Chapter 11
Computer Crime and
Information Security
 What’s at stake
 Threats
 Defenses
Please discontinue use of cell
phone and turn off ringer
Succeeding with Technology – 3rd Edition
What’s at stake?
Succeeding with Technology – 3rd Edition
Information Security Overview
 All computer systems are vulnerable to
attack.
 Most are already infected and/or
compromised, including PCs used by most
students in this class.
 It is only going to get worse.
For more info…
• www.mcafee.com/us/threat_center
• www.cert.org
• http://www.microsoft.com/athome/security
Succeeding with Technology – 3rd Edition
Two-thirds of Internet experts
expect a devastating attack on
the Internet between now and
2015.
At stake:
Personal Private Information
 What would concern you most if a
person who wished to do you
harm had full control of your PC?
 What personal information do you
consider private?
All too common headlines…
“Hackers attacked computer servers of a
California university and may have gained access
to the personal information of 59,000 people
affiliated with the school…”
Succeeding with Technology – 3rd Edition
Depending on the
circumstance,
private information
may include your:
•
•
•
•
•
•
•
•
•
•
•
•
•
Name
Photo
Phone number
Address
Birthday
Social Security Number
Bank Account Number
Credit Card Number
College Transcripts
Financial Status
Medical Records
Religious affiliation
Political affiliation
Identity Theft
 Identity theft is the criminal act of using stolen
information about a person to assume that person’s
identity, typically for financial gain.
350
300
250
200
150
100
50
0
2003
2004
2005
Millions of US Dollars Lost to
Identity Theft
Source: http://www.consumer.gov/sentinel/trends.htm
Succeeding with Technology – 3rd Edition
At stake:
Organizational Information

For many businesses, the
information it processes and stores
is highly valuable and key to its
success.



Business intelligences is the
process of gathering and analyzing
information in the pursuit of
business advantage.
Competitive intelligence is
concerned with gathering
information about competitors.
Counterintelligence is concerned
with protecting one’s own
information from access by the
competition.
Succeeding with Technology – 3rd Edition
Biggest security
threats to
businesses in
order of frequency:
• Virus
• Insider abuse of Internet
access
• Laptop theft
• Unauthorized access by
insiders
• Denial-of-service attacks
• System penetration
• Theft of proprietary info
• Sabotage
• Financial fraud
• Telecommunications fraud
• Active wiretap
At stake:
National and Global Security
 Cyberterrorism is a form of
terrorism that uses attacks
over the Internet to intimidate
and harm a population.
Washington, June 8, 2006 – Over the last two
years, Abu Musab al-Zarqawi established the
Web as a powerful tool of the global jihad,
mobilizing computer-savvy allies who inspired
extremists in Iraq and beyond with lurid video
clips of the bombings and beheadings his group
carried out.
Succeeding with Technology – 3rd Edition
Food for thought…
The Internet is a
powerful tool both for
those who wish to
build bridges between
distant cultures and
those that wish to tear
them down.
China Hacking:
http://abcnews.go.com/TheLaw/story?id=3966047
http://www.ciotoday.com/story.xhtml?story_id=022000RB46F8&n
l=5
http://arstechnica.com/news.ars/post/20070914chinese-government-at-the-center-of-five-cyberattack-claims.html
The Cyber Cold War
http://www.reuters.com/article/technologyNews/idU
SL2932083320071129?feedType=RSS&feedNam
e=technologyNews
What are the threats?
Succeeding with Technology – 3rd Edition
Professionalization
“Cyberattack on Google Said to Hit Password
System,” NewYork Times April 2010. (“Ever since
Google disclosed in January that Internet intruders
had stolen information from its computers, the exact
nature and extent of the theft has been a closely
guarded company secret. But a person with direct
knowledge of the investigation now says that the
losses included one of Google’s crown jewels, a
password system that controls access by millions of
users worldwide to almost all of the company’s Web
services, including e-mail and business
applications.”)
Succeeding with Technology – 3rd Edition
Hijacked Websites
"Cyber criminals move focus to web: Cyber
criminals will increasingly turn their attention
to the web and away from e-mail security in
2007" BBC News (Jan. 23, 2007) ("The
internet now represents the easiest way for
cyber criminals to gain entry to corporate
networks, as more users are accessing
unregulated sites, downloading applications
and streaming audio/video. ... They are also
subtly changing tactics - instead of sending
so-called spyware-infected e-mails, they are
sending e-mails linking to websites which
contain a malicious downloader [Trojan].")
Succeeding with Technology – 3rd Edition
Hijacked Websites
Robert McMillan, "The Web is Dangerous, Google
Warns: The search site's bots find that 1 in 1000
Web pages is infected with malicious drive-by
download software" PC World (Feb. 16, 2008) ("In
the past year the Web sites of Al Gore's "An
Inconvenient Truth" movie and the Miami Dolphins
were hacked, and the MySpace profile of Alicia
Keys was used to attack visitors. Criminals ... have
built very successful automated tools that poke and
prod Web sites, looking for programming errors and
then exploit these flaws to install the drive-by
download software. Often this code opens an
invisible iFrame page on the victim's browser that
redirects it to a malicious Web server. That server
then tries to install code on the victim's PC.")
Succeeding with Technology – 3rd Edition
Hardware Devices
"Electronic gadgets latest sources of computer
viruses," CNN.com News (Mar. 13, 2008)
("From iPods to navigation systems, some
of today's hottest gadgets are landing on
store shelves with some unwanted extras
from the factory: pre-installed viruses that
steal passwords, open doors for hackers
and make computers spew spam.")
Succeeding with Technology – 3rd Edition
Social Engineering
"Beware Hurricane Katrina Scams," ask.com (2007)
("Hoaxes, Phishing Attacks, Malware and Other
Threats In The Wake Of Katrina").
Elinor Mills, "Fake parking tickets direct to malicious
Web site," CNET (Feb. 4, 2009) (In a scary onlineoffline Internet scam, hybrid cars in North Dakota
have been tagged with fake parking citations that
include a Web address hosting malicious software
that drops a Trojan onto the computer.")
"Fake media file snares PC users," BBC News (May 8,
2008) ("The fake file poses as a music track, short
video or movie and has been widely seeded on filesharing networks to snare victims.")
Succeeding with Technology – 3rd Edition
Extortion/Ransomware
"CIA: Hackers demanding cash disrupted
power utilities overseas," MIT Technology
Review (Jan. 18, 2008) ("Hackers literally
turned out the lights in multiple cities after
breaking into electrical utilities and
demanding extortion payments before
disrupting the power, a senior CIA analyst
told utility engineers at a trade conference.")
Succeeding with Technology – 3rd Edition
Spam
Larry O'dell, "Va. court upholds
spammer's conviction," USA Today
(Feb. 29, 2008) ("A divided Virginia
Supreme Court affirmed the nation's
first felony conviction for illegal
spamming on Friday, ruling that
Virginia's anti-spamming law does not
violate free-speech rights.")
Succeeding with Technology – 3rd Edition
Botnets
John Markoff, "Attack of the Zombie
Computers Is a Growing Threat,
Experts Say," NY Times (Jan. , 2007)
("These systems, called botnets, are
being blamed for the huge spike in
spam that bedeviled the Internet in
recent months, as well as fraud and
data theft.")
Succeeding with Technology – 3rd Edition
Logic Bomb
Thomas Claburn, "Fannie Mae Contractor Indicted For
Logic Bomb," Information Week (Jan. 29, 2009) ("A
contract software engineer at a federal agency is
accused of planting a logic bomb in the agency's
system after he was fired for making a mistake. The
malware could have shut down operations for a week
at mortgage bank Fannie Mae had it gone off as
scheduled.")
Richard Adhikari, "SF's Rogue IT Admin Facing 4
Felonies," InformationWeek (Dec. 29, 2008) ("San
Francisco District Attorney ... announced ... that Terry
Childs, 43, will be arraigned ... He is accused of
tampering with the city and county of San Francisco's
network system in such a way as to deny other
authorized administrators access to the network, and
to set up devices to gain unauthorized access to the
system.")
Succeeding with Technology – 3rd Edition
Rootkits
"Warning on stealthy Windows virus," BBC.com (Jan. 11, 2008)
("Security experts are warning about a stealthy Windows
virus [dubbed "Mebroot"] that steals login details for online
bank accounts. ... Many are falling victim via booby-trapped
websites that use vulnerabilities in Microsoft's browser to
install the attack code. ... the virus [a type known as a
rootkit] is dangerous because it buries itself deep inside
Windows to avoid detection. ... Once installed, the virus ...
usually downloads other malicious programs, such as
keyloggers, to do the work of stealing confidential
information. ... Mebroot ... uses its hidden position ... so it
can re-install these associated programs [keyloggers, etc.]
if they are deleted by anti-virus software. Although the
password-stealing programs that Mebroot installs can be
found by security software, few commercial anti-virus
packages currently detect [Mebroot's] presence [and it]
cannot be removed while a computer is running.").
Succeeding with Technology – 3rd Edition
How do they work?
Succeeding with Technology – 3rd Edition
Gaining control of your
computer
 Login as you: use your authentication
 Guessing your password
 Steal your password
 Invade your computer while you use it
 Cause your computer to execute code
(instructions) without you knowing it
Succeeding with Technology – 3rd Edition
Gaining your password
 Key-logging software
 Even the sounds of typing can be
decoded




