SlideShare a Scribd company logo

Cyber crimeppt1-1209117277348428-8

Download as PPT, PDF
Ajeet Choudhary
Ajeet Choudhary

Cybercrime takes many forms and causes significant financial damages. Common cybercrimes include theft of proprietary data, financial fraud, and system sabotage carried out by both outsiders and insiders. Cyberattacks are perpetrated by various types of cybercriminals including hackers, professional spies, and disgruntled employees. These attacks cost organizations millions of dollars in losses each year.

EducationTechnology
1 of 23
CYBERCRIME • Cybercrimes reach everywhere and hurt everyone: – Electronic commerce crime (like the theft of hundreds of thousands of credit card records) threatens the internet boom that has fueled the unprecedented economic growth in the U.S. – Economic espionage (like theft of biotech secrets stored in digital files) threatens U.S. competitiveness in the global marketplace. – Infrastructure attacks (like an assault against a nation’s power grid) threaten the safety and well-being of whole populations. MSIA711.02 1
CYBERCRIME • Types of Cybercriminals - defy stereotypes: – Dishonest or disgruntled insiders (such as employees, ex- employees, contractors, temporary workers) who want to sell your trade secrets, commit financial fraud, or just destroy your data or networks for revenge. – Hackers, who break in simply to explore and vandalize. – Crackers, who break in to steal or destroy information. – Professional spies and saboteurs; the most elusive, who work for rival governments and competing corporations. They are paid and are very adept. They can bring down your company, your government, or crash your stock market. They are rarely caught. MSIA711.02 2
CYBERCRIME • Types of Cybercriminals - “youthful hackers” and other that demonstrate the following traits: – Precociousness, curiosity and persistence – Habitual lying, cheating, stealing and exaggerating – Juvenile idealism, e.g., “power to the people,” “if it feels good, do it.” – Hyperactivity. – Drug and alcohol abuse. – Behavioral characteristics listed on tables 2.1 - 2.4. MSIA711.02 3
CYBERCRIME • Types of Cybercrime: – Unauthorized access by insiders (such as employees) – System penetration by outsiders (such as hackers) – Theft of proprietary information (whether a simple user ID and password or a trade secret worth millions of dollars) – Financial fraud using computers – Sabotage of data or networks – Disruption of network traffic (e.g., denial of service attacks) MSIA711.02 4
CYBERCRIME • Types of Cybercrime, continued: – Creation and distribution of computer viruses – Software piracy – Identity theft – Hardware theft (e.g., laptop theft). – Terrorists that target critical infrastructures, such as the PSTN, power grid, and the air traffic control system. MSIA711.02 5
CSI/FBI Computer Crime and Security Survey Results Revealed: • Organizations are under cyberattack from both inside and outside their electronic perimeters. • A wide range of cyberattacks have been declared. • Cyberattacks can result in serious financial losses. • Defending successfully against such attacks requires more than just the use of information security technologies. MSIA711.02 6
CYBERCRIME 2000 • Types of Cyberattacks, by percentage (source- FBI) – Financial fraud: 11% – Sabotage of data/networks: 17% – Theft of proprietary information: 20% – System penetration from the outside: 25% – Denial of service: 27% – Unauthorized access by insiders: 71% – Employee abuse of internet privileges 79% – Viruses: 85% MSIA711.02 7
CYBERCRIME 2000 • “If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder.” – Manipulate data integrity 6.8% – Installed a sniffer 6.6% – Stole password files 5.6% – Proving/scanning systems 14.6% – Trojan logons 5.8% – IP spoofing 4.8% – Introduced virus 10.6% – Denied use of services 6.3% MSIA711.02 8
CYBERCRIME 2000 • “If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder.” – Downloaded data 8.1% – Compromised trade secrets 9.8% – Stole/diverted money 0.3% – Compromised e-mail/documents 12.6% – Publicized intrusion 0.5% – Harassed personnel 4.5% – Other 3.0% MSIA711.02 9
