1. Crime Chapter 5

2. Hacking – some definitions Hacker Trophy hacking Phone phreaking Cracker White-hat hackers & black-hat hackers Script kiddies Sniffers Social engineering

3. Hacking Cases 1970s – John Draper (“Captain Crunch”) Kevin Mitnick http://www.readwriteweb.com/archives/is_atts_denial_of_service_to_hacker_justifi.php http://www.readwriteweb.com/archives/is_atts_denial_of_service_to_hacker_justifi.php April 27, 1987 – “Captain Midnight” Good Evening HBO from Captain Midnight. $12.95 a month? No way! (Show- time/Movie Channel, Beware!) Late 1980s – “Fry Guy” Russian man & Citicorp 1991 – “Michelangelo” virus Viruses, time bombs, logic bombs Gambling web site Air traffic controllers in England 1999 – “Melissa” virus 2000 – The “Love Bug” or “ILOVEYOU” virus

4. Whose Laws Rule the Web? ILOVEYOU virus infected millions of computers worldwide, destroying files, collecting passwords, and shutting down computer systems at major corporations and government agencies this was the one written by a student from the Phillippines – charges were dropped because they had no laws against releasing a virus at the time … what should happen to him if he were to travel to the U.S., Canada, France, Germany, or any other country where the virus did damage? Other cases in the book… pages 293-294

5. Hacking Cases 2000 – Mafiaboy Denial of service attack (DoS); distributed denial of service attack (DDoS); Trojan Horses 10.10.08 PCWorld article: http://www.pcworld.com/businesscenter/article/152176/mafiaboy_grows_up_ a_hacker_seeks_redemption.html http://www.pcworld.com/businesscenter/article/152176/mafiaboy_grows_up_ a_hacker_seeks_redemption.html 2001 – Hacktivism 2001 – “Code Red” worm worm 2003 – “Sapphire” worm or “Slammer” 2003 – “Blaster” worm 2004 – “Sasser” worm 2001 – “Choke” & “Hello” worms 2008 – Sarah Palin’s email hacked http://news.yahoo.com/s/ap/20081008/ap_on_el_pr/palin_hacked http://news.yahoo.com/s/ap/20081008/ap_on_el_pr/palin_hacked 2009 – credit cards breached http://www.bankrate.com/blogs/credit- cards/3-charged-for-card-breach.aspxhttp://www.bankrate.com/blogs/credit- cards/3-charged-for-card-breach.aspx

6. Firewalls Windows Firewall – Start, Control Panel, Security MacOS – System Preferences, Personal Security 3 rd Party Firewalls Zone Alarm (free version – http://www.zonelabs.com)http://www.zonelabs.com PC Magazine page with more info: http://www.pcmag.com/category2/0,2806,4722,00.asp http://www.pcmag.com/category2/0,2806,4722,00.asp Top 5: http://www.all-internet-security.com/top_10_firewall_software.html http://www.all-internet-security.com/top_10_firewall_software.html

7. First Amendment Software is a form of speech. The First Amendment does not protect some kinds of speech, such as inciting a riot. Should virus software on the Web be protected under the First Amendment or should it be considered in the same class as that of inciting a riot?

8. Virus Code Online The families of two hospital patients that died as the result of a virus in a hospital computer are suing each of the people listed below and urging the government to bring criminal charges for negligence against each of them: 1. A student in a course on computer security at a small college who posted a copy of the virus program on the class Web site, with a discussion of how it works. 2. The student who activated the virus and released it onto the Internet. 3. The president of the college. 4. The president of the college’s ISP. 5. The director of the hospital whose computer system the virus infected, causing the patient medical records to be unavailable for a full day, resulting in the deaths of the two patients.

9. Identity Theft Stolen credit/debit card numbers to purchase things with or to sell SSN numbers used to open new accounts Take out loans in someone else’s name Raid the victim’s bank account Pass bad checks

10. Methods of Identity Theft Phishing http://www.sonicwall.com/phishing/http://www.sonicwall.com/phishing/ Vishing Pharming Whaling Resumes online SSNs Dumpster diving Mailbox theft Pretexting Shoulder surfing

11. Methods of Identity Theft Social networking sites Filesharing and peer-to-peer software Bogus job offers Fake sweepstakes or lotteries Hacking Lost or stolen property Workers in your home Changing your address Copying information from a transaction Credit reports RFID readers

12. How the Victim is Affected May result in monetary losses Anguish, disruption of his or her life Legal fees Loss of a good credit rating Be prevented from borrowing money or cashing checks Lose a job Unable to rent an apartment Sued by creditors to whom the criminal owes money And… the authorities are slow to act on your behalf

13. How To Protect Yourself Don’t carry checkbook, SSN card, or all your credit cards with you all the time Keep your SSN private Shred your credit card offers, etc. Use updated anti-spyware/anti-theft software on your computer Never give out personal info over the phone Monitor your credit reports Be careful of using your credit cards in restaurants

14. If You Think You’ve Been a Victim of Identity Theft: 1. Police report 2. Fraud alert 3. Credit freeze

15. What Are Your Rights? Truth in Lending – Federal law passed in 1968 that protects consumers in credit transactions by requiring clear disclosure of key terms of the lending agreement and all costs Fair Credit Reporting Act – originally passed in 1970; enforced by the FTC - regulates the collection, dissemination, and use of consumer information. Fair Credit Billing Act – an amendment to the Truth In Lending Act, passed in 1986, to protect consumers from unfair billing practices and to provide a mechanism for dealing with billing errors; applies to “open end” credit accounts, such as credit cards and other revolving charge accounts. Examples of errors and other info: http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre16.shtm http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre16.shtm

16. The Credit Card Act of 2009 The latest update of the Truth In Lending Act to protect consumers from abusive tactics used by credit card companies: 1. 45 day advance notice of change in rates or late fees 2. No more retroactive interest rate hikes 3. No more raising interest rates based on other, unrelated cards or utility bills 4. Payment due dates must be at least 21 days after mailing of bill 5. Extra payment above minimum due must be applied to higher rate balances 6. Must “opt-in” to over-the-limit fees; plus other fee restrictions 7. Must disclose to consumers how long it will take to pay off; also payments for paying off within 12, 24, or 36 months 8. Restricts card issuance to students 9. Gift card protections

17. Establishing Good Credit College students are (used to be) targets Checking account Department store cards Prepaid cards Co-signer on applications http://www.annualcreditreport.com http://www.myfico.com

18. Crime Fighting vs Privacy & Civil Liberties 4 th Amendment requires that search warrants be specific about what is to be searched or seized … so what happens when authorities are searching a computer for one thing and finds other illegal activities, or illegal activities by other people who use that same computer? http://www.post-gazette.com/pg/07016/754173-28.stm http://www.law.com/jsp/article.jsp?id=1202433381364 … or when a computer technician is servicing someone’s computer and finds what he believes is illegal material on the person’s computer – see if you can find out whatever happened in the Washington State vs Westbrook case, where this happened and the technician reported it to authorities http://w2.eff.org/Privacy/westbrook_brief_final.pdf