SlideShare a Scribd company logo

Casual Cyber Crime

Brian Baskin
Brian Baskin

This document discusses various topics related to cyber crime and casual cyber activity. It begins by introducing the author and their background. It then discusses legal gray areas around unauthorized access and copyright law. It examines relationships between consumers and technology companies. Several sections analyze jailbreaking Apple iPhones and modding game consoles like the Nintendo DS, Wii, and others. It covers debates around piracy, homebrew applications, and legal issues. The document concludes by predicting increasing conflicts between public interests in device functionality and corporate control through copyright as technology continues advancing.

Technology
1 of 33
27 Oct 09 Casual Cyber Crime Brian Baskin
Hello! • – Computer Forensic Leader • DoD Cyber Crime Center – Defense Cyber Investigations Training Academy (DCITA) – Deputy Technical Lead • Author / Co-Author of six books • 14 years of network / security / forensics • 20 years of computer hooliganism
Legal v. Illegal • “Unauthorized” vs. “Illegal” – Terms of Service vs. Law – Lines severely blurred since the DMCA – “copyright law now gives content owners new powers to silence creators of unauthorized expression, including fair use expression” – Julie Cohen, Professor of Law, Georgetown University
Consumers v. Criminals • Consumers are emotional and loyal • Will trust in a vendor until they feel betrayed – If betrayed enough – and ease of crime is low enough – Consumer  “Criminal”
The Elephant in the Room
Apple iPhone • Unlocking the phone – Modify firmware to allow it to connect to non-AT&T networks – Currently legal under exemption filed November 2006 (expired today, extended) • Jailbreaking (iPhone and iPod Touch) – Allows installation of unauthorized apps – But… won’t somebody please think of the cell towers?![1][2]
Apple iPhone • The Bad – Apple / AT&T lose money if users switch networks – Pirated apps – Apps that conflict with Apple / AT&T business – Device can be used in ways that ruin Apple’s reputation • Obviously, anyone that does this is a bad guy, right?
Apple iPhone • The Good – Unlimited Functionality • SwirlyMMS – text messaging with MMS – Apple/AT&T added MMS 14 months later • Cycorder – Video Recorder • iLocalis – Remote control and locator of iPhone • xGPS – Free GPS reader for Google Maps • NemusSync – Sync Google Calendar • Five icon dock • Read PDF / Word / Excel documents
Apple iPhone • The … curious? – OpenSSH – SSH Server – LigHTTPD – Web Server • With PHP and SQLite capabilities – Veency – VNC Server
Apple iPhone Apple: Think Different (like everyone else)
Apple iPhone
Apple iPhone • So simple, even a skiddie could do it… • 3 Step Process with redsn0w or greenpois0n[3] – Download software and iPhone firmware – Connect device via USB/FW – Click button to load firmware • Over 4 million iPhones have been jailbroken[4]
And now for something completely different
Data on Websites • If it’s on the web is it: – Published? – Public? – Open for access? • Where does the onus of security morality lie? – User? – Host?
College Admissions • March 2005, steps posted to “hack” to check college admission results on ApplyYourself • Results were already finalized, just not published to student’s page • “Hack”: Append login id to end of query URL[5] • https://app.applyyourself.com/AyApplicantMain/Applic antDecision.asp?AYID=89CFE0A-424C-4240-Z8D0- 9CR5 2623F70&mode=decision&id=1234567
College Admissions • 119 Harvard Business School hopefuls attempted URL change – All were rejected from the school as a result – Many other schools rejected “hackers” • “a serious breach of trust that cannot be countered by rationalization “ – Kim Clark, then Dean at Harvard Business School
First Sale Doctrine • Copyright limitation implemented in the Copyright Act of 1976 – Copyright owner cannot limit your ability to resell a product after initial purchase – Challenged by physical vs. digital distributions (eBay v. Steam)