CYBERCRIME 2000 • What was done to insiders caught misusing company information? – Oral admonishment 54.3% – Written admonishment 20.9% – Suspended 5.4% – Resigned 6.2% – Fired 8.5% – Referred to Law Enforcement 1.6% – Out-of-Court settlement 0.0% – No action 3.1% – Other 0.0% MSIA711.02 10
CYBERCRIME 2000 • Cost of Cybercrime during the year 2000: – FBI statistics: 273 reported incidents, for a total loss of $265,589,940. – Prominent news items: • Kevin Mitnick’s (“Condor”) hacking spree cost high-tech companies at least $291.8 million over a two-year span before his capture. • David L. Smith, a 31 year-old programmer, pleaded guilty to creating the Melissa virus and using an ex-rated web site to spread it through cyberspace, causing $80 million in damages. • 4 High School Kids hacked into a Bay Area internet server and used stolen credit card numbers to order computer equipment: $200k. • A temporary employee broke into Forbes’ computers, caused a computer crash, that cost Forbes $100,000 to restore. MSIA711.02 11
CYBERCRIME 2000 • Calculating the Cost of Information Security: – Capital costs, such as hardware, software, networks, servers and switches. – Administration costs, such as management of the assets, security monitoring and follow-up, legal assistance, and audit department – Technical support costs, when all the people call the help desk, documentation of the calls, end-user training, etc. – End user operational costs, such as the management of user data of resources breached, awareness training of users. MSIA711.02 12
CYBERCRIME 2000 • System Penetration from the Outside costs: – Downtime/lost opportunity/ lost business – Staff time – Consultant fees – Legal time – Cost breakdown by information security steps taken: • detection • response • repair • prosecution MSIA711.02 13
Hackers, Crackers, and Virus Writers • Mischief Makers – The Morris Worm • In 1988, Robert Morris, Jr., a 23-year old graduate student in computer science at Cornell and the son of a NSA computer security expert, wrote an experimental, self-replicating, self-propagating program called a worm (99 lines of code) and injected it into the internet. He chose to release it from MIT, to disguise the fact that the worm came from Cornell. • 60,000 computer sites at universities, military sites, hospitals, research facilities, corporations and government institutions were affected; the estimated cost of dealing with the worms ranged from $200 to $50,000 for each site • Morris was convicted of violating the Computer Fraud and Abuse Act; he received 3 years’ probation, 400 hours of community service, and a fine of $10,050. MSIA711.02 14
Hackers, Crackers, and Virus Writers • Mischief Makers, continued: – “Datastream Cowboy” and “Kuji” attack USAF’s Rome Labs • 26 days of attacks; 20 days of monitoring • 7 sniffers, over 150 intrusions from 10 points of origin from 8 different countries • Priceless cost to national security, but $211,722 to undo damage to computer systems. Investigative costs also not included • Datastream = 16-years old Richard Pryce (UK); pleaded guilty in British Court and paid a 1,200 British pounds. • Kuji = Matthew Bevan; after 20 hearings, the charges were dropped. MSIA711.02 15
Hackers, Crackers, and Virus Writers • Mischief Makers, continued: – “HotterthanMojaveinmyheart” AKA “El Griton,” Julio Ardita • Hacked into NASA, DoD, U.S. colleges, and colleges in Korea, Mexico, Taiwan, Chile and Brazil • Hacked into the private telephone systems of companies in his native Argentina, dialed into Harvard U’s computer system, and launched his U.S. hacking attacks through Harvard. • Caught: USN San Diego detected that certain system files had been altered - they uncovered a sniffer file and a file that contained the passwords he was logging, and programs to gain root access and to cover tracks. Argentine officials arrested him for hacking into telephone company facilities, seized his computers. • $15K telephone service theft, millions in damaged files and investigative costs yielded a $5k fine and 3 years of probation. MSIA711.02 16
