File Name: Scope.ppt This presentation provides the student with an overview of the computer crime problem.
Computer Crime Scope of the problem
Computer Crime: Background <ul><li>In 1991, a business firm in the U.S. was 8 times more likely to be the victim of a crime than an individual living in the U.S. </li></ul><ul><li>Economic crime cost American businesses $128 billion. </li></ul>
Computer Crime: Background The accounting firm of Ernst & Young estimates that computer-related crime cost U.S. businesses about $3 billion to $5 billion a year in losses. Other researchers put the total loss figure as high as $40 billion if losses from Viruses and Software Piracy are included.
Computer Crime: Background Only 6% to 11% of computer crime is reported. Of this segment, only 2% of the cases resulted in a conviction requiring any jail time. Less than a dozen computer criminals nationwide have served any time.
Computer Crime: Background Average insured losses resulting from exploitation and tampering of computer systems are in the range of $500,000 - $600,000.
Computer Crime: Background 75% to 80% of all computer crime is traceable to trusted insiders who had legitimate computer access, and/or knowledge of how operational procedures could be manipulated to their financial benefit.
Computer Crime: Background Average bank robber: $5K / 90% / 7 yrs hard time vs. Computer criminal: $600K / 2%/ 2 yrs min. security
Computer Crime: Background Normal computer crime takes less than one second to pull off, and is usually done from another state or foreign country.
Computer Crime: Background A 1989 study by the National Center for Computer Crime Data of 3,500 companies found an average loss of $110,000, 365 man-hours, and 26 hours of computer time for each computer crime event discovered. 70% of all events involved theft of money or services.
Computer Crime: Background When a computer criminal is caught, it is "because such a large sum of money is taken that even the most ill-prepared system will note the anomaly." (Donn Parker. SRI computer crime expert)
Computer Crime: Background "The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard than a bomb." "To date, we have been remarkably lucky... Unfortunately, there is reason to believe that our luck will soon run out."
Computer Crime: Background "The committee is concerned that the development of legislation and case law is being outpaced by the growth of technology and changes in our society." (Source: Computers At Risk, National Research Council, 1991)
Computer Crime: Insider Examples Stanley Mark Rifkin hits Security Pacific Bank for $10.2 million using EFT passwords he observed pasted to terminals in the money transfer room of the bank. ('78)
Computer Crime: Insider Examples A New York brokerage firm disables the audit trail on their computer system to speed up operations. Shortly after, a clerk disappears to Switzerland with an estimated $28.8 million. ('86)
Computer Crime: Insider Examples The computer program that Volkswagen of West Germany used to control its international finance operations was altered so that 5 high-level executives got away with $260 million. No charges filed, but all fired! ('87)
Computer Crime: Insider Examples A London bank releases a press statement claiming their banks are not vulnerable to fraud the same day 4 persons are arrested with 1,864 valid, but forged, ATM cards in their possession. ('87)
Computer Crime: Insider Examples Seven New York men use stolen EFT codes to embezzle S70 million from the bank accounts of Merrill-Lynch and United Airlines. They are caught only after they cause Merrill-Lynch's account to be overdrawn. ('88)
Computer Crime: Insider Examples A Delaware state lottery computer system malfunctions, allowing unscrupulous lottery vendors to help themselves to $555,000 in winning tickets after the numbers had already been drawn. ('89)
Computer Crime: Insider Examples The Washington State prison system suspends a program where inmates were allowed to keep PCs in their cells, citing security issues after one prison's main computer system experienced unusual problems. ('89)
Computer Crime: Insider Examples 18 inmates working as data entry operators at the Tennessee State Prison guess the password to a payroll system and give themselves raises ranging from $20 to $500 a month. ('90)
Computer Crime: Insider Examples U.S. Attorney's Office in Kentucky sells computer at surplus auction for $45, and then realizes that 7 years worth of data on Federal Agents and Witness Protection participants were not erased. ('90)
Computer Crime: Insider Examples Laptop computer is stolen from Wing Commander of British military. On the laptop were classified plans for Persian Gulf war. Returned 4 days later in the mail. ('91)
Computer Crime: Insider Examples Four Cal Poly University students are arrested after charging $250,000 in goods to MasterCard and Visa cards. They gained access to Equifax, and copied some 1,600 credit reports. They then used the good credit-card numbers to re-program the magnetic data on stolen credit cards. They did this from a laptop in their car. ('91)
Computer Crime: Hacker History <ul><li>The term "hacking" was coined by members of the MIT Railroad Club in the mid 1960s. </li></ul><ul><li>Back then, "hacker" was a term used to show respect for someone's technical expertise. </li></ul><ul><li>"Hands on imperative" became the Golden Rule. </li></ul>
Computer Crime: Hacker History <ul><li>Today, "Hacking" is described by some as the art of young, anti-social males who are arrogant and obsessive. </li></ul><ul><li>They have hyperactive imaginations that drive them to explore the world of cyberspace, usually returning with other people's money. </li></ul><ul><li>The goal of today s hacker is to make the rules, not follow them. </li></ul>
Computer Crime: Hacker Profile Profile of a typical hacker is a white or Asian male, age 14 to 20, with average to below-average grades, an introvert who does not relate well to even his peers, has no father in the home, and has a personal life that is severely disorganized.
