Crime CS4020.

Slides:



Advertisements
Similar presentations
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Advertisements

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Slides prepared by Cyndi Chie and Sarah Frye Adapted for use in LSU course CSC-1200 “Ethics in Computing” A Gift of Fire Third edition Sara Baase Chapter.
A Gift of Fire, 2edChapter 7: Computer Crime1 A Gift of Fire Computer Crime Introduction Hacking Online Scams Fraud, Embezzlement, Sabotage, Information.
Social Implications of a Computerized Society Lecture 4 Computer Crime Instructor: Oliver Schulte Simon Fraser University.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
A Gift of Fire Third edition Sara Baase
Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Legal and Ethical Issues: Privacy and Security Chapter Five.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
A Gift of Fire Fourth edition Sara Baase
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 5: Crime.
Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Computer Crime. Intro Computers and the Internet are tools. Crimes committed with computers are harder to detect. Computer vandalism can bring business.
OVERVIEW OF COMPUTER CRIME LEGISLATION IN HAWAII
© Oklahoma State Department of Education. All rights reserved. 1 Beware! Consumer Fraud Standard 9. 1 Fraud and Identity Theft.
Presentation By Timothy Mangas. Why should we worry? Crimes committed using the computer or Internet can be more costly (money wise) than other crimes.
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Discovering Computers 2010
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
Chapter 11 Security and Privacy: Computers and the Internet.
Securing Information Systems
Risks and Revenues Virtual Business Copyright © Texas Education Agency, All rights reserved.
Defining Security Issues
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Spam and The Computer Fraud and Abuse Act Richard Warner.
PART THREE E-commerce in Action Norton University E-commerce in Action.
IS 490 Notes for Baase Textbook, Chapter 5. Corresponding page number:  Hacking  Identity Theft and Credit Card Fraud  Whose Laws Rule the Web
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
Internet Security facilities for secure communication.
Computing Essentials 2014 Privacy, Security and Ethics © 2014 by McGraw-Hill Education. This proprietary material solely for authorized instructor use.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
CSE/ISE 312 Chapter 5: Computer Crime. Outline  Hacking  Identity Theft and Credit Card Fraud  Laws that Rule the Web.
 A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. It is deliberately.
COPYRIGHT © 2011 South-Western/Cengage Learning. 1 Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears,
A Gift of Fire Third edition Sara Baase Chapter 5: Crime.
3.05 Protect Your Computer and Information Unit 3 Internet Basics.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 5: Crime.
Cybercrime What is it, what does it cost, & how is it regulated?
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Protecting Yourself from Fraud including Identity Theft Personal Finance.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
Any criminal action perpetrated primarily through the use of a computer.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
By: Chris Simpson, Julie Dunbar, and Thomas Taylor.
Slides prepared by Cyndi Chie and Sarah Frye A Gift of Fire Third edition Sara Baase Chapter 5: Crime.
PowerPoint® Slides to Accompany
Chapter 11 crime and security in the networked economy
Answer the questions to reveal the blocks and guess the picture.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
PowerPoint® Slides to Accompany
A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase
PowerPoint® Slides to Accompany
HOW DO I KEEP MY COMPUTER SAFE?
A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase
Presentation transcript:

Crime CS4020

Overview Hacking Identity Theft and Credit Card Fraud Scams and Forgery Crime Fighting Versus Privacy and Civil Liberties Laws That Rule the Web

Hacking currently defined as to gain illegal or unauthorized access to a file, computer, or network Early 1960s to 1970s It was a positive term A "hacker" was a creative programmer who wrote elegant or clever code A "hack" was an especially clever piece of code

Hacking 1970s to mid 1990s Hacking took on negative connotations Breaking into computers for which the hacker does not have authorized access Still primarily individuals Includes the spreading of computer worms and viruses and ‘phone phreaking’ Companies began using hackers to analyze and improve security

Hacking beginning with the mid 1990s The growth of the Web changed hacking; viruses and worms could be spread rapidly Political hacking (Hacktivism) surfaced Denial-of-service (DoS) attacks used to shut down Web sites Large scale theft of personal and financial information Still a positive term too, “Hack-a-thon” (get-together were do intensive coding)

Political Hacking (Hacktivism) Use of hacking to promote a political cause Disagreement about whether it is a form of civil disobedience and how (whether) it should be punished Some use the appearance of hacktivism to hide other criminal activities How do you determine whether something is hacktivism or simple vandalism?

