Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 3 Computer and Internet Crime

Published byEleanor Adams Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 3 Computer and Internet Crime"— Presentation transcript:

1 Chapter 3 Computer and Internet Crime

2 Chapter 3 - Computer and Internet Crime
Chapter 3 - Objectives Discuss key trade-offs and ethical issues associated with safeguarding of data and information systems. Identify reasons for the increase in the number of Internet-related security incidents. Describe the most common types of computer security attacks. Outline the characteristics of common perpetrators including their objectives, available resources, willingness to accept risk, and frequency of attack. Describe a multi-level process for managing Internet vulnerabilities based on the concept of reasonable assurance. Outline the actions that must be taken in response to a security incident. Chapter 3 - Computer and Internet Crime

3 Number of Incidents Reported
IT Security Incidents Year Number of Incidents Reported 2003 2002 137,529 82,094 2001 2000 52,658 21,756 1999 9,859 1998 3,734 1997 2,134 Total: : 319,992 Source: CERT Web site at Chapter 3 - Computer and Internet Crime

4 Increased Internet Security Incidents
Increasing complexity increases vulnerability. Higher computer user error and access to information. Expanding and changing environment introduces new risks. Increased reliance on commercial software with known vulnerabilities. Chapter 3 - Computer and Internet Crime

5 Types of Internet Attacks
Virus Worm Trojan Horse Denial-of-Service Attacks Chapter 3 - Computer and Internet Crime

6 Chapter 3 - Computer and Internet Crime
Virus The term “computer virus” is an umbrella term used for many types of malicious code. A virus is usually a piece of programming code that causes some unexpected and usually undesirable event. Most viruses deliver a “payload” or malicious act. Chapter 3 - Computer and Internet Crime

7 Chapter 3 - Computer and Internet Crime
Virus Viruses may execute and affect your computer in many different ways. Replicate themselves Reside in memory and infect other files Modify and/or create new files Most common viruses are “macro” viruses. These viruses use an application language such as VBScript to infect and replicate documents and templates. Chapter 3 - Computer and Internet Crime

8 Chapter 3 - Computer and Internet Crime
Worm A worm is a computer program, which replicates itself and is self-propagating. Worms, as opposed to viruses, are meant to spawn in network environments. ( Worms are also harmful and they differ from standard viruses in that they have this ability to “self-propagate” without human intervention. Chapter 3 - Computer and Internet Crime

9 Chapter 3 - Computer and Internet Crime
Trojan Horse A Trojan horse is a program that gets secretly installed on a computer, planting a harmful payload that can allow the hacker to do such things as steal passwords or spy on users by recording keystrokes and transmitting them to a third party. Chapter 3 - Computer and Internet Crime

10 Trojan Horse – Logic Bomb
A logic bomb is a type of Trojan horse that executes when a specific condition occurs. Logic bombs can be triggered by a change in a particular file, typing a specific series of key strokes, or by a specific time or date. Chapter 3 - Computer and Internet Crime

11 Denial-of-Service Attack
A denial-of-service attack is one in which a malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other tasks. SCO and Microsoft – MyDoom.a and .b Denial of service does not involve a computer break-in; it simply keeps the target machine so busy responding to the automated requests that legitimate users cannot get work done. Chapter 3 - Computer and Internet Crime

12 Denial-of-Service Attack
Zombies are computers that send these requests. Spoofing is the practice of putting a false return address on a data packet. Filtering is the process of preventing packets with false IP addresses from being passed on. Chapter 3 - Computer and Internet Crime

13 Classification of Perpetrators of Computer Crime
Type of perpetrator Objective Resources available to perpetrator Level of risk taking acceptable to perpetrator Frequency of Attack Hacker Test limits of system, gain publicity Limited Minimal High Cracker Cause problems, steal data, corrupt systems Moderate Medium Insider Financial gain or disrupt company’s information systems Knowledge of systems and passwords Low Industrial spy Capture trade secrets or gain competitive advantage Well funded, well trained Cybercriminal Financial gain Cyberterrorist Cause destruction to key infrastructure components Not necessarily well funded nor well trained Very high See: Three Blind Phreaks Chapter 3 - Computer and Internet Crime

14 Chapter 3 - Computer and Internet Crime
Hacker A hacker is an individual who tests the limitations of systems out of intellectual curiosity. Unfortunately, much of what hackers (and crackers) do is illegal. Breaking into networks and systems. Defacing web pages. Crashing computers. Spreading harmful programs or hate messages. Chapter 3 - Computer and Internet Crime

