Download presentation
Presentation is loading. Please wait.
1
Presented By: Matthew Sulkosky Kyle Adamski
Crime Presented By: Matthew Sulkosky Kyle Adamski
2
Road Map Hacking Identity Theft and Credit-Card Fraud
Scams and Forgery Crime Fighting vs. Privacy Laws of the Web Case Study 1 : Credit Card Processor Case Study 2 : Symantec Road Map
3
Hacking Three Phases Phase 1: 1960’s to 1970’s
Phase 3: 1990’s to present First games and OS Highschool / college students Hacking
4
Hacking Phase 1 Creative programmers writing elegant code
“good hack” = Clever piece of code Motivation by the knowledge, challenge, and thrill of Hacking. Hacking Phase 1
5
Hacking became known as breaking into computers without proper access
Rise in Pranks, Thefts, phone phreaking Techniques used: Social Engineering, sniffers, worms Compromised one million password 1994 80/90 – significant threats and fraud “Legion of Doom” Hacker / cracker distinction 1988 Worm Hacking Phase 2
6
Hacking Phase 3 More sophisticated attacks
Criminal gangs – expanding accessible info Hacking for political motives increase Attackers younger and younger, script kiddies Melissa Virus / ILOVEYOU Virus DOS Attacks DDOS Zombies Botnets Emergence of “Script Kiddies” Hacking Phase 3
7
The more that is connected, the more is at risk Terroristic Hacking will increase
Future of Hacking
8
Hacktivism/Political Hacking
Hacktivism: Use of Hacking to promote a political cause. Is it right or wrong? Legitimate form of civil disobedience? Hacktivism/Political Hacking
9
Computer Related Laws The CFAA USA PATRIOT ACT
Areas which federal government has jurisdiction Addresses altering, damaging, or interference with authorized use of computers USA PATRIOT ACT Expands CFAA Increased penalties Computer Related Laws
10
Catching Hackers Honey pots, fake web sites that attract hackers
Computer Forensics Undercover Hackers Hackers often do not hide Computer forensics ISP records Logs of routers Catching Hackers
11
Penalties of Being a Hacker
Light Sentences for young hackers Deterrence Method Not over punished for pranks Goal not to turn young hackers into hardened criminals Young hackers not mature Not overreact or overpunish Generally more pranks, trespass and vandalism Balance between deterrence and not overpunish Penalties of Being a Hacker
12
Security before 2000’s Before 2000’s Open Access No real Security
Easy to Break into D.O.D had 500,000 attacks, 65% were successful Open Access Not designed for security No passwords Universities and businesses weak Easy to invade govt and military Slow to catch up to risk Security before 2000’s
13
Security early 2000’s Vast Improvement
Firewalls, passwords, and encryption Jobs created just for security purposes Intrusion detection Security policies – passwords Monitor outgoing traffic Encryption / antivirus Security early 2000’s
14
People in Charge of Security
System Administrators Sellers of consumer products Individual computer owners People in Charge of Security
15
Identity Theft and Credit-Card Fraud
16
The act of using an unknowing innocent person’s identity.
Everything is stored electronically Our Identities have become a series of numbers Identity Theft
17
Types of Attacks Phishing Vishing (Social Engineering) Pharming
Hacking Fake Job Boards Malware Skimmers Sending millions of s fishing for information to use to impersonate someone and steal money and goods PayPal / eBay big targets Be careful of clicking on unsolicited Voice phishing – using a phone number to get information from people Pharming Lure people to fake websites where thieves collect personal data Planting false internet addresses in tables on a DNS Less common, difficult to do Types of Attacks
18
Reduce Damage of Identity Theft
Congress established a law in 1998 to make it a Federal crime to use another person’s Identification with intent to commit a felony Government started to provide more assistance to Identity theft victims Reduce Damage of Identity Theft
19
Identity Theft Prevention
Website and authentication Caution when s request information Geographic location of Websites Filters??? Identity Theft Prevention
20
Business’s Responsibilities to Consumers
