VIRGINIA COMMONWEALTH UNIVERSITY POLICE Officer Troy C. Ross Webmaster, VCU Police THE TECHNICAL SIDE OF THE INTERNET & COMPUTER CRIME An Introduction to the Net As of the year 2000, the Internet has become an international collection of over 9.7 million computer networks, all very capable of communicating with one another. Approximately 300 million people world-wide have access to the Internet (122.6 million of them being in the United States). So how do each of these computers connect with one another? How Computers Connect Every computer that is connected to the Internet depends on Internet Protocol (IP) to communicate with one another. Each computer has an IP Address. An example of an IP Address may look like 128.172.101.102. The first set of digit(s) in this example, 128, identifies a section of the main Internet system. The next set of digit(s), 172, identifies a specific network. The next set of digit(s), 101, identifies a section or department of the specific network. Finally, the last set of digit(s), 102, identifies a specific computer within that network. How Computers Connect 128.172.101.102 ISP Server 128.172.101.302 128.172.101.199 ISP Server ISP Server Typical Diagram of a Network Surfin’ The Web Most people who surf the web use browsers, such as Microsoft Internet Explorer™ or Netscape Communicator™. These browsers allow your computer to connect to servers (computers that store web site files and "serves" them to you when requested). These communications over the net are not private. Nearly everything is sent unencrypted and can be easily read. Information Exchange When computers connect, certain information can be exchanged. For instance, some web sites can log your IP address. Others can place on your hard drive a "cookie" (a text file that is stored in the hard drive of your computer, telling the server things about you, your computer and your activities). Web browsers can be customized in their settings to accept or reject the cookie. Passwords stored in your computer can possibly be read by programs operated by malicious users, either locally (physically at your computer) or remotely (through the web). Online Protection There is no fool-proof way to protect your computer 100%, with the exception of turning it off. But you can protect it about 99% of the time, with the right tools. There is a large amount of software available that can protect you and your computer. Anti-virus programs can block trojan files, worm files, and viruses from infecting your computer. These harmful things can make it vulnerable to outside attacks by malicious users. Firewall programs can keep other computers from connecting to yours through unguarded ports on your PC. Certain hardware connected to your computer, such as barricades, can 'hide' your computer from others on the web. An Intro to Computer Crime The most common Internet crime is online fraud. This occurs when you go online, make a purchase from someone, and the product is never delivered. This often occurs on auction sites. Fraudulent sites may obtain your credit card information in order to make purchases on your credit. Some users may become victim to email pyramid get-rich-quick schemes. You may unknowingly become a victim when the damage is already done. Malicious Users Online A 'hacker' is someone who enjoys the challenge of deciphering programs and stretching the capabilities of a program or a computer. They are not necessarily malicious users. A 'cracker' is a term used for persons who intentionally codes or utilizes programs to bypass security functions with the intent to gain private information or unauthorized access to a computer or number of computers. Malicious Users at Work There are programs that are available today that allow malicious users to gain access to other computers and their programs. They use these hacks for several purposes, ranging from causing simple mischief to major damage. One type of program can 'steal' a password or passwords allowing the malicious user to do things such as access your email account, login to an Instant Messenger program and pretend to be you, or access your online banking. Another type of program can connect their computer to yours in a 'stealth mode' where you would not even be aware. It usually requires that your computer already be infected by a trojan program so that same trojan program can open up your computer to theirs. Once done, and if the program is strong in capabilities, the malicious user can do most anything with your computer remotely. They could access and view all your files on your hard drive, turn on your microphone or webcam, erase your hard drive(s) and even turn your computer off. The fact remains that technology has evolved greatly from the age of the Abacus. Protection is what ALL users of the web need most. Malicious Users at Work Why is Cybercrime Increasing? Connectivity is Global - no boundaries Numerous vulnerable targets Easy concealment - Anonymous Hacks Low equipment costs and access Less technical skill required Ability to obtain tools, exploits, and vulnerabilities via the Web Trends & Methods Forgery trend growing Use of consumer accounts for fraud Identity theft - possibly made available by your computer Theft of Credit Card numbers Online Auction Fraud Child Pornography and Exploitation Online Banking Fraud E-commerce E-commerce may reach $13 billion dollars this year alone FDIC estimated that most banks currently have web sites GAO estimated that 380 banks offer direct dial-in services Booz-Allen stated, “There were 16 million cyber-banking customers as of 2000” (and it’s growing) What are we up Against? Transparent technology - you can’t touch this Assumptions that “it will take care of itself” Unseen background “attacks” by malicious users Lack of Knowledge - “I just don’t understand this stuff” What are the Laws? Possession of Child Pornography “Possession of sexually explicit visual material utilizing or having as a subject a person less than eighteen years of age” Click to view statute: Code of Virginia § 18.2-374.1:1 Production of Child Pornography Production, publication, sale, possession with intent to distribute, financing, distribution, etc., of