Unit 03 Computer and Internet Crime [5 hrs] v1.2.pdf
SujanTimalsina5
140 views
97 slides
Apr 28, 2024
Slide 1 of 97
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
About This Presentation
Ethics in IT
Slide Content
Unit 3
Computer
and
Internet Crime
Information System Ethics
Hempal Shrestha
LegalTech (IP&IT) & Knowledge Management Specialist
Visiting Faculty - Kathmandu University 2023
Computer
and
Internet Crime
Information System Ethics
Hempal Shrestha
LegalTech (IP&IT) & Knowledge Management Specialist
Visiting Faculty - Kathmandu University 2023
Objectives
1.What key trade-offs and ethical issues are associated with
the safeguarding of data and information systems?
2.Why has there been a dramatic increase in the number of
computer-related security incidents in recent years?
3.What are the most common types of computer security
attacks?
4.What are some characteristics of common computer
criminals, including their objectives, available resources,
willingness to accept risk, and frequency of attack?
1.What key trade-offs and ethical issues are associated with
the safeguarding of data and information systems?
2.Why has there been a dramatic increase in the number of
computer-related security incidents in recent years?
3.What are the most common types of computer security
attacks?
4.What are some characteristics of common computer
criminals, including their objectives, available resources,
willingness to accept risk, and frequency of attack?
Objectives…
5.What are the key elements of a multilayer
process for managing security vulnerabilities,
based on the concept of reasonable assurance?
6.What actions must be taken in response to a
security incident?
7.What is computer forensics, and what role does it
play in responding to a computer incident?
5.What are the key elements of a multilayer
process for managing security vulnerabilities,
based on the concept of reasonable assurance?
6.What actions must be taken in response to a
security incident?
7.What is computer forensics, and what role does it
play in responding to a computer incident?
Unit -03 - Outline
3.1. IT Security Incidents
3.2. Types of Exploits
3.3. Types of Perpetrators
3.4. Implementing Trustworthy Computing
3.5. Risk Assessment
3.1. IT Security Incidents
3.2. Types of Exploits
3.3. Types of Perpetrators
3.4. Implementing Trustworthy Computing
3.5. Risk Assessment
Unit -03 - Outline…
3.6. Establishing a Security Policy
3.7. Educating Employees and Contract Workers
3.7.1. Prevention
3.7.2. Detection
3.7.3. Response
Computer Forensic
3.6. Establishing a Security Policy
3.7. Educating Employees and Contract Workers
3.7.1. Prevention
3.7.2. Detection
3.7.3. Response
Computer Forensic
What Will You Do?
Unit 03 - Discussion Questions
Unit 03 - Discussion Questions
1. You are one of the top students in your university’s computer science program of
200 students. You are surprised when you are met after class by two
representatives from a federal intelligence agency. Over dinner, they talk to you
about the increasing threat of cyberterrorist attacks launched on the United States
by foreign countries and the need to counter those attacks. They offer you a
position on the agency’s supersecret cyberterrorism unit, at a starting salary 50
percent higher than you know other computer science graduates are being offered.
Your role would be to both develop and defend against new zero-day exploits that
could be used to plant malware in the software used by the government and
military computers. Would such a role be of interest to you? What questions might
you ask to determine if you would accept their offer of employment?
Unit 03- What will You Do Question?
200 students. You are surprised when you are met after class by two
representatives from a federal intelligence agency. Over dinner, they talk to you
about the increasing threat of cyberterrorist attacks launched on the United States
by foreign countries and the need to counter those attacks. They offer you a
position on the agency’s supersecret cyberterrorism unit, at a starting salary 50
percent higher than you know other computer science graduates are being offered.
Your role would be to both develop and defend against new zero-day exploits that
could be used to plant malware in the software used by the government and
military computers. Would such a role be of interest to you? What questions might
you ask to determine if you would accept their offer of employment?
Unit 03- What will You Do Question?
3. You are a member of the Human Resources Department of a
three-year-old software manufacturer that has several products and
annual revenue in excess of $500 million. You’ve just received a request
from the manager of software development to hire three notorious
crackers to probe your company’s software products in an attempt to
identify any vulnerabilities. The reasoning is that if anyone could find a
vulnerability in your software, they could. This will give your firm a head
start on developing patches to fix the problems before anyone can
exploit them. You’re not sure, and you feel uneasy about hiring people
with criminal records and connections to unsavory members of the
hacker/ cracker community. What would you do?
Unit 03- What will You Do Question?
three-year-old software manufacturer that has several products and
annual revenue in excess of $500 million. You’ve just received a request
from the manager of software development to hire three notorious
crackers to probe your company’s software products in an attempt to
identify any vulnerabilities. The reasoning is that if anyone could find a
vulnerability in your software, they could. This will give your firm a head
start on developing patches to fix the problems before anyone can
exploit them. You’re not sure, and you feel uneasy about hiring people
with criminal records and connections to unsavory members of the
hacker/ cracker community. What would you do?
Unit 03- What will You Do Question?
7. It appears that someone is using your firm’s corporate
directory—which includes job titles and email
addresses—to contact senior managers and directors via
email. The email requests that the recipient click on a URL,
which leads to a Web site that looks as if it were designed
by your Human Resources organization. Once at this
phony Web site, the employees are asked to confirm the
bank and account number to be used for electronic deposit
of their annual bonus check. You are a member of IT
security for the firm. What can you do?
Unit 03- What will You Do Question?
directory—which includes job titles and email
addresses—to contact senior managers and directors via
email. The email requests that the recipient click on a URL,
which leads to a Web site that looks as if it were designed
by your Human Resources organization. Once at this
phony Web site, the employees are asked to confirm the
bank and account number to be used for electronic deposit
of their annual bonus check. You are a member of IT
security for the firm. What can you do?
Unit 03- What will You Do Question?
