• Save
Casual Cyber Crime
Upcoming SlideShare
Loading in...5

Casual Cyber Crime



We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With ...

We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With questionably illegal modifications becoming simple enough for children to use, where does the line get drawn between squeezing more functionality out of your digital devices and software and breaking felony laws? In this talk attendees will explore the justifications and rationales behind the use of questionable hardware and software modifications and understand the mentality behind why their use is rapidly catching on in the general population.



Total Views
Views on SlideShare
Embed Views



27 Embeds 1,199

http://ghettoforensics.blogspot.com 554
http://www.ghettoforensics.com 469
http://ghetto420.rssing.com 45
http://feedreader.com 31
http://ghettoforensics.blogspot.ru 18
http://ghettoforensics.blogspot.jp 10
http://ghettoforensics.blogspot.com.au 9
http://ghettoforensics.blogspot.co.uk 9
http://ghettoforensics.blogspot.ca 8
http://8932940317431555433_fcebeb416ea47dd57d466db93eab8c52a8330c04.blogspot.com 6
http://ghettoforensics.blogspot.com.ar 6
http://ghettoforensics.blogspot.in 5
http://ghettoforensics.blogspot.it 5
http://ghettoforensics.blogspot.com.br 4
http://ghettoforensics.blogspot.de 4
http://ghettoforensics.blogspot.com.es 2
http://translate.googleusercontent.com 2
http://ghettoforensics.blogspot.no 2
http://ghettoforensics.blogspot.mx 2
http://www.google.fr&_=1401210135449 HTTP 1
http://www.google.fr&_=1401209920654 HTTP 1
http://ghettoforensics.blogspot.nl 1
http://ghettoforensics.blogspot.fr 1
http://ghettoforensics.blogspot.se 1
http://ghettoforensics.blogspot.sg 1
http://ghettoforensics.blogspot.hu 1
http://www.google.fr&_=1401474651904 HTTP 1



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Casual Cyber Crime Casual Cyber Crime Presentation Transcript

