Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Overview of Cybercrime CJ341 – Cyberlaw & Cybercrime.

Published byGodwin Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Overview of Cybercrime CJ341 – Cyberlaw & Cybercrime."— Presentation transcript:

1 1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Overview of Cybercrime CJ341 – Cyberlaw & Cybercrime Lecture #2 M. E. Kabay, PhD, CISSP-ISSMP D. J. Blythe, JD School of Business & Management

2 2 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Topics  Computers and Crime  Fundamentals of IA  Computers and Crime  Terminology  Criminal Hacker Propaganda

3 3 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Computers and Crime (1)  Computers can play three roles in crime  Target  Tool  Repository of evidence  Information assurance attempts to reduce vulnerabilities of systems to attacks  Secure design and programming try to reduce vulnerabilities of code to misuse  Cyberforensics provide methods for securing evidence from computers and networks

4 4 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Computers and Crime (2)  Computer crime always is directed against a computer – everything else is computer-related crime  Computers as the victim or target  Theft (as a byproduct of an attack against a computer)  Vandalism  Denial of service  Malware targets: viruses, worms, Trojans  Computers as tools  Fraud  Identity theft  Industrial espionage  Information warfare  Computers as repositories of evidence  Logs  Journals  Documents Michigan v Miller (see later in notes)

5 5 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Fundamentals of IA: What are We Protecting?  The Classic Triad  The Parkerian Hexad  Confidentiality  Possession Confidentiality & Possession Losses  Integrity  Authenticity Integrity & Authenticity Losses  Availability  Utility Availability & Utility Losses

6 6 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. The Classic Triad C – I – A

7 7 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. The Parkerian Hexad Protect the 6 atomic elements of INFOSEC:  Confidentiality  Possession or control  Integrity  Authenticity  Availability  Utility

8 8 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Why “Parkerian?”

9 9 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Confidentiality Restricting access to data  Protecting against unauthorized disclosure of existence of data  E.g., allowing industrial spy to deduce nature of clientele by looking at directory names  Protecting against unauthorized disclosure of details of data  E.g., allowing 13-yr old girl to examine HIV+ records in Florida clinic

10 10 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Possession Control over information  Preventing physical contact with data  E.g., case of thief who recorded ATM PINs by radio (but never looked at them)  Preventing copying or unauthorized use of intellectual property  E.g., violations by software pirates

11 11 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Confidentiality & Possession Losses  Locating  Disclosing  Observing, monitoring, and acquiring  Copying  Taking or controlling  Claiming ownership or custodianship  Inferring  Exposing to all of the other losses  Endangering by exposing to any of the other losses  Failure to engage in or to allow any of the other losses to occur when instructed to do so

12 12 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Integrity Internal consistency, validity, fitness for use  Avoiding physical corruption  E.g., database pointers trashed or data garbled  Avoiding logical corruption  E.g., inconsistencies between order header total sale & sum of costs of details

13 13 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Authenticity Correspondence to intended meaning  Avoiding nonsense  E.g., part number field actually contains cost  Avoiding fraud  E.g., sender’s name on e-mail is changed to someone else’s

14 14 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Integrity & Authenticity Losses  Insertion, use, or production of false or unacceptable data  Modification, replacement, removal, appending, aggregating, separating, or reordering  Misrepresentation  Repudiation (rejecting as untrue)  Misuse or failure to use as required

15 15 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Availability Timely access to data  Avoid delays  E.g., prevent system crashes & arrange for recovery plans  Denial-of-service (DoS) attacks can be ruinous  High-volume commercial sites can lose $M  Avoid inconvenience  E.g., prevent mislabeling of files

16 16 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Utility Usefulness for specific purposes  Avoid conversion to less useful form  E.g., replacing dollar amounts by foreign currency equivalent  Prevent impenetrable coding  E.g., employee encrypts source code and "forgets" decryption key

17 17 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Availability & Utility Losses  Destruction, damage, or contamination  Denial, prolongation, acceleration, or delay in use or acquisition  Movement or misplacement  Conversion or obscuration

18 18 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Michigan v. Miller (2001)*  Michigan housewife Sharee Miller  Pathological liar, schemer, sociopath  Met Missouri man Jerry Cassaday in Internet chat room  Miller concocted tales of abuse by her husband  Met and had sex with Cassaday  Told him she was carrying his child  But actually had tubal ligation  Claimed husband Bruce was in organized crime (really ran salvage yard)  Cassaday killed Bruce Miller with a shotgun.  Miller dropped Cassaday after murder  Cassaday shot himself  Left logs of e-mails and IM http://tinyurl.com/3avorf

19 19 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Michigan v. Miller* (cont’d) “Michigan vs Miller is a classic murder triangle that was planned over the Internet. The news media at the time was claiming that this was the first prosecution where the Internet was key in the planning of a murder.... The case itself was made from a briefcase left behind by a jilted lover, an ex homicide detective, who committed suicide. Jerry Cassaday had driven to Michigan and killed Bruce Miller, Sharee Miller’s husband. Computer Forensics played a major part in building the history of the seduction and validating evidence left by Jerry Cassaday. Prosecutors clearly state that without the computer forensic evidence, no prosecution would have been possible. Sharee Miller [went to] prison for Conspiracy to Commit First Degree Murder – Life Sentence and Second Degree Murder – 54-82 years....” _____ * http://www.secureworldexpo.com/events/conference-details.php?cid=446http://www.secureworldexpo.com/events/conference-details.php?cid=446 Also http://www.examiner.com/list/sharee-miller-where-she-is-now-timelinehttp://www.examiner.com/list/sharee-miller-where-she-is-now-timeline