Hackers, Crackers, and Virus Writers • Data Theft - Crackers – Carlos “SMAK” Salgado • Hacked several companies doing business on the WWW, including an ISP, gained unauthorized access, and harvested tens of thousands of credit card records. • Two of the companies involved had no knowledge of being hacked until they were contacted by the FBI • SMAK made about $200k from the sale of credit card information to other criminals, who in turn inflicted $10 million in damage upon the consuming public. • SMAK pleaded guilty on four of the five counts, and received 2 1/2 years in federal prison and five years of probation. MSIA711.02 17
Hackers, Crackers, and Virus Writers • Cyber Bank Robbers – Vladimir Levin and the great 1994 Citibank online heist: • Not an internet heist, per se: Citibank’s product, the Customer Cash Management Account (CCMA), was a dial-up telecom-based product. • Product tradeoff favored ease of use at the expense of security. • No evidence of insider collusion; all fraud was external to Citibank • Series of fraudulent account transfers netted Levin $10 million U.S. • It took the FBI 30 months to convince the Russians to extradite Levin; he was convicted, fined $240,015, and received a 3-year prison term. MSIA711.02 18
Hackers, Crackers, and Virus Writers • The Phonemasters Case – “Blacknet” and the stolen information brokers – Toll fraud- downloaded scripts of telephone numbers, including toll-free numbers, and then loaded them onto public switched telephone network databases with phony billing addresses. – Credit card fraud: stole identities, created identities, and cashed in on others’ credit. – $1.85 million stolen; jail time was 41, 24 and 18 months for the 3. – Knowledge of information security techniques: • how to pull out sniffers • how to get around secure identification systems • how to install back doors. MSIA711.02 19
Hackers, Crackers, and Virus Writers • Hackivists and Cybervandals – Defined: • “Hactivism is the marriage of hacking and activism. It covers operations that use hacking techniques against a target internet site with the intent of disrupting normal operations but not causing serious damage. Examples are web sit-ins and virtual blockades, and computer viruses and worms.” • “Cyberterrorism is the convergence of cyberspace and terroism. It covers politically motivated hacking operations intended to cause grave harm such as the loss of life or severe economic damage.” Dorothy Denning , Georgetown U. – Who are the Internet Liberation Front and the Zombies? MSIA711.02 20
Hackers, Crackers, and Virus Writers • Hackivists and Cybervandals, continued: – Attack of the Zombies: the Distributed Denial of Service (DDOS) attack on Yahoo!, eBay, and Amazon.com during 2/2000. • DDOS tools “Trinoo” and “Tribe Flood Network” (TFN) hit on 7-9 February 2000. – Yahoo! Hit first; lost about 20% of its page hits. – eBay incapacitated for hours; buy.com hit a low of 9.4% availability, and CNN’s was 5%. It took users 5 minutes to access Amazon.com • Several claims were made in hacker bulletin boards that the DDOS attacks were launched in retaliation for the “commercialization” of the internet. Damages estimated at $100 million to $1.2 billion. • Many were questioned; no one was charged. MSIA711.02 21
MALWARE • Malicious Software – Melissa, CIH/Chernobyl, Happy99, ExploreZip – Chews up hard disks, corrupts files, disrupts operations. – Transmitted through the internet via popular e-mail features to propagate itself • Melissa through MS Word 97 and 2000 applications • Happy99.exe Trojan Horse displays “Happy99” and fireworks, and then mails itself to lots of people with addresses on the victim’s browser. • Melissa: cost $93 - 385 million in damage! MSIA711.02 22
MALWARE • The Virus Curve • Virus Year Type Reach Period Damages – Jerusalem, 1990 .exe file, 3 years $50 mill – Cascade boot sector – Concept 1995 Word macro 4 months $50 mill – Melissa 1999 E-mailed, 4 days $93- – Word macro $385 mil – Love Bug 2000 E-mail and 5 hours >700mil – enabled, VBS MSIA711.02 23

