By: Chris Simpson, Julie Dunbar, and Thomas Taylor

Road Map  Introduction  Hacking  Identity Theft and Credit-Card Fraud  Scams and Forgery  Crime Fighting vs. Privacy  Laws of the Web

Introduction to Hacking  Wide scale  Negative Connotation  Are all hackers bad?

Hacking  Definition  Phase 1: 1960’s to 1970’s  Phase 2: 1970’s to 1990’s  Phase 3: 1990’s to present

Hacking Phase 1  “good hack” - clever piece of code  “Computer virtuosos”  College and high-school students

Hacking Phase 2 Breaking into computers with unauthorized access  Pranks, Thefts, phone phreaking  Social Engineering  International nature

Hacking Phase 3  More sophisticated attacks  Criminal gangs – expanding accessible info Hacking for political motives increase  Attackers younger and younger

Future of Hacking The more that is connected, the more is at risk Terroristic Hacking will increase

Hacktivism/Political Hacking  What is it?  Is it right or wrong?  Ethical?

Computer Related Laws  The CFAA  USA PATRIOT ACT Expands CFAA Increased penalties

How Hackers get Caught  Honey pots  Wiretaps  Undercover Hackers

Penalties of Being a Hacker  Light Sentences  Deterrence Method  Not over punished for pranks

Security before 2000’s  Before 2000’s Open Access No real Security Easy to Break into

Security early 2000’s  Vast Improvement  Firewalls, passwords, and encryption  Jobs created just for security purposes

People in Charge of Security  System Administrators  Sellers of consumer products  Individual computer owners

Why Security?

Identity Theft  Identity Theft – describes various crimes in which a criminal uses the identity of an unknowing innocent person.  Our Identities have become a series of numbers Credit/debit cards, ssn, driver’s license, account numbers.  Everything is stored electronically

Types of Attacks  Phishing – sending s “fishing” for information by asking the victim for personal information.  Vishing – (voice phishing) the phishing provides a phone number to call and requests their personal information when the victim calls in.  Pharming – planting a false internet address in the tables on a DNS, thus when a bank customer goes to the banks website they are redirected to the thieves false website.  Trojans/ Key loggers – hiding malicious software in innocent looking programs, this software then tracks keystrokes.

Resumes  Contain tons of personal Information Addresses, phone numbers, ssn, birth date, work history.  Post on job hunting websites  Pose as employers Identity thieves then have all of your information

Responses to Identity Theft  Better Authentication Return address, link authentication.  Better Software Determining geographic location of the website.  Banks-two factor Authentication Customer chooses a digital image to link to their account. Later, when the customer logs into their account, the bank will display the correct image.

Reduce Damage of Identity Theft  Congress established a law in 1998 to make it a Federal crime to use another person’s Identification with intent to commit a felony  Government started to provide more assistance to Identity theft victims Fraud alert Identity theft insurance

Credit/Debit Card Fraud  Stealing credit cards from mail Result: now you have to activate the card after you receive it in the mail.  Dumpster Diving Result: stores and banks only print the last 4 digits of the account number on the receipt.  Skimmers Card reading devices placed on top of the atm card scanner to record the card information.

Ethics of Protecting Data  Businesses have an ethical need to protect data Customers themselves cannot protect their account numbers within the bank’s database.  If losses are to high security is improved  Authentication Credit card companies use security questions, also verify the computer being used to log in.

Fraud  Click Fraud Advertising is charged per click on the advertisement. The host of the advertisement can click on the ad repeatedly to increase their fee.  Stock Fraud Posting fake recommendations on the web or in chat rooms to increase the stock sales, then cashing out.

Biometrics  Definition: Characteristics unique to individuals  Ex. Finger Prints, Voice Prints, Face Structure

Uses of Biometrics  Use of fingerprints Scan fingerprint to enter your house. Log onto your computer. Use your cell phone.  States use face scanners Makes sure a person does not apply for more than one driver’s license or welfare benefits.

Problems with Biometrics  Cadaver fingers, or fingers made from gelatin.  Contact lenses for eye scanner  Can’t change Biometrics Lose your credit card, get a new account number.

