Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crime and Cyber-crime Pieter Hartel. Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape,

Published byJustice Trafford Modified over 9 years ago

Similar presentations

Presentation on theme: "Crime and Cyber-crime Pieter Hartel. Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape,"— Presentation transcript:

1 Crime and Cyber-crime Pieter Hartel

2 Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape, assault, murder, suicide) »property (e.g. fraud, arson, theft, vandalism) »the state (e.g. riot, treason, sabotage, terrorism) »morality (e.g. gambling, drugs, obscenity) Disorder is broader than crime, e.g. »Littering, graffiti, loitering, etc. [Wil98] J. Q. Wilson and R. J. Herrnstein. Crime & Human Nature: The Definitive Study of the Causes of Crime. Free Press, Jan 1998.

3 Cyber-crime Science 3 Example

4 Cyber-crime Science 4 Cyber-crime Crime where computers are used as a tool, target or place: »Computer assisted crime (e.g. Advance fee fraud) »Computer integrity crime (e.g. DDoS attack) »Computer content crime (e.g. Software piracy) [New09] G. R. Newman. Cybercrime. In M. D. Krohn, et al, editors, Handbook on Crime and Deviance. Springer, Nov 2009. http://dx.doi.org/10.1007/978-1-4419-0245-0_25http://dx.doi.org/10.1007/978-1-4419-0245-0_25

5 Technology and crime Cyber-crime Science 5 Which of these are “virtual”? Which of these promote anonymity? TechnologyProblemSolutionWhen Sailing shipsPrivateeringTreaties1856 Paper moneyCounterfeitingLaws, Technology 17th 20th RevolverGenocide?? CarsTheftLocks20th PhoneNuisance callsCaller-ID20th InternetFraud, Theft??

6 Cyber space vs “meat” space “virtual” but that’s nothing new (why?) More easily automated (why?) Harder to police (why?) Cyber-crime Science 6

7 7 Some examples

8 Cyber-crime Science 8 Computer assisted crime Murder »13-year old US girl bullied into suicide in 2006 »3-month old Korean child dies from neglect in 2010 Extortion »Virginia DHP ransom demand 10 M $ in 2009 »BetCris hacker sentenced to 8 years in 2006 »(New business http://www.prolexic.com/ )http://www.prolexic.com/

9 Cyber-crime Science 9 Computer integrity crime Distributed denial of service (DDoS) »Estonian Cyber war in 2007 »Operation Payback end 2010 – mid 2011 Hacking »Comcast hackers sentenced to 18 months in 2008 »Sarah Palin email hacker sentenced to 1 year in 2010

10 Cyber-crime Science 10 Computer content crime Piracy »Pirate Bay four sentenced to 1 year in 2009 »US Software pirate sentenced to 2 years in 2011 Data base theft »Sony Play station network hack in 2011 exposed 77M accounts, cost 171M$ »Sonypictures.com exposed 1M passwords »TJX Hacker sentenced to 20 years in 2011

11 Cyber-crime Science 11 Certificate Signed binding of a public key and an identity

12 Cyber-crime Science 12 How does a certificate work? Server 1.Generates key pair and keeps private key secret 2.Sends public key to CA 7.Encrypt message with private key CA 3. CA signs & publishes public key User 4. Obtain certificate 5. Check CA signature 6. Check revocation list 8. Decrypt message with public key 9. User “knows” that it is talking to the server. Operation Black Tulip http://www.youtube.com/watch?v=wZsWoSxxwVYhttp://www.youtube.com/watch?v=wZsWoSxxwVY

13 Cyber-crime Science 13 Certificate fraud 2001 Verisign »Offender claimed to be from Microsoft »2 rogue certificates »Discovered by Verisign 2011 DigiNotar »Offender(s) hacked the server, No anti virus and weak passwords »Hundreds of rogue certificates »Discovered by Iranian Gmail user 2011 Comodo

14 Cyber-crime Science 14 Additional problems DigiNotar had been hacked before (2009) Microsoft delayed patches for NL by week to prevent blackout No backup certificates There are hundreds of companies like Diginotar False certificates still accepted by older browsers that have not been patched...