IT Security
Incidents
Events and Incidents
Incidents
Events and Incidents
IT Security Incidents: A Worsening Problem
●Security of information technology is of utmost importance
○Safeguard;
■Confidential data
■Private customer and employee data
○Protect against malicious acts of theft or disruption
○Must be balanced against other business needs and
issues
●Number of IT-related security incidents is increasing
around the world
●Security of information technology is of utmost importance
○Safeguard;
■Confidential data
■Private customer and employee data
○Protect against malicious acts of theft or disruption
○Must be balanced against other business needs and
issues
●Number of IT-related security incidents is increasing
around the world
Why Computer Incidents Are So Prevalent
●Increasing complexity increases vulnerability
○Computing environment is enormously complex
■Continues to increase in complexity
■Number of entry points expands continuously
■Cloud computing and virtualization software
●Higher computer user expectations
○Computer help desks under intense pressure
■Forget to verify users’ IDs or check authorizations
●Computer users share login IDs and passwords
●Increasing complexity increases vulnerability
○Computing environment is enormously complex
■Continues to increase in complexity
■Number of entry points expands continuously
■Cloud computing and virtualization software
●Higher computer user expectations
○Computer help desks under intense pressure
■Forget to verify users’ IDs or check authorizations
●Computer users share login IDs and passwords
Why Computer Incidents Are So Prevalent…
●Expanding/changing systems equal new risks
○Network era
■Personal computers connect to networks with
millions of other computers
■All capable of sharing information
●Information technology
○Ubiquitous
○Necessary tool for organizations to achieve goals
○Increasingly difficult to match pace of technological
change
●Expanding/changing systems equal new risks
○Network era
■Personal computers connect to networks with
millions of other computers
■All capable of sharing information
●Information technology
○Ubiquitous
○Necessary tool for organizations to achieve goals
○Increasingly difficult to match pace of technological
change
Why Computer Incidents Are So Prevalent…
Increased reliance on commercial software with known vulnerabilities
●Exploit
○Attack on information system
○Takes advantage of system vulnerability
○Due to poor system design or implementation
●Patch
○“Fix” to eliminate the problem
○Users are responsible for obtaining and installing
○Delays expose users to security breaches
Increased reliance on commercial software with known vulnerabilities
●Exploit
○Attack on information system
○Takes advantage of system vulnerability
○Due to poor system design or implementation
●Patch
○“Fix” to eliminate the problem
○Users are responsible for obtaining and installing
○Delays expose users to security breaches
Why Computer Incidents Are So Prevalent…
●Zero-day attack
○Before a vulnerability is discovered or fixed
●Companies relying on commercial software
with known vulnerabilities
●Zero-day attack
○Before a vulnerability is discovered or fixed
●Companies relying on commercial software
with known vulnerabilities
IT Security Incidents: A Worsening Problem
●Computer Emergency Response Team
Coordination Center (CERT/CC)
○Charged with
■Coordinating communication among experts
during computer security emergencies
■Helping to prevent future incidents
●What about Nepal…
●Computer Emergency Response Team
Coordination Center (CERT/CC)
○Charged with
■Coordinating communication among experts
during computer security emergencies
■Helping to prevent future incidents
●What about Nepal…
Number
of
Vulnerabil
ities
Reported
to
CERT/CC
of
Vulnerabil
ities
Reported
to
CERT/CC
Types of Exploits
To Many,
Always Evolving &
Ever Growing, List Goes On.
To Many,
Always Evolving &
Ever Growing, List Goes On.
Types of Attacks
●Most frequent attack is on a networked computer from an outside
source
●Types of attacks
○Virus
○Worm
○Trojan horse
○Denial of service
○Rootkit
○Spam
○Phishing (spear-phishing, smishing, and vishing)
○…
●Most frequent attack is on a networked computer from an outside
source
●Types of attacks
○Virus
○Worm
○Trojan horse
○Denial of service
○Rootkit
○Spam
○Phishing (spear-phishing, smishing, and vishing)
○…
Viruses
●Pieces of programming code
●Usually disguised as something else
●Cause unexpected and usually undesirable
events
●Often attached to files
●Deliver a “payload”
●Pieces of programming code
●Usually disguised as something else
●Cause unexpected and usually undesirable
events
●Often attached to files
●Deliver a “payload”
Viruses…
●Spread by actions of the “infected” computer user
○Infected e-mail document attachments
○Downloads of infected programs
○Visits to infected Web sites
●Macro viruses
○Most common and easily created viruses
○Created in an application macro language
○Infect documents and templates
●Spread by actions of the “infected” computer user
○Infected e-mail document attachments
○Downloads of infected programs
○Visits to infected Web sites
●Macro viruses
○Most common and easily created viruses
○Created in an application macro language
○Infect documents and templates
Worms
●Harmful programs
○Reside in active memory of a computer
○Duplicate themselves
●Can propagate without human intervention
●Negative impact of virus or worm attack
○Lost data and programs
○Lost productivity
○Effort for IT workers
●Harmful programs
○Reside in active memory of a computer
○Duplicate themselves
●Can propagate without human intervention
●Negative impact of virus or worm attack
○Lost data and programs
○Lost productivity
○Effort for IT workers
Cost Impact of Worms
Trojan Horses
●Malicious code hidden inside seemingly
harmless programs
●Users are tricked into installing them
●Delivered via email attachment, downloaded
from a Web site, or contracted via a removable
media device
●Logic bomb
○Executes when triggered by certain event
●Malicious code hidden inside seemingly
harmless programs
●Users are tricked into installing them
●Delivered via email attachment, downloaded
from a Web site, or contracted via a removable
media device
●Logic bomb
○Executes when triggered by certain event
Denial-of-Service (DoS) Attacks
●Malicious hacker takes over computers on the Internet
and causes them to flood a target site with demands
for data and other small tasks
○The computers that are taken over are called
zombies
●Does not involve a break-in at the target computer
○Target machine is busy responding to a stream of
automated requests
○Legitimate users cannot get in
●Malicious hacker takes over computers on the Internet
and causes them to flood a target site with demands
for data and other small tasks
○The computers that are taken over are called
zombies
●Does not involve a break-in at the target computer