20 20 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Terminology and References  CJ341 materials  http://www.mekabay.com/courses/academic/norwich/cj341/index.htm http://www.mekabay.com/courses/academic/norwich/cj341/index.htm  Learn basic terms: see Glossary and texts  Glossary available online http://www.mekabay.com/overviews/glossary.htm http://www.mekabay.com/overviews/glossary.pdf  Other reference materials  http://www.mekabay.com/overviews/index.htm http://www.mekabay.com/overviews/index.htm  http://www.mekabay.com/methodology/index.htm http://www.mekabay.com/methodology/index.htm  Department of Justice Cybercrime site  http://www.justice.gov/criminal/cybercrime/ http://www.justice.gov/criminal/cybercrime/  Constantly updated list of press releases and documents about computer-related crime

21 21 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Criminal Hacker Propaganda 1.“I don’t know why you system guys are getting your shorts in a knot: we’re just looking around – we’re not doing any harm.” – Eric Corley ~1996 at a panel discussion organized by the NCSA 2.“Breaking into your systems is doing you a favor by showing you your vulnerabilities so you can fix them.” 3.“Vandalizing Web sites / writing viruses / creating denial-of-service attacks improves security by forcing manufacturers to improve their products.” 4.“Information wants to be free.”

22 22 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Propaganda from IP Thieves 1.“Everyone’s doing it.” 2.“We won’t get caught.” 3.“It’s the music / software industry’s fault: if they don’t want theft, they should charge less.” 4.“It’s the producers’ fault: if they don’t want theft, they should make it technically impossible.” 5.“It doesn’t hurt anyone.” 6.“It only hurts a company — I wouldn’t steal it from an individual.” 7.“The music industry is violating the rights of the musicians, so breaching copyright is a Good Thing.” 8.“Our theft is helping the software / music industry increase their sales.” 9.“No software / music / art should ever be copyrighted — it should always be free.” 10.“But I need it and I don’t want to pay for it.”

23 23 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. IS340 Class Notes about Computer Crime IS340 Lectures http://www.mekabay.com/courses/academic/norwich/is340/is340_lectures/index.htm or http://tinyurl.com/340-LECTURES http://www.mekabay.com/courses/academic/norwich/is340/is340_lectures/index.htm http://tinyurl.com/340-LECTURES  CSH5 Ch 2 History of Computer Crime  CSH5 Ch 14 Information Warfare  CSH5 Ch 15 Penetrating Computer Systems and Networks  CSH5 Ch 16 Malicious Code  CSH5 Ch 17 Mobile Code  CSH5 Ch 18 Denial-of-service Attacks  CSH5 Ch 19 Social Engineering and Low-Tech Attacks  CSH5 Ch 20 Spam, Phishing and Trojans CSH5 = Bosworth, Kabay & Whyne. Computer Security Handbook, 5 th edition. Wiley, 2009.

24 24 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Now go and study

Download ppt "1 Copyright © 2013 M. E. Kabay, D. J. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Overview of Cybercrime CJ341 – Cyberlaw & Cybercrime."

Similar presentations

1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.

1-1/29 Copyright © 2006 M. E. Kabay. All rights reserved. 08:15-09:00 INFORMATION WARFARE Part 1: Fundamentals Advanced Course in Engineering 2006 Cyber.
Application Design (2) Database – IS 240 Lecture #23 – 2004-04-15 M. E. Kabay, PhD, CISSP Dept of Computer Information Systems Norwich University

Application Design (2) Database – IS 240 Lecture #23 – M. E. Kabay, PhD, CISSP Dept of Computer Information Systems Norwich University
Managing Multi-User Databases (3) IS 240 – Database Management Lecture #20 2004-04-27 Prof. M. E. Kabay, PhD, CISSP Norwich University

Managing Multi-User Databases (3) IS 240 – Database Management Lecture # Prof. M. E. Kabay, PhD, CISSP Norwich University
Copyright © 2003 M. E. Kabay. All rights reserved.

Copyright © 2003 M. E. Kabay. All rights reserved.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Chapter 15 Security Bernard Chen Spring 2007. Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.

Chapter 15 Security Bernard Chen Spring Protection vs. Security Protection (Ch.14) deals with internal problem Security (Ch. 15) Deals with external.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Computer Crime The Internet has opened the door to new kinds of crime and new ways of carrying out traditional crimes. Computer crime is any act that violates.

Computer Crime The Internet has opened the door to new kinds of crime and new ways of carrying out traditional crimes. Computer crime is any act that violates.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
1 Copyright © 2013 M. E. Kabay, D. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Introduction to Intellectual Property Law CJ341 – Cyberlaw.

1 Copyright © 2013 M. E. Kabay, D. Blythe, J. Tower-Pierce & P. R. Stephenson. All rights reserved. Introduction to Intellectual Property Law CJ341 – Cyberlaw.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google