Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tomorrow’s Technology and You 9/e Chapter 10 Online Outlaws: Computer Crime Computers are used to break laws as well as to uphold them. Computer crime.

Similar presentations


Presentation on theme: "Tomorrow’s Technology and You 9/e Chapter 10 Online Outlaws: Computer Crime Computers are used to break laws as well as to uphold them. Computer crime."— Presentation transcript:

1 Tomorrow’s Technology and You 9/e Chapter 10 Online Outlaws: Computer Crime Computers are used to break laws as well as to uphold them. Computer crime involves: Theft by computer Software piracy Software sabotage Hacking and electronic trespassing Computer forensics experts use special software to scan criminal suspects for digital “fingerprints.” Slide 1 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

2  The digital dossier  Computer crime is any crime accomplished through knowledge or use of computer technology.  Cyberstalking is similar to stalking, but the domain is digital.  Businesses and government institutions lose billions of dollars every year to computer criminals.  The majority of crimes are committed by company insiders.  These crimes are typically covered up or not reported to authorities to avoid embarrassment. Slide 2 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

3  Theft by computer: from property theft to identity theft  Theft is the most common form of computer crime.  Computers are used to steal:  Money  Goods  Information  Computer resources Slide 3 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

4 Common types of computer crime: Spoofing: the use of a computer (or other technology for stealing passwords E-mail or phone call: “Hi, I’m a technician for your ISP. There is a problem with the network and we need your password to solve the problem”. Identity theft: the use of computers and other tools to steal whole identities – Involves social engineering: slang for the use of deception to get individuals to reveal sensitive information – In 2009, 10 million people in the U.S. had their identities stolen. © 2009 Prentice-Hall, Inc.Slide 4

5 Phishing: users “fish” for sensitive information under false pretenses – Usually e-mails – Attempt to impersonate genuine organizations, such as banks, to fool the user into providing sensitive personal data – Normally are very official looking – The link the e-mail contains is operated by criminals and not your financial (or other) institution – Often performed to commit identity theft Related scams are smishing and vishing which use text messages or telephone calls to commit phishing attacks © 2009 Prentice-Hall, Inc.Slide 5

6 Pharming (DNS Poisoning): used by phishers to direct users to a fake web site when entering the URL of a genuine site – Criminals replace the real URL with the URL of their fake site to steal your information – Pharming is effective – the fake web site even shows the correct domain name in the browser address bar Online fraud: – 87% related to online auctions – Average cost per victim: $600 © 2009 Prentice-Hall, Inc.Slide 6

7 Protect yourself from identity theft:  Make all your online purchases using a credit card.  Get a separate credit card with a low credit limit for your online transactions  Make sure a secure Web site is managing your transaction.  Don’t disclose personal information over the phone.  Don’t give Social Security or driver’s license numbers over the phone; don’t print it on checks; and use encryption when sending it in email.  Shred or burn sensitive mail before you recycle it. Slide 7 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

8  Keep your wallet thin  Copy your cards  Make photocopies of your cards, front and back, in case they are stolen  Look over your bills and statements promptly  Remember: No reputable organization will ever request personal information in an e-mail or a phone call. Your bank does not need your password to access your account.  Report identity theft promptly Slide 8 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

9 Hacking © 2009 Prentice-Hall, Inc.Slide 9 Also referred to as cracking Refers to gaining unauthorized access to computer systems Exploits weaknesses in target system’s security Once access is gained information will often be stolen Personal data, credit card number, passwords Hackers use a variety of tools to gain access to a system Social engineering is the easiest Tricks a person into revealing their password or other sensitive data Watches person over their shoulder as they type Calling companies IT department and impersonates genuine user pretending to have forgotten their password Use of Phishing

10 © 2009 Prentice-Hall, Inc.Slide 10 Software tools Packet sniffers gather unencrypted data as it travels over the Internet Keyloggers capture every keystroke typed by users Password crackers guess passwords Dictionary attack tries every word in a list of known English words (or words in another language) Brute force try every combination of characters until the correct password is guessed Takes years to guess passwords for long passwords