○Target machine is busy responding to a stream of
automated requests
○Legitimate users cannot get in
Denial-of-Service (DoS) Attacks
●Spoofing generates a false return address on
packets
●Ingress filtering - When Internet service
providers (ISPs) prevent incoming packets
with false IP addresses from being passed on
●Egress filtering - Ensuring spoofed packets
don’t leave a network
●Spoofing generates a false return address on
packets
●Ingress filtering - When Internet service
providers (ISPs) prevent incoming packets
with false IP addresses from being passed on
●Egress filtering - Ensuring spoofed packets
don’t leave a network
Rootkits
●Set of programs that enables its user to gain
administrator-level access to a computer
without the end user’s consent or knowledge
●Attacker can gain full control of the system
and even obscure the presence of the rootkit
●Fundamental problem in detecting a rootkit is
that the operating system currently running
cannot be trusted to provide valid test results
●Set of programs that enables its user to gain
administrator-level access to a computer
without the end user’s consent or knowledge
●Attacker can gain full control of the system
and even obscure the presence of the rootkit
●Fundamental problem in detecting a rootkit is
that the operating system currently running
cannot be trusted to provide valid test results
Spam
●Abuse of email systems to send unsolicited email to large
numbers of people
○Low-cost commercial advertising for questionable
products
○Method of marketing also used by many legitimate
organizations
●Completely Automated Public Turing Test to Tell Computers
and Humans Apart (CAPTCHA)
○Software generates tests that humans can pass but
computer programs cannot
●Abuse of email systems to send unsolicited email to large
numbers of people
○Low-cost commercial advertising for questionable
products
○Method of marketing also used by many legitimate
organizations
●Completely Automated Public Turing Test to Tell Computers
and Humans Apart (CAPTCHA)
○Software generates tests that humans can pass but
computer programs cannot
Phishing
●Act of using email fraudulently to try to get the recipient to
reveal personal data
●Legitimate-looking emails lead users to counterfeit Web
sites
●Spear-phishing
○Fraudulent emails to an organization’s employees
●Smishing
○Phishing via text messages
●Vishing
○Phishing via voice mail messages
●Act of using email fraudulently to try to get the recipient to
reveal personal data
●Legitimate-looking emails lead users to counterfeit Web
sites
●Spear-phishing
○Fraudulent emails to an organization’s employees
●Smishing
○Phishing via text messages
●Vishing
○Phishing via voice mail messages
Phishing
Unit 03 - Case 02
Anonymous and Social Hacktivism
Anonymous and Social Hacktivism
Unit 03 - Case 02.
Anonymous and Social Hacktivism
The popular conception of hackers is one of young men
sitting in dark basement rooms for hours upon end,
surrounded by empty takeout containers: alone and
unaffiliated. Individual hackers rarely influence history, the
actions of large corporations, or the governments of the world
unless they can somehow work together and form a
collective. The hacktivist group Anonymous seems to have
achieved this goal.
Anonymous and Social Hacktivism
The popular conception of hackers is one of young men
sitting in dark basement rooms for hours upon end,
surrounded by empty takeout containers: alone and
unaffiliated. Individual hackers rarely influence history, the
actions of large corporations, or the governments of the world
unless they can somehow work together and form a
collective. The hacktivist group Anonymous seems to have
achieved this goal.
Unit 03 - Case 02.
Anonymous and Social Hacktivism
The group’s beginnings can be traced back to 2003, when individual hackers began
posting proposals for collective action on an Internet forum called 4-chan, a simple
image-based bulletin board where anyone can post comments and share images and
one of the least regulated parts of the Internet in the early 2000s. At first, the idea was
the adoption of a decentralized online community that could act anonymously, but in a
coordinated manner. Group actions were usually aligned toward some nebulous goal,
with the primary focus being on the members’ own entertainment. For example,
Anonymous members hacked the copy-protect codes of DVDs and video games and
posted them online. This action enabled other hackers to disable the copy protection
and copy these products for free. As the movement grew, some members began to see
the potential for greater social and political activity, and social “hacktivism” was born.
Anonymous and Social Hacktivism
The group’s beginnings can be traced back to 2003, when individual hackers began
posting proposals for collective action on an Internet forum called 4-chan, a simple
image-based bulletin board where anyone can post comments and share images and
one of the least regulated parts of the Internet in the early 2000s. At first, the idea was
the adoption of a decentralized online community that could act anonymously, but in a
coordinated manner. Group actions were usually aligned toward some nebulous goal,
with the primary focus being on the members’ own entertainment. For example,
Anonymous members hacked the copy-protect codes of DVDs and video games and
posted them online. This action enabled other hackers to disable the copy protection
and copy these products for free. As the movement grew, some members began to see
the potential for greater social and political activity, and social “hacktivism” was born.
Unit 03 - Case 02.
Anonymous and Social Hacktivism
Anonymous has no leader or formal decision-making mechanism. “Anyone who
wants to can be Anonymous and work toward a set of goals...” a member of
Anonymous explained. “We have this agenda that we all agree on and we all
coordinate and act, but all act independently toward it, without any want for
recognition. We just want to get something that we feel is important done...”
Anonymous’ first move toward a political action came in the form of a distributed
denial-of-service (DDoS) attack on the Church of Scientology in 2008. The
church had made an attempt to remove an interview with Tom Cruise, a famous
church member, from the Internet. The church felt the video injured its image. It
succeeded in removing the video from YouTube and other Web sites, but
Anonymous posted the video on the Gawker Web site. The effort gave
Anonymous a sense of the power it could harness.
Anonymous and Social Hacktivism
Anonymous has no leader or formal decision-making mechanism. “Anyone who
wants to can be Anonymous and work toward a set of goals...” a member of
Anonymous explained. “We have this agenda that we all agree on and we all
coordinate and act, but all act independently toward it, without any want for
recognition. We just want to get something that we feel is important done...”