  • 27 Oct 09Casual Cyber CrimeBrian Baskin
  • Hello!• – Computer Forensic Leader• DoD Cyber Crime Center– Defense Cyber Investigations TrainingAcademy (DCITA) – Deputy Technical Lead• Author / Co-Author of six books• 14 years of network / security / forensics• 20 years of computer hooliganism
  • Legal v. Illegal• “Unauthorized” vs. “Illegal”– Terms of Service vs. Law– Lines severely blurred since the DMCA– “copyright law now gives content ownersnew powers to silence creators ofunauthorized expression, including fairuse expression”– Julie Cohen, Professor of Law, Georgetown University
  • Consumers v. Criminals• Consumers are emotional and loyal• Will trust in a vendor until they feelbetrayed– If betrayed enough– and ease of crime is low enough– Consumer  “Criminal”
  • The Elephant in the Room
  • Apple iPhone• Unlocking the phone– Modify firmware to allow it to connect tonon-AT&T networks– Currently legal under exemption filedNovember 2006 (expired today, extended)• Jailbreaking (iPhone and iPod Touch)– Allows installation of unauthorized apps– But… won’t somebody please think of thecell towers?![1][2]
  • Apple iPhone• The Bad– Apple / AT&T lose money if users switch networks– Pirated apps– Apps that conflict with Apple / AT&T business– Device can be used in ways that ruin Apple’sreputation• Obviously, anyone that does this is a bad guy,right?
  • Apple iPhone• The Good– Unlimited Functionality• SwirlyMMS – text messaging with MMS– Apple/AT&T added MMS 14 months later• Cycorder – Video Recorder• iLocalis – Remote control and locator of iPhone• xGPS – Free GPS reader for Google Maps• NemusSync – Sync Google Calendar• Five icon dock• Read PDF / Word / Excel documents
  • Apple iPhone• The … curious?– OpenSSH – SSH Server– LigHTTPD – Web Server• With PHP and SQLite capabilities– Veency – VNC Server
  • Apple iPhoneApple: Think Different (like everyone else)
  • Apple iPhone
  • Apple iPhone• So simple, even a skiddie could do it…• 3 Step Process with redsn0w orgreenpois0n[3]– Download software and iPhone firmware– Connect device via USB/FW– Click button to load firmware• Over 4 million iPhones have beenjailbroken[4]
  • And now for somethingcompletely different
  • Data on Websites• If it’s on the web is it:– Published?– Public?– Open for access?• Where does the onus of securitymorality lie?– User?– Host?
  • College Admissions• March 2005, steps posted to “hack” to checkcollege admission results on ApplyYourself• Results were already finalized, just notpublished to student’s page• “Hack”: Append login id to end of query URL[5]• https://app.applyyourself.com/AyApplicantMain/ApplicantDecision.asp?AYID=89CFE0A-424C-4240-Z8D0-9CR5 2623F70&mode=decision&id=1234567
  • College Admissions• 119 Harvard Business School hopefulsattempted URL change– All were rejected from the school as aresult– Many other schools rejected “hackers”• “a serious breach of trust that cannot becountered by rationalization “– Kim Clark, then Dean at Harvard Business School
  • First Sale Doctrine• Copyright limitation implemented in theCopyright Act of 1976– Copyright owner cannot limit your ability toresell a product after initial purchase– Challenged by physical vs. digitaldistributions (eBay v. Steam)
  • First Sale Doctrine• And in walks the DMCA…– Timothy S. Vernor v. Autodesk Inc.– Company liquidated inventory of AutoCAD– Vernor sold software on eBay, had allauctions removed by eBay/Autodesk– Autodesk: EULA prevents resell or transfer,ruled transactions as violations of DMCA– Still awaiting judge’s decision…
  • Gaming• Video Gaming is big business– 42% of all US homes have a console [6]– Average gamer spends over $700/yr [7]– However, average gamer is also 35,overweight, and depressed…[8]– June 2009: Only 50% of gamers wereunder 18 [9]= more gamers have jobs
  • Gaming• Since the beginning there was hacking• Modifications were prohibitively complex– LPT ports, terminal applications– ROM patching– Modchip soldering
  • Gaming• Modifications are now extremely simple• Solderless solutions with ON/OFFswitches• Drag-n-dropsolutions onMicroSD
  • Gaming• The Bad:– Piracy– Online cheating• The Good:– Backup / import saved games– Cheat codes– Homebrew / new functionality– Bypass region locking
  • Gaming• Nintendo DS– Simple Slot-1 card with MicroSD reader– Drag-and-drop apps and ROMs– Homebrew:• MP3 / Movie player• Web browser• Organizer• DSLinux
  • Gaming• Nintendo Wii– Solderless Modchip– Hardmod (bad)– Softmod (good)– USB HDD support– Homebrew:• DVD Player• Media Center• Wii Linux
  • Gaming• Nintendo Wii– Hardmod• Allows for playing burned games– Softmod• Allows for playing game images• Runs homebrewCurrent Exploits:Twilight Hack[10]Bannerbomb[11]Smash Stack[12]Indiana Pwns[13]
  • Gaming• Legalities– Console producers heavilydiscourage homebrew apps andmodding– 28 Sep 09 – Wii 4.2 System updateseeks and destroys all homebrewapps• Nintendo code was rushed and bugged,bricking legitimate Wiishttp://modtechs.com/tag/matthew-crippen/
  • Gaming• Modifying a console to bypass copycontrol protection is a violation of DMCA– Aug 2009 - Matthew Crippen, 27 yr oldcollege student, indicted on two counts ofmodifying consoles for friends– Faces 10 years of federal time [14]– Robert Schoch, ICE special agent "Playingwith games in this way is not a game -- it iscriminal." [15]
  • Conclusion• Things are going to get much worsebefore they get better– Corporations / governments are slow toevolve and rely heavily on law– The public evolves very quickly and relieson morals– Both rely on self-interest, convenience, andgreed
  • Conclusion• Consumers are on the losing side– Suppliers will constantly find new ways toexploit hardware/software– Consumers will seek ways to extendcapabilities– Corporations will treat consumers ascriminals until… they really do becomecriminals
  • Conclusion• Education is the primary answer– Public need better education on copyrightsand legal system, and it needs to start withthe kids– Corporations and government need tounderstand the changing movements oftheir bosses (the public)• “I don’t use understand or use it, but I’m going tocontrol it”
  • Conclusion• Words to watch in the next year:• “Making available”– RIAA’s legal suits were partially based notupon committing a crime, but makingavailable for the opportunity to commit one– HR 1319 (Informed P2P User Act - Rep.Mary Bono, R-CA)
  • References1. http://www.wired.com/threatlevel/2009/07/jailbreak/2. http://support.apple.com/kb/HT37433. http://blog.iphone-dev.org/post/126908912/redsn0w-in-june4. http://www.wired.com/gadgetlab/2009/08/cydia-app-store5. http://securitytracker.com/alerts/2005/Mar/1013400.html6. http://www.reuters.com/article/pressRelease/idUS164594+03-Jun-2009+BW200906037. http://corp.ign.com/articles/599/599801p1.html8. http://www.stltoday.com/blogzone/life-tech/video-games/2009/08/study-says-average-video-game-player-is-35-and-depr9. http://worthplaying.com/article/2009/8/11/news/64252/10.http://wiibrew.org/wiki/Twilight_Hack11.http://wiibrew.org/wiki/Bannerbomb12.http://wiibrew.org/wiki/Smash_Stack13.http://wiibrew.org/wiki/Indiana_Pwns14.http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202433360949&HighTech_Tug_of_War_Over_iPhone15.http://www.nbcdfw.com/news/tech/Cal-State-Student-Faces-10-Year-Prison-Term-for-Playing-with-Video-Games-52386872.html
  • The End• Thoughts / Questions / Dull Objects?Twitter: bbaskinEmail: brian@thebaskins.com