Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.

Slides:



Advertisements
Similar presentations
BA J. Galván1 COMPUTER CRIME Cybercrime, Cyberterrorism, and Cyberwarfare.
Advertisements

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.
OV 2- 1 Copyright © 2005 Element K Content LLC. All rights reserved. Security Threats  Social Engineering  Software-based Threats  Hardware-based Threats.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare.
MANAGEMENT & LEGAL IMPLICATIONS OF eCOMMERCE Defamation on the Internet “Defamation”, Arts Law Centre [Online: Accessed 4th February 2004 URL:
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Security+ Guide to Network Security Fundamentals
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition
1 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses Networking fundamentals Network architecture Network components.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
CYBER CRIME AND SECURITY TRENDS
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Attacks and Malicious Code Chapter 3. Learning Objectives Explain denial-of-service (DoS) attacks Explain and discuss ping-of-death attacks Identify major.
Securing Information Systems
Technology in Action Chapter 7 Networking and Security: Connecting Computers and Keeping Them Safe from Hackers and Viruses.
1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
Kholoud AlSafadi Ethical Issues in Information Systems and the Internet.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
BUSINESS B1 Information Security.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
C8- Securing Information Systems
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
Any criminal action perpetrated primarily through the use of a computer.
1 Computer Security and Privacy. 2 Terms Computer security risk Computer crime Cybercrime Hacker Cracker Script kiddie Corporate spy Unethical employee.
Attack Methods  Attacks  DoS (Denial of Service)  Malware.
1 Figure 1-3: Attack Trends Growing Incident Frequency  Incidents reported to the Computer Emergency Response Team/Coordination Center  1997: 2,134.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Technical Implementation: Security Risks
Add video notes to lecture
IT Security  .
(see also Q1 and Q2 Topics)
Threats By Dr. Shadi Masadeh.
Securing Information Systems
Chap 10 Malicious Software.
Chap 10 Malicious Software.
Presentation transcript:

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare

Cybercrime Illegal or criminogenic activities performed in cyberspace

Copyright © 2003, Addison-Wesley Common EC/EB crime targets/victims Identity theft – is your customer “real”? Credit card number theft – is your customer’s credit/debit account “real”? Computational embezzlement – fraudulent creation/manipulation of financial info regarding EC/EB transactions or accounts (biggest corporate problem) (Security) Vulnerability and exploit attacks (most pervasive problem). EC/EB system targeted attacks mostly “out of sight” so far

Copyright © 2003, Addison-Wesley Hacker/Cracker Originally, an expert programmer Today, someone (Cracker) who breaks into computers Types of hackers White-hat hackers Black-hat hackers (crackers, dark side hackers) Elite hackers Superior technical skills Very persistent Often publish their exploits Samurai – a hacker for hire

Copyright © 2003, Addison-Wesley Figure 8.1 A list of postings on a hacker newsgroup. Source: alt.bio.hackers newsgroup

Copyright © 2003, Addison-Wesley Figure 8.2 A typical posting. Source: alt.bio.hackers newsgroup

Copyright © 2003, Addison-Wesley Figure 8.3 Hackers publish their exploits. Source:

Copyright © 2003, Addison-Wesley Script-kiddies and Phreakers Script-kiddie (packet monkeys, lamerz) Hacker in training Disdained by the elite hackers Phreaker Person who cracks the telephone network Insider/outsider using “social engineering” Trusted employee turned black-hat hacker Dumpster divers; help desk impersonators, etc. Potentially most dangerous

Copyright © 2003, Addison-Wesley Why Do Hackers Hack? Government sponsored hacking Cyberwarfare Cyberterrorism Espionage Industrial espionage White-hats Publicize vulnerabilities The challenge – hack mode Black hats – misappropriate software and personal information Script kiddies – gain respect Insiders – revenge

Copyright © 2003, Addison-Wesley Password Theft Easiest way to gain access/control User carelessness Poor passwords Easily guessed Dumpster diving Observation, particularly for insiders The sticky note on the monitor Human engineering, or social engineering Standard patterns (e.g., Miami University) Guess the password from the pattern

Copyright © 2003, Addison-Wesley Rules for Choosing Good Passwords Easy to remember, difficult to guess Length – 6 to 9 characters Mix character types Letters, digits, special characters Use an acronym Avoid dictionary words Different account  different password Change passwords regularly

Copyright © 2003, Addison-Wesley Packet Sniffers Software wiretap Captures and analyzes packets Any node between target and Internet Broadcast risk Ethernet and cable broadcast messages Set workstation to promiscuous mode Legitimate uses Detect intrusions Monitoring

Copyright © 2003, Addison-Wesley Potentially Destructive Software Logic bomb (set up by insider) Potentially very destructive Time bomb – a variation Rabbit Denial of service Trojan horse Common source of backdoors

Copyright © 2003, Addison-Wesley Backdoor Undocumented access point Testing and debugging tool Common in interactive computer games Cheats and Easter eggs Hackers use/publicize backdoors to gain access Programmer fails to close a backdoor Trojan horse Inserted by hacker on initial access Back Orifice – the Cult of the Dead Cow

Copyright © 2003, Addison-Wesley Viruses and Worms (most common) Virus Parasite Requires host program to replicate Virus hoaxes can be disruptive Virus patterns/generators exist; script kiddies use these (but most anti-virus software does not!) Worm Virus-like Spreads without a host program Used to collect information Sysop – terminal status Hacker – user IDs and passwords

Copyright © 2003, Addison-Wesley Figure 8.6 Structure of a typical virus. Payload can be Trivial Logic bomb Time bomb Trojan horse Backdoor Sniffer Macro viruses (thanks to MS ) Polymorphic viruses attachments Today, click attachment Tomorrow, may be eliminated! Cluster viruses Spawn mini-viruses Cyberterrorism threat

Copyright © 2003, Addison-Wesley Anti-Virus Software Virus signature Uniquely identifies a specific virus Update virus signatures frequently Heuristics Monitor for virus-like activity Virus detection and removal to be pushed “upstream” in the IT supply chain infrastructure Recovery support

Copyright © 2003, Addison-Wesley Figure 8.8 Security and virus protection in layers. Defend in depth What one layer misses, the next layer traps Firewalls (Chapter 9) Anti-virus software Internet

Copyright © 2003, Addison-Wesley System Vulnerabilities Known security weak points Default passwords – system initialization Port scanning Software bugs Logical inconsistencies between layers Published security alerts War dialer to find vulnerable computer

Copyright © 2003, Addison-Wesley Denial of Service Attacks (DoS) An act of vandalism or terrorism A favorite of script kiddies Objective Send target multiple packets in brief time Overwhelm target The ping o’ death Distributed denial of service attack Multiple sources

Copyright © 2003, Addison-Wesley Figure 8.9 A distributed denial of service attack. Cyber equivalent of throwing bricks Overwhelm target computer Standard DoS is a favorite of script kiddies DDoS more sophisticated

Copyright © 2003, Addison-Wesley Spoofing Act of faking key system parameters DNS spoofing Alter DNS entry on a server Redirect packets IP spoofing Alter IP address Smurf attack

Copyright © 2003, Addison-Wesley Figure 8.10 IP spoofing. Preparation Probe target (A) Launch DoS attack on trusted server (B) Attack target (A) Fake message from B A acknowledges B B cannot respond DoS attack Fake acknowledgement from B Access A via 1-way communication path

Copyright © 2003, Addison-Wesley Cybercrime prevention Multi-layer security Security vs. privacy?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.