Anonymous’ first move toward a political action came in the form of a distributed
denial-of-service (DDoS) attack on the Church of Scientology in 2008. The
church had made an attempt to remove an interview with Tom Cruise, a famous
church member, from the Internet. The church felt the video injured its image. It
succeeded in removing the video from YouTube and other Web sites, but
Anonymous posted the video on the Gawker Web site. The effort gave
Anonymous a sense of the power it could harness.
Unit 03 - Case 02.
Anonymous and Social Hacktivism
As the movement grew, Anonymous expanded its targets and
attracted media attention. After the Web site WikiLeaks, which
relied on donations to support its operations, released large
collections of classified American military documents and
diplomatic cables, PayPal, MasterCard, and Bank of America
announced that they would no longer process donations to
WikiLeaks. This action threatened to put the WikiLeaks Web site
out of business. In response, Anonymous launched major DDoS
attacks on the Web sites of these financial companies.
Anonymous and Social Hacktivism
As the movement grew, Anonymous expanded its targets and
attracted media attention. After the Web site WikiLeaks, which
relied on donations to support its operations, released large
collections of classified American military documents and
diplomatic cables, PayPal, MasterCard, and Bank of America
announced that they would no longer process donations to
WikiLeaks. This action threatened to put the WikiLeaks Web site
out of business. In response, Anonymous launched major DDoS
attacks on the Web sites of these financial companies.
Unit 03 - Case 02.
Anonymous and Social Hacktivism
In 2012, Anonymous published the names and credit card information of
the subscribers to a newsletter published by the international security
think tank, Stratfor, which Anonymous viewed as a reactionary force both
online and in the real world. Stratfor customer credit cards were used to
make over $500,000 in fraudulent donations to various charities.54 Also
in 2012, Anonymous attacked the regime of Syrian president Bashar
al-Assad. In this instance, Anonymous went beyond DDoS attacks on
government sites and actually set up satellite transmission stations in all
the major cities across Syria to serve as independent media centers in
anticipation of the Syrian government’s efforts to cut off its citizens from
the Internet
Anonymous and Social Hacktivism
In 2012, Anonymous published the names and credit card information of
the subscribers to a newsletter published by the international security
think tank, Stratfor, which Anonymous viewed as a reactionary force both
online and in the real world. Stratfor customer credit cards were used to
make over $500,000 in fraudulent donations to various charities.54 Also
in 2012, Anonymous attacked the regime of Syrian president Bashar
al-Assad. In this instance, Anonymous went beyond DDoS attacks on
government sites and actually set up satellite transmission stations in all
the major cities across Syria to serve as independent media centers in
anticipation of the Syrian government’s efforts to cut off its citizens from
the Internet
Unit 03 - Case 02.
Anonymous and Social Hacktivism
In response to the suicide of Internet activist Aaron Swartz in early
2013, Anonymous briefly corrupted the Web site of the U.S.
Sentencing Commission and threatened to release sensitive
information concerning the U.S. Department of Justice.
Anonymous blamed the justice system for Swartz’s suicide,
claiming that prosecutors were pursuing “highly disproportionate
sentencing” in cases against some of its members and others, like
Swartz, who championed open access to online documents.
Swartz was facing federal charges that he stole millions of online
documents and could have served up to 35 years in prison.
Anonymous and Social Hacktivism
In response to the suicide of Internet activist Aaron Swartz in early
2013, Anonymous briefly corrupted the Web site of the U.S.
Sentencing Commission and threatened to release sensitive
information concerning the U.S. Department of Justice.
Anonymous blamed the justice system for Swartz’s suicide,
claiming that prosecutors were pursuing “highly disproportionate
sentencing” in cases against some of its members and others, like
Swartz, who championed open access to online documents.
Swartz was facing federal charges that he stole millions of online
documents and could have served up to 35 years in prison.
Unit 03 - Case 02.
Anonymous and Social Hacktivism
The group’s strategy of using DDoS attacks and publishing personal information is
illegal and has exposed numerous members of the collective to police inquiry and
legal problems. The Interpol international policing body has been particularly active
in its pursuit of Anonymous members. In early 2012, as part of Interpol’s efforts, 25
Anonymous members were arrested in four different countries.57 Furthermore, an
influential member of the collective, known online as “Sabu,” was recently outed as
an FBI informant. After participating in the Stratfor hack, Sabu gave information to
the FBI leading to the arrest of several Anonymous senior members.58 However,
after the revelation that one of their own had cooperated with the FBI’s efforts
against the group, one member posted the following: “Don’t you get it by now?
#Anonymous is an idea. #Anonymous is a movement. It will keep growing,
adapting and evolving, no matter what.”?
Anonymous and Social Hacktivism
The group’s strategy of using DDoS attacks and publishing personal information is
illegal and has exposed numerous members of the collective to police inquiry and
legal problems. The Interpol international policing body has been particularly active
in its pursuit of Anonymous members. In early 2012, as part of Interpol’s efforts, 25
Anonymous members were arrested in four different countries.57 Furthermore, an
influential member of the collective, known online as “Sabu,” was recently outed as
an FBI informant. After participating in the Stratfor hack, Sabu gave information to
the FBI leading to the arrest of several Anonymous senior members.58 However,
after the revelation that one of their own had cooperated with the FBI’s efforts
against the group, one member posted the following: “Don’t you get it by now?
#Anonymous is an idea. #Anonymous is a movement. It will keep growing,
adapting and evolving, no matter what.”?
Unit 03 - Case 02.
Anonymous and Social Hacktivism
Discussion Questions
1.If you had an opportunity to join Anonymous, would you? Why, or why
not?
2.Would you say that Anonymous’ actions in support of WikiLeaks were
legal? Were these actions ethical? What about their actions to set up
satellite transmission stations across Syria?
