Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Tomorrow’s Technology and You 9/e Chapter 10 Online Outlaws: Computer Crime Computers are used to break laws as well as to uphold them. Computer crime involves: Theft by computer Software piracy Software sabotage Hacking and electronic trespassing Computer forensics experts use special software to scan criminal suspects for digital “fingerprints.” Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall The digital dossier Computer crime is any crime accomplished through knowledge or use of computer technology. Cyberstalking is similar to stalking, but the domain is digital. Businesses and government institutions lose billions of dollars every year to computer criminals. The majority of crimes are committed by company insiders. These crimes are typically covered up or not reported to authorities to avoid embarrassment. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Theft by computer: from property theft to identity theft Theft is the most common form of computer crime. Computers are used to steal: Money Goods Information Computer resources Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Common types of computer crime: Spoofing: the use of a computer (or other technology for stealing passwords E-mail or phone call: “Hi, I’m a technician for your ISP. There is a problem with the network and we need your password to solve the problem”. Identity theft: the use of computers and other tools to steal whole identities Involves social engineering: slang for the use of deception to get individuals to reveal sensitive information In 2009, 10 million people in the U.S. had their identities stolen. © 2009 Prentice-Hall, Inc.

Phishing: users “fish” for sensitive information under false pretenses Usually e-mails Attempt to impersonate genuine organizations, such as banks, to fool the user into providing sensitive personal data Normally are very official looking The link the e-mail contains is operated by criminals and not your financial (or other) institution Often performed to commit identity theft Related scams are smishing and vishing which use text messages or telephone calls to commit phishing attacks © 2009 Prentice-Hall, Inc.

Pharming (DNS Poisoning): used by phishers to direct users to a fake web site when entering the URL of a genuine site Criminals replace the real URL with the URL of their fake site to steal your information Pharming is effective – the fake web site even shows the correct domain name in the browser address bar Online fraud: 87% related to online auctions Average cost per victim: $600 © 2009 Prentice-Hall, Inc.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Protect yourself from identity theft: Make all your online purchases using a credit card. Get a separate credit card with a low credit limit for your online transactions Make sure a secure Web site is managing your transaction. Don’t disclose personal information over the phone. Don’t give Social Security or driver’s license numbers over the phone; don’t print it on checks; and use encryption when sending it in email. Shred or burn sensitive mail before you recycle it. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Keep your wallet thin Copy your cards Make photocopies of your cards, front and back, in case they are stolen Look over your bills and statements promptly Remember: No reputable organization will ever request personal information in an e-mail or a phone call. Your bank does not need your password to access your account. Report identity theft promptly Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Hacking Also referred to as cracking Refers to gaining unauthorized access to computer systems Exploits weaknesses in target system’s security Once access is gained information will often be stolen Personal data, credit card number, passwords Hackers use a variety of tools to gain access to a system Social engineering is the easiest Tricks a person into revealing their password or other sensitive data Watches person over their shoulder as they type Calling companies IT department and impersonates genuine user pretending to have forgotten their password Use of Phishing © 2009 Prentice-Hall, Inc.

Keyloggers capture every keystroke typed by users Software tools Packet sniffers gather unencrypted data as it travels over the Internet Keyloggers capture every keystroke typed by users Password crackers guess passwords Dictionary attack tries every word in a list of known English words (or words in another language) Brute force try every combination of characters until the correct password is guessed Takes years to guess passwords for long passwords © 2009 Prentice-Hall, Inc.

Information Technology in a Global Society, Stuart Gray, 2011 EXAMPLES In 2008 US Republican candidate Sarah Palin’s webmail was compromised by hackers. The attack was relatively simple: the attackers used the password reset mechanism of her email account and, when asked for her personal details, they used details freely available on the Internet. This enabled the attackers to reset Palin’s password and leak her emails onto the Internet. In 2009 a web hosting company lost the web sites of 100,000 customers after its servers were attacked. The company had updated its software with the latest security patches but the attackers targeted a newly reported, and unfixed vulnerability – a so called zero day exploit. The attackers deleted large amounts of data from the servers. Many of the customers had signed up for hosting without backup facilities, meaning they were unable to retrieve their data. Information Technology in a Global Society, Stuart Gray, 2011

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Software sabotage: viruses and other malware Sabotage of software can include: Malware: malicious software Trojan horse: performs a useful task while also being secretly destructive Examples: logic and time bombs Virus: spreads by making copies of itself from program to program or disk to disk Examples: macro viruses and email viruses Worms: Spread without any user interaction. Examples: Opening worm infected e-mail attachements will spread the worm through the network or automatically forward itself to people in the user’s e-mail address book. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall How a Worm Works Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

McAfee Global Virus Map Virus Hoaxes Virus Info Glossary Anti-Virus Tips © 2009 Prentice-Hall, Inc.

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Antivirus programs are designed to search for viruses, notify users when they’re found, and remove them from infected disks or files. Antivirus programs continually monitor system activity, watching for and reporting suspicious virus-like actions. Programs need to be frequently revised to combat new viruses as they appear. Most can automatically download new virus-fighting code from the Web as new virus strains appear. It can take several days for companies to develop and distribute patches for new viruses. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Spyware is technology that collects information from computer users without their knowledge or consent. Also called: tracking software Information is gathered and shared with others via Internet. Your keystrokes could be monitored. Web sites you visit are recorded. Snapshots of your screen are taken. Spyware can cause pop-ups appearing on your screen. 91% of PC users have spyware on their computers. In drive-by downloads, just visiting a Web site can cause a download. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Zombie computers–Internet connected computers that have been hijacked using viruses to perform malicious acts without the knowledge of the owners and users. Malware infects computers with a “backdoor” which allows them to be controlled by an unauthorized user Criminals control hundreds or even thousands of zombies at once to form “Botnets” which are groups of computers under their control Send out spam or phishing e-mails or distribute further malicious software DOS (denial of service) attacks bombard servers and Web sites with traffic that shuts down networks. DDOS (Distributed denial of service) attacks use many computers (botnets) to attack a system. Drive-by downloads - programs which are downloaded or installed automatically, without the user’s consent, when they visit a web page. Typically used either to infect a system with malware or to make money by tricking the user into buying security software they don’t need. They sometimes use false error messages to trick the user into thinking they have a virus. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Depending on the security system, you might be granted access to a computer based on: Something you have A key, an ID card with a photo, or a smart card containing digitally encoded identification in a built-in memory chip (RFID) Something you know A password, an ID number, a lock combination, or a piece of personal history, such as your mother’s maiden name Something you do Your signature or your typing speed and error patterns Something about you A voice print, fingerprint, retinal scan, facial feature scan, or other measurement of individual body characteristics—collectively called biometrics Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Passwords and access privileges Passwords are the most common tool for restricting access to a computer system. Effective passwords: Use more than 12 characters Use upper-case and lower-case letters, numbers, and symbols Use different passwords for each system to limit problems if one password is compromised Avoid using real words, names or dates You should: Never write down passwords – use a password vault with a strong password to store passwords Change your passwords frequently Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall Firewalls, encryption These security systems reduce or prohibit the interception of messages between computers. A firewall is hardware or software that determines which data is allowed to enter and leave a network. Firewalls help secure a computer by preventing network access from external unauthorized users. Encryption is where codes protect transmitted information and a recipient needs a special key to decode the message. When sensitive data, such as credit card numbers, are sent over the Internet they are encrypted. Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall