CYBER TERRORISM ADITYA PRATAP ASIJA

What is Cyber Terrorism?

The use of computing resources to intimidate, coerce or harm people , places or systems we depend upon. Amalgamation of Cyberspace and Terrorism. Leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption with the aim of advancing the attacker's own political or religious goals.

The use of computing resources to intimidate, coerce or harm people , places or systems we depend upon.

Amalgamation of Cyberspace and Terrorism.

Leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption with the aim of advancing the attacker's own political or religious goals.

DIFFERENCE B/W CYBER TERRORISM AND REAL WORLD, PHYSICAL TERRORISM

Why would a terrorist decide to use the Internet, rather than using the usual methods of assassination, hostage taking and guerrilla warfare?

Chances of capture, injury, or death to a cyber terrorist are less Cyber terrorism is difficult to track Easy to accomplish due to lack of understanding of security risks But , in one of its more unusual forms, cyber-terrorism can be related with physical, real world terrorism.

Chances of capture, injury, or death to a cyber terrorist are less

Cyber terrorism is difficult to track

Easy to accomplish due to lack of understanding of security risks

But , in one of its more unusual forms, cyber-terrorism can be related with physical, real world terrorism.

CYBERTERRORISTS

Crackers -A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security. White Hat Hackers – Hackers who break into computers. They have no right to access but they often report the security leaks to the victims. Script bunnies - People who would like to be hackers but don’t have much technical expertise. They download click-and-point software that automatically does the hacking for them.

Crackers -A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs; or in other ways intentionally breaches computer security.

White Hat Hackers – Hackers who break into computers. They have no right to access but they often report the security leaks to the victims.

Script bunnies - People who would like to be hackers but don’t have much technical expertise. They download click-and-point software that automatically does the hacking for them.

FACTORS CONTRIBUTING TO CYBER TERRORISM....

Dependence on Network Infrastructure and the Internet Lack of Understanding of Security Risks Lack of Funding for Adequate Network Security Tools Difficulty in tracking the Cyber terrorist

Dependence on Network Infrastructure and the Internet

Lack of Understanding of Security Risks

Lack of Funding for Adequate Network Security Tools

Difficulty in tracking the Cyber terrorist

Potential Reasons Behind Cyber Terrorist Activities

Information Gathering Purposes Prank National pride Financial gains Hatred

Information Gathering Purposes

Prank

National pride

Financial gains

Hatred

TYPES OF CYBER TERRORISM

Information theft Minor attacks come in the form of " data diddling ", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords . Hackers may even prevent users who should have access from gaining access to the machine. Ethical issues in this case include things like invasion of privacy and ownership conflicts . Credit Card Number Theft People are using credit cards for more and more of their purchases as time goes on.. Credit cards are especially easy to use fraudulently, because they require no extra identification number to use. All that a thief needs is pure information-they don't need the card, but just the number on the card . Recently, with people spending more on purchases transacted over the internet, credit card fraud is becoming easier. More than 40 million credit card numbers belonging to U.S. consumers were accessed by a computer hacker in the year 2005 according to MasterCard International Inc.

Information theft

Minor attacks come in the form of " data diddling ", where information in the computer is changed. This may involve changing medical or financial records or stealing of passwords . Hackers may even prevent users who should have access from gaining access to the machine.

Ethical issues in this case include things like invasion of privacy and ownership conflicts .

Credit Card Number Theft

People are using credit cards for more and more of their purchases as time goes on.. Credit cards are especially easy to use fraudulently, because they require no extra identification number to use.

All that a thief needs is pure information-they don't need the card, but just the number on the card . Recently, with people spending more on purchases transacted over the internet, credit card fraud is becoming easier.

More than 40 million credit card numbers belonging to U.S. consumers were accessed by a computer hacker in the year 2005 according to MasterCard International Inc.

Electronic Cash We are already well on the way to a cash-free society. People now use ATM cards, credit cards, and check-cards for a large percentage of their purchasing. As we move further from a paper-money society, to a purely electronic economy, new types of crime will emerge as accessing these is quite easier. All we can be sure of, is that criminals of tomorrow, like those of last century and those of today, will keep on innovating. This is because, as a system advances, so does the criminals . Hacking Hacking is basically knowing programmable systems and how they work. How can hacking be helpful ? Some agencies hire hackers to show them the downfalls in their security system so they can improve it against hackers that want information or access into the computer for other reasons. Hacking is a form of art for some people . But generally , it is being used adversely. One of the popular terror act is to threaten a large bank.

Electronic Cash

We are already well on the way to a cash-free society. People now use ATM cards, credit cards, and check-cards for a large percentage of their purchasing. As we move further from a paper-money society, to a purely electronic economy, new types of crime will emerge as accessing these is quite easier.

All we can be sure of, is that criminals of tomorrow, like those of last century and those of today, will keep on innovating.

This is because, as a system advances, so does the criminals .

Hacking

Hacking is basically knowing programmable systems and how they work.

How can hacking be helpful ?

Some agencies hire hackers to show them the downfalls in their security system so they can improve it against hackers that want information or access into the computer for other reasons.

Hacking is a form of art for some people .

But generally , it is being used adversely.

One of the popular terror act is to threaten a large bank.

COST

In 2001 , 12 billion dollars in losses due to security breaches, virus attacks and hacked network The NIMDA virus alone accounted for 2 billion dollars in losses The Mydoom virus sent 100 million infected e-mails in the first 36 hours, and accounted for roughly a quarter of global e-mail traffic on Jan. 26, 2004. The pessimists claim that cyber attacks cost $10-$15 billion per year and would cost tens of billions more to fix, the optimists claim that all cyber crime over a five year period cumulatively cost only $1 billion and fixing the current vulnerabilities would only cost $4-$5 billion more. As the Cyberspace continues to expand, and systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

In 2001 , 12 billion dollars in losses due to security breaches, virus attacks and hacked network

The NIMDA virus alone accounted for 2 billion dollars in losses

The Mydoom virus sent 100 million infected e-mails in the first 36 hours, and accounted for roughly a quarter of global e-mail traffic on Jan. 26, 2004.

The pessimists claim that cyber attacks cost $10-$15 billion per year and would cost tens of billions more to fix, the optimists claim that all cyber crime over a five year period cumulatively cost only $1 billion and fixing the current vulnerabilities would only cost $4-$5 billion more.

As the Cyberspace continues to expand, and systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

WHAT CAN WE DO?

Cooperate and share intelligence among all agencies. The tools of a counter-Cyber Terrorist team must be real-time and dynamic, as the weapons will continually change. Make building, network and desktop security a priority. Report instances of cyber crime to local law enforcement agencies.

Cooperate and share intelligence among all agencies.

The tools of a counter-Cyber Terrorist team must be real-time and dynamic, as the weapons will continually change.

Make building, network and desktop security a priority.

Report instances of cyber crime to local law enforcement agencies.

SECURITY

Building/Office Security Use of secure entrances – card keys, biometric entry devices Personnel should question why non-staff are in the building Security personnel Standard operating procedures in cases of dismissal or reprimand Background checks on contracted service personnel looking for a past history of theft, drug use or sale, assault, computer crime

Use of secure entrances – card keys, biometric entry devices

Personnel should question why non-staff are in the building

Security personnel

Standard operating procedures in cases of dismissal or reprimand

Background checks on contracted service personnel looking for a past history of theft, drug use or sale, assault, computer crime

Desktop/Laptop Computer Security Virus detection software that is regularly updated Secure physical set-up that is not open to the public or unmonitored Passworded screen savers Require network logins if you are on a network Standardize the desktop so as to limit what an end-user can and cannot do

Virus detection software that is regularly updated

Secure physical set-up that is not open to the public or unmonitored

Passworded screen savers

Require network logins if you are on a network

Standardize the desktop so as to limit what an end-user can and cannot do

Server Security The server should be kept in a locked and restricted area Administrative passwords and equivalencies should be given to a minimal number of people Administrative passwords should be changed regularly Users should only be given access to file systems that they will actually need to use Virus detection software that is regularly updated

The server should be kept in a locked and restricted area

Administrative passwords and equivalencies should be given to a minimal number of people

Administrative passwords should be changed regularly

Users should only be given access to file systems that they will actually need to use

Virus detection software that is regularly updated

Network Security Require logins and passwords Users should be required to change passwords at least every 30 days The passwords should be easy enough to remember and difficult enough to guess Use of Firewalls and Routers Standard Operating procedures when an employee leaves, is terminated or is given formal reprimands

Require logins and passwords

Users should be required to change passwords at least every 30 days

The passwords should be easy enough to remember and difficult enough to guess

Use of Firewalls and Routers

Standard Operating procedures when an employee leaves, is terminated or is given formal reprimands

Disable unused accounts Require users to log-out and login each day Encrypt all traffic over the LAN

Disable unused accounts

Require users to log-out and login each day

Encrypt all traffic over the LAN

CYBER FORENSICS

Cyber forensics is a newly emerged and developing field, which can be described as the study of digital evidence resulting from an incident. It involves collection and analysis of digital data within an investigative process. Cyber forensics involves the investigation and analysis of a computer to determine the potential of legal evidence

Cyber forensics is a newly emerged and developing field, which can be described as the study of digital evidence resulting from an incident.

It involves collection and analysis of digital data within an investigative process. Cyber forensics involves the investigation and analysis of a computer to determine the potential of legal evidence

PERSONAL MEASURES

To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs. Never send your credit card number to any site that is not secured, to guard against frauds. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children. Use of firewalls may be beneficial.

To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.

Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs.

Never send your credit card number to any site that is not secured, to guard against frauds.

Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children.

Use of firewalls may be beneficial.

DISASTER RECOVERY PLANS

Provide for Contingencies if Critical Systems and Networks are Unavailable or Damaged Determine alternate ways of processing data Determine dependencies between systems and equipment Determine backup personnel The plan should be current and known

Provide for Contingencies if Critical Systems and Networks are Unavailable or Damaged

Determine alternate ways of processing data

Determine dependencies between systems and equipment

Determine backup personnel

The plan should be current and known

SOME HACKING RESOURCES

BEST BOOKS :- >Hacking exposed by Stuart McClure >Unofficial guide to ethical hacking by Ankit Fadia >Google Hacks by Calishain & Cornets BEST WEBSITES:- >www.google.com >www.securityfocus.com >www.darkangel.pro.tcq http://www.cybercrimelaw.org/index.cfm - Cybercrime Law http://www.rbs2.com/ccrime.htm#anchor666666 - Computer Crimes, Ronald B. Standler

BEST BOOKS :-

>Hacking exposed by Stuart McClure

>Unofficial guide to ethical hacking by Ankit Fadia

>Google Hacks by Calishain & Cornets

BEST WEBSITES:-

>www.google.com

>www.securityfocus.com

>www.darkangel.pro.tcq

http://www.cybercrimelaw.org/index.cfm - Cybercrime Law

http://www.rbs2.com/ccrime.htm#anchor666666 - Computer Crimes, Ronald B. Standler

THANK YOU !