15 Cyber-crime Science 15 Differences Old Crime »Serial »Labour intensive »Local »Geographical place Cyber-crime » Can be Simultaneous » Can be automated » Global » Effort? » Requires conversion to meat space

16 Cyber-crime Science 16 Similarities Most Cyber-crime a variant of old crime »Advance fee fraud via email vs letters »Click fraud vs Replying to junk mail with bricks Technology used for new crime before »Printing press for counterfeiting »Telegraph for books by Charles Dickens

17 Social cost cyber crime Estimate (B$)Year Anti-virus3.42012 Patching12010 ISP clean-up0.042010 User clean-up102012 Defence firms102010 Law enforcement0.42010 Cyber-crime Science 17 [And12] R. Anderson, C. Barton, R. Böhme, R. Clayton, M. J. G. van Eeten, M. Levi, T. Moore, and S. Savage. Measuring the cost of cybercrime. In 11th Workshop on the Economics of Information Security (WEIS), Berlin, Germany, Jun 2012. http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf

18 Cyber-crime Science 18 Cyber-crime triangle A motivated offender “attacks” a suitable target in the absence of a capable guardian: »Attacks via vulnerabilities of the users »Attacks via vulnerabilities of the systems »Propagating attacks »Exploiting attacks

19 Cyber-crime Science 19 Attack vulnerable user Social engineer a user »2001 SPAM with AnnaKournikova.jpg.vbs »Phishing (More later) Hacking into server »Password cracker »Intelligence from OSN as in the Palin email hack

20 Cyber-crime Science 20 Attack vulnerable system Exploit known vulnerability and install malware on a client »Trojan like Zeus for key logging »Physical access via USB sticks and autorun Find & exploit vulnerable system »Vulnerability scanner like Acunetix »SQL injection

21 Cyber-crime Science 21 Propagating attacks Change the web site on the server »Create a drive by download to infect a client Create a botnet out of infected clients to: »Send spam »Perpetrate a DDoS attack »Evade detection

22 Cyber-crime Science 22 Exploiting attacks Carding »CC theft (skimming, hacking) »trade (forum) »cashing (online auctions, counterfeit cards at ATM) Online banking fraud »Credential theft (phishing) »trade (forum) »Cashing (money mules) Cyber crime needs meat space…

23 Cyber-crime Science 23 Cloud service comparison Bredolab »From Aug 2009 to Nov 2010 »Armenian botnet herder arrested »143 command and control servers run by Leaseweb »Estimated 30 million zombies »Estimated earnings 1.6M$ (5 c/server) Amazon EC2 in 2009 »Estimated 40,000 »Estimated earnings 220M$ (5500 $/server)

24 Cyber-crime Science 24 Conclusions Increasing specialisation of offenders Increasing sophistication of the tools Key crime opportunities: social engineering, vulnerable systems, and software issues Motive is now mostly money How to prevent all this?

Download ppt "Crime and Cyber-crime Pieter Hartel. Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape,"

Similar presentations

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.

HQ in Israel Threat research, security operations center 24/7. In-depth understanding and insight into how cyber crime works. Over 10 million online identities.
Cyber-crime Science Pieter Hartel. The Course Goals »Study cybercrime from a social perspective Organisation »Teams of three »Do an experiment »Write.

Cyber-crime Science Pieter Hartel. The Course Goals »Study cybercrime from a social perspective Organisation »Teams of three »Do an experiment »Write.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Breaking Trust On The Internet

Breaking Trust On The Internet
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.

Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Internet Security Awareness Presenter: Royce Wilkerson.

Internet Security Awareness Presenter: Royce Wilkerson.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.
Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.

Australian High Tech Crime Centre What is cybercrime & trends Monday 5 November 2007.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
Cyber Crime Carloe Distor CCS1D. Agenda  Introduction & History  Cyber Criminals  Types of Cyber Crime  Cyber Crime in Pakistan  Protect Computers.

Cyber Crime Carloe Distor CCS1D. Agenda  Introduction & History  Cyber Criminals  Types of Cyber Crime  Cyber Crime in Pakistan  Protect Computers.
Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer
Discovering Computers 2010

Discovering Computers 2010
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

Similar presentations

Ads by Google