Internet Vulnerabilities & Criminal Activity
advertisement
Internet Vulnerabilities & Criminal Activity Criminology Theories & Cyber Crime 11.1 4/19/10 Classifications of Cyber Crimes Cyber trespass Crossing boundaries into other people’s property &/or cause damage Hacking, defacement, malware Cyber deceptions & thefts Stealing money or resources Credit card fraud, IP violations Cyber pornography Breach laws of obscenity Cyber violence Psychological or physical harm to others Hate speech, stalking Cyber Criminals Broad range of persons Students, terrorists, amateurs, organized crime groups More likely to have affluent socioeconomic backgrounds Has knowledge of computers & the Internet which enables him/her to commit crime of choice Any technically oriented person has potential to become cyber criminal Cyber criminal has changed since the ‘80’s and 90’s when cyber crime was infiltration by hacking FBI’s Definitions of Cyber Criminals Crackers Young offenders seeking intellectual stimulation Criminals Adult subgroups Commit fraud, damage systems undertake espionage Vandals Not pursuing intellectual stimulation Motivated by revenge Typology for Cyber Criminals White-collar criminals Vengeful criminals Disgruntled employees Patient criminals Desire more than what they have Negative state of mind not immediately obvious Desperate criminals Facing financial crisis Easiest to catch Typology for Cyber Criminals cont. Hackers Old School Hackers Computer experts Used technology in new, innovative ways Internals Disgruntled or ex-employees Cyber punks Antisocial, socially inept, angst toward the world Direct anger into cyberspace Professional criminals & cyber terrorists Guns for hire Good at espionage, leave no trace Newbies & Script Kiddies Want recognition but lack skills Usually teenagers looking for recoognition Typology for Cyber Criminals cont. Crackers Obtain & use data illegally, IP violators Password crackers Concerned with cryptography & encoding Will use any means to discover passwords Executable program crackers Programs should obey humans Reverse engineer programs so changes can be made Have years of experience programming Can easily discover program weaknesses Hobbyists Cross between above 2 groups Cracks code for knowledge May release cracked code to the public Typology for Cyber Criminals cont. Con artists Great actors Motivations Financial stress - need money Power - control over victims, smarter, better than victims Challenge - enjoy what they do, mastered the skill Punish the victim - victim deserves what they get Techniques used Familiarization - flatter victim, gain victims trust Risk free investments - con man will refund all victim’s money if the plan fails Avoiding questions - talk a lot, vague answers, spout useless jargon Pressurizing tactics - once in a lifetime chance, will regret it if not done Typology for Cyber Criminals cont. Psycho-criminals Mentally ill - need no external conditions to commit crimes Pedophiles Abnormal sexual attraction to children Larger pool of victims online Cyberstalkers Torment victims at a distance Usually have sexual motivations, power & control Serial Killers Internet used as tool to track down victims Disorganized - low IQ, social outcast, bad at covering tracks Organized - high IQ, Know what he/she wants & how too get away with it. Most dangerous of all cyber criminals. Crimes in Physical Space vs Crimes in Cyber Space Transnational nature and jurisdictional issues Attacks can take place anywhere from anywhere Multiple boundaries may be crossed Physical constraints Do not exist in cyber space Crime can happen in milliseconds Proximity No physical proximity required Crimes in Physical Space vs Crimes in Cyber Space cont. Scale & multiple victimization Automated process Multiple simultaneous victims for the same effort Conduct at issue may not be illegal Conduct may not be criminalized in country where it originates Cannot extradite criminal unless law of his/her country is broken Crimes in Physical Space vs Crimes in Cyber Space Perfect anonymity Can disguise identity in ways impossible in the physical world Can achieve perfect pseudonymity Velocity Criminal activity can happen very rapidly Slammer took down large part of the Internet in 15 minutes Space Transition Theory 1) Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position. Concern for status in physical space does not transition to cyber space. Behavior repressed in physical space are not in cyber space. Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Disinhibiting effect allows individuals: Open honesty about personal issues To act out on unpleasant needs Deinidividualization - inner restraints are lost when individuals not seen as individuals Leads to behavior that is Less altruistic More selfish More aggressive Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. Deterrence factor changes Attacks can be made from a remote location Crime reslts not immediately apparent Space Transition Theory 3) Criminal behavior of offenders in cyberspace is likely to be imported to physical space which, in physical space maybe exported to cyberspace as well. Cyber crime has moved from the single individual acting for fame to professional criminals Huge financial gain with little risk Growth of e-commerce attracts criminals to the net Space Transition Theory 4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape Cyber space is transient Cyber space is dynamic Cyber crimes have do not have spatial temporal restrictions of traditional crimes Space Transition Theory 5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace. Cyberspace allows for recruitment and dissemination Cyberspace is: Unmoderated Easy to access Cyberspace can pose an insider threat Spy / mole Disgruntled employee Space Transition Theory 6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society. Open society allows individuals to voice opinions & vent feelings. Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacks Space Transition Theory 7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes. Cyberspace is international Societal differences between individuals may lead to cyber crime Conflicts between nations carry over into cyberspace Routine Activity Theory Routine activities in conventional societies provide opportunities for perpetrator to commit crime Three things must be present for crime to occur: Suitable target is available Motivated offender is present Lack of a suitable guardian to prevent crime from occurring Assessment of situation determines whether or not a crime takes place. Routine Activity Theory A suitable target can be: A person An object A place Target comes to the attention of a person searching for a criminal opportunity Targets behavior may place target in contact with perpetrator No significant deterring mechanism is present Routine Activity Theory Motivated Perpetrator Predatory crime is a method for the perpetrator to secure basic needs of desires Actions of perpetrator are intentional and illegal Routine Activity Theory A capable guardian Police patrol, Security guards Neighbors, neighborhood watch, dogs Locks, fences, CCTV systems Passwords, tokens, biometric measures Guardians can be formal or informal Guardians can be human or machine Guardians MUST be capable of acting as a deterrent Opportunity Theory Opportunity to commit a crime is a root cause of crime No crime can occur without the physical opportunity Opportunity plays a role in all crimes, not just those involving physical property Reducing opportunity reduces crime Displacement Theory Reductions in opportunity will not reduce crime because crime will be displaced to another location Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in Research on displacement theory has shown crime is not always displaced Routine Activity Theory & the Internet Opportunity to commit crime is multiplied Target and perpetrator are much more likely to come in contact with each other Victim has to keep returning to scene of the crime Deterrence comes shifting either events or circumstances Neither are easily altered Routine Activity Theory & the Internet Cybercrime has more to do with the effectiveness of indirect guardianship Internet is open & unmoderated Mechanisms of the Internet designed to transfer data, not to examine the data Internet guardianships are all mechanical Reactive, respond to some action - IDS Cannot respond to new, previously untried activity Hacker Neutralization Techniques Allows for temporary neutralization of values, beliefs, and attitudes so illegal behaviors can be performed. Justification of an act requires the need to assert its positive values Used by different types of deviants Hacker Neutralization Techniques Denial of Injury No harm or insignificant harm done to victim No physical information stolen, information in an electronic form Belief that downloading is copying not stealing As long as no one knows their information is being perused, no harm is done Hacker Neutralization Techniques Denial of Victim Victim is deserving of punishment Four categories of victims Close enemies who have harmed offender directly People who do not conform to normative social roles Groups with tribal stigmas Remote enemies who hold positions perceived as questionable or corrupt Offender may assume role of “avenger” or “crusader for justice” May justify actions as revenge Hacker Neutralization Techniques Condemnation of the Condemners Divert attention from offenders actions to the motives and behaviors of those condemning offender’s actions Mistrust of authority Promote decentralization Price charged by software companies too high and unfair Victim failed to protect their computer system Hacker Neutralization Techniques Appeal to higher loyalties Offender doesn’t deny damage, act was done to protect higher loyalties Loyalty to group Responsibility to family or spouse Employer (Corporate crimes) Claim actions were done to acquire knowledge Hacker Neutralization Techniques Self-fulfillment Illegal activity done for Fun Excitement or thrill Computer virtuosity Offender achieves feelings of superiority & control Voyeurism Demonstration of ability Hacker Neutralization Techniques Hackers do not use all neutralization techniques Denial of responsibility Sad story Both external forms of neutralization Only use techniques based on internal neutralization Hackers take pride in what they do Hackers feel in shame or guilt Computer Hackers & Social Organization Mutual Association Clear interpersonal relationship No strong or deep interpersonal relationships on or off line Social connections relatively shallow Multiple identities and multiple forum use may limit ability to form interpersonal connections Utilize social networks to exchange knowledge and information Computer Hackers & Social Organization Mutual Participation Groups are stratified rather than centrally controlled Participation in groups did not lead to group attacks Many do not want an group affiliation Computer Hackers & Social Organization Division of labor Some specialization in group forums does exist Stratification & division of labor Small group of moderators Larger group of users exchanging knowledge & information Loose set of rules Give respect, get respect No flaming Large population of users enforcing the rules Computer Hackers & Social Organization Extended duration No group with extended history Relationships appear transitory Relationships within forums weak & short-lived
