Brief Presentation

advertisement
HISTORY AND OVERVIEW
OF COMPUTER CRIME
BY CHUCK EASTTOM
WWW.CHUCKEASTTOM.COM
CHUCK@CHUCKEASTTOM.COM
ABOUT THE SPEAKER
• 18 books (#19 in progress)
• 29 industry certifications
• 2 Masters degrees (#3 in progress)
• 5 Computer patents
• Over 20 years experience, over 15 years
teaching/training
• Frequent consultant/expert witness
www.chuckeasttom.com
chuck@chuckeasttom.com
TYPES OF COMPUTER CRIME
•
•
•
•
•
•
•
•
•
•
•
•
Identity theft
Cyber stalking/harassment
Unauthorized access to computer
systems or data
Fraud
DOS
Virus
Worm
Logic Bomb
Trojan Horse
Spyware
Child pornography
DNS Poisoning
•
•
•
•
•
•
•
•
•
•
•
•
•
Ransomware
Buffer Overflow
Cyber espionage & terrorism
ID Theft
Social Engineering
Phreaking
SQL Injection
Cross Site Scripting
DNS Poisoning
Session Hijacking
IP spoofing/MAC spoofing
Terrorism
Stolen goods
COMPUTER CRIME STATISTICS
 From January 1, 2009 through December 31, 2009, the Internet Crime
Complaint Center (IC3) Web site received 336,655 complaint submissions
 The Federal Trade Commission found that in 2005, 8.3 million Americans were
the victim of some form of identity theft
 Every second, $3,075.64 is being spent on pornography, 28,258 Internet
viewers are viewing pornography, 372 Internet users are typing adult search
terms into search engines, and every 39 minutes, a new pornographic video is
made in the United States.
 Also according to Enough is Enough, pornography is a 97 billion dollar a year
business, and child pornography is a 3 billion dollar a year business
STATISTICS AS OF 2014
• According to SC Magazine “Cyber crime and economic
espionage cost the global economy more than $445
billion annually, which a report from the Center for
Strategic and International Studies, says puts cyber crime
on par with the economic impact of global drug
trafficking. “
ADDITIONAL STATISTICS
• These are as of 2013
• More than 600,000 FaceBook accounts are compromised
every day.
• 18 Cybercrime victims per second
• Botnets have been using as many as 120,000 infected
“zombie” computers to send out spam each day.
ATTACK TYPES 2013
INDUSTRIES
THE EARLIEST DAYS
•
Mr. Draper was known in hacking circles as ‘Captain
Crunch’. He was repeatedly arrested throughout the
1970’s on charges of phone tampering. This particular
case is very interesting because it highlights the state of
computer related crimes prior to the internet. In those
early days most of the incidents involved tampering with
phone systems. This process is colloquially referred to as
‘phreaking’. Phreaking is really the ancestor of later
hacking, and not surprisingly many of the people
involved in phreaking moved on to become hackers.
John Draper is one of the more famous hackers, and has
since become a computer security consultant.
FIRST COMPUTER CRIME ARREST
The year 1981 was a pivotal year in the history of computer
crime. In this year Ian Murphy was arrested because he and
three accomplices hacked into the AT&T systems and
changed their system’s internal clocks. This change may seem
trivial, but had significant repercussions. People using the
phone system suddenly received late-night discounts in the
afternoon, while others who waited until midnight to use the
phone received larger bills.
FIRST VIRUS
1981 was not only the year of the first arrest for a
computer crime, it was also a pivotal year in the
history of computer viruses. The first widely known
viruses found ‘in the wild’ (i.e. out in the public) where
the Apple 1, 2, and 3 viruses, first discovered in
1981. These viruses targeted the Apple II operating
system and spread initially in the Texas A&M
University systems via pirated computer games.
VIRUSES EVOLVE
•
2000 The "I Love You Virus" wreaks havoc around the world. It is
transmitted by e-mail and when opened, is automatically sent to
everyone in the user's address book
• Jan. 2003: The "Slammer" worm infects hundreds of thousands of
computers in less than three hours
• This virus first appeared in July 2012. It affected Windows systems
ranging from Windows 95 to Windows 7 and Windows server 2003.
This was a fake anti-virus (thus the name FakeAV). It would popup
fake virus warnings. This was not the first such fake anti-virus
malware, but it was one of the more recent ones.
FLAME
No modern discussion of viruses would be complete without
a discussion of Flame. This virus first appeared in 2012 and
was targeting Windows operating systems. The first item
that makes this virus notable is that it was specifically
designed for espionage. It was first discovered in May
2012 at several locations, including Iranian government
sites. Flame is spyware that can monitor network traffic and
take screenshots of the infected system.
THE MODERN VIRUS
• Many types
• Multi partite
• Polymorphic
•
Metamorphic (large due to metamorphic engine)
• Sparse infector
• Macro viruses
• Crypto viruses
THE EARLY DAYS OF CYBER CRIME
Shadow Hawk In 1986, a New Jersey seventeen year old young man named Herbert
Zinn was accused of hacking into the AT&T computer systems. Mr. Zinn later confessed to
the crime. Mr. Zinn, operating with the screen name ‘Shadow Hawk’ worked from his
bedroom in his parents’ house, and stole over fifty computer programs. He was
eventually sentenced to 9 months in jail.