Recommended

CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
Health IT Conference – iHT2
 
Ddos extortion campaigns
Ddos extortion campaignsDdos extortion campaigns
Ddos extortion campaigns
Roel Palmaers
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Andrea Rossetti
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
MehediHasan996
 
Managing System Security
Managing System SecurityManaging System Security
Managing System Security
PIREH
 
Cyber crime and security
Cyber crime and security Cyber crime and security
Cyber crime and security
BasitShah18
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
CYBER CRIME
CYBER CRIME CYBER CRIME
CYBER CRIME
Raaz Shukla
 

Recommended

CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
CHIME LEAD Forum Houston - Opening Keynote "What is Cyber Security and Why is...
Health IT Conference – iHT2
 
Ddos extortion campaigns
Ddos extortion campaignsDdos extortion campaigns
Ddos extortion campaigns
Roel Palmaers
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Andrea Rossetti
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
MehediHasan996
 
Managing System Security
Managing System SecurityManaging System Security
Managing System Security
PIREH
 
Cyber crime and security
Cyber crime and security Cyber crime and security
Cyber crime and security
BasitShah18
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
Bill Ross
 
CYBER CRIME
CYBER CRIME CYBER CRIME
CYBER CRIME
Raaz Shukla
 
Quotes about cyber security
Quotes about cyber securityQuotes about cyber security
Quotes about cyber security
TruShield Security Solutions
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Ranjan Som
 
Managing and securing the enterprise
Managing and securing the enterpriseManaging and securing the enterprise
Managing and securing the enterprise
Abha Damani
 
Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015
Cybernetic Global Intelligence
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_Class
Dr. Robert L. Straitt
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
AVG Technologies AU
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
Lumension
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber Crime
Deepak Kumar
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
Chinatu Uzuegbu
 
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapalibuildersreviews
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
AdvAbdulMueedAhmad
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
Aurobindo Nayak
 
Cyber security
Cyber securityCyber security
Cyber security
Ashok Mankodi
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Dawn Yankeelov
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Shaheer Khalid
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
dineshgarhwal77
 
Cyber security
Cyber security Cyber security
Cyber security
Tanu Basoiya
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Hackers
HackersHackers
Hackers
Mohamed Boudchiche
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
Chaya Sorir
 

More Related Content

What's hot

Managing and securing the enterprise
Managing and securing the enterpriseManaging and securing the enterprise
Managing and securing the enterprise
Abha Damani
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
Lumension
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapalibuildersreviews
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 

What's hot (20)

Quotes about cyber security
Quotes about cyber securityQuotes about cyber security
Quotes about cyber security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Managing and securing the enterprise
Managing and securing the enterpriseManaging and securing the enterprise
Managing and securing the enterprise
 
Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015Current Trends in Cyber Crime 2015
Current Trends in Cyber Crime 2015
 
Information_Security_Class
Information_Security_ClassInformation_Security_Class
Information_Security_Class
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009Profile Of The Worlds Top Hackers Webinar Slides 063009
Profile Of The Worlds Top Hackers Webinar Slides 063009
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Cyber security and Cyber Crime
Cyber security and Cyber CrimeCyber security and Cyber Crime
Cyber security and Cyber Crime
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
amrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdfamrapali builders -- maroochy water-services-case-study briefing.pdf
amrapali builders -- maroochy water-services-case-study briefing.pdf
 
What is cyber security
What is cyber securityWhat is cyber security
What is cyber security
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
Understanding Cyber Industrial Controls in the Manufacturing and Utilities En...
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
 
Cyber security
Cyber security Cyber security
Cyber security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 

Similar to Cyber crimeppt1-1209117277348428-8

External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
Souman Guha
 

Similar to Cyber crimeppt1-1209117277348428-8 (20)

Hackers
HackersHackers
Hackers
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyber Crime and Cyber Security
Cyber Crime and Cyber SecurityCyber Crime and Cyber Security
Cyber Crime and Cyber Security
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
 
Web security
Web securityWeb security
Web security
 
Hackers Cracker Network Intruder
Hackers Cracker Network IntruderHackers Cracker Network Intruder
Hackers Cracker Network Intruder
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Hacking
Hacking Hacking
Hacking
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
CS 1.ppt
CS 1.pptCS 1.ppt
CS 1.ppt
 