Law: Computer Fraud and Abuse Act (CFAA) 1986 Congress passed intended to reduce hacking. Covers government computers, financial and medical systems, and activities that involve computers in more than one state, including computers connected to the Internet

Computer Fraud Abuse Act cont. It was amended in 1994, 1996 and in 2001 by the USA Patriot Act expanded the definition of loss to include the cost of responding to an attack, assessing damage and restoring systems

CFAA Offenses: Knowingly accessing a computer without authorization in order to obtain national security data Intentionally accessing a computer without authorization to obtain: Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer. Information from any department or agency of the United States Information from any protected computer if the conduct involves an interstate or foreign communication Intentionally accessing without authorization a government computer and affecting the use of the government's operation of the computer. Knowingly accessing a computer with the intent to defraud and there by obtaining anything of value. Knowingly causing the transmission of a program, information, code, or command that causes damage or intentionally accessing a computer without authorization, and as a result of such conduct, causes damage that results in: Loss to one or more persons during any one-year period aggregating at least $5,000 in value. The modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals. Physical injury to any person. A threat to public health or safety. Damage affecting a government computer system Knowingly and with the intent to defraud, trafficking in a password or similar information through which a computer may be accessed without authorization.

Computer Fraud Abuse Act Example litigation and decision with regards to this act. Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit). Using a civil subpoena which is “patently unlawful”, “bad faith” and “at least gross negligence” to gain access to stored email is a breach of this act and the Stored Communications Act.

How to Catch hackers? Law enforcement agents read hacker newsletters and participate in chat rooms undercover They can often track a handle by looking through newsgroup archives Security professionals set up ‘honey pots’ which are Web sites that attract hackers, to record and study Computer forensics is used to retrieve evidence from computers

Penalties for Young Hackers Sentencing depends on intent and damage done Most young hackers receive probation, community service, and/or fines Not until 2000 did a young hacker receive time in juvenile detention Many young hackers have matured and gone on to productive and responsible careers Difficult to determine punishment for young hacker?

Preventing Hacking One Difficulty: Internet started with open access as a means of sharing information for research & Attitudes about security were slow to catch up with the risks Technology Solution Examples: Firewalls are used to monitor and filter out communication from untrusted sites or that fit a profile of suspicious activity. Even home routers have built-in firewalls Proxy servers : application specific data filtering. Anti-virus software: filtering of incoming data Security Protocols: protect communications, like SSL (secure socket layer). Encryption: hiding of data Security is often playing catch-up to hackers as new vulnerabilities are discovered and exploited

Responsibilities Developers have a responsibility to develop with security as a goal Businesses have a responsibility to use security tools and monitor their systems to prevent attacks from succeeding Home users have a responsibility to ask questions and educate themselves on the tools to maintain security (personal firewalls, anti-virus and anti-spyware)

Hacking Discussion Questions Hack.1) Is hacking that does no direct damage or theft a victimless crime? Hack.2) Do you think hiring former hackers to enhance security is a good idea or a bad idea? Why? POST answers on discussion board

Identity Theft and Credit Card Fraud Stealing Identities: Identity Theft –various crimes in which a criminal or large group uses the identity of an unknowing, innocent person Use credit/debit card numbers, personal information, and social security numbers 18-29 year-olds are the most common victims because they use the web most and are unaware of risks E-commerce has made it easier to steal card numbers and use without having the physical card

Identity Theft – how? Phishing - e-mail fishing for personal and financial information disguised as legitimate business e-mail Pharming - false Web sites that fish for personal and financial information by planting false URLs in Domain Name Servers Online resumes and job hunting sites may reveal SSNs, work history, birth dates and other information that can be used in identity theft