Computer Crime: Hacker Profile Hackers will spend 200 to 300 hours a month on the phone exchanging messages with other hackers, as well as trying to gain entry to computer systems world wide.
Computer Crime: Malicious Hackers AF-OSI nabs 14 year old for hacking into computers at the Pentagon and downloading several unclassified documents. Use of an "800" number allowed him to be traced. ('89)
Computer Crime: Malicious Hackers Kevin Mitnick, the "Darth Vader of Hackers," hacks into DEC and copies the security software (loss, $4 million) they use to protect their systems. When arrested, he had 16 stolen MCI codes in his possession. He also shut down 911 service in California ('89)
Computer Crime: Malicious Hackers Republican Party staff member from New Jersey hacks into the Democratic Party computer system and copies confidential files. Files showed that state workers were using state time for campaign work. ('90)
Computer Crime: Malicious Hackers The Legion of Doom is credited with planting a virus in the AT&T Switching Network. The system was down for 9 hours. 25 million long distance phone calls get busy signal. (Jan 15, 1990 - MLK holiday)
Computer Crime: Malicious Hackers Johnson Space Center denies it has lost $12 million over two years due to abuse of their phone system. One stolen access code was distributed to hundreds of hackers. ('90)
Computer Crime: Malicious Hackers Leslie Lynne Douchette (AKA, Kyrie), ring-leader of nationwide group of hackers, is sentenced to 27 months. Losses directly tied to her pivot on 481 MCI access codes in her possession that accounted for S595,000 in long-distance phone fraud. ('90)
Computer Crime: Malicious Hackers "Hacker Heaven": Belgium, Greece, Italy and the Netherlands. As of August 1991, they had no laws that made unauthorized access/tampering of computers a crime.
Computer Crime: Malicious Hackers U.S. vendor of secure modems issues challenge to hackers: "Hack into my system and I will give you cash reward." 8,000 hackers tried. ('91)
Computer Crime: Viruses & Worms <ul><li>A "virus" is software that hides itself inside of other legitimate software programs. A virus can not exist on its own, it requires a host. </li></ul><ul><li>A "worm" is software, which does not hide itself in other programs, but rather is self-sufficient, stand-alone code. </li></ul>
Computer Crime: Viruses & Worms The goal of both viruses and worms is to replicate themselves. They may, or may-not trigger on some external event that causes them to be annoying or destructive.
Computer Crime: Viruses & Worms <ul><li>Of the 1,000 or so core viruses known to researchers, we only know the origin of about 40%. </li></ul><ul><li>Most common origins: Minnesota, Italy, and Bulgaria. </li></ul>
Computer Crime: Viruses & Worms The public attitude toward viruses is changing. They are now seen as a bizarre form of industrial sabotage, rather than a technological version of a practical joke.
Computer Crime: Viruses & Worms "Christmas Tree" virus forces IBM to shut down 350,000 internal communications networks world- wide for nearly three days to permit location and removal of the virus. ('87)
Computer Crime: Viruses & Worms The Internet Unix worm, written by Robert Morris, caused 6,200 computer systems to crash, it took 1 million hours to repair the damage, at an estimated cost of $97 million.
Computer Crime: Viruses & Worms Convicted, Morris could have gotten five years and a $250,000 fine, but instead a U.S. District Court Judge gave him 400 hours of community service, a $10,000 fine and 3 years probation . ('88)
Computer Crime: Viruses & Worms <ul><li>A survey of 200 businesses in the U.S. found that 25% hat been hit with a virus. ('90) </li></ul><ul><li>A survey of 950 businesses in England revealed that 50% had been hit with a virus. ('90) </li></ul>
Computer Crime: Viruses & Worms One of the most common viruses, the "Friday the 13th," was written by a programmer in the Middle East as a protest against the 40-year anniversary of the founding of Israel.
