Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented By: Matthew Sulkosky Kyle Adamski

Published byReynold Francis Modified over 7 years ago

Similar presentations

Presentation on theme: "Presented By: Matthew Sulkosky Kyle Adamski"— Presentation transcript:

1 Presented By: Matthew Sulkosky Kyle Adamski
Crime Presented By: Matthew Sulkosky Kyle Adamski

2 Road Map Hacking Identity Theft and Credit-Card Fraud
Scams and Forgery Crime Fighting vs. Privacy Laws of the Web Case Study 1 : Credit Card Processor Case Study 2 : Symantec Road Map

3 Hacking Three Phases Phase 1: 1960’s to 1970’s
Phase 3: 1990’s to present First games and OS Highschool / college students Hacking

4 Hacking Phase 1 Creative programmers writing elegant code
“good hack” = Clever piece of code Motivation by the knowledge, challenge, and thrill of Hacking. Hacking Phase 1

5 Hacking became known as breaking into computers without proper access
Rise in Pranks, Thefts, phone phreaking Techniques used: Social Engineering, sniffers, worms Compromised one million password 1994 80/90 – significant threats and fraud “Legion of Doom” Hacker / cracker distinction 1988 Worm Hacking Phase 2

6 Hacking Phase 3 More sophisticated attacks
Criminal gangs – expanding accessible info Hacking for political motives increase Attackers younger and younger, script kiddies Melissa Virus / ILOVEYOU Virus DOS Attacks DDOS Zombies Botnets Emergence of “Script Kiddies” Hacking Phase 3

7 The more that is connected, the more is at risk Terroristic Hacking will increase
Future of Hacking

8 Hacktivism/Political Hacking
Hacktivism: Use of Hacking to promote a political cause. Is it right or wrong? Legitimate form of civil disobedience? Hacktivism/Political Hacking

9 Computer Related Laws The CFAA USA PATRIOT ACT
Areas which federal government has jurisdiction Addresses altering, damaging, or interference with authorized use of computers USA PATRIOT ACT Expands CFAA Increased penalties Computer Related Laws

10 Catching Hackers Honey pots, fake web sites that attract hackers
Computer Forensics Undercover Hackers Hackers often do not hide Computer forensics ISP records Logs of routers Catching Hackers

11 Penalties of Being a Hacker
Light Sentences for young hackers Deterrence Method Not over punished for pranks Goal not to turn young hackers into hardened criminals Young hackers not mature Not overreact or overpunish Generally more pranks, trespass and vandalism Balance between deterrence and not overpunish Penalties of Being a Hacker

12 Security before 2000’s Before 2000’s Open Access No real Security
Easy to Break into D.O.D had 500,000 attacks, 65% were successful Open Access Not designed for security No passwords Universities and businesses weak Easy to invade govt and military Slow to catch up to risk Security before 2000’s

13 Security early 2000’s Vast Improvement
Firewalls, passwords, and encryption Jobs created just for security purposes Intrusion detection Security policies – passwords Monitor outgoing traffic Encryption / antivirus Security early 2000’s

14 People in Charge of Security
System Administrators Sellers of consumer products Individual computer owners People in Charge of Security

15 Identity Theft and Credit-Card Fraud

16 The act of using an unknowing innocent person’s identity.
Everything is stored electronically Our Identities have become a series of numbers Identity Theft

17 Types of Attacks Phishing Vishing (Social Engineering) Pharming
Hacking Fake Job Boards Malware Skimmers Sending millions of s fishing for information to use to impersonate someone and steal money and goods PayPal / eBay big targets Be careful of clicking on unsolicited Voice phishing – using a phone number to get information from people Pharming Lure people to fake websites where thieves collect personal data Planting false internet addresses in tables on a DNS Less common, difficult to do Types of Attacks

18 Reduce Damage of Identity Theft
Congress established a law in 1998 to make it a Federal crime to use another person’s Identification with intent to commit a felony Government started to provide more assistance to Identity theft victims Reduce Damage of Identity Theft

19 Identity Theft Prevention
Website and authentication Caution when s request information Geographic location of Websites Filters??? Identity Theft Prevention

20 Business’s Responsibilities to Consumers
Protect Consumer Data Authenticating customers Payment for Damages? Tradeoff between security and convenience Stealing cards from mail Advances over years E-commerce easier to steal card numbers Encryption / secure servers Dumpster Diving Banks print only last four digits on receipts Skimmers Recording devices inside card readers in stores, gas stations, and restaurants. Collect debit numbers and PINS Credit Card systems Software to detect unusual activity Paypal Buy from strangers using third party, not giving them credit card Responses to Identity Theft Business’s Responsibilities to Consumers

21 Biometrics Biometrics are characteristics unique to individuals
Finger Prints, Voice, Face Structure, eye patterns, DNA, etc. Biometrics