sexually explicit items involving children; presumption as to age; severability Click to view statute: Code of Virginia § 18.2-374.1 Seizure and Forfeiture Seizure and forfeiture of all audio and visual equipment, electronic equipment, devices and other personal property used in connection with the production, distribution, publication, sale, possession with intent to distribute or making of child pornography following conviction of §18.2- 374.1 Click to view statute: Code of Virginia § 18.2-374.2 Use of communications systems to facilitate certain offenses Includes making personal contact or direct contact through any agent or agency, any print medium, the United States mail, any common carrier or communication common carrier, any electronic communications system, or any telecommunications, wire, computer, or radio communications system. Click to view statute: Code of Virginia § 18.2-374.3 Virginia Computer Crime Act §18.2-152.2 Definitions §18.2-152.3 Computer fraud §18.2-152.4 Computer trespass §18.2-152.8 Property capable of embezzlement §18.2-152.9 Limitation of prosecution §18.2-152.5 Computer invasion of §18.2-152.10 Venue for privacy prosecution §18.2-152.6 Theft of computer services §18.2-152.11 Article not exclusive §18.2-152.12 Civil relief; damages §18.2-152.7 Personal trespass by §18.2-152.13 Severability computer §18.2-152.14 Computer as §18.2-152.7:1 Harassment by instrument of forgery computer §18.2-152.15 Encryption used in Click to view statute criminal activity Cyber Stalking Any person who on more than one occasion engages in conduct directed at another person with the intent to place, or when he knows or reasonably should know that the conduct places that other person in reasonable fear of death, criminal sexual assault, or bodily injury to that other person or to that other person's family or household member Click to view statute: Code of Virginia § 18.2-60 Cyber Threats Any person who knowingly communicates, including an electronically transmitted communication a threat to kill or do bodily injury to a person Click to view statute: Code of Virginia § 18.2-60 Harassment by Computer Any person, with the intent to coerce, intimidate, or harass any person, shall use a computer or computer network to communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any suggestion or proposal of an obscene nature, or threaten any illegal or immoral act Click to view statute: Code of Virginia § 18.2-152.7:1 Communicating Identifying Information Any person, with the intent to coerce, intimidate, or harass another person, publishes the person's name or photograph along with identifying information as defined in clauses (iii) through (ix), or clause (xii) of subsection C of § 18.2-186.3 Click to view statute: Code of Virginia § 18.2-186.4 “Hacked” Statistics Of 2738 organizations, 90% reported security breaches in past 12 months 70% detected serious breaches - info theft, fraud, outside penetration 74% reported financial loss only 42% could estimate losses $265,589,940 total (based on 2000 CSI survey) Is it Investigated? 36% of respondents in CSI survey reported the computer crime(s) to Law Enforcement (a significant increase from the year 2000 when only 25% reported any offenses) Law Enforcement needs to know to investigate HOW DO I PROTECT MYSELF MY FAMILY, AND MY COMPUTER? Software Protection At a very basic level, everyone using the Internet should have software installed on their computer to protect it. Virginia Commonwealth University does not endorse these commercial providers or products unless otherwise noted. http://www.zonealarm.com/ http://www.mcafee.com/ http://www.at.vcu.edu/faq/nav.html Hardware Protection At the next level, everyone using the Internet may want to have hardware installed on their computer to protect it. Virginia Commonwealth University does not endorse these commercial providers or products unless otherwise noted. SMC Barricade - http://www.smc.com/ NetGear FS105 - http://www.netgear.com What your Network should Be Your Computer with Anti-Virus and Firewall Software Installed (Excellent Protection) Your ISP’s Server connects you to the rest of the World Wide Web Your PC connects to the router or switch via Ethernet cable Your Router or Switch - Hardware Protection at Best Router or Switch connects to Cable Modem or Direct Ethernet to your ISP Server Online Safety Tips Register your PC with Operation PC-ID Never leave a notebook PC unattended in public - it’s an easy steal When not in use - shutdown PC Close a program when not in use Never save or store passwords on a PC Use STRONG passwords - no easy guess WEBLINK: OPERATION PC-ID More Online Safety Tips Beware of file attachments - Trojans Purchase online from reputable businesses with secured Browser Beware of get-rich-quick emails Update anti-virus software weekly Set browser options to maximum protection Never give out personal information! Informational Videos Web Surfing, Security, and Privacy Online Internet Security, Hacks, and Trojan Horses Are You Protected? Find Out! Test Your System Using ShieldsUP to learn how to Secure your System Is Your Firewall doing its Job? Find Out! These links connect to videos online. Steve Gibson (Internet Security Expert), Leo Laporte (ZDTV), and Kate Botello discuss Internet Security, information your PC is revealing, and ways you can test your system for safety and privacy. These videos are in Windows Media format. Please allow time for buffering. Test Your PC Now Privacy Analysis of Your Connection Test the Security of Your PC Online Test Your Computer’s Firewall Online These online tests can actually tell you how vulnerable your computer system is online. If you wonder what information your computer is sending out to the world, these links will tell you. These sites are 100% safe and fully tested. The test results are accurate. Reading Resources Latest Internet Fraud Trends Internet Fraud Preventative Measures How You Are Being Traced Over the Net The IP Address - Your Internet Identity Brought to you by WWW.VCU.EDU/POLICE PRESENTATION BY: OFFICER TROY C. ROSS WEBMASTER, VCUPD UNIT 1420 VCU POLICE DEPARTMENT 918 W. FRANKLIN STREET RICHMOND, VA. 23834 (804) 828-1196