3.How serious of a threat does Anonymous pose to organizational and
government Web sites?
Anonymous and Social Hacktivism
Discussion Questions
1.If you had an opportunity to join Anonymous, would you? Why, or why
not?
2.Would you say that Anonymous’ actions in support of WikiLeaks were
legal? Were these actions ethical? What about their actions to set up
satellite transmission stations across Syria?
3.How serious of a threat does Anonymous pose to organizational and
government Web sites?
Types of
Perpetrators
To Be or Not To Be
Criminal / Ethical
Perpetrators
To Be or Not To Be
Criminal / Ethical
Perpetrators
●Motives are the same as other criminals
●Perpetrators include:
○Thrill seekers wanting a challenge
○Common criminals looking for financial
gain
○Industrial spies trying to gain an advantage
○Terrorists seeking to cause destruction
●Motives are the same as other criminals
●Perpetrators include:
○Thrill seekers wanting a challenge
○Common criminals looking for financial
gain
○Industrial spies trying to gain an advantage
○Terrorists seeking to cause destruction
Perpetrators
●Different objectives and access to varying
resources
●Different levels of risk to accomplish an
objective
●Different objectives and access to varying
resources
●Different levels of risk to accomplish an
objective
Classifying Perpetrators of Computer Crime
Classifying Perpetrators of Computer Crime
Classifying Perpetrators of Computer Crime
Hackers and Crackers
●Hackers
○Test limitations of systems out of intellectual
curiosity
■Some smart and talented
■Others inept; termed “lamers” or “script kiddies”
●Crackers
○Cracking is a form of hacking
○Clearly criminal activity
●Hackers
○Test limitations of systems out of intellectual
curiosity
■Some smart and talented
■Others inept; termed “lamers” or “script kiddies”
●Crackers
○Cracking is a form of hacking
○Clearly criminal activity
Malicious Insiders
●Major security concern for companies
●Estimated 85 percent of all fraud is committed
by employees
●Fraud within an organization is usually due to
weaknesses in internal control procedures
●Collusion
○Cooperation between an employee and an
outsider
●Major security concern for companies
●Estimated 85 percent of all fraud is committed
by employees
●Fraud within an organization is usually due to
weaknesses in internal control procedures
●Collusion
○Cooperation between an employee and an
outsider
Malicious Insiders
●Insiders are not necessarily employees
○Can also be consultants and contractors
●Extremely difficult to detect or stop
○Authorized to access the very systems
they abuse
●Negligent insiders have potential to cause
damage
●Insiders are not necessarily employees
○Can also be consultants and contractors
●Extremely difficult to detect or stop
○Authorized to access the very systems
they abuse
●Negligent insiders have potential to cause
damage
Industrial Spies
●Use illegal means to obtain trade secrets from competitors
●Trade secrets are protected by the Economic Espionage Act
of 1996
●Competitive intelligence
○Uses legal techniques
○Gathers information available to the public
●Industrial espionage
○Uses illegal means
○Obtains information not available to the public
●Use illegal means to obtain trade secrets from competitors
●Trade secrets are protected by the Economic Espionage Act
of 1996
●Competitive intelligence
○Uses legal techniques
○Gathers information available to the public
●Industrial espionage
○Uses illegal means
○Obtains information not available to the public
Cybercriminals
●Hack into corporate computers and steal
●Engage in all forms of computer fraud
●Chargebacks are disputed transactions
●Loss of customer trust has more impact than fraud
●To reduce the potential for online credit card fraud:
○Use encryption technology
○Verify the address submitted online against the issuing
bank
○Request a card verification value (CVV)
○Use transaction-risk scoring software
●Hack into corporate computers and steal
●Engage in all forms of computer fraud
●Chargebacks are disputed transactions
●Loss of customer trust has more impact than fraud
●To reduce the potential for online credit card fraud:
○Use encryption technology
○Verify the address submitted online against the issuing
bank
○Request a card verification value (CVV)
○Use transaction-risk scoring software
Cybercriminals…
●Smart cards
○Contain a memory chip
○Are updated with encrypted data every time
the card is used
●Smart cards
○Contain a memory chip
○Are updated with encrypted data every time
the card is used
Hacktivists and Cyberterrorists
●Hacktivism
○Hacking to achieve a political or social goal
●Cyberterrorist
○Attacks computers or networks in an attempt to
intimidate or coerce a government in order to
advance certain political or social objectives
○Seeks to cause harm rather than gather information
○Uses techniques that destroy or disrupt services
●Hacktivism
○Hacking to achieve a political or social goal
●Cyberterrorist
○Attacks computers or networks in an attempt to
intimidate or coerce a government in order to
advance certain political or social objectives
○Seeks to cause harm rather than gather information
○Uses techniques that destroy or disrupt services
US Federal Laws for Prosecuting Computer
Attacks
Attacks
Nepal Laws for Prosecuting Computer Attacks
●The Electronic Transactions Act 2063 (ETA ) to
regulate cybercrimes. Section 47 of the Act is the most
used section to prevent cybercrime in Nepal. This
section stipulates that if a person publishes or displays
material against morals, etiquette, hatred, or malice on
a computer, internet, and other electronic media, the
culprit can be punished with a fine of 1 lakh rupees or
imprisonment for up to 5 years or both.
●The Electronic Transactions Act 2063 (ETA ) to
regulate cybercrimes. Section 47 of the Act is the most
used section to prevent cybercrime in Nepal. This
section stipulates that if a person publishes or displays
material against morals, etiquette, hatred, or malice on
a computer, internet, and other electronic media, the
culprit can be punished with a fine of 1 lakh rupees or
imprisonment for up to 5 years or both.
