Robert Crawford, MBA West Middle School

 Identify techniques that intruders use to attack computer systems.  Discuss different types of cybercrime.  Summarize how computer crime costs business money. Essential Question What are the common types of Cybercrime, and how can I avoid being a victim?

 Computer Crime  Cybercrime  Downtime  Identity Theft  Memory shave  Phishing  Scanning  Software Piracy  Spoof  Superzapper  Time bomb  Trap door  Back door  Virus  Worm  Trojan Horse Not in text  Script Kiddie  Macro Virus

 What is Cyber-crime?  Computer Crime is a term for any illegal activity that uses a computer as its primary means of commission.  Cybercrime refers to crimes carried out by means of the internet (456) ◦ The U.S. Department of Justice expands the definition of cybercrime to include any illegal activity that uses a computer for the storage of evidence.

Page 454

 Many cybercrimes come from illegal access to networks. ◦ Remember, a network is a set of computers, connected to each other, to provide access to shared resources and information.

 Many cybercrimes come from illegal access to networks.  This access can be provided by: ◦ Viruses ◦ Worms ◦ Trojan Horse Programs ◦ Or other criminal techniques

 A computer virus is a malware program whose purpose is to damage or destroy computer data, cause a computer to behave in unexpected ways, or interfere with the operation of the network, all while concealing and replicating itself.  The defining characteristic of viruses is that they are self-replicating computer programs which install themselves without the user's consent.

 A macro virus is a virus hidden in a document ◦ Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in s.  Macro Viruses can spread between platforms

 A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.  Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. ◦ Unlike a computer virus, it does not need to attach itself to an existing program.

 A Trojan horse, or Trojan, is a program disguised as useful but it is destructive to the data on the hard drive

 Software used to rapidly guess potential usernames and passwords ◦ Avoiding this vulnerability is one of the reasons that many websites only give you a few times to attempt to enter your password.

 In coding culture a script kiddie is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks, and deface websites.  It is generally assumed that script kiddies are juveniles who lack the ability to write sophisticated coding programs or exploits on their own, ◦ their objective is to try to impress their friends or gain credit in computer-enthusiast communities.  The term is typically intended as an insult.

 Using software that bypasses normal security constraints to allow unauthorized access to data. ◦ For example, such a program may issue commands directly to the disk drivers without going through normal file I/O routines, bypassing not only security restrictions but also leaving no audit trail.

 Faking the sending address (IP) of a transmission in order to gain illegal entry into a secure system.  The unauthorized use of a third-party domain name as the sender's name in an e- mail message. ◦ Most often used by spammers, spoofing the name of a popular retailer or organization entices the recipient to read the full message. ◦ We will look closer at this with Phishing

 Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords.  An official-looking is sent to potential victims pretending to be from their bank or retail establishment.  s can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

Is the "Bait"  The states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service.  A link in the message directs the user to a Web page that asks for financial information.  The page looks genuine, because it is easy to fake a valid Web site. ◦ Remember spoofing  Any HTML page on the Web can be copied and modified to suit the phishing scheme.  Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

 This is more of a concern to business than individuals  A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. ◦ For example, a programmer may hide a piece of code that starts deleting files (such as a salary database trigger), should they ever be terminated from the company. ◦ Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fool's Day. Trojans that activate on certain dates are often called "time bombs".

 A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing unauthorized remote access to a computer. ◦ The backdoor may take the form of an installed program (e.g., Back Orifice) or may subvert the system through a rootkit.  Default passwords can function as backdoors if they are not changed by the user.  Some debugging features can also act as backdoors if they are not removed in the release version.

 These are just plain old scams. ◦ e.g. “You have already won! send $50 for your portion of a $50,000 prize!”  The key word there was “portion.”  Your portion is going to be a very, very, very small one.

455 Crimes using the internet can take many forms

 This includes identity theft  You can be left with the bills  And a damaged credit rating

 The illegal copying and distribution of computer programs.  When you purchase a program you, typically are purchasing a single user license.  Piracy makes it harder for companies to sell their product. ◦ This can serve to discourage innovation

 Just plain old theft.  Most is “inside” ◦ Crimes committed by people who have legitimate access to the item being stolen.  Memory Shaving is hard to detect

 Just as defacing a building is vandalism, so is defacing a website  Further, it interferes with that availability to legitimate users.

456 Computer Crime: Any act that violates state or federal laws that involves using a computer Cybercrime: Crimes carried out by means of the internet

 The expense to business in repairing vandalism and making systems secure

 When the system has to be shutdown, there is downtime.  This costs the business money in: ◦ Business not done during that time ◦ Lack of availability to customers ◦ Lack of confidence to customers

 Customers loose confidence in the company: ◦ Its ability to meet their needs ◦ Its ability to secure their data

456 Law enforcement is using technology to catch cyber- criminals

 The Computer Crime and Intellectual Property Section (CCIPS) is a section of the Criminal Division of the U.S. Department of Justice in charge of investigating: ◦ computer crime (hacking, viruses, worms) ◦ and intellectual property crime and specializing in the search and seizure of digital evidence in computers and on networks.

 The NDCA CHIP Unit was created in response to the pressing need for a core of highly-trained and experienced federal prosecutors dedicated to prosecuting cybercrime and to assisting federal agencies in their investigative efforts in Silicon Valley.

 The National Infrastructure Protection Center (NIPC) was a unit of the United States federal government charged with protecting computer systems and information systems critical to the United States' infrastructure. ◦ It was founded in 1998 by President Bill Clinton's Presidential Decision Directive 63. ◦ It was originally created as a branch of the FBI. ◦ In 2003, the NIPC was transferred to the Department of Homeland Security.  The NIPC was eventually disbanded, with other federal government organizations taking on its responsibilities.

 Identify techniques that intruders use to attack computer systems.  Discuss different types of cybercrime.  Summarize how computer crime costs business money.

 Computer Crime  Cybercrime  Downtime  Identity Theft  Memory shave  Phishing  Scanning  Software Piracy  Spoof  Superzapper  Time bomb  Trap door  Back door  Virus  Worm  Trojan Horse Not in text  Script Kiddie  Macro Virus