1. Computer Crimes and Security Professor Matt Thatcher

2. 2 Last Class l Software patents –policy parameters »height »width (allowable imitation level) »length –patent outcome region (POR) »set of policies that give the innovator profit incentive to seek and attain a patent –the good, the bad… »which policies within the POR are good for society? »which policies within the POR are good for consumers? »which policies with the POR are good for both? »why???

3. 3 Today l Administrative –turn in Case Report (5) –Exam 2 questions are now available »I am unlikely to answer questions about the Exam 2 questions; however, if you do have questions please ask them during class so that everyone has the benefit of hearing my response. l Next week –read and prepare the Case of the Killer Robot (see the link in the course schedule) –I have assigned roles for next class! l By end of semester –turn in Case Report (6)

4. 4 Cyber Crime l Why worry about it? –increasingly prevalent, especially on the internet –compared to traditional crime it is: »larger in scale »harder to detect »perpetrated by younger criminals l Types of Cyber Crime we explore today –“harmless” hacking –computer sabotage –electronic break-in –hacktivism l Security measures

5. 5 The Law l Computer Fraud and Abuse Act (1986) –it is a crime to knowingly access a computer without (or in excess of) authority to obtain classified information –covers areas under government jurisdiction »government computers »medical systems »financial systems »computers connected to the internet u why?? l Lots of additional federal and state laws –penalties: up to 10 yrs prison/$250,000 fine

6. 6 Computer Sabotage l Disruption of service –destroy/modify files –damage computer resources –hurt website revenues –clean-up and recovery costs l Types –Virus –Worm –Trojan Horse –Logic Bomb –Denial of Service (DoS)

7. 7 Electronic Break-Ins l Is a website property with property rights? l Trespassing –must show that the attacker has intent to enter into a forbidden property without permission –is electronic trespassing analogous to physical trespassing? –CompuServe, Inc. v. CyberPromotions, Inc. »SPAM

8. 8 Hacktivism l Use of hacking to promote a political issue –global warming –environmentalism l Modern form of civil disobedience? l Think about the property rights issues –does someone have the right to destroy or damage your property to make a political statement? –can your neighbor hang a political sign on your yard or spray paint your fence? –does preventing them from doing so violate their right to free speech? l Difficult to justify hacktivism –can use internet for activism without damaging websites of others (right to speak, but no right to be heard) l Spinello, Case 6.6. Hacktivism

9. 9 “Harmless” Hacking? l Spinello, Case 6.3. Harmless Prank l Is hacking harmless?

10. 10 Security Measures l Spinello, Case 6.2. Security Breach at IKON l Vulnerability assessments (probe for weaknesses) –hire hacker??? l Firewalls l Intrusion detection systems l Antivirus applications l Filtering systems l Encryption –private key vs. public key encryption l Safeguards from malicious insiders –delete accounts, IDs, and passwords of departing employees immediately (Spinello, Case 6.1. The Disgruntled Consultant) l Verify backup process for software and databases l Conduct periodic IT security audits

11. 11 Spinello, Case 6.5. l The Case of Craig Neidorf –use of a newsletter (Phrack) to give people information about how to hack different systems to use telecommunication lines for free –turns out the information was in the public domain and not a trade secret l Do you have the right to publish security flaws and encourage people to exploit them? l Should 3 rd party publishers be liable for what they publish –consider the Digital Millenium Copyright Act

12. 12 Summary