First Sale Doctrine • And in walks the DMCA… – Timothy S. Vernor v. Autodesk Inc. – Company liquidated inventory of AutoCAD – Vernor sold software on eBay, had all auctions removed by eBay/Autodesk – Autodesk: EULA prevents resell or transfer, ruled transactions as violations of DMCA – Still awaiting judge’s decision…
Gaming • Video Gaming is big business – 42% of all US homes have a console [6] – Average gamer spends over $700/yr [7] – However, average gamer is also 35, overweight, and depressed…[8] – June 2009: Only 50% of gamers were under 18 [9] = more gamers have jobs
Gaming • Since the beginning there was hacking • Modifications were prohibitively complex – LPT ports, terminal applications – ROM patching – Modchip soldering
Gaming • Modifications are now extremely simple • Solderless solutions with ON/OFF switches • Drag-n-drop solutions on MicroSD
Gaming • The Bad: – Piracy – Online cheating • The Good: – Backup / import saved games – Cheat codes – Homebrew / new functionality – Bypass region locking
Gaming • Nintendo DS – Simple Slot-1 card with MicroSD reader – Drag-and-drop apps and ROMs – Homebrew: • MP3 / Movie player • Web browser • Organizer • DSLinux
Gaming • Nintendo Wii – Solderless Modchip – Hardmod (bad) – Softmod (good) – USB HDD support – Homebrew: • DVD Player • Media Center • Wii Linux
Gaming • Nintendo Wii – Hardmod • Allows for playing burned games – Softmod • Allows for playing game images • Runs homebrew Current Exploits: Twilight Hack[10] Bannerbomb[11] Smash Stack[12] Indiana Pwns[13]
Gaming • Legalities – Console producers heavily discourage homebrew apps and modding – 28 Sep 09 – Wii 4.2 System update seeks and destroys all homebrew apps • Nintendo code was rushed and bugged, bricking legitimate Wiis http://modtechs.com/tag/matthew-crippen/
Gaming • Modifying a console to bypass copy control protection is a violation of DMCA – Aug 2009 - Matthew Crippen, 27 yr old college student, indicted on two counts of modifying consoles for friends – Faces 10 years of federal time [14] – Robert Schoch, ICE special agent "Playing with games in this way is not a game -- it is criminal." [15]
Conclusion • Things are going to get much worse before they get better – Corporations / governments are slow to evolve and rely heavily on law – The public evolves very quickly and relies on morals – Both rely on self-interest, convenience, and greed
Conclusion • Consumers are on the losing side – Suppliers will constantly find new ways to exploit hardware/software – Consumers will seek ways to extend capabilities – Corporations will treat consumers as criminals until… they really do become criminals
Conclusion • Education is the primary answer – Public need better education on copyrights and legal system, and it needs to start with the kids – Corporations and government need to understand the changing movements of their bosses (the public) • “I don’t use understand or use it, but I’m going to control it”
Conclusion • Words to watch in the next year: • “Making available” – RIAA’s legal suits were partially based not upon committing a crime, but making available for the opportunity to commit one – HR 1319 (Informed P2P User Act - Rep. Mary Bono, R-CA)
References 1. http://www.wired.com/threatlevel/2009/07/jailbreak/ 2. http://support.apple.com/kb/HT3743 3. http://blog.iphone-dev.org/post/126908912/redsn0w-in-june 4. http://www.wired.com/gadgetlab/2009/08/cydia-app-store 5. http://securitytracker.com/alerts/2005/Mar/1013400.html 6. http://www.reuters.com/article/pressRelease/idUS164594+03-Jun-2009+BW20090603 7. http://corp.ign.com/articles/599/599801p1.html 8. http://www.stltoday.com/blogzone/life-tech/video-games/2009/08/study-says-average-video-game-player-is-35-and-depr 9. http://worthplaying.com/article/2009/8/11/news/64252/ 10.http://wiibrew.org/wiki/Twilight_Hack 11.http://wiibrew.org/wiki/Bannerbomb 12.http://wiibrew.org/wiki/Smash_Stack 13.http://wiibrew.org/wiki/Indiana_Pwns 14.http://www.law.com/jsp/legaltechnology/pubAr ticleLT.jsp? id=1202433360949&HighTech_Tug_of_War_ Over_iPhone 15.http://www.nbcdfw.com/news/tech/Cal-State- Student-Faces-10-Year-Prison-Term-for- Playing-with-Video-Games-52386872.html
The End • Thoughts / Questions / Dull Objects? Twitter: bbaskin Email: brian@thebaskins.com

