Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 6 Cybercrimes. Spam Good marketing points? Cheap Highly effective PgP BUSA331 Chapter 82.

Similar presentations


Presentation on theme: "Chapter 6 Cybercrimes. Spam Good marketing points? Cheap Highly effective PgP BUSA331 Chapter 82."— Presentation transcript:

1 Chapter 6 Cybercrimes

2 Spam Good marketing points? Cheap Highly effective PgP BUSA331 Chapter 82

3 Spam Bad points? Makes up 90% of U.S. e-mail! PgP BUSA3313

4 Spam Avoidance Never reply Do not put email address on web site Use alias email address in newsgroups Do not readily give out email address Use spam filter Never buy from spam PgP BUSA3314

5 CAN-SPAM Controlling Assault of Non-Solicited Pornography and Marketing Act Does not ban sending spam Due to 1st Amendment, free speech Some states have more restrictive laws PgP BUSA3315

6 CAN-SPAM Requires Accurate email headers, valid return address Opt-out procedures Why not opt-in? Clear notice of opt-out Compliance with opt-out within 10 days Label commercial email as solicitation Sender’s valid physical address Warning labels on sexually oriented material PgP BUSA3316

7 CAN-SPAM Prohibits Misleading subject lines Email address harvesting PgP BUSA3317

8 CAN-SPAM Enforcement FTC AGs (Attorneys General) ISPs No private right of action PgP BUSA3318

9 CAN-SPAM Prosecutions Illinois, Florida, New York, California Bottom line-has done little to impede the spam onslaught PgP BUSA3319

10 State SPAM Laws Patchwork, non uniform Jurisdictional questions Opt-in requirements Limited by first amendment issues PgP BUSA33110

11 Foreign SPAM Laws Main issue is enforcement PgP BUSA33111

12 Fighting SPAM FTC-Federal Trade Commission, truth in advertising laws Trademark infringement RICO-Racketeer Influenced and Corrupt Organizations Act Computer Fraud and Abuse Act, unauthorized computer use to get email addresses PgP BUSA33112

13 Murking Bills vs Laws PgP BUSA33113

14 Mail Bombs Excessive email to overload server storage Denial of service attack PgP BUSA33114

15 Permission Based Marketing Legal, because requested Opt-in RSS feed sign up… PgP BUSA33115

16 Chapter 9 Social Engineering and Identity Theft

17 Ultimate Goal Steal Passwords, Personally Identifiable Information- Your ‘Identity’ In order to profit Internet enables this without physical contact PgP BUSA33117

18 Email Spoofing Forge email header Appears email came from other than true sender Why spoof? Avoid identification under spam laws Hide identity, avoid liability for illegal activity Download Trojans to control computers Obtain confidential information PgP BUSA33118

19 Phishing Use of official looking emails to trick people into revealing Usernames Passwords Other Personally Identifiable Information Result- loss of confidence in web transactions PgP BUSA33119

20 Ice Phishing? No, but there is… Personalized Phishing-target victim by name, already have some info, hoping to get more Spear Phishing-Pose as high level executive, demand info Effective against soldiers Whaling-Target high level executives Lesson-think twice before clicking IM or email hyperlink! PgP BUSA33120

21 Pharming Similar to phishing Use web sites to obtain personal info DNS exploits PgP BUSA33121

22 Identity Theft Goal-obtain key personal info Falsely obtain goods & services Sources Database cracking Social engineering Pretexting Survey Results-large $ loss But credit cards safer on web PgP BUSA33122

23 Social Security Numbers de facto national identifier Key to a person’s identity SSNs can be found online in government records PgP BUSA33123

24 Personal Information Safeguard Dumpster diving Shred your garbage? Be mindful of https Review credit reports Do not reveal SSN unless a must Wary of giving personal info Overwrite old hard drives Copy machine hard drives? PgP BUSA33124

25 Identity Theft Penalty Enhancement Act Sounds good-mandatory jail time for possessing identity info with intent of committing crime Real issue-hold info handlers accountable for data they collect PgP BUSA33125

26 CAAS? Have you heard of Software as a Service-SAAS? A hot new trend in technology How about CAAS? Crimeware as a Service Criminals Never Stop Innovating PgP BUSA33126

27 Chapter 10 Cybercrimes Using Technology

28 Targets Computers (like yours!) Internet Connection PgP BUSA33128

29 Terminology Beware-cybercrime terms (trojan, virus, malware…) often used interchangeably, but they are different PgP BUSA33129

30 Computer Cybercrime-Cookie Poisoning Cookies-data to enhance web browsing experience Cookie downside-tracking Cookie poisoning-attacker modifies cookie For protection, encrypt cookies Cookie Background at GRC PgP BUSA33130

