The Technical Side of Internet and Computer Crime

advertisement
VIRGINIA COMMONWEALTH
UNIVERSITY POLICE
Officer Troy C. Ross
Webmaster, VCU Police
THE
TECHNICAL SIDE OF THE
INTERNET & COMPUTER
CRIME
An Introduction to the Net
As of the year 2000, the Internet has become an
international collection of over 9.7 million computer
networks, all very capable of communicating with
one another. Approximately 300 million people
world-wide have access to the Internet (122.6 million
of them being in the United States). So how do each
of these computers connect with one another?
How Computers Connect
Every computer that is connected to the Internet depends on Internet
Protocol (IP) to communicate with one another. Each computer has
an IP Address. An example of an IP Address may look like
128.172.101.102. The first set of digit(s) in this example, 128, identifies
a section of the main Internet system. The next set of digit(s), 172,
identifies a specific network. The next set of digit(s), 101, identifies a
section or department of the specific network. Finally, the last set of
digit(s), 102, identifies a specific computer within that network.
How Computers Connect
128.172.101.102
ISP Server
128.172.101.302
128.172.101.199
ISP
Server
ISP
Server
Typical Diagram of a Network
Surfin’ The Web
Most people who surf the web use
browsers, such as Microsoft Internet
Explorer™ or Netscape Communicator™.
These browsers allow your computer to
connect to servers (computers that store
web site files and "serves" them to you
when requested). These communications
over the net are not private. Nearly everything is sent unencrypted and can be
easily read.
Information Exchange
When computers connect, certain information can be exchanged. For instance, some web
sites can log your IP address. Others can place on your hard drive a "cookie" (a text file
that is stored in the hard drive of your computer, telling the server things about you, your
computer and your activities). Web browsers can be customized in their settings to accept
or reject the cookie. Passwords stored in your computer can possibly be read by programs
operated by malicious users, either locally (physically at your computer) or remotely
(through the web).
Online Protection
There is no fool-proof way to protect your computer 100%, with the exception of turning
it off. But you can protect it about 99% of the time, with the right tools. There is a large
amount of software available that can protect you and your computer. Anti-virus programs
can block trojan files, worm files, and viruses from infecting your computer. These harmful
things can make it vulnerable to outside attacks by malicious users. Firewall programs can
keep other computers from connecting to yours through unguarded ports on your PC.
Certain hardware connected to your computer, such as barricades, can 'hide' your computer
from others on the web.
An Intro to Computer Crime
The most common Internet crime is online fraud. This occurs when you go online,
make a purchase from someone, and the product is never delivered. This often
occurs on auction sites. Fraudulent sites may obtain your credit card information
in order to make purchases on your credit. Some users may become victim to
email pyramid get-rich-quick schemes. You may unknowingly become a victim
when the damage is already done.
Malicious Users Online
A 'hacker' is someone who enjoys the
challenge of deciphering programs and
stretching the capabilities of a program
or a computer. They are not necessarily
malicious users. A 'cracker' is a term used
for persons who intentionally codes
or utilizes programs to bypass security
functions with the intent to gain private
information or unauthorized access to a computer or number of computers.
Malicious Users at Work
There are programs that are available today that allow malicious users to gain access to other
computers and their programs. They use these hacks for several purposes, ranging from causing
simple mischief to major damage. One type of program can 'steal' a password or passwords
allowing the malicious user to do things such as access your email account, login to an Instant
Messenger program and pretend to be you, or access your online banking. Another type of program
can connect their computer to yours in a 'stealth mode' where you would not even be aware. It usually
requires that your computer already be infected by a trojan program so that same trojan program can
open up your computer to theirs. Once done, and if the program is strong in capabilities, the
malicious user can do most anything with your computer remotely. They could access and view all
your files on your hard drive, turn on your microphone or webcam, erase your hard drive(s) and
even turn your computer off. The fact remains that technology has evolved greatly from the age
of the Abacus. Protection is what ALL users of the web need most.
Malicious Users at Work
Why is Cybercrime Increasing?
Connectivity is Global - no boundaries
 Numerous vulnerable targets
 Easy concealment - Anonymous Hacks
 Low equipment costs and access
 Less technical skill required
 Ability to obtain tools, exploits, and
vulnerabilities via the Web

Trends & Methods
Forgery trend growing
 Use of consumer accounts for fraud
 Identity theft - possibly made available
by your computer
 Theft of Credit Card numbers
 Online Auction Fraud
 Child Pornography and Exploitation
 Online Banking Fraud

E-commerce
E-commerce may reach $13 billion
dollars this year alone
 FDIC estimated that most banks
currently have web sites
 GAO estimated that 380 banks offer
direct dial-in services
 Booz-Allen stated, “There were 16
million cyber-banking customers as of
2000” (and it’s growing)

What are we up Against?
Transparent technology - you can’t
touch this
 Assumptions that “it will take care of
itself”
 Unseen background “attacks” by
malicious users
 Lack of Knowledge - “I just don’t
understand this stuff”

