IS 376 Security in Cyberspace November 18,
New Century, New Risks? Development in information technologies has fundamentally changed the global environment for individual & state security: its perception, maintenance and the nature of its threat. Ontological insecurity : a profound emotional uneasiness about one’s safety and security, or even one’s existence. A term coined by R.D. Laing. A new feeling of fear and impending catastrophe (this is amplified by echo chambers). Security has become a central political, societal and economic issue. There is a dialectical tension between the need for safety vs. the need for freedom : How to balance between the two? See ACLU’s concerns See ACLU’s concerns 2
Active Fed Oversight Federal Trade Commission OnGuardOnline.gov provides practical tips from the federal government and the technology industry to help you be on guard against Internet fraud, secure your computer, and protect your personal information. OnGuardOnline.gov Bureau of Consumer Protection Bureau of Consumer Protection Office of Consumer and Business Education Office of Consumer and Business Education Homeland Security Homeland Security Department of Commerce Department of Commerce Office of Justice Programs Office of Justice Programs Securities and Exchange Commission Securities and Exchange Commission United States Postal Inspection Service United States Postal Inspection Service 3
Tracking Computer Crimes Tracking computer crimes requires law enforcement to recognize and respond to myriad attacks. Computer forensics tools may include: Undercover agents, Honey pots (sting operations in cyberspace), Archives of online message boards, Tools for recovering deleted or coded information. Computer forensics agencies and services include: Computer Emergency Response Team (CERT), National Infrastructure Protection Center (NIPC), Private companies specializing in recovering deleted files and , tracking hackers via Web site and telephone logs, etc. (e.g., ESS Data Recovery in Edwardsville)ESS Data Recovery 4
Scams Alert “Computers don’t steal - people do” scams could include: Phishing Work-at-Home Scams Weight Loss Claims Foreign Lotteries Cure-All Products Check Overpayment Scams Pay-in-Advance Credit Offers Debt Relief Investment Schemes 5
Scams Alert Computers and online infrastructure are perfect venues to commit all sorts of crimes: Shill bidding Bidding on one’s or accomplice’s items to drive price up. Get rich schemes, such as: Pyramids 6
Fraud and Abuse Small computer fraud could include: Credit card and Identity theft E.g. numbers stolen by store clerks or information collected from trashed documents. In the last decade in South Africa, the cashier brings the Credit Card terminal to your table. In the USA products such as these: SquareUpSquareUp ATM theft e.g., ATM surveillance by criminals, cloning cards and altering magnetic strips. Cell Phones cloning Altering the billing information emitted by a phone 7
Computer Fraud and Abuse Act (CFAA, 1986) It is a crime to access, alter, damage, or destroy information on a computer without authorization. Criminalizes computer access to info that could be used to injure the U.S. Criminalizes illegal access to financial or credit records Criminalizes unauthorized access to federal government computers Penalties: Up to 5 years for a first offense; up to 10 years for a second offense Computers protected under this law include: Government computers, Financial systems, Medical systems, Interstate commerce, and any computer on the Internet. 8
USA Patriot Act (2001) Amended the CFAA. Doubles the maximum penalties of the CFAA Considers aggregate, not just individual damages Includes state law violations as priors Includes investigation time in damages assessed Specifically Allows for recovery of losses due to responding to a hacker attack, assessing damages, and restoring systems. Higher penalties can be levied against anyone hacking into computers belonging to criminal justice system or the military. The government can monitor online activity without a court order. 9
International Fraud Networks Sale of counterfeit commodities A lot of international trade is done this way Off-shoring Hiding money in secure accounts in Offshore Financial Centers (OFCs) Interpol polices money laundering activities. Money laundering is not only related to drug monies, but to funds that are obtained from fraudulent investment victims and then laundered through other accounts to hide the funds from investigation attempts. Interpol's definition of money laundering is “Any act or attempted act to conceal or disguise the identity of illegally obtained proceeds so that they appear to have originated from legitimate sources.” 10
International Cooperation Computer crimes are committed across borders and result in international cooperation between governments and multilateral organizations. For example: Silk Road just got shut down or Operation OnymousSilk Road just got shut downOperation Onymous Governments operate through several agencies such as: Interpol (International Crime Police Organization)International Crime Police Organization UN organizations and World Bank (Directorate of International Payment and Transfers) Direct government-to-government interventions 11
International Denial of Service The biggest Denial of Service happened in March 2013, sending 300 billion bits per second by a network of computers.Denial of Service Arrests made in Spain.made in Spain Arrests made in US.made in US. 12
IRS Whistleblower awarded $104 million IRS Whistleblower awarded $104 million 13 IRS Whistleblower Bradley C. Birkenfeld, a former banker at UBS, recently served two and a half years in prison for conspiring with a wealthy California developer to evade United States income taxes.UBS Historical informationHistorical information (False Claims Act was enacted on March 2, 1863, at President Lincoln’s request.)