Tracking Down Electronic Evidence

advertisement
Cyber Security
Versus Digital
Forensics
Presentation for the E-Commerce
Network’s Cyber Security Seminar
at University of Massachusetts
Dartmouth
Suzanne Mello Stark, PhD
March 30, 2012
Cyber Security Facts
•In 2006, 8.3 million Americans were
victims of Identity Theft
•In first ½ of 2009, 40,000 cyber
attacks were launched against the
Department of Defense (Pentagon
Costs: $100 million)
•So far this year, cyber criminals have
stolen $100 million from US banks
•There are more than 3 million
indications of malicious activity per
year in civilian networks
•It is estimated that 1/3 or more of
this activity originates outside the
US
March 30, 2012
(Langevin, 2012)
Stuxnet
•
•
•
•
•
•
•
•
•
•
•
First Computer Worm to
Cross into the Physical
World
Doesn’t want to be detected
Affected Countries (so far)
according to Symantec:
Iran (over 50%)
Indonesia (~18%)
India (~8%)
Azerbaijan (~2%)
United States (~1%)
Pakistan (~1%)
Others (~9.2%)
Son of Stuxnet?
(CBS News, 2012)
March 30, 2012
The Great Cyber Heist
•
•
•
•
Alberto Gonzalez, 14 years old
hacker
Caught by police detective at
an ATM machine “cashing out”
Part of a large hacker network
called Shadowcrew
Stolen over 180 million
payment card accounts
•
•
•
OfficeMax, TJ Max,
Marshalls, BJs Wholesale
Club, Target, Barnes and
Noble, etc
Used a technique called “SQL
Injection” to fool databases
into giving information
Then created fake cards to take
money from ATM machines all
over the world
(Verdini, 2010)
March 30, 2012
WikiLeaks
• Founder - Julian
Assange
•
Australian Internet
Activist
• Bring Important News
to the Public
• Free Speech
• Whistleblower/Journalis
t not jailed
• Released Significant
Documents
•
•
•
•
March 30, 2012
Afghanistan War
Corruption in
Kenya
Baghdad Airstrike
US State Dept.
Cables
(CBS News, 2012) (Worthington, 2011)(Grier, 2010)
Anonymous
•
•
•
•
•
•
Hactivist Group
Launch Distributed Denial of
Service Attacks against
companies/entities that violate
their ethical principles
Freedom of the Internet
Retaliated against companies
that dropped WikiLeaks
Many are being arrested
around the world
Low Orbit Ion Cannon
(botnet) – the application to
join the group. Your computer
becomes part of the DDOS
attacks.
(Neal, 2012)
March 30, 2012
Cyberextortion
 Internet Criminal Gangs
asking for Protection
Money
 Will launch DDoS attack
if you don’t pay up
 Ransomware
March 30, 2012
(Koerner, 2008) (Ratliff, 2005)
Internet Tax Fraud
•IRS allows tax refunds to
be filed on line and refunds
downloaded to a debit card
•Tax Fraud is out of
Control!
•Steal your SS#
•Make up info
•Get Refund before
you!
•Tax Filing has been put
online for convenience
•Was the IRS ready?
March 30, 2012
(Zamost & Kaye, 2012)
Are We Ready for E-voting?
• Computer Scientists say
NO!
• But the world IS putting
voting online regardless
of the security threats
• IPad voting in Oregon
(CBS News, 2011), (Kar, 2011)
March 30, 2012
Digital Forensics – Who did it?
The application of
forensic science
techniques to the
discovery, collection
and analysis of
digital evidence.
March 30, 2012
Who Uses Digital Evidence?





Criminal law enforcement
Criminal defense attorneys
Corporate law
Civil law
Organization Information
Technology (IT) personnel
 E.g. American Power
Conversion
 E.g. URI
 Homeland security
 Military
March 30, 2012
What Digital Evidence Can Be
Found?
 Files listed in standard







directory search
Hidden files
Deleted files
Email
Deleted email
Certain Instant Messaging
Passwords
Logs
March 30, 2012