Packet-sniffing software
Packet-spoofing software
Port scanning software
Social engineering
 phishing
Succeeding with Technology – 3rd Edition
Invading your computer
 Trojan Horse---performs a useful
task, while also carrying out some
secret destructive act.
 Logic bomb
 Virus---same as a biological virus.
Spreads from program to program,
or disk to disk, using each infected
machine to make more copies of
itself.
 Worms---Like viruses, use computer
hosts to reproduce themselves.
Unlike viruses, worm programs
travel independently over computer
networks.
Viruses and worms are considered malicious
software, or malware, Check out the latest malware
at http://www.mcafee.com/us/threat_center
Succeeding with Technology – 3rd Edition
But how?
 Exploit Vulnerabilities due to security
or policy flaws




Buffer overflow attacks
Time-of-check to time-of-use
Operation with user privileges
Security patches
Succeeding with Technology – 3rd Edition
Viruses and Worms
Yeah right! This didn’t come from Microsoft.
The attachment is not a patch, nor an
innocent text file (as it appears) but an
executable file containing a virus.
Succeeding with Technology – 3rd Edition
WEB PAGE
EMAIL
Web Server
Shared
Network
P2P
FILE-SHARING
NETWORK
P2P NETWORK
Succeeding with Technology – 3rd Edition
INSTANT
MESSAGE
Portable
Device
Spyware, Adware, and Zombies
 Spyware is software installed on a
computer without the user’s
knowledge to either monitor the user
or allow an outside party to control the
computer.
The Internet service provider Earthlink said it uncovered
an average of 28 spyware programs on each of its
member’s PCs that were scanned
Adware is spyware that displays advertisements.
Succeeding with Technology – 3rd Edition
Zombies
 A computer that carries out actions
(often malicious) under the remote
control of a hacker either directly or
through spyware or a virus is called a
zombie computer.
Experts say hundreds of thousands
of computers are added to the ranks
of zombies each week.
Succeeding with Technology – 3rd Edition
Zombies
 Zombie computers can join together to form zombie
networks (botnet). Zombie networks apply the
power of multiple PCs to overwhelm Web sites with
distributed denial-of-service attacks, to crack
complicated security codes, or to generate huge
batches of spam.
It has been estimated that 80 to 90
percent of spam originates from
zombie computers.
Storm worm botnet for rent
Succeeding with Technology – 3rd Edition
Scams, Spam, Fraud, and
Hoaxes
Succeeding with Technology – 3rd Edition
Scams, Spam, Fraud, and
Hoaxes
 Internet fraud is the crime of
deliberately deceiving a person
over the Internet in order to
damage them and to obtain
property or services from him or her
unjustly.
 A phishing scam combines both
spoofed e-mail and a spoofed Web
site in order to trick a person into
providing private information.
350
300
250
200
150
100
50
0
2003
2004
Millions of US$ Lost to Internet Fraud
Spoofing is the act of assuming the identity of another person or organization
typically through email or on the Web.
Succeeding with Technology – 3rd Edition
2005
Classic Phishing