Cyber security for business
Cyber security for businessCyber security for business
Cyber security for business
 
External threats-to-information-system
External threats-to-information-systemExternal threats-to-information-system
External threats-to-information-system
 
Cyber security for engg students and diploma
Cyber security for engg students and diplomaCyber security for engg students and diploma
Cyber security for engg students and diploma
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Recently uploaded (20)

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 

Cyber crimeppt1-1209117277348428-8

  • 1. CYBERCRIME • Cybercrimes reach everywhere and hurt everyone: – Electronic commerce crime (like the theft of hundreds of thousands of credit card records) threatens the internet boom that has fueled the unprecedented economic growth in the U.S. – Economic espionage (like theft of biotech secrets stored in digital files) threatens U.S. competitiveness in the global marketplace. – Infrastructure attacks (like an assault against a nation’s power grid) threaten the safety and well-being of whole populations. MSIA711.02 1
  • 2. CYBERCRIME • Types of Cybercriminals - defy stereotypes: – Dishonest or disgruntled insiders (such as employees, ex- employees, contractors, temporary workers) who want to sell your trade secrets, commit financial fraud, or just destroy your data or networks for revenge. – Hackers, who break in simply to explore and vandalize. – Crackers, who break in to steal or destroy information. – Professional spies and saboteurs; the most elusive, who work for rival governments and competing corporations. They are paid and are very adept. They can bring down your company, your government, or crash your stock market. They are rarely caught. MSIA711.02 2
  • 3. CYBERCRIME • Types of Cybercriminals - “youthful hackers” and other that demonstrate the following traits: – Precociousness, curiosity and persistence – Habitual lying, cheating, stealing and exaggerating – Juvenile idealism, e.g., “power to the people,” “if it feels good, do it.” – Hyperactivity. – Drug and alcohol abuse. – Behavioral characteristics listed on tables 2.1 - 2.4. MSIA711.02 3
  • 4. CYBERCRIME • Types of Cybercrime: – Unauthorized access by insiders (such as employees) – System penetration by outsiders (such as hackers) – Theft of proprietary information (whether a simple user ID and password or a trade secret worth millions of dollars) – Financial fraud using computers – Sabotage of data or networks – Disruption of network traffic (e.g., denial of service attacks) MSIA711.02 4
  • 5. CYBERCRIME • Types of Cybercrime, continued: – Creation and distribution of computer viruses – Software piracy – Identity theft – Hardware theft (e.g., laptop theft). – Terrorists that target critical infrastructures, such as the PSTN, power grid, and the air traffic control system. MSIA711.02 5
  • 6. CSI/FBI Computer Crime and Security Survey Results Revealed: • Organizations are under cyberattack from both inside and outside their electronic perimeters. • A wide range of cyberattacks have been declared. • Cyberattacks can result in serious financial losses. • Defending successfully against such attacks requires more than just the use of information security technologies. MSIA711.02 6
  • 7. CYBERCRIME 2000 • Types of Cyberattacks, by percentage (source- FBI) – Financial fraud: 11% – Sabotage of data/networks: 17% – Theft of proprietary information: 20% – System penetration from the outside: 25% – Denial of service: 27% – Unauthorized access by insiders: 71% – Employee abuse of internet privileges 79% – Viruses: 85% MSIA711.02 7
  • 8. CYBERCRIME 2000 • “If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder.” – Manipulate data integrity 6.8% – Installed a sniffer 6.6% – Stole password files 5.6% – Proving/scanning systems 14.6% – Trojan logons 5.8% – IP spoofing 4.8% – Introduced virus 10.6% – Denied use of services 6.3% MSIA711.02 8
  • 9. CYBERCRIME 2000 • “If you experienced computer system intrusions by someone from outside your organization, indicate the type of activity performed by the intruder.” – Downloaded data 8.1% – Compromised trade secrets 9.8% – Stole/diverted money 0.3% – Compromised e-mail/documents 12.6% – Publicized intrusion 0.5% – Harassed personnel 4.5% – Other 3.0% MSIA711.02 9