22 Common Applications of Biometrics
Security Using fingerprints to logon to a computer or enter a restricted area Eye scanner used when applying for ID’s Common Applications of Biometrics

23 Ways Around Biometrics
Killing someone and taking their finger Contact lenses for eye scanner Hacks to obtain biometric files Easier to prevent, worse when occurs.. cannot change biometrics Ways Around Biometrics

24 Scams and Forgeries

25 Types of Scams Traditional Scams Fake Donation Web sites Auction Fraud
Click Fraud Stock Fraud Digital Forgery Traditional Scams (Pyramid Schemes, Chain Letters, Sales of Counterfeit Luxury Goods, Phony Investments) Types of Scams

26 Auction Fraud Don’t send the goods Sell bad goods
Selling illegal items Shill bidding Shill bidding (bidding on goods to raise the price) Auction Fraud

27 Prevention Measures for Auction Fraud
Reviews of buyers/sellers Accounts Require Credit Cards Rules/User agreements Third party like paypal holds payment until both sides have items Prevention Measures for Auction Fraud

28 Click Fraud What is Click Fraud? Website Hosts and Competitors
Prevention Methods (Technique of filtering out multiple clicks from one source) Click Fraud Websites ads pay per click Competitor repeatedly clicks on its rival’s ad. Using up rival’s advertising budget People who host ads on their sites click on them repeatedly to increase fee Solutions Filter out numerous clicks Click fraud monitoring services Click Fraud

29 Stock Fraud What is Stock Fraud?
Example 1: The first minor charged security fraud Example 2: A Russian man, Hacking, and Stock fraud Stock Fraud Fake recommendations Easy to spread rumors on stocks across web Stock advice websites Stock Fraud

30 Digital Forgery Fake checks, currency, passports, visas etc Defenses
Technical tricks Education Change laws Microprinting paper with watermarks Digital Forgery

31 Crime Fighting vs. Privacy and Civil Liberties

32 Search and Seizure of Computers
Fourth amendment Range of a Search Warrant, and interpretation of “plain view” Does an Automated search require a warrant? Search warrants “plain view” Crawl through chatrooms looking for suspicious activities Is there a difference? Ethical? Privacy? Software a lot more efficient and accurate Virus Scanned a computer looking for child pornography and ed authorities if found Search and Seizure of Computers

33 Venue Dilemma Where did the crime occur? Who has jurisdiction?
When a cyber crime crosses borders, what laws apply and where should the trial be set? Venue Dilemma

34 Importance of Venue Gives advantage to law enforcement
choice of prosecutors Choose a jury that is more likely to return guilty Affect of distance on defendant (choice of prosecutors, juries more likely to return guilty, affect of distance on defendant, gives advantage to law enforcement, change of venue) Importance of Venue

35 International cooperation among law enforcement agencies
Council of European’s Convention on Cybercrime Fraud, hacking, child pornography US Senate approved 2006 Dual criminality provision One country’s govt cannot require assistance from another unless suspect’s activity is a crime in both countries Cybercrime Treaty

36 Law of the Web

37 Whose laws rule the web? Online Gambling in U.S vs. Britian
National laws differ Gambling Hacking Intellectual Property Censorship – Philippine man no law in Philippines Should arrest if he leaves Philippines? Content control / censorship Gambling Hacking / viruses Libel Privacy Commerce Spam Whose laws rule the web?

38 Arresting Foreign Visitors
United States law differ from other countries U.S. vs. BetOnSports U.S. vs. ElcomSoft Illegal versions of software that is legal overseas Online betting US illegal – executives from English company arrested US argued should have blocked US citizens Unlawful Internet Gambling Enforcement Act Prohibits credit-card and online-payment companies from processing transactions between bettors and gambling sites Arresting Foreign Visitors

39 Libel, Speech, Commercial law
Libel - written defamation Is libel law a threat to free speech (Singapore)? Commercial Law Jurisdiction Issues Web makes libel easy to spread across borders Jurisdiction issues Libel laws range dramatically England is stricter against newspapers Burden of proof differs Commercial law EU bans ads for medical drugs Legal and common on web/sites in US` How is this resolved? Libel, Speech, Commercial law

40 Scenario: Hackers cracked into the Global Payments, an Atlanta-based payment card processing firm, network between Jan. 21 and Feb. 25. They may have obtained more than 10 million credit and debit card transactions records. Case Study 1