What are the Laws?
Possession of Child
Pornography
“Possession of sexually explicit visual material
utilizing or having as a subject a person less than
eighteen years of age”
Click to view statute:
Code of Virginia § 18.2-374.1:1
Production of Child Pornography
Production, publication, sale, possession with intent
to distribute, financing, distribution, etc., of sexually
explicit items involving children; presumption as to
age; severability
Click to view statute:
Code of Virginia § 18.2-374.1
Seizure and Forfeiture
Seizure and forfeiture of all audio and visual
equipment, electronic equipment, devices and other
personal property used in connection with the
production, distribution, publication, sale, possession
with intent to distribute or making of child
pornography following conviction of §18.2- 374.1
Click to view statute:
Code of Virginia § 18.2-374.2
Use of communications systems
to facilitate certain offenses
Includes making personal contact or direct contact
through any agent or agency, any print medium, the
United States mail, any common carrier or
communication common carrier, any electronic
communications system, or any telecommunications,
wire, computer, or radio communications system.
Click to view statute:
Code of Virginia § 18.2-374.3
Virginia Computer Crime Act
§18.2-152.2 Definitions
§18.2-152.3 Computer fraud
§18.2-152.4 Computer trespass
§18.2-152.8 Property capable of
embezzlement
§18.2-152.9 Limitation of
prosecution
§18.2-152.5 Computer invasion of §18.2-152.10 Venue for
privacy
prosecution
§18.2-152.6 Theft of computer
services
§18.2-152.11 Article not exclusive
§18.2-152.12 Civil relief; damages
§18.2-152.7 Personal trespass by
§18.2-152.13 Severability
computer
§18.2-152.14 Computer as
§18.2-152.7:1 Harassment by
instrument of forgery
computer
§18.2-152.15 Encryption used in
Click to view statute
criminal activity
Cyber Stalking
Any person who on more than one occasion engages in
conduct directed at another person with the intent to
place, or when he knows or reasonably should know that
the conduct places that other person in reasonable fear of
death, criminal sexual assault, or bodily injury to that
other person or to that other person's family or
household member
Click to view statute:
Code of Virginia § 18.2-60
Cyber Threats
Any person who knowingly communicates, including an
electronically transmitted communication a threat to kill
or do bodily injury to a person
Click to view statute:
Code of Virginia § 18.2-60
Harassment by Computer
Any person, with the intent to coerce, intimidate, or
harass any person, shall use a computer or computer
network to communicate obscene, vulgar, profane, lewd,
lascivious, or indecent language, or make any
suggestion or proposal of an obscene nature, or
threaten any illegal or immoral act
Click to view statute:
Code of Virginia § 18.2-152.7:1
Communicating Identifying
Information
Any person, with the intent to coerce, intimidate, or
harass another person, publishes the person's name or
photograph along with identifying information as
defined in clauses (iii) through (ix), or clause (xii) of
subsection C of § 18.2-186.3
Click to view statute:
Code of Virginia § 18.2-186.4
“Hacked” Statistics
Of 2738 organizations, 90% reported
security breaches in past 12 months
 70% detected serious breaches - info
theft, fraud, outside penetration
 74% reported financial loss
 only 42% could estimate losses $265,589,940 total (based on 2000 CSI
survey)

Is it Investigated?
36% of respondents in CSI survey
reported the computer crime(s) to Law
Enforcement (a significant increase
from the year 2000 when only 25%
reported any offenses)
 Law Enforcement needs to know to
investigate

HOW DO I PROTECT MYSELF
MY FAMILY, AND MY COMPUTER?
Software Protection
At a very basic level, everyone using the Internet should have software installed
on their computer to protect it. Virginia Commonwealth University does not
endorse these commercial providers or products unless otherwise noted.
http://www.zonealarm.com/
http://www.mcafee.com/
http://www.at.vcu.edu/faq/nav.html
Hardware Protection
At the next level, everyone using the Internet may want to have hardware
installed on their computer to protect it. Virginia Commonwealth University
does not endorse these commercial providers or products unless otherwise noted.
SMC Barricade - http://www.smc.com/
NetGear FS105 - http://www.netgear.com
What your Network should Be
Your Computer
with Anti-Virus
and Firewall
Software Installed
(Excellent Protection)
Your ISP’s
Server
connects you to
the rest of the
World Wide
Web
Your PC connects to
the router or switch
via Ethernet cable
Your Router or
Switch - Hardware
Protection at Best
Router or Switch connects to Cable
Modem or Direct Ethernet to your ISP Server
Online Safety Tips
Register your PC with Operation PC-ID
 Never leave a notebook PC unattended
in public - it’s an easy steal
 When not in use - shutdown PC
 Close a program when not in use
 Never save or store passwords on a PC
 Use STRONG passwords - no easy
guess
WEBLINK: OPERATION PC-ID

More Online Safety Tips
Beware of file attachments - Trojans
 Purchase online from reputable
businesses with secured Browser
 Beware of get-rich-quick emails
 Update anti-virus software weekly
 Set browser options to maximum
protection
 Never give out personal information!

Informational Videos
Web Surfing, Security, and Privacy Online
Internet Security, Hacks, and Trojan Horses
Are You Protected? Find Out! Test Your System
Using ShieldsUP to learn how to Secure your System
Is Your Firewall doing its Job? Find Out!
These links connect to videos online. Steve Gibson (Internet Security Expert), Leo
Laporte (ZDTV), and Kate Botello discuss Internet Security, information your PC
is revealing, and ways you can test your system for safety and privacy. These videos
are in Windows Media format. Please allow time for buffering.
Test Your PC Now
Privacy Analysis of Your Connection
Test the Security of Your PC Online
Test Your Computer’s Firewall Online
These online tests can actually tell you how vulnerable your computer system is online.
If you wonder what information your computer is sending out to the world, these links
will tell you. These sites are 100% safe and fully tested. The test results are accurate.
Reading Resources
Latest Internet Fraud Trends
Internet Fraud Preventative Measures
How You Are Being Traced Over the Net
The IP Address - Your Internet Identity
Brought to you by
WWW.VCU.EDU/POLICE
PRESENTATION BY:
OFFICER TROY C. ROSS
WEBMASTER, VCUPD
UNIT 1420
VCU POLICE DEPARTMENT
918 W. FRANKLIN STREET
RICHMOND, VA. 23834
(804) 828-1196
Download