Identity Theft – how to protect - examples Change the way you do business- e.g. Activation for new credit cards Limit information – e.g. Retailers do not print the full card number and expiration date on receipts Fraud Detection - Software detects unusual spending activities and will prompt retailers to ask for identifying information Third Party Protection - Services, like PayPal, act as third party allowing a customer to make a purchase without revealing their credit card information to a stranger Protect Communications - Secure transaction protocols (e.g. SSL )

Identity Theft more protection examples Authentication of e-mail and Web sites Use of encryption to securely store data, so it is useless if stolen Authenticating customers to prevent use of stolen numbers, may trade convenience for security In the event information is stolen, a fraud alert can flag your credit report; some businesses will cover the cost of a credit report if your information has been stolen

Identity Theft – use biometrics to protect?? Biometrics: biological characteristics unique to an individual (e.g. fingerprint, retinal scan) No external item (card, keys, etc.) to be stolen Used in areas where security needs to be high, such as identifying airport personnel Biometrics can be fooled, but more difficult to do so, especially as more sophisticated systems are developed

Discussion Questions Hack .3) What steps can you take to protect yourself from identity theft and credit card fraud? Hack.4) How can you distinguish between an e-mail that is a phishing attempt and an e-mail from a legitimate business? POST your answers to the discussion board

Scams and Forgery Auctions: FTC reports that online auction sites are one of the top sources of fraud complaints Some sellers do not send items or send inferior products Shill bidding is used to artificially raise prices Sellers give themselves or friends glowing reviews to garner consumer trust Auction sites use various techniques to counter dishonest sellers

Scams and Forgery more examples Click fraud - repeated clicking on an ad to either increase a site’s revenue or to use up a competitor's advertising budget Stock fraud - most common method is to buy a stock low, send out e-mails urging others to buy, and then sell when the price goes up, usually only for a short time Digital Forgery - new technologies (scanners and high quality printers) are used to create fake checks, passports, visas, birth certificates, etc., with little skill and investment

Crime Fighting Versus Privacy and Civil Liberties Search and Seizure of Computers: Requires a warrant to search and seize a computer Court rulings inconclusive about whether information found on computers, but not covered by a warrant, is considered in ‘plain view’ Automated searches Can monitor constantly and less likely to miss suspicious activity Can be programmed to only look for what is covered in a warrant

Crime Fighting Versus Privacy and . . . (cont.) The Issue of Venue: Charges are generally filed where the crime occurs Laws differ between states and countries Where charges are filed may have significant impact if community standards apply The FBI usually files in the state where the crime was discovered and the investigation began

Crime Fighting Versus Privacy and . . . (cont.) Cybercrime Treaty: International agreement to foster international cooperation among law enforcement agencies of different countries in fighting copyright violations, pornography, fraud, hacking and other online fraud Treaty sets common standards or ways to resolve international cases

Whose Laws Rule the Web When Digital Actions Cross Borders: Laws vary from country to country Corporations that do business in multiple countries must comply with the laws of all the countries involved Someone whose actions are legal in their own country may face prosecution in another country where their actions are illegal

Whose Laws Rule the Web (Cont.) Arresting Foreign Visitors: A Russian citizen was arrested for violating the DMCA when he visited the U.S. to present a paper at a conference; his software was not illegal in Russia An executive of a British online gambling site was arrested as he transferred planes in Dallas (online sports betting is not illegal in Britain)

Whose Laws Rule the Web (Cont.) Libel, Speech and Commercial Law: Even if something is illegal in both countries, the exact law and associated penalties may vary Where a trial is held is important not just for differences in the law, but also the costs associated with travel between the countries; cases can take some time to come to trial and may require numerous trips Freedom of speech suffers if businesses follow laws of the most restrictive countries

Whose Laws Rule the Web Discussion Questions Hack.5) What suggestions do you have for resolving the issues created by differences in laws between different countries? Hack.6) What do you think would work, and what do you think would not? POST your answer on the discussion board.