  • 10. CYBERCRIME 2000 • What was done to insiders caught misusing company information? – Oral admonishment 54.3% – Written admonishment 20.9% – Suspended 5.4% – Resigned 6.2% – Fired 8.5% – Referred to Law Enforcement 1.6% – Out-of-Court settlement 0.0% – No action 3.1% – Other 0.0% MSIA711.02 10
  • 11. CYBERCRIME 2000 • Cost of Cybercrime during the year 2000: – FBI statistics: 273 reported incidents, for a total loss of $265,589,940. – Prominent news items: • Kevin Mitnick’s (“Condor”) hacking spree cost high-tech companies at least $291.8 million over a two-year span before his capture. • David L. Smith, a 31 year-old programmer, pleaded guilty to creating the Melissa virus and using an ex-rated web site to spread it through cyberspace, causing $80 million in damages. • 4 High School Kids hacked into a Bay Area internet server and used stolen credit card numbers to order computer equipment: $200k. • A temporary employee broke into Forbes’ computers, caused a computer crash, that cost Forbes $100,000 to restore. MSIA711.02 11
  • 12. CYBERCRIME 2000 • Calculating the Cost of Information Security: – Capital costs, such as hardware, software, networks, servers and switches. – Administration costs, such as management of the assets, security monitoring and follow-up, legal assistance, and audit department – Technical support costs, when all the people call the help desk, documentation of the calls, end-user training, etc. – End user operational costs, such as the management of user data of resources breached, awareness training of users. MSIA711.02 12
  • 13. CYBERCRIME 2000 • System Penetration from the Outside costs: – Downtime/lost opportunity/ lost business – Staff time – Consultant fees – Legal time – Cost breakdown by information security steps taken: • detection • response • repair • prosecution MSIA711.02 13
  • 14. Hackers, Crackers, and Virus Writers • Mischief Makers – The Morris Worm • In 1988, Robert Morris, Jr., a 23-year old graduate student in computer science at Cornell and the son of a NSA computer security expert, wrote an experimental, self-replicating, self-propagating program called a worm (99 lines of code) and injected it into the internet. He chose to release it from MIT, to disguise the fact that the worm came from Cornell. • 60,000 computer sites at universities, military sites, hospitals, research facilities, corporations and government institutions were affected; the estimated cost of dealing with the worms ranged from $200 to $50,000 for each site • Morris was convicted of violating the Computer Fraud and Abuse Act; he received 3 years’ probation, 400 hours of community service, and a fine of $10,050. MSIA711.02 14
  • 15. Hackers, Crackers, and Virus Writers • Mischief Makers, continued: – “Datastream Cowboy” and “Kuji” attack USAF’s Rome Labs • 26 days of attacks; 20 days of monitoring • 7 sniffers, over 150 intrusions from 10 points of origin from 8 different countries • Priceless cost to national security, but $211,722 to undo damage to computer systems. Investigative costs also not included • Datastream = 16-years old Richard Pryce (UK); pleaded guilty in British Court and paid a 1,200 British pounds. • Kuji = Matthew Bevan; after 20 hearings, the charges were dropped. MSIA711.02 15
  • 16. Hackers, Crackers, and Virus Writers • Mischief Makers, continued: – “HotterthanMojaveinmyheart” AKA “El Griton,” Julio Ardita • Hacked into NASA, DoD, U.S. colleges, and colleges in Korea, Mexico, Taiwan, Chile and Brazil • Hacked into the private telephone systems of companies in his native Argentina, dialed into Harvard U’s computer system, and launched his U.S. hacking attacks through Harvard. • Caught: USN San Diego detected that certain system files had been altered - they uncovered a sniffer file and a file that contained the passwords he was logging, and programs to gain root access and to cover tracks. Argentine officials arrested him for hacking into telephone company facilities, seized his computers. • $15K telephone service theft, millions in damaged files and investigative costs yielded a $5k fine and 3 years of probation. MSIA711.02 16
