Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Cyber Crime: Prevention, Protection and Punishment

advertisement 
Cyber
Crime: Prevention, Protection
and Punishment
Peter Sommer
London School of Economics, Open University
peter@pmsommer.com
p.m.sommer@lse.ac.uk
© Peter Sommer, 2011
We used to call it “Computer Crime”
1973: journalist’s
book on
“Computer Crime”
© Peter Sommer, 2011
We used to call it “Computer Crime”
© Peter Sommer, 2011
We used to call it “Computer Crime”
• 1973: A “mutual fund”
linked to insurance
which became a Ponzi
scheme
• Computer created
fake “lives” to sell on
to insurance
companies to raise
cash
• “Data diddling”
• Dirks V SEC
© Peter Sommer, 2011
We used to call it “Computer Crime”
• 1978: $10.2m from
Security Pacific
bank
• Computer
contractor who
learnt wire transfer
codes
• Converted money
into 8.6 kg
diamonds
© Peter Sommer, 2011
We used to call it “Computer Crime”
War Games: 1983 movie
Pre-Internet, PreBroadband
© Peter Sommer, 2011
We used to call it “Computer
Crime”
Viruses, Malware
• 1960s-70s: Christmas Tree: IBM 360/370
• 1985?? : IBM PCS: Brain, Vienna, Cascade - Boot
Sector
• 1988: Jerusalem
• 1989: Datacrime etc reformats hard disks
• 1990: Chameleon
• 1992: Polymorphic virus epidemic, Virus Creation
Laboratory
• 1995: Macro viruses (Microsoft Word)
• 1996: Windows-specific viruses
© Peter Sommer, 2011
We used to call it “Computer Crime”
Internet Worm 1988: Robert Morris
© Peter Sommer, 2011
We used to call it “Computer Crime”
Hacktivism: 1989
Attacked VAX VMS computers over DECNet
Pre-Internet, PreBroadband
© Peter Sommer, 2011
We used to call it “Computer Crime”
1995: Black
Baron
circulates
“SMEG”
© Peter Sommer, 2011
We used to call it “Computer Crime”
DataStream Cowboy: the
Rome Labs hack, 1994
© Peter Sommer, 2011
© Peter Sommer, 2011
Distributed Denial of Services Attacks
• August 1999: Trinoo
• February 2000: Yahoo, Amazon,
Buy.com, CNN, Ebay, E*Trade,
ZDNet
© Peter Sommer, 2011
Cyber Crime: Main Features
•
•
•
•
•
•
•
Social Engineering
Malware
Exploitation of poor management / access
control / authorisations
Insider Threat
Data Diddling / Program manipulation
Exploitation of poorly designed software
Hardware Hacking
© Peter Sommer, 2011
Internet Growth Statistics
© Peter Sommer, 2011
Internet Growth Statistics
• World Population: 7 bn; Internet
Users: 2.1 bn
• Growth 2000-2011: 480% (2,500% in Africa,
700% in Asia, 1,990% in Middle East)
• Facebook Penetration: 10.3% (US: 48%)
• (InternetWorldStats)
© Peter Sommer, 2011
© Peter Sommer, 2011
UK Growth Statistics
• 77% of UK homes have at least one PC; many
have several, including older PCs; 93% are
connected via broadband
• 97% of all businesses have broadband Internet
connections; 70% have a website
• Cost of data media halves every 18 months
• 130 cellphones per 100 of population, 27% are
smart phones (for early teens, nearly 50%)
© Peter Sommer, 2011
File-Sharing
• 1984: Fidonet
• 1999: Napster
• 2000: Gnutella, Freenet,
Morpheus
• 2001: Kazaa
• 2002: eMule, SuperNova
Has legitimate uses in
file distribution but
mostly used in piracy
© Peter Sommer, 2011
© Peter Sommer, 2011
© Peter Sommer, 2011
Social Networking
• A research resource
• Social engineering
• Compromised “apps”
© Peter Sommer, 2011
Batch Operations
Offline
Input
Processing
Output
Instructions
awaiting
processing
© Peter Sommer, 2011
Interactive Computing
Central Unit + Dumb Terminals
© Peter Sommer, 2011
All processing
takes place in
mainframe, but
each user
interacts in realtime
Traditional Computer Security
Security by Ring-Fence.....
Physical Barriers - Computer Room
Logical Barriers - Access Control
Personnel Controls
© Peter Sommer, 2011
The PC: Desk-top Computing
originally:
stand-alone
Computing Power & Data on the Desk
Democratising Computing…
the beginning of the end of “DP
departmental power”
© Peter Sommer, 2011
Client / Server
Data is held
centrally; PCs
interrogate using
local progams
© Peter Sommer, 2011
Client / Server
Some of these
links may be by
remote dial-up
© Peter Sommer, 2011
Open Systems - Hybrids
© Peter Sommer, 2011
Open Systems - Hybrids
ÎCorporate resources are held in a cluster of
mainframes / minis
ÎMost workers have PCs on a LAN
ÎLAN server may contain local office-based
information and applications
ÎCorporate data is accessed as needed and
transparently
ÎInformation from one office may be
available across the corporate WAN
© Peter Sommer, 2011
Internet Connections ...