Recommended

Litigators’ Tool Box: Social Media (2011)
Litigators’ Tool Box: Social Media (2011)Litigators’ Tool Box: Social Media (2011)
Litigators’ Tool Box: Social Media (2011)Antigone Peyton
 
Taking Your Practice Into the Cloud (2011)
Taking Your Practice Into the Cloud (2011)Taking Your Practice Into the Cloud (2011)
Taking Your Practice Into the Cloud (2011)Antigone Peyton
 
Copyright in video
Copyright in videoCopyright in video
Copyright in videoBob182003
 
Uc14 chap16
Uc14 chap16Uc14 chap16
Uc14 chap16Rashid Yahye
 
Getting started with Mobile Technology
Getting started with Mobile TechnologyGetting started with Mobile Technology
Getting started with Mobile TechnologyErica Brewster
 
Impact of computers on society
Impact of computers on societyImpact of computers on society
Impact of computers on societyMiddle East International School
 
Ethics And Computing
Ethics And ComputingEthics And Computing
Ethics And ComputingDavid Ramirez
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsDr. TJ Wolfe
 

Recommended

Litigators’ Tool Box: Social Media (2011)
Litigators’ Tool Box: Social Media (2011)Litigators’ Tool Box: Social Media (2011)
Litigators’ Tool Box: Social Media (2011)Antigone Peyton
 
Taking Your Practice Into the Cloud (2011)
Taking Your Practice Into the Cloud (2011)Taking Your Practice Into the Cloud (2011)
Taking Your Practice Into the Cloud (2011)Antigone Peyton
 
Copyright in video
Copyright in videoCopyright in video
Copyright in videoBob182003
 
Uc14 chap16
Uc14 chap16Uc14 chap16
Uc14 chap16Rashid Yahye
 
Getting started with Mobile Technology
Getting started with Mobile TechnologyGetting started with Mobile Technology
Getting started with Mobile TechnologyErica Brewster
 
Impact of computers on society
Impact of computers on societyImpact of computers on society
Impact of computers on societyMiddle East International School
 
Ethics And Computing
Ethics And ComputingEthics And Computing
Ethics And ComputingDavid Ramirez
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsDr. TJ Wolfe
 
Ict And Society
Ict And SocietyIct And Society
Ict And Societymrbennett2009
 
Computers and society
Computers and societyComputers and society
Computers and societyAlmazbek Suiunbekov
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethicsGeoffrey Lowe
 
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft Shane Tilton
 
Setting up multimedia
Setting up multimediaSetting up multimedia
Setting up multimediaPhilip Schonken
 
Postive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computerPostive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computermanju rani
 
Digital rights & responsibilities
Digital rights & responsibilitiesDigital rights & responsibilities
Digital rights & responsibilitiesJASTAL01
 
Chapter 1
Chapter 1Chapter 1
Chapter 1Hajar Len
 
Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“ Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“ Pogled kroz prozor
 
How technology has changed the way we live
How technology has changed the way we liveHow technology has changed the way we live
How technology has changed the way we liveforsythtechstudent
 
Introduction to-internet-n-emails
Introduction to-internet-n-emailsIntroduction to-internet-n-emails
Introduction to-internet-n-emailsAnuja Khaire
 
Digital law
Digital lawDigital law
Digital lawmakylahh
 
Digital law
Digital lawDigital law
Digital lawCAQUES01
 
digital law
digital lawdigital law
digital law11tsk
 
01 Mobile Jungle
01 Mobile Jungle01 Mobile Jungle
01 Mobile JungleArief Gunawan
 
cyber ethics
cyber ethics cyber ethics
cyber ethicsAlomgir Hossain
 
Designing for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and ContentDesigning for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and ContentSean Buch
 
Digital law
Digital lawDigital law
Digital lawBrunsUSD15
 
computer ethics
computer ethicscomputer ethics
computer ethicssdrhr
 
E commerce
E commerce E commerce
E commerce DrSelvamohanaK
 
Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
P2P Forensics
P2P ForensicsP2P Forensics
P2P ForensicsBrian Baskin
 

More Related Content

What's hot

The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft Shane Tilton
 
Postive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computerPostive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computermanju rani
 
Digital rights & responsibilities
Digital rights & responsibilitiesDigital rights & responsibilities
Digital rights & responsibilitiesJASTAL01
 
Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“ Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“ Pogled kroz prozor
 
How technology has changed the way we live
How technology has changed the way we liveHow technology has changed the way we live
How technology has changed the way we liveforsythtechstudent
 
Introduction to-internet-n-emails
Introduction to-internet-n-emailsIntroduction to-internet-n-emails
Introduction to-internet-n-emailsAnuja Khaire
 
Digital law
Digital lawDigital law
Digital lawmakylahh
 
Digital law
Digital lawDigital law
Digital lawCAQUES01
 
digital law
digital lawdigital law
digital law11tsk
 
Designing for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and ContentDesigning for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and ContentSean Buch
 
computer ethics
computer ethicscomputer ethics
computer ethicssdrhr
 

What's hot (20)

Ict And Society
Ict And SocietyIct And Society
Ict And Society
 
Computers and society
Computers and societyComputers and society
Computers and society
 
Cyber ethics
Cyber ethicsCyber ethics
Cyber ethics
 
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
The "Chilling Effect" 
on Digital Development: 
US vs. ElcomSoft
 
Setting up multimedia
Setting up multimediaSetting up multimedia
Setting up multimedia
 
Postive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computerPostive & Nagetive impacts & Applications of computer
Postive & Nagetive impacts & Applications of computer
 
Digital rights & responsibilities
Digital rights & responsibilitiesDigital rights & responsibilities
Digital rights & responsibilities
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“ Obrazovni priručnik „The Web We Want“
Obrazovni priručnik „The Web We Want“
 
How technology has changed the way we live
How technology has changed the way we liveHow technology has changed the way we live
How technology has changed the way we live
 
Introduction to-internet-n-emails
Introduction to-internet-n-emailsIntroduction to-internet-n-emails
Introduction to-internet-n-emails
 
Digital law
Digital lawDigital law
Digital law
 
Digital law
Digital lawDigital law
Digital law
 
digital law
digital lawdigital law
digital law
 
01 Mobile Jungle
01 Mobile Jungle01 Mobile Jungle
01 Mobile Jungle
 
cyber ethics
cyber ethics cyber ethics
cyber ethics
 
Designing for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and ContentDesigning for Trust - Creating Certainty Through UX and Content
Designing for Trust - Creating Certainty Through UX and Content
 
Digital law
Digital lawDigital law
Digital law
 
computer ethics
computer ethicscomputer ethics
computer ethics
 
E commerce
E commerce E commerce
E commerce
 

Viewers also liked

Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware AnalysisBrian Baskin
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBrian Baskin
 
Information Gathering Over Twitter
Information Gathering Over TwitterInformation Gathering Over Twitter
Information Gathering Over TwitterBrian Baskin
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisBrian Baskin
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili Codemotion
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015Codemotion
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsAlbert Hui
 
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesSecurity in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesKai Hackbarth
 
Internet Librarian International #ili2016 Phil's Faves
Internet Librarian International #ili2016 Phil's FavesInternet Librarian International #ili2016 Phil's Faves
Internet Librarian International #ili2016 Phil's FavesPhil Bradley
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptDenis Kolegov
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityBen Liu
 

Viewers also liked (12)

Java bytecode Malware Analysis
Java bytecode Malware AnalysisJava bytecode Malware Analysis
Java bytecode Malware Analysis
 
P2P Forensics
P2P ForensicsP2P Forensics
P2P Forensics
 
Black Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware AnalysisBlack Hat 2015 Arsenal: Noriben Malware Analysis
Black Hat 2015 Arsenal: Noriben Malware Analysis
 
Information Gathering Over Twitter
Information Gathering Over TwitterInformation Gathering Over Twitter
Information Gathering Over Twitter
 
Introducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware AnalysisIntroducing Intelligence Into Your Malware Analysis
Introducing Intelligence Into Your Malware Analysis
 
The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili The magic world of APT 0.6 - Pompili
The magic world of APT 0.6 - Pompili
 
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
The Dark Side of Malware Analysis - Andrea Pompili - Codemotion Rome 2015
 
The Practice of Cyber Crime Investigations
The Practice of Cyber Crime InvestigationsThe Practice of Cyber Crime Investigations
The Practice of Cyber Crime Investigations
 