  • 17. Hackers, Crackers, and Virus Writers • Data Theft - Crackers – Carlos “SMAK” Salgado • Hacked several companies doing business on the WWW, including an ISP, gained unauthorized access, and harvested tens of thousands of credit card records. • Two of the companies involved had no knowledge of being hacked until they were contacted by the FBI • SMAK made about $200k from the sale of credit card information to other criminals, who in turn inflicted $10 million in damage upon the consuming public. • SMAK pleaded guilty on four of the five counts, and received 2 1/2 years in federal prison and five years of probation. MSIA711.02 17
  • 18. Hackers, Crackers, and Virus Writers • Cyber Bank Robbers – Vladimir Levin and the great 1994 Citibank online heist: • Not an internet heist, per se: Citibank’s product, the Customer Cash Management Account (CCMA), was a dial-up telecom-based product. • Product tradeoff favored ease of use at the expense of security. • No evidence of insider collusion; all fraud was external to Citibank • Series of fraudulent account transfers netted Levin $10 million U.S. • It took the FBI 30 months to convince the Russians to extradite Levin; he was convicted, fined $240,015, and received a 3-year prison term. MSIA711.02 18
  • 19. Hackers, Crackers, and Virus Writers • The Phonemasters Case – “Blacknet” and the stolen information brokers – Toll fraud- downloaded scripts of telephone numbers, including toll-free numbers, and then loaded them onto public switched telephone network databases with phony billing addresses. – Credit card fraud: stole identities, created identities, and cashed in on others’ credit. – $1.85 million stolen; jail time was 41, 24 and 18 months for the 3. – Knowledge of information security techniques: • how to pull out sniffers • how to get around secure identification systems • how to install back doors. MSIA711.02 19
  • 20. Hackers, Crackers, and Virus Writers • Hackivists and Cybervandals – Defined: • “Hactivism is the marriage of hacking and activism. It covers operations that use hacking techniques against a target internet site with the intent of disrupting normal operations but not causing serious damage. Examples are web sit-ins and virtual blockades, and computer viruses and worms.” • “Cyberterrorism is the convergence of cyberspace and terroism. It covers politically motivated hacking operations intended to cause grave harm such as the loss of life or severe economic damage.” Dorothy Denning , Georgetown U. – Who are the Internet Liberation Front and the Zombies? MSIA711.02 20
  • 21. Hackers, Crackers, and Virus Writers • Hackivists and Cybervandals, continued: – Attack of the Zombies: the Distributed Denial of Service (DDOS) attack on Yahoo!, eBay, and Amazon.com during 2/2000. • DDOS tools “Trinoo” and “Tribe Flood Network” (TFN) hit on 7-9 February 2000. – Yahoo! Hit first; lost about 20% of its page hits. – eBay incapacitated for hours; buy.com hit a low of 9.4% availability, and CNN’s was 5%. It took users 5 minutes to access Amazon.com • Several claims were made in hacker bulletin boards that the DDOS attacks were launched in retaliation for the “commercialization” of the internet. Damages estimated at $100 million to $1.2 billion. • Many were questioned; no one was charged. MSIA711.02 21
  • 22. MALWARE • Malicious Software – Melissa, CIH/Chernobyl, Happy99, ExploreZip – Chews up hard disks, corrupts files, disrupts operations. – Transmitted through the internet via popular e-mail features to propagate itself • Melissa through MS Word 97 and 2000 applications • Happy99.exe Trojan Horse displays “Happy99” and fireworks, and then mails itself to lots of people with addresses on the victim’s browser. • Melissa: cost $93 - 385 million in damage! MSIA711.02 22
  • 23. MALWARE • The Virus Curve • Virus Year Type Reach Period Damages – Jerusalem, 1990 .exe file, 3 years $50 mill – Cascade boot sector – Concept 1995 Word macro 4 months $50 mill – Melissa 1999 E-mailed, 4 days $93- – Word macro $385 mil – Love Bug 2000 E-mail and 5 hours >700mil – enabled, VBS MSIA711.02 23