15 Chapter 3 - Computer and Internet Crime
Hacker Crackers are hackers who break code. Malicious insiders are a security concern for companies. Insiders may be employees, consultants, or contractors. They have knowledge of internal systems and know where the weak points are. Chapter 3 - Computer and Internet Crime

16 Forms of Computer Criminals
Malicious insiders are the number one security concern for companies. Industrial spies use illegal means to obtain trade secrets from the competitors of firms for which they are hired. Cybercriminals are criminals who hack into computers and steal money. Cyberterrorists are people who intimidate or coerce a government to advance their political or social objectives by launching attacks against computers and networks. Chapter 3 - Computer and Internet Crime

17 Chapter 3 - Computer and Internet Crime
Legal Overview Fraud is obtaining title to property through deception or trickery. To prove fraud four elements must be shown: The wrongdoer made a false representation of the material fact. The wrongdoer intended to deceive the innocent party. The innocent party justifiably relied on the misrepresentation. The innocent party was injured. Chapter 3 - Computer and Internet Crime

18 Reducing Internet Vulnerabilities
Risk assessment is an organization’s review of the potential threats to its computer and network and the probability of those threats occurring. Establish a security policy that defines the security requirements of an organization and describes the controls and sanctions to be used to meet those requirements. Educate employees, contractors, and part-time workers in the importance of security so that they will be motivated to understand and follow security policy. Chapter 3 - Computer and Internet Crime

19 Chapter 3 - Computer and Internet Crime
Prevention Install a corporate firewall. Install anti-virus software on personal computers. Implement safeguards against attacks by malicious insiders. Address the ten most critical Internet security threats (10 each in Windows and UNIX): Top Twenty List Verify backup processes for critical software and databases. Conduct periodic IT security audits. See: Tourbus Virus Solution or locally MS Patch for IE—CNET News. Implications of changes, speed of reaction Chapter 3 - Computer and Internet Crime

20 Chapter 3 - Computer and Internet Crime
Detection Intrusion detection systems monitor system and network resources and activities and, using information gathered from theses sources, they notify authorities when they identify a possible intrusion. Honeypot is a computer on your network that contains no data or applications critical to the company but has enough interesting data to lure intruders so that they can be observed in action. Chapter 3 - Computer and Internet Crime

21 Chapter 3 - Computer and Internet Crime
Response Incident notification is the plan and process used to notify company individuals when a computer attack has happened. In addition, your company should be prepared to: Protect evidence and activity logs Incident containment Incident eradication Incident follow-up Chapter 3 - Computer and Internet Crime

22 Chapter 3 - Computer and Internet Crime
Summary Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security. The increased complexity of the computing environment has led to an increase in the number of security related issues. Chapter 3 - Computer and Internet Crime

23 Chapter 3 - Computer and Internet Crime
Summary Common computer attacks include viruses, worms, Trojan horses, and denial-of-service attacks. Computer hackers include general hackers, crackers, and malicious insiders. Chapter 3 - Computer and Internet Crime

24 Chapter 3 - Computer and Internet Crime
Summary A strong security program is a safeguard for a company’s systems and data. An incident response plan includes: Protect evidence and activity logs. Incident containment. Incident eradication. Incident follow-up. Chapter 3 - Computer and Internet Crime

25 Case 1 Cybercrime: Even Microsoft is Vulnerable
On October 27, 2000, Microsoft acknowledges that its security had been breached and that outsiders using a Trojan house virus had been able to view source code for computer programs under development . Chapter 3 - Computer and Internet Crime

26 Case 2 Visa Combats Online Credit Card Fraud
Visa-branded credit cards generate almost $2 trillion in annual volume and are acceptable at over 22 million location around the world. Visa is reviewing new ways of authenticating user transactions. Chapter 3 - Computer and Internet Crime

27 Chapter 3 - Computer and Internet Crime
In the News, and more… Teen Hacker avoids jail sentence The Register: Security and Viruses Google News: Hacking, Computer Security, etc Chapter 3 - Computer and Internet Crime

Download ppt "Chapter 3 Computer and Internet Crime"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.

Information System protection and Security. Need for Information System Security §With the invent of computers and telecommunication systems, organizations.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Ethics in Information Technology, Fourth Edition

Ethics in Information Technology, Fourth Edition
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.

 ICT Security › If the firm is a victim of a computer crime, should they pursue prosecution of the criminals at all costs, should they maintain a low.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google