1. Computer Crime and CyberCrime Why we need Computer Forensics

2. Objectives To review the environment of computer crime and cybercrime To relate to computer forensics practice – the challenges which need to be addressed and –the skills and techniques we need to be developing

3. Computer Crime Environment Cheap and easy access to tools for computer crime Skills low skill base required Computer systems are badly designed –Not enough thought given to security or integrity Initial detection of crime can be difficult Reluctance of victims to prosecute and publicise crime Lack of knowledge and awareness of victims Wider societal issue of haves and have nots

4. Opportunities Computers and computer systems offer new opportunities for crime More people with computer skills, therefore there are more potential criminals Access to computer crime is very cheap Computer systems are badly designed –Not enough thought given to security or integrity Detection becomes much more difficult Reluctance of victims to publicise crime

5. Why do People Carry out Computer Crime ? Discovery of loopholes, providing opportunity –Understanding systems (electronic joyriding) They think they can get away with the crime –Majority of thieves are caught by accident –Ineffectiveness of formal and / or informal sanctions –Computer criminals don’t know about Computer Forensics They think stealing from a large company won’t hurt Financial gain Occupationally related - caused by dissatisfied employees –Masqueraders (those who operate under the identity of another user) –Clandestine users (those who evade access controls and auditing) –Misfeasors (those who have legitimate authorisation but misuse their privileges) Technology provides easier, quicker and larger opportunity –Issue in pornography and paedophile rings Perception of victimless crime

6. Computer Crime and Cybercrime Computer crime –A crime in which the perpetrator uses special knowledge about computer technology Cybercrime –A crime in which the perpetrator uses special knowledge of cyberspace From Furnell (2002)

7. Further Definitions (UK Audit Commission) Computer assisted crimes –Cases in which the computer is used in a supporting capacity, but the underlying crime or offence either predates the emergence of the computer or could be committed without them. The headings of fraud, theft, unauthorised private work, misuse of personal data, sabotage and pornography can all be considered to fit into this category Computer focussed crimes –Cases in which the category of crime has emerged as a direct result of computer technology and there is no direct parallel in other sectors. From the Audit Commission’s headings, the problems of hacking and viruses clearly fall within this category This categorisation in no way indicates any difference in levels of seriousness between assisted and focussed, indeed financial losses from fraud dwarf all other categories of crime in terms of scale

8. Example Can further categorise by splitting into computer based (PC based) and Internet

9. Categorisation by Victim Against organisations (source nhtcu) –sabotage of data or networks, virus attacks, financial fraud, theft of proprietary information, denial of service, unauthorised website access / misuse, spoofing, theft of hardware, telecomms fraud By organisations against employees and / or public –misuse of funds (eg pensions), false accounting, industrial espionage Against individuals –Cyber-stalking, e-mail issues (phishing, flaming, defamation, harassment), access to personal data (identity theft), manipulation and / or loss of data, economic theft

11. CRIME SCENE CRIME SCENE CRIME SCENE

12. Computer Security Institute Categorisations Theft of proprietary information Sabotage of data or networks Telecom eavesdropping System penetration by outsider Insider abuse of Net access Financial fraud Denial of service Spoofing Virus Unauthorised insider access Telecom fraud Active wiretapping Laptop theft Source CSI/FBI Computer Crime and Security Survey (2001)

13. Social Engineering Weakest point in any computer or information system is the human Social engineering is a con game – persuading another person to do what you want them to do Based on the premise that as humans we want to be helpful Look the part (could be technical could be physical) and ask the question

14. Implications for Computer Forensics Practice We need to be aware of the range of threats and types of attack Awareness of the types of digital evidence we seek Skills and techniques we need to be developing

20. Is action always a crime ? Hacking example Is hacking always a crime or are there situations when it is acceptable behaviour?

21. Case against Hacking It is difficult to detect when a hack has occurred Misconception that because there is no victim no crime has occurred ! Difficulty in accepting concept of apparent crime Often hacking is not enough, alteration or destruction or planting of a virus / logic bomb is the next stage ! Public announcements of hacking may effect customer trust

22. Case to support Hacking All information should be free –if it were free there would be no need for intellectual property or security Break-ins show security problems –allows designers to do something about it Hackers are doing no harm and changing nothing –merely learning how systems operate Hackers break into systems to watch for instances of data abuse and to help keep Big Brother at bay Skill in penetration testing – helps organisations

23. Hackers and their Motivations Cyber terrorists Cyber warriors HackersMalware writers PhreakersScript kiddies Old school Challenge Ego Espionage Ideology Mischief Money Revenge

24. Summary New opportunities and instances of computer crime and cyber crime are developing all the time We need to be aware of the threat As well as developing protection we need to be able gather appropriate digital evidence Implications for CPD