Nepal Laws for Prosecuting Computer Attacks
●Section 48 of the Act is also used customarily, which stipulates that
if any person who has access to any record, book, register,
correspondence, information, documents or any other material
under the authority conferred under this Act or Rules framed
hereunder divulges or causes to divulge confidentiality of such
record, books, registers, correspondence, information, documents
or materials to any unauthorized person, he/she shall be liable to
the punishment with a fine not exceeding Ten Thousand Rupees
or with imprisonment not exceeding two years or with both,
depending on the degree of the offense.
●Section 48 of the Act is also used customarily, which stipulates that
if any person who has access to any record, book, register,
correspondence, information, documents or any other material
under the authority conferred under this Act or Rules framed
hereunder divulges or causes to divulge confidentiality of such
record, books, registers, correspondence, information, documents
or materials to any unauthorized person, he/she shall be liable to
the punishment with a fine not exceeding Ten Thousand Rupees
or with imprisonment not exceeding two years or with both,
depending on the degree of the offense.
Law of Nepal relating to pirating, destroying, or
altering computer source data?
●As per the ETA, 2063 (section 44), if any person,
knowingly or with malafide intention, pirates, destroys,
alters computer sources code to be used for any
computer, computer programmer, computer system or
computer network or cause, other to do so, he/she
shall be liable to the punishment with imprisonment not
exceeding three years or with a fine not exceeding two
hundred thousand Rupees or with both.
altering computer source data?
●As per the ETA, 2063 (section 44), if any person,
knowingly or with malafide intention, pirates, destroys,
alters computer sources code to be used for any
computer, computer programmer, computer system or
computer network or cause, other to do so, he/she
shall be liable to the punishment with imprisonment not
exceeding three years or with a fine not exceeding two
hundred thousand Rupees or with both.
Unauthorized access to computer materials, a
cybercrime
●Unauthorized Access is an offense punishable by law. If any
person to have access to any program, information, or data of any
computer, uses such a computer without authorization of the
owner of or the person responsible for such a computer or even in
the case of authorization, performs any act to have access in any
program, information or data contrary to from such authorization,
such a person shall be liable to the punishment with the fine not
exceeding Two Hundred thousand rupees or with imprisonment
not exceeding three years or with both depending on the
seriousness of the offense.[Section 45, ETA 2063]
cybercrime
●Unauthorized Access is an offense punishable by law. If any
person to have access to any program, information, or data of any
computer, uses such a computer without authorization of the
owner of or the person responsible for such a computer or even in
the case of authorization, performs any act to have access in any
program, information or data contrary to from such authorization,
such a person shall be liable to the punishment with the fine not
exceeding Two Hundred thousand rupees or with imprisonment
not exceeding three years or with both depending on the
seriousness of the offense.[Section 45, ETA 2063]
Provisions regarding damage to any computer
and information system
●If any person knowingly and with a mala fide intention to
cause wrongful loss or damage to any institution destroys,
damages, deletes, alters, disrupts any information of any
computer source by any means or diminishes value and
utility of such information or affects it injuriously or causes
any person to carry out such an act, such a person shall be
liable to the punishment with the fine, not exceeding two
thousand Rupees and with imprisonment not exceeding
three years or with both.[Section 46, ETA 2063]
and information system
●If any person knowingly and with a mala fide intention to
cause wrongful loss or damage to any institution destroys,
damages, deletes, alters, disrupts any information of any
computer source by any means or diminishes value and
utility of such information or affects it injuriously or causes
any person to carry out such an act, such a person shall be
liable to the punishment with the fine, not exceeding two
thousand Rupees and with imprisonment not exceeding
three years or with both.[Section 46, ETA 2063]
Publication of illegal materials in electronic
form
●If any person publishes or displays any material in electronic
media including computer, internet which is prohibited to publish or
display by the prevailing law or which may be contrary to public
morality or decent behavior or any type of material that may
spread hate or jealousy against anyone or which may jeopardize
the harmonious relations subsisting among the peoples of various
castes, tribes and communities shall be liable to the punishment
with the fine not exceeding One Hundred Thousand Rupees or
with the imprisonment not exceeding five years or with
both.[Section 47, ETA 2063]
form
●If any person publishes or displays any material in electronic
media including computer, internet which is prohibited to publish or
display by the prevailing law or which may be contrary to public
morality or decent behavior or any type of material that may
spread hate or jealousy against anyone or which may jeopardize
the harmonious relations subsisting among the peoples of various
castes, tribes and communities shall be liable to the punishment
with the fine not exceeding One Hundred Thousand Rupees or
with the imprisonment not exceeding five years or with
both.[Section 47, ETA 2063]
Provisions of the law of Nepal regarding
computer fraud
●If any person, intending to commit any fraud or any other illegal
act, creates, publishes, or otherwise provides a digital signature
certificate or acquires benefit from the payment of any bill, the
balance amount of any one's account, any inventory or ATM card
in connivance of or otherwise by committing any fraud, amount of
the financial benefit so acquired shall be recovered from the
offender and be given to the person concerned and such an
offender shall be liable to the punishment with a fine not exceeding
one hundred thousand Rupees or with imprisonment not
exceeding two years or with both.[Section 52, ETA2063]
computer fraud
●If any person, intending to commit any fraud or any other illegal
act, creates, publishes, or otherwise provides a digital signature
certificate or acquires benefit from the payment of any bill, the
balance amount of any one's account, any inventory or ATM card
in connivance of or otherwise by committing any fraud, amount of
the financial benefit so acquired shall be recovered from the
offender and be given to the person concerned and such an
offender shall be liable to the punishment with a fine not exceeding