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure BundlesSecurity in OSGi applications: Robust OSGi Platforms, secure Bundles
Security in OSGi applications: Robust OSGi Platforms, secure Bundles
 
Internet Librarian International #ili2016 Phil's Faves
Internet Librarian International #ili2016 Phil's FavesInternet Librarian International #ili2016 Phil's Faves
Internet Librarian International #ili2016 Phil's Faves
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 

Similar to Casual Cyber Crime

SOTWARE INFRINGEMENT
SOTWARE INFRINGEMENTSOTWARE INFRINGEMENT
SOTWARE INFRINGEMENTHunny Jummani
 
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...Paris Open Source Summit
 
Ehsan Kabir Solicitor-Ethics Frameworks
Ehsan Kabir Solicitor-Ethics FrameworksEhsan Kabir Solicitor-Ethics Frameworks
Ehsan Kabir Solicitor-Ethics FrameworksEhsan kabir Solicitor
 
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020Denis Curtin
 
Uc14 chap16
Uc14 chap16Uc14 chap16
Uc14 chap16ayahye
 
Boris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan
 
New Technologies and their role in the workplace
New Technologies and their role in the workplaceNew Technologies and their role in the workplace
New Technologies and their role in the workplaceRussell Feldhausen
 
Internet and www (world wide web )
Internet and www (world wide web )Internet and www (world wide web )
Internet and www (world wide web )FaisalAli244
 
Chapter 12 Professional Issues (digital media)
Chapter 12 Professional Issues (digital media)Chapter 12 Professional Issues (digital media)
Chapter 12 Professional Issues (digital media)shelly3160
 
social-implications-of-computing.ppt
social-implications-of-computing.pptsocial-implications-of-computing.ppt
social-implications-of-computing.pptMariam749277
 
Intellectual Property in Cyberspace
Intellectual Property in CyberspaceIntellectual Property in Cyberspace
Intellectual Property in CyberspaceMindaugas Kiskis
 

Similar to Casual Cyber Crime (20)

Uc13.chapter.16
Uc13.chapter.16Uc13.chapter.16
Uc13.chapter.16
 
SOTWARE INFRINGEMENT
SOTWARE INFRINGEMENTSOTWARE INFRINGEMENT
SOTWARE INFRINGEMENT
 
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...
EOLE / OWF 12 - 13 years of floss license compliance a historical perspectiv...
 
7939848.ppt
7939848.ppt7939848.ppt
7939848.ppt
 
Five moral dimensions of information systems pdf
Five moral dimensions of information systems pdfFive moral dimensions of information systems pdf
Five moral dimensions of information systems pdf
 
Ehsan Kabir Solicitor-Ethics Frameworks
Ehsan Kabir Solicitor-Ethics FrameworksEhsan Kabir Solicitor-Ethics Frameworks
Ehsan Kabir Solicitor-Ethics Frameworks
 
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020
 
Judy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 PresentationJudy Taylour's Digital Privacy Day 2014 Presentation
Judy Taylour's Digital Privacy Day 2014 Presentation
 
Uc14 chap16
Uc14 chap16Uc14 chap16
Uc14 chap16
 
New technology
New technologyNew technology
New technology
 
Ethics piracy
Ethics piracyEthics piracy
Ethics piracy
 
Boris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on AndroidBoris Chan - AndroidTO - Becoming Social by Default on Android
Boris Chan - AndroidTO - Becoming Social by Default on Android
 
New Technologies and their role in the workplace
New Technologies and their role in the workplaceNew Technologies and their role in the workplace
New Technologies and their role in the workplace
 
Cyber law
Cyber lawCyber law
Cyber law
 
WordCamp Talk 2014
WordCamp Talk 2014WordCamp Talk 2014
WordCamp Talk 2014
 
Internet and www (world wide web )
Internet and www (world wide web )Internet and www (world wide web )
Internet and www (world wide web )
 
Introduction to computer
Introduction to computerIntroduction to computer
Introduction to computer
 
Chapter 12 Professional Issues (digital media)
Chapter 12 Professional Issues (digital media)Chapter 12 Professional Issues (digital media)
Chapter 12 Professional Issues (digital media)
 
social-implications-of-computing.ppt
social-implications-of-computing.pptsocial-implications-of-computing.ppt
social-implications-of-computing.ppt
 