Scams & Forgery

Examples  Pyramid Scams  Counterfeit luxury goods  Phony business investment opportunities

Auctions  Ebay Sellers don’t send the goods Sellers send goods not matching the original description Selling illegal items ○ Prescription drugs, unauthorized copies of copyrighted material. Shill bidding ○ Bidding on one’s own goods to drive up the price.

Solutions to Online Auction Problems  Reviews of buyers/sellers eBay allows customers to rate their buyers/sellers.  Escrow Services A trusted third party holds the payment until the buyer receives the goods and approves their condition.  Rules/ user agreements Prevent shill bidding and prohibit selling illegal items.

Digital Forgery  Fake checks, currency, passports, visas etc  It takes very little skill to make counterfeits due to computer software and hardware  Defenses Technical tricks Education/training Change laws Microprinting paper with watermarks Adding a security thread to currency that a copy machine cannot reproduce.

Crime Fighting vs. Privacy and Civil Liberties

Search and Seizure of Computers  Fourth amendment  Automated Searches  Ethical ?

Issue of Venue  Where did the crime occur?  Who has jurisdiction?  6 th amendment

Cybercrime Treaty  International cooperation among law enforcement agencies  Council of European’s Convention on Cybercrime  Fraud, hacking, child pornography

Whose laws rule the web?  ILOVEYOU virus  National laws differ Gambling Hacking Privacy Censorship

Arresting Foreign Visitors  United States law differ from other countries  Online betting  Copyright Infringement

Libel, Speech, Commercial law  Libel- written defamation  Slander- verbal defamation  Jurisdiction Issues

Solutions  International agreements Common standards or means of resolving international cases  Authority to prevent entry

Gutnick vs. Dow Jones & Company  Libel – written defamation.  Barron’s magazine, owned by Dow Jones & Company, published an article suggesting that Gutnick had dealings with a money launderer and was involved in other shady deals.  Australian Law – protects reputation.  U.S Law – protects freedom of speech.

Cont…  Gutnick’s positive right – right to protect his reputation under the Australian Law of protection.  Dow Jones & Company negative right – right for freedom of speech and expression of opinion.  Gutnick’s claim right – right to protect his reputation forbids Dow Jones & Company from publishing work against Gutnick’s reputation.  Result: Trial held in Australia, Dow Jones & Company ended up settling with Gutnick to pay him a large sum of money.

Case Study:  United States v. Aleynikov Aleynikov accused of transferring proprietary code from his employer’s high frequency trading system Took code he was working on, put it on a server then joined a start up helping with their high frequency trading system

Verdict  District Court – Guilty  Court of Appeals – Overruled basically ruling Code isn’t property- can’t be stolen

Stakeholders  Goldman Sacks – Right protect assets made by employees (Negative Right)  Aleynikov – He can use code he develops but may have restriction based upon employer (Positive Right)  US Government – Enforcing rights of others – under EEA can not steal trade secrets

Analysis Perspective  The FBI who arrested Aleynikov could argue Ideological perspective – even if you worked on project taking trade secrets always wrong  Aleynikov most likely was using an Egoism perspective in it for himself seeing a huge raise in pay.

Case Study:  United States v. David Carruthers  British citizen and CEO of BetOnSPorts PLC, arrested while he changed planes on flight from England to Costa Rica.  Online betting is legal in England,but in the U.S it is illegal

Charges  He was originally charge with : violations of the Wire Wager Act, the Travel Act, the Illegal Gambling Business Act, the Racketeer Influenced Corrupt Organizations Act (RICO), tax evasion and money laundering.

Verdict  Put on house arrest until trial last year  Guilty and sentenced to 33 months in a federal prison for a racketeering conspiracy

Stakeholders  U.S government- Right to protect U.S citizens from online gambling sites (negative right)  Carruthers- Right to make money on online gambling where legal (positive right)

Analysis Perspective  Utilitarian perspective – right act determined by the act itself (ex. Lying is always wrong)  Consequentialism perspective- right act determined by consequences (ex. Lying is wrong unless you do it to save 20 peoples lives)

Conclusion  Hacking  Identity Theft and Credit-Card Fraud  Scams and Forgery  Crime Fighting vs. Privacy  Laws of the Web

References  what%E2%80%99s-the-difference-and-why-does-it-matter/  Appeal-Decision.pdf 

Questions ?????