EDI
Banking Service /
Credit Verification
E-mail
hub
Associate Business
© Peter Sommer, 2011
Internet !
Internet Connections ...
EDI
Banking Service /
Credit Verification
E-mail
hub
Associate Business
Users expect to be able to access
corporate resources from anywhere
via a web-type interface, on any
device, including phone & tablet
© Peter Sommer, 2011
E-commerce
• General public induced to enter
corporate computer systems to make
purchases
Need to facilitate their needs
Î While protecting the “shop”
Î
© Peter Sommer, 2011
The Cloud
© Peter Sommer, 2011
ICT Trends
Since 1995:
• Corporate computing has become more complex
and embedded into organisations:
Î
Î
Î
Î
Î
Provides more information about the business,
customers, etc
Uses Web and Internet for a very wide variety of
customer/client interactions – many of these are heavily
automated
Makes much greater use of Just-In-Time operations
Much use of semi self-organising systems
Gives staff much more computing power on the desk
and while mobile
© Peter Sommer, 2011
Software Complexity
• Source Lines of Code
1993: Windows NT 3.1 = 4.5m SLOC
Î 1995: Windows NT 3.5 = 7.5m SLOC
Î 2001: Windows XP = 40m SLOC
Î Vista, Windows 7 = ???
Î
• More difficult to test / more prone to
flaws
© Peter Sommer, 2011
Out sourcing
• Advantages
Î
Î
Businesses do not need to keep a permanent cadre of IT
specialists
Opportunities for balance sheet, taxation etc
• Disadvantages
Î
Î
Î
Loss of control of essential functions
Contract may not cover all eventualities, particularly
emergencies
Lock-in dependence on supplier
• Cloud computing is an extreme form of
outsourcing in which you are also dependent on
permanent availability of communications
facilities
© Peter Sommer, 2011
Multipliers
•
•
•
•
•
•
Growing population of computer users
More complex systems
Wider cheaper Internet access
More “social” links
Easier dissemination of exploits
Easier for computer criminals to meet
© Peter Sommer, 2011
Measures
• Most crimes are variations on what
has happened before
Basic technical and management
responses take care of most threats
Î Iain Lobban, GCHQ: 80% of protection
is simple hygiene
Î
© Peter Sommer, 2011
Traditional Protective Measures:
Technical
•
•
•
•
•
•
Risk Analysis
Access Control / Identity Management
Anti-Malware Detection
Firewalls
Intrusion Detection Systems
Anomalous Activity Detection Systems
© Peter Sommer, 2011
Traditional Protective Measures:
System Design Measures
•
•
•
Threat / Risk Analysis
Security by Design
System Specification includes “outcomes
you don’t want”
© Peter Sommer, 2011
Traditional Protective Measures:
Managerial
• Risk Analysis
• Employee education: counter social
engineering
• Employee vetting
• Employee monitoring
© Peter Sommer, 2011
Management Measures
• Who takes responsibility?
Î
It is not good enough to employ some
“specialist techies” and give them budget
• Frequent threat landscape surveys
Changes to the organisation
Î Changes to relationships with outsiders
Î Changes to ICT infrastructure
Î Changes to the external threat landscape
Î
© Peter Sommer, 2011
Management Measures
• Arrangements for Incident Management
Î
Î
To whom should suspicions be reported?
A capacity for initial investigation
• Forensic Readiness
Î
Î
Î
Î
Know how to identify potential evidence
Know how to safely preserve it
Know how safely to carry out an initial investigation
Understand legal constraints and issues
Evidence is needed by law
enforcement, for insurance claims,
for civil litigation and e-disclosure
© Peter Sommer, 2011
New 3rd edition soon!
www.iaac.org.uk
© Peter Sommer, 2011
Management Measures
• Recovery Plan
Restoring ICT operations
Î Asset recovery
Î Re-issue of credentials to use system
Î Public Relations etc
Î
© Peter Sommer, 2011
Management Measures
• In the longer term:
As security becomes more complex
We may need to slow the rate of innovation in
order properly to test systems
We may need to end up with simpler, but safer
and more reliable and stable systems
© Peter Sommer, 2011
Cyber
Crime: Prevention, Protection
and Punishment
Peter Sommer
London School of Economics, Open University
peter@pmsommer.com
p.m.sommer@lse.ac.uk
© Peter Sommer, 2011
Related documents
Sommer Stockinger Quartet and Quintet Vocalist Sommer
Sommer Stockinger Quartet and Quintet Vocalist Sommer
Peter Wade Short Biography
Peter Wade Short Biography
Document
Document
Peter Mitchell Biography
Peter Mitchell Biography
preview
preview
Northern Regional Emergency Forum Wednesday December 3 2014
Northern Regional Emergency Forum Wednesday December 3 2014
Chapter 16 Section 5 Homework
Chapter 16 Section 5 Homework
Living The Good Life
Living The Good Life
Download
advertisement