Is this email from customer.service@citibank.com
legitimate?
Holding the mouse
pointer over the link
in the original email
shows that it really
links to
http://24.27.89.64:87
most likely a hacker’s
Website.
Succeeding with Technology – 3rd Edition
If you clicked the
link it would take
you to a spoofed
Citibank Webpage
that looks like the
real thing, and ask
you to supply
personal
information like
your username and
password.
Scams, Spam, Fraud, and
Hoaxes
 Spam is the unsolicited
junk mail that makes up
more than 60 percent of
today’s email.
 A virus hoax is an email
that warns of a virus that
doesn’t exist.
Succeeding with Technology – 3rd Edition
Scams, Spam, Fraud, and
Hoaxes

The email that has gotten thousands of Windows users to trash their own
systems…
The objective of this e-mail is to warn all Hotmail users about a new virus that is
spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent
automatically by the Messenger and by the address book too. The virus is not
detected by McAfee or Norton and it stays quiet for 14 days before damaging the
system.
The virus can be cleaned before it deletes the files from your system. In order to
eliminate it, it is just necessary to do the following steps:
1. Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe
3.- Be sure that you are searching in the drive "C"
4.- Click "find now"
5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO
NOT OPEN IT FOR ANY REASON
6.- Right click and delete it (it will go to the Recycle bin)
7.- Go to the recycle bin and delete it or empty the recycle bin.
IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO
ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT
CAN CAUSE ANY DAMAGE.
Succeeding with Technology – 3rd Edition
Scams, Spam, Fraud, and
Hoaxes

The email that has gotten thousands of Windows users to trash their own
systems…
Do the search. Oh
no! I’ve got the
Teddy Bear virus!
Better delete it!
For more on this topic check out
www.vmyths.com
Think
again!
That file with the silly little Teddy bear icon is
actually a necessary system file in Windows!
Succeeding with Technology – 3rd Edition
Mini-quiz
 Give an example of a “buffer overflow”
attack.
Succeeding with Technology – 3rd Edition
11.2
Defenses
Succeeding with Technology – 3rd Edition
Passwords
 A username identifies the user to the
computer system.
 A password is a combination of characters
known only to the user and used for
authentication.
 For a password to be effective it should be:
 strong by including words that are unrelated to
your interests, and include upper and lowercase
letters, numbers, and symbols
 unique – don’t use the same password for your
bank account as you do for your email account
 changed regularly – change your password
twice a year OR MAYBE NOT
Succeeding with Technology – 3rd Edition
ID Devices and Biometrics
 Security ID cards and tokens,
“something you have” authentication,
are used in some corporations to
protect access to restricted areas and
computer systems.
 Biometrics is the science and
technology of authentication by
scanning and measuring a person’s
unique physical features such as
fingerprints, retinal patterns, and
facial characteristics.
More about tokens:
http://en.wikipedia.org/wiki/Security-Token
http://www.opticom.lv/en/products/security/authentication/rsa123/rsa1/
Succeeding with Technology – 3rd Edition
Check out Face Recognition
User Permissions
 User Permissions refers to the access
privileges afforded to each network user in
terms of who is able to read, write, and
execute a file, folder, or drive.
 Files and folders are
assigned user and group
ownership.
System
Administrator
1
2
4
5
6
3
User 1
Succeeding with Technology – 3rd Edition
User 2
User Permissions
 Different operating systems have
differing ways of handling user
permissions.
UNIX
Windows XP (home)
Succeeding with Technology – 3rd Edition
Mac OS X
Encryption
 Encryption is a security technique that uses highlevel mathematical functions and computer
algorithms to encode data so that it is unintelligible
to all but the intended recipient.
 Data stored on a PC can be encrypted and set so
that a second password is required to decrypt it.
Demo: Encrypting a PPT file (tools > options > security)
More on Encryption: http://en.wikipedia.org/wiki/Encryption
Succeeding with Technology – 3rd Edition
Encryption