one hundred thousand Rupees or with imprisonment not
exceeding two years or with both.[Section 52, ETA2063]
Person who abets others to commit a
computer-related offense
●If any person abuts another to commit an offense
relating to computer under ETA Act or who attempts or
is involved in a conspiracy to commit such an offense
shall be liable to the punishment of a fine not
exceeding fifty thousand Rupees or imprisonment not
exceeding six months or with both, depending on the
degree of the offense.[Section 53, ETA 2063]
computer-related offense
●If any person abuts another to commit an offense
relating to computer under ETA Act or who attempts or
is involved in a conspiracy to commit such an offense
shall be liable to the punishment of a fine not
exceeding fifty thousand Rupees or imprisonment not
exceeding six months or with both, depending on the
degree of the offense.[Section 53, ETA 2063]
Punishment for an offence committed outside
Nepal
●If any person commits any act which constitutes
an offense under ETA Act and which involves the
computer, computer system, or computer network
system located in Nepal, even though such an act
is committed while residing outside Nepal, a case
may be filed against such a person and shall be
punished accordingly. [Section 55, ETA 2063]
Nepal
●If any person commits any act which constitutes
an offense under ETA Act and which involves the
computer, computer system, or computer network
system located in Nepal, even though such an act
is committed while residing outside Nepal, a case
may be filed against such a person and shall be
punished accordingly. [Section 55, ETA 2063]
Implementing
Trustworthy
Computing
Trust & Worthy
Trustworthy
Computing
Trust & Worthy
Implementing Trustworthy Computing
●Delivers
secure, private,
and reliable
computing
●Based on
sound business
practices
●Delivers
secure, private,
and reliable
computing
●Based on
sound business
practices
Implementing Trustworthy Computing
●Security of any system or network
○Combination of technology, policy, and people
○Requires a wide range of activities to be effective
●Systems must be monitored to detect possible
intrusion
●Clear reaction plan addresses:
○Notification, evidence protection, activity log
maintenance, containment, eradication, and
recovery
●Security of any system or network
○Combination of technology, policy, and people
○Requires a wide range of activities to be effective
●Systems must be monitored to detect possible
intrusion
●Clear reaction plan addresses:
○Notification, evidence protection, activity log
maintenance, containment, eradication, and
recovery
Risk Assessment
Assess the Risk in Advance
Assess the Risk in Advance
Risk Assessment
●Process of assessing security-related risks:
○To an organization’s computers and
networks
○From both internal and external threats
●Identifies investments that best protect from
most likely and serious threats
●Focuses security efforts on areas of highest
payoff
●Process of assessing security-related risks:
○To an organization’s computers and
networks
○From both internal and external threats
●Identifies investments that best protect from
most likely and serious threats
●Focuses security efforts on areas of highest
payoff
Risk Assessment…
Eight-step risk assessment process
●#1 Identify assets of most concern
●#2 Identify loss events that could occur
●#3 Assess likelihood of each potential threat
●#4 Determine the impact of each threat
●#5 Determine how each threat could be mitigated
●#6 Assess feasibility of mitigation options
●#7 Perform cost-benefit analysis
●#8 Decide which countermeasures to implement
Eight-step risk assessment process
●#1 Identify assets of most concern
●#2 Identify loss events that could occur
●#3 Assess likelihood of each potential threat
●#4 Determine the impact of each threat
●#5 Determine how each threat could be mitigated
●#6 Assess feasibility of mitigation options
●#7 Perform cost-benefit analysis
●#8 Decide which countermeasures to implement
Risk Assessment…
Risk Assessment…
Establishing a
Security Policy
Policy and Practice in Place
Security Policy
Policy and Practice in Place
Establishing a Security Policy
●A security policy defines:
○Organization’s security requirements
○Controls and sanctions needed to meet the
requirements
●Delineates responsibilities and expected behavior
●Outlines what needs to be done
○Not how to do it
●Automated system policies should mirror written
policies
●A security policy defines:
○Organization’s security requirements
○Controls and sanctions needed to meet the
requirements
●Delineates responsibilities and expected behavior
●Outlines what needs to be done
○Not how to do it
●Automated system policies should mirror written
policies
Establishing a Security Policy…
●Trade-off between:
○Ease of use
○Increased security
●Areas of concern
○Email attachments
○Wireless devices
●VPN uses the Internet to relay communications but
maintains privacy through security features
●Additional security includes encrypting originating and
receiving network addresses
●Trade-off between:
○Ease of use
○Increased security
●Areas of concern
○Email attachments
○Wireless devices
●VPN uses the Internet to relay communications but
maintains privacy through security features
●Additional security includes encrypting originating and
receiving network addresses
Educating
Employees and
Contract Workers
Educate and Empower
Employees and
Contract Workers
Educate and Empower
Educating Employees, Contractors, and
Part-Time Workers
●Educate and motivate users to understand and follow policy
●Discuss recent security incidents
●Help protect information systems by:
○Guarding passwords
○Not allowing sharing of passwords
○Applying strict access controls to protect data
○Reporting all unusual activity
○Protecting portable computing and data storage devices
Part-Time Workers
●Educate and motivate users to understand and follow policy
●Discuss recent security incidents
●Help protect information systems by:
○Guarding passwords
○Not allowing sharing of passwords
○Applying strict access controls to protect data
○Reporting all unusual activity
○Protecting portable computing and data storage devices
Prevention
Prevention is @gain the
Best Policy
Prevention is @gain the
Best Policy
Prevention
●Implement a layered security solution
○Make computer break-ins harder
●Installing a corporate firewall
○Limits network access
●Intrusion prevention systems
○Block viruses, malformed packets, and other threats
●Installing antivirus software
○Scans for sequence of bytes or virus signature
○United States Computer Emergency Readiness Team
(US-CERT) serves as clearinghouse
●Implement a layered security solution
○Make computer break-ins harder
●Installing a corporate firewall
○Limits network access
●Intrusion prevention systems
○Block viruses, malformed packets, and other threats
●Installing antivirus software
○Scans for sequence of bytes or virus signature
○United States Computer Emergency Readiness Team
(US-CERT) serves as clearinghouse
Prevention…
Prevention…
Prevention….
