We want this Internet, this global cyberspace, to be completely free , completely open. Everyone does. I do. But we also want to conduct business there, and we want to relax there and have our children be educated there and seek entertainment there. Those kinds of activities require law enforcement, require international treaties, require responsibility, corporate responsibility and personal responsibility. So we have a long way to go before cyberspace is as safe, even, as the highways. And as you know, the highways aren't all that safe. Computer Crime: Horses, Hacking and Hell Raising
Source: 2007 CSI Computer Crime and Security Survey
Viruses: List of Recent Viruses, Worms and Horses Viruses - A virus is a small piece of software that piggybacks on real programs. For example, a virus might attach itself to a program such as a spreadsheet program. Each time the spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching to other programs) or wreak havoc. E-mail viruses - An e-mail virus moves around in e-mail messages , and usually replicates itself by automatically mailing itself to dozens of people in the victim's e-mail address book. Worms - A worm is a small piece of software that uses computer networks and security holes to replicate itself. A copy of the worm scans the network for another machine that has a specific security hole. It copies itself to the new machine using the security hole, and then starts replicating from there, as well. Code Red is an example of a nasty worm . Trojan horses - A Trojan horse is simply a computer program. The program claims to do one thing (it may claim to be a game) but instead does damage when you run it (it may erase your hard disk ). Trojan horses have no way to replicate automatically.
Horses: A destructive program that masquerades as a benign application. Unlike viruses , Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from a story in Homer's Iliad, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy.
Hacking: <ul><li>Gain unauthorized access to computer systems for the purpose of stealing and corrupting data. </li></ul><ul><li>Defeating systems through people weakness. </li></ul><ul><li>Logon mimicking. </li></ul><ul><li>Password guessing or default passwords. </li></ul>Cases of Hacking: http://www.cybercrime.gov/gorshkovSent.htm http://www. cybercrime . gov/doppsPlea . htm
Hell Raising: Denial of Service attacks (DoS) are a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic . Two types of DoS are called a Zombie and Pulsing Zombie. Excellent description of this technology and how it works at http://grc.com/dos/drdos.htm IP Spoofing is a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. Port Scanning is the act of systematically scanning a computer's ports . Since a port is a place where information goes into and out of a computer, port scanning identifies open doors to a computer. Port scanning has legitimate uses in managing networks , but port scanning also can be malicious in nature if someone is looking for a weakened access point to break into your computer.
CERT - The Experts Established in 1988, the CERT® Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute , a federally funded research and development center operated by Carnegie Mellon University . Find out more at http://www.cert.org
Wireless Security Insertion Attacks Unauthorized devices on the wireless network. This can be clients or base stations. Interception and monitoring wireless traffic Wireless Sniffer , Hijacking the session, Broadcast Monitoring, ArpSpoof Monitoring and Hijacking, BaseStation Clone (Evil Twin) intercept traffic ( more ). Client to Client Attacks Two wireless clients can talk directly to each other by-passing the base station. Because of this, each client must protect itself from other clients.
Jamming Denial of service attacks for wired networks are popular. This same principle can be applied to wireless traffic, where legitimate traffic gets jammed because illegitimate traffic overwhelms the frequencies, and legitimate traffic can not get through. 2.4 GHz Interfering Technology An attacker with the proper equipment and tools can easily flood the 2.4 GHz frequency, so that the signal to noise drops so low, that the wireless network ceases to function. This can be a risk with even non-malicious intent as more technologies use the same frequencies and cause blocking. Cordless phones, baby monitors, and other devices like Bluetooth that operate on the 2.4 GHz frequency can disrupt a wireless network. Wireless (continued)
Configuration errors Use of default SIDs is often an issue. Base stations come with default SSIDs. Attackers can use these default SSIDs to attempt to penetrate base stations that are still in their default configuration. Here are some default SSIDs: * “tsunami” - Cisco * “101” – 3Com * “RoamAbout Default Network Name” - Lucent/Cabletron * “Default SSID" * “Compaq” - Compaq * “WLAN” – Addtron, a popular AP * “intel” - Intel * “linksys” – Linksys * “Wireless” Wireless (continued)
War Chalking: Using chalk to place a special symbol on a sidewalk or other surface that indicates a nearby wireless network, especially one that offers Internet access. Based on old hobo language
Cybercrime Recent Cases http://www.crime-research.org/links/ A list of recent convictions of cybercrimes can be found at:
How It’s Done Let’s take a look at a simple example of how it might be done: 1) First we look for something that is “trusted” by computer systems. Email 2) We learn how email REALLY works RFC 821
A Typical SMTP Transaction Scenario R: 220 BBN-UNIX.ARPA Simple Mail Transfer Service Ready S: HELO USC-ISIF.ARPA R: 250 BBN-UNIX.ARPA S: MAIL FROM:<Smith@USC-ISIF.ARPA> R: 250 OK S: RCPT TO:<Jones@BBN-UNIX.ARPA> R: 250 OK S: RCPT TO:<Green@BBN-UNIX.ARPA> R: 550 No such user here S: RCPT TO:<Brown@BBN-UNIX.ARPA> R: 250 OK S: DATA R: 354 Start mail input; end with <CRLF>.<CRLF> S: Blah blah blah... S: ...etc. etc. etc. S: . R: 250 OK S: QUIT R: 221 BBN-UNIX.ARPA Service closing transmission channel
[Jim-Greenbergs-Computer:~] jimgreen% telnet smtp.oneonta.edu 25 Trying 188.8.131.52... Connected to smtp.oneonta.edu. Escape character is '^]'. 220 EXCHANGEN1.oneonta.edu Microsoft ESMTP MAIL Service, Version: 5.0.2195.5329 ready at Tue, 5 Nov 2002 08:10:23 -0500 helo 250 EXCHANGEN1.oneonta.edu Hello [184.108.40.206] mail from:<firstname.lastname@example.org> 250 2.1.0 email@example.com....Sender OK rcpt to:<firstname.lastname@example.org> 250 2.1.5 email@example.com data 354 Start mail input; end with <CRLF>.<CRLF> Hey Joe What'a know? . 250 2.6.0 <EXCHANGE1RxwfhMvmKc00012a4b@EXCHANGEN1.oneonta.edu> Queued mail for delivery quit 221 2.0.0 EXCHANGEN1.oneonta.edu Service closing transmission channel Connection closed by foreign host. [Jim-Greenbergs-Computer:~] jimgreen%
What is this and why should I care? Mass Victimization Some links about this: http://www.theregister.co.uk/2001/04/19/online_mass_victimization_inevitable_study/ http://www.maricopacountyattorney.org/Newsletters/rrcomments/rrarct.asp
CALEA and Terrorism In October 1994, Congress took action to protect public safety and ensure national security by enacting the Communications Assistance for Law Enforcement Act of 1994 (CALEA), Pub. L. No. 103-414, 108 Stat. 4279 . The law further defines the existing statutory obligation of telecommunications carriers to assist law enforcement in executing electronic surveillance pursuant to court order or other lawful authorization.The objective of CALEA implementation is to preserve law enforcement's ability to conduct lawfully-authorized electronic surveillance while preserving public safety, the public's right to privacy, and the telecommunications industry's competitiveness.
Privacy Concerns? RFID, GPS, Software tools, data security and CALEA Have a number of groups worried about privacy and possible Victimization.