Protect Consumer Data Authenticating customers Payment for Damages? Tradeoff between security and convenience Stealing cards from mail Advances over years E-commerce easier to steal card numbers Encryption / secure servers Dumpster Diving Banks print only last four digits on receipts Skimmers Recording devices inside card readers in stores, gas stations, and restaurants. Collect debit numbers and PINS Credit Card systems Software to detect unusual activity Paypal Buy from strangers using third party, not giving them credit card Responses to Identity Theft Business’s Responsibilities to Consumers
21
Biometrics Biometrics are characteristics unique to individuals
Finger Prints, Voice, Face Structure, eye patterns, DNA, etc. Biometrics
22
Common Applications of Biometrics
Security Using fingerprints to logon to a computer or enter a restricted area Eye scanner used when applying for ID’s Common Applications of Biometrics
23
Ways Around Biometrics
Killing someone and taking their finger Contact lenses for eye scanner Hacks to obtain biometric files Easier to prevent, worse when occurs.. cannot change biometrics Ways Around Biometrics
24
Scams and Forgeries
25
Types of Scams Traditional Scams Fake Donation Web sites Auction Fraud
Click Fraud Stock Fraud Digital Forgery Traditional Scams (Pyramid Schemes, Chain Letters, Sales of Counterfeit Luxury Goods, Phony Investments) Types of Scams
26
Auction Fraud Don’t send the goods Sell bad goods
Selling illegal items Shill bidding Shill bidding (bidding on goods to raise the price) Auction Fraud
27
Prevention Measures for Auction Fraud
Reviews of buyers/sellers Accounts Require Credit Cards Rules/User agreements Third party like paypal holds payment until both sides have items Prevention Measures for Auction Fraud
28
Click Fraud What is Click Fraud? Website Hosts and Competitors
Prevention Methods (Technique of filtering out multiple clicks from one source) Click Fraud Websites ads pay per click Competitor repeatedly clicks on its rival’s ad. Using up rival’s advertising budget People who host ads on their sites click on them repeatedly to increase fee Solutions Filter out numerous clicks Click fraud monitoring services Click Fraud
29
Stock Fraud What is Stock Fraud?
Example 1: The first minor charged security fraud Example 2: A Russian man, Hacking, and Stock fraud Stock Fraud Fake recommendations Easy to spread rumors on stocks across web Stock advice websites Stock Fraud
30
Digital Forgery Fake checks, currency, passports, visas etc Defenses
Technical tricks Education Change laws Microprinting paper with watermarks Digital Forgery
31
Crime Fighting vs. Privacy and Civil Liberties
32
Search and Seizure of Computers
Fourth amendment Range of a Search Warrant, and interpretation of “plain view” Does an Automated search require a warrant? Search warrants “plain view” Crawl through chatrooms looking for suspicious activities Is there a difference? Ethical? Privacy? Software a lot more efficient and accurate Virus Scanned a computer looking for child pornography and ed authorities if found Search and Seizure of Computers
33
Venue Dilemma Where did the crime occur? Who has jurisdiction?
When a cyber crime crosses borders, what laws apply and where should the trial be set? Venue Dilemma
34
Importance of Venue Gives advantage to law enforcement
choice of prosecutors Choose a jury that is more likely to return guilty Affect of distance on defendant (choice of prosecutors, juries more likely to return guilty, affect of distance on defendant, gives advantage to law enforcement, change of venue) Importance of Venue
35
International cooperation among law enforcement agencies
Council of European’s Convention on Cybercrime Fraud, hacking, child pornography US Senate approved 2006 Dual criminality provision One country’s govt cannot require assistance from another unless suspect’s activity is a crime in both countries Cybercrime Treaty
36
Law of the Web
37
Whose laws rule the web? Online Gambling in U.S vs. Britian
National laws differ Gambling Hacking Intellectual Property Censorship – Philippine man no law in Philippines Should arrest if he leaves Philippines? Content control / censorship Gambling Hacking / viruses Libel Privacy Commerce Spam Whose laws rule the web?