Windows Registry
Windows Meta Files
Login IDs
Encrypted Files
Intentionally embedded
(steganographic) files
Web sites visited
Searches performed
Cookies
Network traces
Owners of servers
TIME
Cyber Security Caucus
 Congressman Jim Langevin
(D-RI), cofounder of the
Congressional Cyber
Security Caucus,
introduced a bill to
strengthen cyber security
and prevent attacks.
 Southern New England
will Play a Big Role
(Langevin, 2012)
March 30, 2012
March 30, 2012
Works Cited
CBS News. (2012, March 4). Stuxnet: Computer worm opens new era of
warfare. (G. Messick, Producer) Retrieved March 28, 2012, from 60
Minutes: http://www.cbsnews.com/video/watch/?id=7400904n
CBS News. (2011, November 8). Voting with IPads: idea whose time is
coming? Retrieved March 28, 2012, from CBSNEWS:
http://www.cbsnews.com/8301-502303_162-57320358/voting-with-ipadsidea-whose-time-is-coming/
CBS News. (n.d.). WikiLeaks' Julian Assange, Pt. 1. Retrieved from 60
Minutes: http://www.cbsnews.com/video/watch/?id=7300034n
Greenhalgh, E. (2012, March 28). Cyber Challenge Games are On.
Retrieved March 28, 2012, from Providence Business News:
http://www.pbn.com/Cyber-challenge-games-are-on,66381
March 30, 2012
Works Cited (continued)
 Grier, P. (2010, April 6). Video of Iraqi journalists' killings: Is WikiLeaks a
security threat? Retrieved March 28, 2012, from The Christian Science Monitor:
http://www.csmonitor.com/USA/Military/2010/0406/Video-of-Iraqijournalists-killings-Is-WikiLeaks-a-security-threat
 Kar, S. (2011, November 8). State of Oregon Counties First to Introduce iPad
Voting for the Disabled. Retrieved March 28, 2012, from Silicon Angle:
http://www.google.com/imgres?q=Voting+with+Ipads&hl=en&client=safari&s
a=X&rls=en&biw=1237&bih=866&tbm=isch&prmd=imvns&tbnid=LV2lCytGaS_
LPM:&imgrefurl=http://siliconangle.com/blog/2011/11/08/state-of-oregoncounties-first-to-introduce-ipad-voting-for-thedisabled/&docid=C_GSFEHvXOOF6M&imgurl=http://siliconangle.com/files/2
011/11/ipad-your-vote-counts-inoregon.jpg&w=300&h=300&ei=bBJzT7buHKrg0QH67di0AQ&zoom=1&iact=hc
&vpx=269&vpy=152&dur=307&hovh=164&hovw=157&tx=100&ty=84&sig=102187
905883335174659&page=1&tbnh=155&tbnw=146&start=0&ndsp=21&ved=1t:429,r
:1,s:0
March 30, 2012
Works Cited (continued)
 Koerner, B. (2008, July 21). Mr. Know-It-All: Cyberextortion, Your Kid's
Cell Phone, Online Degrees. Retrieved March 28, 2012, from Wired:
http://www.wired.com/techbiz/people/magazine/16-08/st_kia
 Langevin, C. J. (2012, March 27). Cybersecurity. Retrieved March 28,
2012, from US Congressman Jim Langevin:
http://langevin.house.gov/issues/cybersecurity-1/
 Neal, D. (2012, March 28). Anonymous suspects are arrest in the
Dominican Republic. Retrieved March 28, 2012, from The Inquirer:
http://www.theinquirer.net/inquirer/news/2164273/anonymoussuspects-arrested-dominican-republic
 Ratliff, E. (2005, October 10). The New Yorker. Retrieved March 28,
2012, from The Zombie Hunters, On the trail of cyberextortionists:
http://www.newyorker.com/archive/2005/10/10/051010fa_fact
March 30, 2012
Works Cited (continued)
 Verini, J. (2010, November 10). The Great Cyberheist. Retrieved March
28, 2012, from The New York Times Magazine:
http://www.nytimes.com/2010/11/14/magazine/14Hackert.html?pagewanted=all
 Worthington, P. (2011, December 28). Wikileaks Wasn't a Threat.
Retrieved March 28, 2012, from FrumForum:
http://www.frumforum.com/wikileaks-wasnt-a-threat
 Zamost, S., & Kaye, R. (2012, March 20). 10news/CNN Special
Investigations Unit. Retrieved March 28, 2012, from Criminals May be
Pocketing Your Tax Refund:
http://www.10news.com/money/30720937/detail.html
March 30, 2012
Download