31 Computer Cybercrime- Spyware Tracks and forwards data without user consent Uses computer for malicious purposes Also slows performance, crashes computer FTC investigates, has prosecuted under federal computer privacy laws Sears has used spyware on customers-oops Steal user stock account login Sell portfolio Manipulate stocks using account Avoid public computers, change passwords often PgP BUSA33131

32 Computer Cybercrime-Drive- by Download Program download without consent Viewing web site or email Similar to spyware Form of computer trespass Avoid by using security software PgP BUSA33132

33 Computer Cybercrime- Malware Virus-copies itself, infects computer Worm-self replicating virus Trojan horse-malicious program within harmless program, like spyware-non-self-replicating Used to take control PgP BUSA33133

34 Internet Connection Cybercrime-Wardriving Using Wi-Fi laptop to map Wireless Access Points Subsequent use of Internet connection is telecommunications theft. PgP BUSA33134

35 Internet Connection Cybercrime-Piggy-backing Using wireless internet connection without permission State laws vary Countries vary PgP BUSA33135

36 Internet Connection Cybercrime-Issues Others use your internet connection to commit cybercrimes Downloading child pornography Is a business liable for the unauthorized use of their unsecured wireless internet connection to commit a crime? Courts not yet involved Solution-secure / encrypt wireless access! PgP BUSA33136

37 What’s Next? Electromagnetic Keyboard Sniffing Steal computer keypress/keystrokes from 65 feet away wirelessly! http://en.wikipedia.org/wiki/Keystroke_logging#Electro magnetic_emissions http://en.wikipedia.org/wiki/Keystroke_logging#Electro magnetic_emissions PgP BUSA33137

38 Chapter 11 Cybercrimes and Individuals

39 Mule Scam Victim/mule (usually unknowingly) helps launder stolen online funds Uses mule’s PayPal account to transfer defrauded victim’s funds, Mule paid commission from % of defrauded victim’s funds Defrauded victim contacts mule seeking funds back eBay will require mule to pay innocent defrauded victim PgP BUSA331

40 Cyberstalking Using email, IM, blog… to harass victim Also incite others against victim Can be combined with real world stalking PgP BUSA331

41 Corporate Cyberstalking Corporation stalking ex customer or ex employee Or vice versa, but less likely PgP BUSA331

42 Cyberstalking Law No federal law State law varies Harassment vs stalking Harassment barred by 41 states PgP BUSA331

43 Federal Statutes-Securities Spam, message boards and chat rooms used to hype stocks, trying to manipulate prices Also violate state securities laws SEC estimates 100 million stock spam messages per week IPO quiet time (90 day) can be violated by blog or tweet PgP BUSA331

44 USA PATRIOT Act Rushed response to 9/11 attacks Amended many federal statutes Civil liberty protections suffered Lessened standard for government to intercept electronic messages Broad reach, beyond terrorists PgP BUSA331

45 USA PATRIOT Act Subpoena of bank account and credit card numbers from ISPs Request ISP to release customer info voluntarily Danger in government labeling someone terrorist Expansive search warrant powers Secret ‘National Security Letters’ without court order! Declared unconstitutional in 2004 FBI eavesdrops on computer traffic PgP BUSA331

46 Online Gambling Est 2006 revenue-$12 billion Est 2010 revenue-$25 billion-half from U.S. State regulated Internet issues- may be legal in other locations, but not where bet is placed Eight states outlaw online gambling British online gambling execs arrested on U.S. soil PgP BUSA331

47 Gambling Types Casino Sports PgP BUSA331

48 International Level No agreement, legal is some countries Countries complain about U.S. WTO declares U.S. out of compliance Either let citizens gamble online Or total ban (including lottery tickets) PgP BUSA331

49 Wire Wager Act of 1961 Prohibits use of wire transmission in interstate or foreign commerce of bets, wagers, information on them Government must prove Engaged in gambling Interstate transmission of bets… Used wire communication facility Acted knowingly PgP BUSA331

50 Unlawful Internet Gambling Enforcement Act-2006 Congress goes after money, not gamblers Illegal to process gambling payments But U.S. gamblers may use off-shore payment processors PgP BUSA331

51 Virtual Crime Online multiplayer environments Habbo Second Life Virtual goods, so virtual or actual theft? Physical coercion to obtain virtual artifacts Second Life does $1Million/day of commerce! Will only get worse… PgP BUSA331


Download ppt "Chapter 6 Cybercrimes. Spam Good marketing points? Cheap Highly effective PgP BUSA331 Chapter 82."

Similar presentations


Ads by Google