38
Arresting Foreign Visitors
United States law differ from other countries U.S. vs. BetOnSports U.S. vs. ElcomSoft Illegal versions of software that is legal overseas Online betting US illegal – executives from English company arrested US argued should have blocked US citizens Unlawful Internet Gambling Enforcement Act Prohibits credit-card and online-payment companies from processing transactions between bettors and gambling sites Arresting Foreign Visitors
39
Libel, Speech, Commercial law
Libel - written defamation Is libel law a threat to free speech (Singapore)? Commercial Law Jurisdiction Issues Web makes libel easy to spread across borders Jurisdiction issues Libel laws range dramatically England is stricter against newspapers Burden of proof differs Commercial law EU bans ads for medical drugs Legal and common on web/sites in US` How is this resolved? Libel, Speech, Commercial law
40
Scenario: Hackers cracked into the Global Payments, an Atlanta-based payment card processing firm, network between Jan. 21 and Feb. 25. They may have obtained more than 10 million credit and debit card transactions records. Case Study 1
41
Applicable ACM Code ACM Code: 1.2 Avoid harm to others
1.7 Respect the privacy of others 2.3 Know and respect existing laws pertaining to professional work. 2.8 Access computing and communication resources only when authorized to do so 1.2 "Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: users, the general public, employees, employers. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems of "computer viruses.“ 1.7 Computing and communication technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Furthermore, procedures must be established to allow individuals to review their records and correct inaccuracies. 2.3 ACM members must obey existing local, state,province, national, and international laws unless there is a compelling ethical basis not to do so. Policies and procedures of the organizations in which one participates must also be obeyed. But compliance must be balanced with the recognition that sometimes existing laws and rules may be immoral or inappropriate and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept responsibility for one's actions and for the consequences. 2.8 Theft or destruction of tangible and electronic property is prohibited by imperative "Avoid harm to others." Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files associated with those systems, without explicit authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another's computer system, software, or data files without permission. One must always have appropriate approval before using system resources, including communication ports, file space, other system peripherals, and computer time. Applicable ACM Code
42
Stake Holders and Ideal Outcomes
Hackers Consumers Banks Credit Card Companies (MasterCard, Visa) Government Stake Holders and Ideal Outcomes
43
Negative Rights of Stake Holders
Consumers have the negative right to privacy of their information Consumers have the negative right to trade and participate in commerce freely Everybody has the negative right to access the internet Negative Rights of Stake Holders
44
Positive Rights of Stake Holders
Credit Card Companies have the positive right to protect consumer information. Credit Card Companies have the positive right to allow consumer to participate in commerce. The government has the positive right of protecting consumer’s who participate in commerce and the internet. Positive Rights of Stake Holders
45
Solutions Option 1: Do nothing.
Option 2: Fix security breach, and continue on as normal. Option 3: Fix security breach, notify affected consumers. List three Solutions Discuss risks, issues, problems, and benefits associated with solutions Consider the impact of the actions (solutions) on each stakeholder. Analyze the consequences, risks, benefits, harms, costs for each action. Solutions
46
Scenario: Symantec had a significant data breach at the hands of hacker group HTP (Hack the Planet), on November 5th which exposed hundreds of users names, addresses, and hashed passwords. Case Study 2
47
Applicable ACM Code ACM Code: 1.2 Avoid harm to others
1.7 Respect the privacy of others 2.3 Know and respect existing laws pertaining to professional work. 2.8 Access computing and communication resources only when authorized to do so Applicable ACM Code
48
Hackers Citizens/Consumers Symantec Government Stake Holders
49
Negative Rights of Stake Holders
Consumers have the negative right to privacy of their information. Everybody has the negative right to access the internet. Consumers have the negative right to purchase adequate anti-malware protection . Negative Rights of Stake Holders
50
Positive Rights of Stake Holders
Symantec have the positive right to protect consumer information and provide adequate protection to consumers. The government has the positive right of protecting consumer’s who participate in commerce and the internet. Positive Rights of Stake Holders
51
Solutions Option 1: Do nothing.
Option 2: Fix security breach, and continue on as normal. Option 3: Fix security breach, notify affected consumers. List three Solutions Discuss risks, issues, problems, and benefits associated with solutions Consider the impact of the actions (solutions) on each stakeholder. Analyze the consequences, risks, benefits, harms, costs for each action. Solutions
52
Conclusion Hacking Identity Theft and Credit-Card Fraud
Scams and Forgery Crime Fighting vs. Privacy Laws of the Web Case Study 1 : Credit card processor Case Study 2 : Symantec Hack Conclusion
53
“Credit card processor hit by hackers” USA TODAY. Gannett Co. Inc, Web
“Credit card processor hit by hackers” USA TODAY. Gannett Co. Inc, Web. 30 March 2012 “Symantec promises customers protection it can’t provide for itself” InfoWorld. InfoWorld Inc, Web. 5 November 2012 ACM Code Gift of Fire References
54
Questions ?????
55
http://usatoday30. usatoday
ndustries/banking/story/ /mastercard-security- breach/ /1 security/symantec-promises-customers- protection-it-cant-provide-itself ?source=footer Website Links
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.