41 Applicable ACM Code ACM Code: 1.2 Avoid harm to others
1.7 Respect the privacy of others 2.3 Know and respect existing laws pertaining to professional work. 2.8 Access computing and communication resources only when authorized to do so 1.2 "Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits use of computing technology in ways that result in harm to any of the following: users, the general public, employees, employers. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources or unnecessary expenditure of human resources such as the time and effort required to purge systems of "computer viruses.“ 1.7 Computing and communication technology enables the collection and exchange of personal information on a scale unprecedented in the history of civilization. Thus there is increased potential for violating the privacy of individuals and groups. It is the responsibility of professionals to maintain the privacy and integrity of data describing individuals. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Furthermore, procedures must be established to allow individuals to review their records and correct inaccuracies. 2.3 ACM members must obey existing local, state,province, national, and international laws unless there is a compelling ethical basis not to do so. Policies and procedures of the organizations in which one participates must also be obeyed. But compliance must be balanced with the recognition that sometimes existing laws and rules may be immoral or inappropriate and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept responsibility for one's actions and for the consequences. 2.8 Theft or destruction of tangible and electronic property is prohibited by imperative "Avoid harm to others." Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files associated with those systems, without explicit authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see 1.4). No one should enter or use another's computer system, software, or data files without permission. One must always have appropriate approval before using system resources, including communication ports, file space, other system peripherals, and computer time. Applicable ACM Code

42 Stake Holders and Ideal Outcomes
Hackers Consumers Banks Credit Card Companies (MasterCard, Visa) Government Stake Holders and Ideal Outcomes

43 Negative Rights of Stake Holders
Consumers have the negative right to privacy of their information Consumers have the negative right to trade and participate in commerce freely Everybody has the negative right to access the internet Negative Rights of Stake Holders

44 Positive Rights of Stake Holders
Credit Card Companies have the positive right to protect consumer information. Credit Card Companies have the positive right to allow consumer to participate in commerce. The government has the positive right of protecting consumer’s who participate in commerce and the internet. Positive Rights of Stake Holders

45 Solutions Option 1: Do nothing.
Option 2: Fix security breach, and continue on as normal. Option 3: Fix security breach, notify affected consumers. List three Solutions Discuss risks, issues, problems, and benefits associated with solutions Consider the impact of the actions (solutions) on each stakeholder. Analyze the consequences, risks, benefits, harms, costs for each action. Solutions

46 Scenario: Symantec had a significant data breach at the hands of hacker group HTP (Hack the Planet), on November 5th which exposed hundreds of users names, addresses, and hashed passwords. Case Study 2

47 Applicable ACM Code ACM Code: 1.2 Avoid harm to others
1.7 Respect the privacy of others 2.3 Know and respect existing laws pertaining to professional work. 2.8 Access computing and communication resources only when authorized to do so Applicable ACM Code

48 Hackers Citizens/Consumers Symantec Government Stake Holders

49 Negative Rights of Stake Holders
Consumers have the negative right to privacy of their information. Everybody has the negative right to access the internet. Consumers have the negative right to purchase adequate anti-malware protection . Negative Rights of Stake Holders

50 Positive Rights of Stake Holders
Symantec have the positive right to protect consumer information and provide adequate protection to consumers. The government has the positive right of protecting consumer’s who participate in commerce and the internet. Positive Rights of Stake Holders

51 Solutions Option 1: Do nothing.
Option 2: Fix security breach, and continue on as normal. Option 3: Fix security breach, notify affected consumers. List three Solutions Discuss risks, issues, problems, and benefits associated with solutions Consider the impact of the actions (solutions) on each stakeholder. Analyze the consequences, risks, benefits, harms, costs for each action. Solutions

52 Conclusion Hacking Identity Theft and Credit-Card Fraud
Scams and Forgery Crime Fighting vs. Privacy Laws of the Web Case Study 1 : Credit card processor Case Study 2 : Symantec Hack Conclusion

53 “Credit card processor hit by hackers” USA TODAY. Gannett Co. Inc, Web
“Credit card processor hit by hackers” USA TODAY. Gannett Co. Inc, Web. 30 March 2012 “Symantec promises customers protection it can’t provide for itself” InfoWorld. InfoWorld Inc, Web. 5 November 2012 ACM Code Gift of Fire References

54 Questions ?????

55 http://usatoday30. usatoday
ndustries/banking/story/ /mastercard-security- breach/ /1 security/symantec-promises-customers- protection-it-cant-provide-itself ?source=footer Website Links

Download ppt "Presented By: Matthew Sulkosky Kyle Adamski"

Similar presentations

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.

BEWARE! IDENTITY THEFT CARL JOHNSON FINANCIAL LITERACY JENKS HIGH CSHOOL.
A Gift of Fire Third edition Sara Baase

A Gift of Fire Third edition Sara Baase
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Computer Crime The Internet has opened the door to new kinds of crime and new ways of carrying out traditional crimes. Computer crime is any act that violates.

Computer Crime The Internet has opened the door to new kinds of crime and new ways of carrying out traditional crimes. Computer crime is any act that violates.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Crime CS4020.

Crime CS4020.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Computer Crime. Intro Computers and the Internet are tools. Crimes committed with computers are harder to detect. Computer vandalism can bring business.

Computer Crime. Intro Computers and the Internet are tools. Crimes committed with computers are harder to detect. Computer vandalism can bring business.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Similar presentations

Ads by Google