The Morris Worm: In 1988 Cornell University graduate student Robert Morris launches a
worm that spreads to over 6000 computers, clogging networks with an overload of
traffic. The purpose of the worm was to exploit security flaws/holes in the Unix
operating system.
In 1994 a 16 year old boy in the United Kingdom who used the screen name ‘data
stream’ broke into several sensitive systems including Griffith Air Force Base, NASA, and
the Korean Atomic Research Institute. This crime was investigated by Scotland Yard, who
eventually found and arrested the perpetrator.
THINGS GET WORSE
1995 marked the capture of Vladimir Levin, a graduate of St. Petersburg
Tekhnologichesky University. Mr. Leven was the alleged ring leader of an organized
group of Russian hackers. This group was purported to have absconded approximately
10 million dollars from CitbiBank.
1997 Phishing first seen. Now variations like spearphishing and whaling are becoming
more common.
FUGGEDABOUTIT
The middle to late 1990’s saw a new trend. The traditional organized crime
groups, such as the New York Italian Mafia, began to see cyberspace as a rich
new field they could plunder. By 1996 New York Mafia families where involved
in ‘pump and dump’ schemes (described in chapter 1), using the internet to help
inflate and sell the stock. In the mid 1990’s Sovereign Equity Management
Corp., a firm based in Boca Raton Florida, was used as a vehicle for various
pump and dump schemes. The details of the company and the process where
detailed in 1996 by Business Week1. However the essentials are this: the
company was a front to take the money of original investors, put it into low
performing stocks, artificially inflate those stocks, then sell the stocks.
DECEMBER 2009
Hackers broke into computer systems and stole secret
defense plans of the United States and South Korea.
Authorities speculated that North Korea was
responsible. The information stolen included a
summary of plans for military operations by South
Korean and U.S. troops in case of war with North
Korea, though the attacks traced back to a Chinese IP
address. This case is clearly an example of cyber
espionage and a very serious one at that.
CYBER TERRORISM • In 2010 60 minutes broadcast a report on hacking and
cyber terrorism. They clearly showed that our power
plants, and perhaps our hardware is vulnerable.
• Also in 2010 Scientific American had an article on
vulnerabilities in the firmware of chips.
• 2008 CENTCOM is infected with spyware
• 2009 Drone video feed is compromised
CYBER WARFARE 2008-2014
• US government publically acknowledges China supporting
hackers who attack corporate sites. Also claims the Peoples
Liberation Army has information warfare units.
• CIO Magazine, examined the issue of government based cyber
espionage in a 2009 article. Their article discusses the
possibility that the Chinese government was behind a
widespread infiltration of over 1200 computers owned by over
100 countries, with the express purpose of spying on the
activities of those countries. The same article mentions that in
2007 the British government accused China of hacking into the
systems of various British banks.
CHINESE EAGLE UNION
No discussion of cyber terrorism would be complete without a discussion of the
China Eagle Union. This group consists of several thousand Chinese hackers
whose stated goal is to infiltrate western computer systems. There are a number
of web resources regarding this group
http://www.thedarkvisitor.com/2007/10/china-eagle-union/
https://news.hitb.org/node/6164
http://archives.cnn.com/2001/WORLD/asiapcf/east/04/27/china.hackers/in
dex.html
Members and leaders of the group insist that not only does the Chinese
government have no involvement in their activities, but that they are breaking
Chinese law and are in constant danger of arrest and imprisonment. Many
analysts find this claim dubious. Whether the Chinese government is involved in
these attacks or not, some experts consider a state of cyber warfare to
currently exist between China and the United States.
CHINA’S APT
• The security firm, Mandiant tracked several APT's over a
period of 7 years, all originating in China, specifically
Shanghai and the Pudong region. These APT's where simply
named APT1, APT2, etc.
• The attacks were linked to the UNIT 61398 of the China's
Military. The Chinese government regards this units activities
as classified, but it appears that offensive cyber warfare is
one of its tasks. Just one of the APT's from this group
compromised 141 companies in 20 different industries. APT1
was able to maintain access to victim networks for an average
of 365 days, and in one case for 1,764 days. APT1 is
responsible for stealing 6.5 terabytes of information from a
single organization over a 10 month time frame.
HACKING MEDICAL DEVICES
• “One of the briefings at Black Hat this year was a session on
how vulnerable medical devices are to cyber attack, given by
Jay Radcliff. “ – Forbes Magazine 2013
• “A researcher from McAfee, the global tech security company,
was able to hack into an insulin pump and cause the device to
dispense all 300 units of insulin it contained, according to BBC
News. The wireless signals used to communicate with the pump
could compromise the security of the device, researcher Barnaby
Jack said. “We can influence any pump within a 300 foot
range,” Jack told the BBC. “We can make that pump dispense its
entire 300 unit reservoir of insulin and we can do that without
requiring its ID number.” – ABC News 2012
• A single dose of that much insulin can be fatal.
CURRENT TRENDS
• Compromising credit card processing/ATM
• Issues with third party devices
• Dramatic increase in phishing and variations
• Continued sophistication of viruses
• Exploitation of vulnerabilities
• Shellshock, Heartbleed, etc.
FUTURE TRENDS
• More credit breaches (i.e. Target, Home Depot, Kmart)
• More sophisticated attacks (i.e. DNS poisoning, spear
phishing, etc.)
• Increased involvement by governments and other
sophisticated groups
Download