Intellectual Property in Cyberspace
Intellectual Property in CyberspaceIntellectual Property in Cyberspace
Intellectual Property in Cyberspace
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Casual Cyber Crime

  • 1. 27 Oct 09 Casual Cyber Crime Brian Baskin
  • 2. Hello! • – Computer Forensic Leader • DoD Cyber Crime Center – Defense Cyber Investigations Training Academy (DCITA) – Deputy Technical Lead • Author / Co-Author of six books • 14 years of network / security / forensics • 20 years of computer hooliganism
  • 3. Legal v. Illegal • “Unauthorized” vs. “Illegal” – Terms of Service vs. Law – Lines severely blurred since the DMCA – “copyright law now gives content owners new powers to silence creators of unauthorized expression, including fair use expression” – Julie Cohen, Professor of Law, Georgetown University
  • 4. Consumers v. Criminals • Consumers are emotional and loyal • Will trust in a vendor until they feel betrayed – If betrayed enough – and ease of crime is low enough – Consumer  “Criminal”
  • 5. The Elephant in the Room
  • 6. Apple iPhone • Unlocking the phone – Modify firmware to allow it to connect to non-AT&T networks – Currently legal under exemption filed November 2006 (expired today, extended) • Jailbreaking (iPhone and iPod Touch) – Allows installation of unauthorized apps – But… won’t somebody please think of the cell towers?![1][2]
  • 7. Apple iPhone • The Bad – Apple / AT&T lose money if users switch networks – Pirated apps – Apps that conflict with Apple / AT&T business – Device can be used in ways that ruin Apple’s reputation • Obviously, anyone that does this is a bad guy, right?
  • 8. Apple iPhone • The Good – Unlimited Functionality • SwirlyMMS – text messaging with MMS – Apple/AT&T added MMS 14 months later • Cycorder – Video Recorder • iLocalis – Remote control and locator of iPhone • xGPS – Free GPS reader for Google Maps • NemusSync – Sync Google Calendar • Five icon dock • Read PDF / Word / Excel documents
  • 9. Apple iPhone • The … curious? – OpenSSH – SSH Server – LigHTTPD – Web Server • With PHP and SQLite capabilities – Veency – VNC Server
  • 10. Apple iPhone Apple: Think Different (like everyone else)
  • 12. Apple iPhone • So simple, even a skiddie could do it… • 3 Step Process with redsn0w or greenpois0n[3] – Download software and iPhone firmware – Connect device via USB/FW – Click button to load firmware • Over 4 million iPhones have been jailbroken[4]
  • 13. And now for something completely different
  • 14. Data on Websites • If it’s on the web is it: – Published? – Public? – Open for access? • Where does the onus of security morality lie? – User? – Host?
  • 15. College Admissions • March 2005, steps posted to “hack” to check college admission results on ApplyYourself • Results were already finalized, just not published to student’s page • “Hack”: Append login id to end of query URL[5] • https://app.applyyourself.com/AyApplicantMain/Applic antDecision.asp?AYID=89CFE0A-424C-4240-Z8D0- 9CR5 2623F70&mode=decision&id=1234567
  • 16. College Admissions • 119 Harvard Business School hopefuls attempted URL change – All were rejected from the school as a result – Many other schools rejected “hackers” • “a serious breach of trust that cannot be countered by rationalization “ – Kim Clark, then Dean at Harvard Business School
  • 17. First Sale Doctrine • Copyright limitation implemented in the Copyright Act of 1976 – Copyright owner cannot limit your ability to resell a product after initial purchase – Challenged by physical vs. digital distributions (eBay v. Steam)
  • 18. First Sale Doctrine • And in walks the DMCA… – Timothy S. Vernor v. Autodesk Inc. – Company liquidated inventory of AutoCAD – Vernor sold software on eBay, had all auctions removed by eBay/Autodesk – Autodesk: EULA prevents resell or transfer, ruled transactions as violations of DMCA – Still awaiting judge’s decision…