Computer encryption systems generally belong in
1 of 2 categories:



Symmetric-key encryption
Public-key encryption
Symmetric-key




Each computer has a secret key used to encrypt a packet
before it is sent over the network.
Requires knowing which computers will be talking so you
can install the key on each one.
Advanced Encryption Standard (AES), uses 128-, 192- or
256-bit keys.
A 128-bit key can have more than
300,000,000,000,000,000,000,000,000,000,000,000 key
combinations
Succeeding with Technology – 3rd Edition
Public-key Encryption
 Public-key encryption uses two different keys at
once -- a private key and a public key.
 The private key is known only to one computer, the
public key is available to all.
 Use the receiver’s public key to encrypt your
message. Only the possessor of the private key can
decrypt the message.
 A message encrypted with a private key, can be
decrypted with the corresponding public key.
 The key pair is based on prime numbers (numbers
that only have divisors of itself and one, such as 2,
3, 5, 7, 11 and so on) of long length.
 The encryption is computationally intensive.
 Used together with symmetric-key encryption.
Succeeding with Technology – 3rd Edition
Certification Authorities
 But how do we know the specified public
key really belongs to the named site?
 That's where the certification authorities
come in.
 The certification authorities validate the
public key.
 Secure network communications is the
Secure Sockets Layer (SSL) and Transport
Layer Security (TLS) protocols.
Succeeding with Technology – 3rd Edition
Threats to Wireless Networks
 Neighbors
 Internet Hackers
 Passers by
 www.wardriving.com
Z
Wireless Access
Point / Router
Cable Modem
To Cable
Wireless Access
Co. Point / Router
The Internet
Cable Modem
Succeeding with Technology – 3rd Edition
Securing a Wireless Network
 Use the Access Points configuration utility
to:
 Disable the Access Point’s broadcasting to
make the access point invisible to the general
public.
 Change the Access Point’s password from the
default.
 Set the Access Point to only allow certain
computers (MAC addresses) to connect.
 Encrypt data being sent over the network with
WEP or WPA.
Succeeding with Technology – 3rd Edition
Defending Against Hackers
 A firewall is network hardware and software
that examines all incoming data packets and
filters out ones that are potentially
dangerous.
 All Windows users should protect their network
connection with a firewall.
Succeeding with Technology – 3rd Edition
Defending Against Viruses and
Worms
Knowledge and caution play

Antivirus software, also known as virus
scan software, uses several techniques
to find viruses on a computer system,
remove them if possible, and keep
additional viruses from infecting the
system.
Succeeding with Technology – 3rd Edition
a big part in protecting PCs
against viruses and worms:
• Don’t open e-mail or IM
attachments that come from
friends or strangers unless
they are expected and
inspected by antivirus
software.
• Keep up with software
patches for your operating
system, your Web browser,
your e-mail and IM software.
• Use caution when exploring
Web sites created and
maintained by unknown
parties.
• Avoid software from unknown
sources.
• Stay away from file-sharing
networks; they do not protect
users from dangerous files
that are being swapped
Defending Against Spyware
 Antispyware is software that searches a
computer for spyware and other software
that may violate a user’s privacy, allows the
user to remove it, and provides continuing
protection against future attacks.
Succeeding with Technology – 3rd Edition
Defending Against Scams, Spam,
Fraud, and Hoaxes
 To avoid phishing scams, do not click links received
in email.
 Exam Web addresses closely to make sure that
they are legitimate.
 Submit form data only from Web pages that have a
secure connection (https://)
 Do not believe any virus warning unless it comes
from a verifiable source.
 Use common sense and be wary of offers too good
to be true.
Succeeding with Technology – 3rd Edition