Computer Crime: Pedophiles <ul><li>Pedophiles are increasingly using microcomputers and BBS technology to share child pornography and to identify potential victims. </li></ul><ul><li>The ability of microcomputers to display high-resolution graphics makes them ideal vehicles for the distribution of child pornography. </li></ul><ul><li>The BBS networks give pedophile's anonymity and make them difficult to track. </li></ul>
Computer Crime: Pedophiles Medford, Massachusetts Police raided a child pornography video operation and discovered a major computer BBS network. There were over 1,000 users on the system from across the U.S. , and many international users. (‘90)
Computer Crime: Pedophiles Alameda County, California District Attorney’s Office prosecuted two males on pedophilia-related charges after an investigation revealed the suspects were running a travel service for pedophiles to Thailand. The contact information was kept in Casio databank watches. (‘86)
Computer Crime: Pedophiles The pedophile victim profile is very similar to the computer hacker profile, making electronic networks a fertile hunting ground for pedophiles.
Computer Crime: Pedophiles Mr. Roger Deitz of Fremont, California told newspapers and TV stations that he posed as a 13 year old homosexual male and was able to make contact with 20 - 30 pedophiles using America On-Line service. The service is assisting the FBI in a subsequent investigation but does not monitor private E-Mail. (New York Times 3/92)
Computer Crime: Pedophiles A San Jose, California detective posing as a pedophile on a BBS system was solicited by pedophiles Dean Lambey and Daniel Depew to participate in a kidnapping and "snuff flick" of a 12-year-old. FBI officials arrested both Lambey and Depew when they made an overt act to further the conspiracy. (Los Angeles Times 10/91)
Data Diddling <ul><li>Simplest </li></ul><ul><li>Safest </li></ul><ul><li>Most Common Method Used in discovered Cases </li></ul><ul><li>Involves changing Data Before or During Input Process </li></ul><ul><li>Can Be accomplished by anyone having access to the data </li></ul>
Data Diddling: Examples <ul><li>Counterfeiting Documents </li></ul><ul><li>Exchanging Valid computer tapes, cards, disks with prepared replacements </li></ul><ul><li>Source data entry procedure violations (entering wrong data) </li></ul>
Data diddling: Detection <ul><li>Transaction Participant: Data comparison </li></ul><ul><li>Data Preparers: Document Validation </li></ul><ul><li>Source data suppliers: Manual controls </li></ul>
Trojan horse: Definition The covert placement of computer instructions in a program so that the computer will perform unauthorized functions. But usually still will allow the basic program to perform its intended purpose
Trojan horse: Common method for prevention or detection <ul><li>Typical business application program can consist of 100,000 + instructions </li></ul><ul><li>Operating system can consist of 5 to 6 million instructions </li></ul><ul><li>Poor system documentation and maintenance practices aids perpetrators </li></ul>
Trojan horse: Detection <ul><li>Programmers: Program code comparisons </li></ul>
Salami Technique: Definition <ul><li>Theft of small amounts of assets from a larger number of sources </li></ul><ul><li>Individual losses small and often unnoticed </li></ul><ul><li>Requires a large amount of accounts be accessible to the perpetrator </li></ul><ul><li>Random selection of target accounts reduces detection probability </li></ul>
Salami Technique: Most common targets <ul><li>Savings accounts </li></ul><ul><li>Margin accounts </li></ul><ul><li>Mortgage accounts </li></ul><ul><li>Trust accounts </li></ul><ul><li>Payroll </li></ul><ul><li>Most common method used is the round down </li></ul>
Salami Technique: Detection <ul><li>Programmers: Application test </li></ul><ul><li>User community: Detailed data analysis </li></ul><ul><li>Former employees: Program comparisons </li></ul><ul><li>Contractors: Transaction audits </li></ul><ul><li>Vendors: Financial status of possible suspect </li></ul>
Superzapping A program that permits the user to bypass all normal system controls. It makes possible the disclosure and/or modification of any program or data resident in the system.
Trap Doors/Back doors Computer instructions (part of a program) that allows users to access the program and/or data without initializing the program in the normal fashion. (Go in the back door)
Logic bomb Special unauthorized instruction imbedded in computer routines that determine process conditions or system status.
Scavenging: Definition Obtaining information that may be resident in or around a computer system
Scavenging: Sources <ul><li>Discarded listings </li></ul><ul><li>Carbon paper </li></ul><ul><li>Source documents </li></ul><ul><li>Scratch paper </li></ul><ul><li>Company Phone books </li></ul>