  • 19. Gaming • Video Gaming is big business – 42% of all US homes have a console [6] – Average gamer spends over $700/yr [7] – However, average gamer is also 35, overweight, and depressed…[8] – June 2009: Only 50% of gamers were under 18 [9] = more gamers have jobs
  • 20. Gaming • Since the beginning there was hacking • Modifications were prohibitively complex – LPT ports, terminal applications – ROM patching – Modchip soldering
  • 21. Gaming • Modifications are now extremely simple • Solderless solutions with ON/OFF switches • Drag-n-drop solutions on MicroSD
  • 22. Gaming • The Bad: – Piracy – Online cheating • The Good: – Backup / import saved games – Cheat codes – Homebrew / new functionality – Bypass region locking
  • 23. Gaming • Nintendo DS – Simple Slot-1 card with MicroSD reader – Drag-and-drop apps and ROMs – Homebrew: • MP3 / Movie player • Web browser • Organizer • DSLinux
  • 24. Gaming • Nintendo Wii – Solderless Modchip – Hardmod (bad) – Softmod (good) – USB HDD support – Homebrew: • DVD Player • Media Center • Wii Linux
  • 25. Gaming • Nintendo Wii – Hardmod • Allows for playing burned games – Softmod • Allows for playing game images • Runs homebrew Current Exploits: Twilight Hack[10] Bannerbomb[11] Smash Stack[12] Indiana Pwns[13]
  • 26. Gaming • Legalities – Console producers heavily discourage homebrew apps and modding – 28 Sep 09 – Wii 4.2 System update seeks and destroys all homebrew apps • Nintendo code was rushed and bugged, bricking legitimate Wiis http://modtechs.com/tag/matthew-crippen/
  • 27. Gaming • Modifying a console to bypass copy control protection is a violation of DMCA – Aug 2009 - Matthew Crippen, 27 yr old college student, indicted on two counts of modifying consoles for friends – Faces 10 years of federal time [14] – Robert Schoch, ICE special agent "Playing with games in this way is not a game -- it is criminal." [15]
  • 28. Conclusion • Things are going to get much worse before they get better – Corporations / governments are slow to evolve and rely heavily on law – The public evolves very quickly and relies on morals – Both rely on self-interest, convenience, and greed
  • 29. Conclusion • Consumers are on the losing side – Suppliers will constantly find new ways to exploit hardware/software – Consumers will seek ways to extend capabilities – Corporations will treat consumers as criminals until… they really do become criminals
  • 30. Conclusion • Education is the primary answer – Public need better education on copyrights and legal system, and it needs to start with the kids – Corporations and government need to understand the changing movements of their bosses (the public) • “I don’t use understand or use it, but I’m going to control it”
  • 31. Conclusion • Words to watch in the next year: • “Making available” – RIAA’s legal suits were partially based not upon committing a crime, but making available for the opportunity to commit one – HR 1319 (Informed P2P User Act - Rep. Mary Bono, R-CA)
  • 32. References 1. http://www.wired.com/threatlevel/2009/07/jailbreak/ 2. http://support.apple.com/kb/HT3743 3. http://blog.iphone-dev.org/post/126908912/redsn0w-in-june 4. http://www.wired.com/gadgetlab/2009/08/cydia-app-store 5. http://securitytracker.com/alerts/2005/Mar/1013400.html 6. http://www.reuters.com/article/pressRelease/idUS164594+03-Jun-2009+BW20090603 7. http://corp.ign.com/articles/599/599801p1.html 8. http://www.stltoday.com/blogzone/life-tech/video-games/2009/08/study-says-average-video-game-player-is-35-and-depr 9. http://worthplaying.com/article/2009/8/11/news/64252/ 10.http://wiibrew.org/wiki/Twilight_Hack 11.http://wiibrew.org/wiki/Bannerbomb 12.http://wiibrew.org/wiki/Smash_Stack 13.http://wiibrew.org/wiki/Indiana_Pwns 14.http://www.law.com/jsp/legaltechnology/pubAr ticleLT.jsp? id=1202433360949&HighTech_Tug_of_War_ Over_iPhone 15.http://www.nbcdfw.com/news/tech/Cal-State- Student-Faces-10-Year-Prison-Term-for- Playing-with-Video-Games-52386872.html
  • 33. The End • Thoughts / Questions / Dull Objects? Twitter: bbaskin Email: brian@thebaskins.com