11 Slide 11 EXAMPLES In 2008 US Republican candidate Sarah Palin’s webmail was compromised by hackers. The attack was relatively simple: the attackers used the password reset mechanism of her email account and, when asked for her personal details, they used details freely available on the Internet. This enabled the attackers to reset Palin’s password and leak her emails onto the Internet. In 2009 a web hosting company lost the web sites of 100,000 customers after its servers were attacked. The company had updated its software with the latest security patches but the attackers targeted a newly reported, and unfixed vulnerability – a so called zero day exploit. The attackers deleted large amounts of data from the servers. Many of the customers had signed up for hosting without backup facilities, meaning they were unable to retrieve their data. Information Technology in a Global Society, Stuart Gray, 2011

12 Software sabotage: viruses and other malware  Sabotage of software can include:  Malware: malicious software  Trojan horse: performs a useful task while also being secretly destructive  Examples: logic and time bombs  Virus: spreads by making copies of itself from program to program or disk to disk  Examples: macro viruses and email viruses  Worms: Spread without any user interaction.  Examples: Opening worm infected e-mail attachements will spread the worm through the network or automatically forward itself to people in the user’s e-mail address book. Slide 12 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

13 How a Worm Works Slide 13 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

14 © 2009 Prentice-Hall, Inc.Slide 14 McAfee Global Virus Map Virus Hoaxes Virus Info Glossary Anti-Virus Tips

15  Antivirus programs are designed to search for viruses, notify users when they’re found, and remove them from infected disks or files.  Antivirus programs continually monitor system activity, watching for and reporting suspicious virus-like actions.  Programs need to be frequently revised to combat new viruses as they appear.  Most can automatically download new virus- fighting code from the Web as new virus strains appear.  It can take several days for companies to develop and distribute patches for new viruses. Slide 15 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

16  Spyware is technology that collects information from computer users without their knowledge or consent.  Also called: tracking software  Information is gathered and shared with others via Internet.  Your keystrokes could be monitored.  Web sites you visit are recorded.  Snapshots of your screen are taken.  Spyware can cause pop-ups appearing on your screen.  91% of PC users have spyware on their computers.  In drive-by downloads, just visiting a Web site can cause a download. Slide 16 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

17  Zombie computers–Internet connected computers that have been hijacked using viruses to perform malicious acts without the knowledge of the owners and users.  Malware infects computers with a “backdoor” which allows them to be controlled by an unauthorized user  Criminals control hundreds or even thousands of zombies at once to form “Botnets” which are groups of computers under their control  Send out spam or phishing e-mails or distribute further malicious software  DOS (denial of service) attacks bombard servers and Web sites with traffic that shuts down networks.  DDOS (Distributed denial of service) attacks use many computers (botnets) to attack a system.  Drive-by downloads - programs which are downloaded or installed automatically, without the user’s consent, when they visit a web page. Typically used either to infect a system with malware or to make money by tricking the user into buying security software they don’t need. They sometimes use false error messages to trick the user into thinking they have a virus. Slide 17 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

18  Depending on the security system, you might be granted access to a computer based on:  Something you have – A key, an ID card with a photo, or a smart card containing digitally encoded identification in a built-in memory chip (RFID)  Something you know – A password, an ID number, a lock combination, or a piece of personal history, such as your mother’s maiden name  Something you do – Your signature or your typing speed and error patterns  Something about you – A voice print, fingerprint, retinal scan, facial feature scan, or other measurement of individual body characteristics—collectively called biometrics Slide 18 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

19  Passwords and access privileges  Passwords are the most common tool for restricting access to a computer system.  Effective passwords:  Use more than 12 characters  Use upper-case and lower-case letters, numbers, and symbols  Use different passwords for each system to limit problems if one password is compromised  Avoid using real words, names or dates  You should:  Never write down passwords – use a password vault with a strong password to store passwords  Change your passwords frequently Slide 19 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall

20  Firewalls, encryption  These security systems reduce or prohibit the interception of messages between computers.  A firewall is hardware or software that determines which data is allowed to enter and leave a network. Firewalls help secure a computer by preventing network access from external unauthorized users.  Encryption is where codes protect transmitted information and a recipient needs a special key to decode the message. When sensitive data, such as credit card numbers, are sent over the Internet they are encrypted. Slide 20 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall


Download ppt "Tomorrow’s Technology and You 9/e Chapter 10 Online Outlaws: Computer Crime Computers are used to break laws as well as to uphold them. Computer crime."

Similar presentations


Ads by Google