer code to develop ‘Apps’ (software tools)
Some Programmers succumb to the Dark Side and developed worms and viruses
PATRIOT ACT OF 2001
Disclosure of Electronic Communications to Law Enforcement
Authorities can get permission to intercept communications on Protected Computers
Bypassing Wiretap Statutes Including Computers outside the United States
CALIFORNIA COMPREHENSIVE COMPUTER DATA ACCESS AND FRAUD
ACT State Specific Law
Allows Civil Actions (Lawsuits) and Compensatory Damages
Fines of $10,000 per offense and / or prison time
SARBANES-OXLEY ACT 2002
created to improve corporate and auditing responsibilities
Section 404 establishing and maintaining internal controls
Results: Better internal controls and higher protection standards for all companies
Most companies implemented COSO
CRITICS OF SARBANES-OXLEY ACT 2002
requirements are too strict and waste precious company resources
Association of Certified Fraud Examiners
Argued waste of company resources
2010 Restoring American Financial Stability Act – removed Sect 404 requirement for non-accelerated filers
SARBANES-OXLEY ACT & PCAOB
Audit Standard 5 provides guidance for conducting audits of the effectiveness of Internal Controls of Financial Reporting
Critics complain about the vagueness of the guidance and reporting standards
People are the problem!
Getting Into The Network• Keeping attackers out of your IT network all together provides
the best protection. • Hackers are continually finding new ways to get beyond
corporations’ IT security. • Employee education
•What needs to be protected?•What are the procedures and policies to follow?
• When an attack is successful, data and applications can be affected.
Inside the Network Barrier
USB thumb drives
Laptops
Netbooks
Inside the Network BarrierMP3 players
Digital Cameras
Printers
Scanners
Inside the Network BarrierSmart Phones are carried in and out of corporations on a daily basis.
Inside the Network BarrierCloak and Dagger!
• A hacker disguised as a repairman?
• Do they look like they should be there?
Inside the Network Barrier
Identity Theft• Is your home network safe.• Do you understand and know the threats that are out
there.• Corporate protection of customer data.
Inside the Network BarrierEmployee Threats• Can be intentional or unintentional.• Work stations left unattended.• Allowing a fellow employee access to an unauthorized
area.• Education of employees is essential.
History of Hacking and Cybercrime
• Questions?
Top Related