●Safeguards against attacks by malicious insiders
●Departing employees and contractors
○Promptly delete computer accounts, login IDs,
and passwords
●Carefully define employee roles and separate key
responsibilities
●Create roles and user accounts to limit authority
●Safeguards against attacks by malicious insiders
●Departing employees and contractors
○Promptly delete computer accounts, login IDs,
and passwords
●Carefully define employee roles and separate key
responsibilities
●Create roles and user accounts to limit authority
Prevention…
●Defending against cyberterrorism
○Department of Homeland Security and its National Cyber
Security Division (NCSD) is a resource
■Builds and maintains a national security cyberspace
response system
■Implements a cyber-risk management program for
protection of critical infrastructure, including banking
and finance, water, government operations, and
emergency services
●How about Nepal?
●Defending against cyberterrorism
○Department of Homeland Security and its National Cyber
Security Division (NCSD) is a resource
■Builds and maintains a national security cyberspace
response system
■Implements a cyber-risk management program for
protection of critical infrastructure, including banking
and finance, water, government operations, and
emergency services
●How about Nepal?
Prevention…
●Conduct periodic IT security audits
○Evaluate policies and whether they are
followed
○Review access and levels of authority
○Test system safeguards
○Information Protection Assessment kit is
available from the Computer Security
Institute
●Conduct periodic IT security audits
○Evaluate policies and whether they are
followed
○Review access and levels of authority
○Test system safeguards
○Information Protection Assessment kit is
available from the Computer Security
Institute
Detection
Detect if can’t Prevent
Detect if can’t Prevent
Detection
●Detection systems
○Catch intruders in the act
●Intrusion detection system
○Monitors system/network resources and activities
○Notifies the proper authority when it identifies:
■Possible intrusions from outside the organization
■Misuse from within the organization
○Knowledge-based approach
○Behavior-based approach
●Detection systems
○Catch intruders in the act
●Intrusion detection system
○Monitors system/network resources and activities
○Notifies the proper authority when it identifies:
■Possible intrusions from outside the organization
■Misuse from within the organization
○Knowledge-based approach
○Behavior-based approach
Response
If you Detect,
Response,
React
If you Detect,
Response,
React
Response
●Response plan
○Develop well in advance of any incident
○Approved by:
■Legal department
■Senior management
●Primary goals
○Regain control and limit damage
○Not to monitor or catch an intruder
●Only 56% have response plan
●Response plan
○Develop well in advance of any incident
○Approved by:
■Legal department
■Senior management
●Primary goals
○Regain control and limit damage
○Not to monitor or catch an intruder
●Only 56% have response plan
Response…
●Incident notification defines:
○Who to notify
○Who not to notify
●Security experts recommend against releasing specific
information about a security compromise in public forums
●Document all details of a security incident
○All system events
○Specific actions taken
○All external conversations
●Incident notification defines:
○Who to notify
○Who not to notify
●Security experts recommend against releasing specific
information about a security compromise in public forums
●Document all details of a security incident
○All system events
○Specific actions taken
○All external conversations
Response…
●Act quickly to contain an attack
●Eradication effort
○Collect and log all possible criminal evidence
○Verify necessary backups are current and complete
○Create new backups
●Follow-up
○Determine how security was compromised
■Prevent it from happening again
●Act quickly to contain an attack
●Eradication effort
○Collect and log all possible criminal evidence
○Verify necessary backups are current and complete
○Create new backups
●Follow-up
○Determine how security was compromised
■Prevent it from happening again
Response…
●Review
○Determine exactly what happened
○Evaluate how the organization responded
●Weigh carefully the amount of effort required to
capture the perpetrator
●Consider the potential for negative publicity
●Legal precedent
○Hold organizations accountable for their own IT
security weaknesses
●Review
○Determine exactly what happened
○Evaluate how the organization responded
●Weigh carefully the amount of effort required to
capture the perpetrator
●Consider the potential for negative publicity
●Legal precedent
○Hold organizations accountable for their own IT
security weaknesses
Computer Forensic
F1
It Helps!
F1
It Helps!
Computer Forensics
●Combines elements of law and computer
science to identify, collect, examine, and
preserve data and preserve its integrity so it is
admissible as evidence
●Computer forensics investigation requires
extensive training and certification and
knowledge of laws that apply to gathering of
criminal evidence
●Combines elements of law and computer
science to identify, collect, examine, and
preserve data and preserve its integrity so it is
admissible as evidence
●Computer forensics investigation requires
extensive training and certification and
knowledge of laws that apply to gathering of
criminal evidence
So the
Summary
Summary
Summary
●Ethical decisions in determining which information systems
and data most need protection
●Most common computer exploits
○Viruses
○Worms
○Trojan horses
○Distributed denial-of-service attacks
○Rootkits
○Spam
○Phishing, spear-fishing, smishing, vishing
●Ethical decisions in determining which information systems
and data most need protection
●Most common computer exploits
○Viruses
○Worms
○Trojan horses
○Distributed denial-of-service attacks
○Rootkits
○Spam
○Phishing, spear-fishing, smishing, vishing
Summary…
●Perpetrators include:
○Hackers
○Crackers
○Malicious insider
○Industrial spies
○Cybercriminals
○Hacktivist
○Cyberterrorists
●Perpetrators include:
○Hackers
○Crackers
○Malicious insider
○Industrial spies
○Cybercriminals
○Hacktivist
○Cyberterrorists
Summary…
●Must implement multilayer process for managing security
vulnerabilities, including:
○Assessment of threats
○Identifying actions to address vulnerabilities
●User education
●IT must lead the effort to implement:
○Security policies and procedures
○Hardware and software to prevent security breaches
●Computer forensics is key to fighting computer crime in a
court of law
●Must implement multilayer process for managing security
vulnerabilities, including:
○Assessment of threats
○Identifying actions to address vulnerabilities
●User education
●IT must lead the effort to implement:
○Security policies and procedures
○Hardware and software to prevent security breaches
●Computer forensics is key to fighting computer crime in a
court of law
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 140
- Slides 97
- Favorites 1
- Age 586 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
33 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
36 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
33 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views