This document discusses the history and advantages of the information revolution as well as some negative results such as decreased research skills and physical health issues. It also examines debates around privacy vs government oversight in cyberspace. Several categories of cybercrime are defined including cyberpiracy, cybertrespass, and cybervandalism. Common types of cybercrimes like hacking, identity theft, and cyberstalking are also outlined. The document concludes by noting the challenges of estimating costs of computer crimes and the extent of business victimization.
2. Cyberspace and
Criminal Behavior
History has shown periods of enlightenment and
progress
Industrial revolution – brought automation of
tasks, etc.
increased public knowledge (i.e. printing press
made information available to the masses
increased medical services due to enhanced
communication and transportation
3. Advantages of the Information Revolution:
Commerce
Research
Education
Public knowledge
Entertainment
Public discourse
Health
Multiculturalism
Law enforcement
4. Negative Results
Cyber-dependence and incompetence – has decreased
the ability of students to conduct independent research;
led to a decrease in verification of sources; obliterated
traditional methods of academic inquiry
Erosion of physical health – has created a sedentary
lifestyle
Reduction of interpersonal communications – has
created a reliance on electronic communication at the
expense of interpersonal communication.
Deviance and crime – anonymity promotes deviant
behavior while creating elevated levels of vulnerability in
unsuspecting users; global interconnectivity enhances
potential gain from criminal activity
6. Intangibility of electronic
communications
Not really a new concept – traditional communications
have fallen within this existential space
Telephonic communications, for example, cross both
time and space and were predated by wire exchanges
However, the physicality of virtual world has
increased with the Internet due to the convergence of
audio, video, and data
No other medium of communication has provided such
potentiality.
7. Privacy vs. protection
debate rages over
the level of
supervision
appropriate in this
medium. Privacy
advocates include:
The Grateful Dead’s
David Barlow, and
Lotus inventor,
Mitchell Kapor – co-
founders of the
Electronic Frontier
Foundation.
8. Government’s position
• Such potentiality must be monitored to prevent
the exploitation and victimization of innocents
• Critics – have suggested that the government
has been too zealous in its pursuit of security.
They have described their approach as
Orwellian, citing Steve Jackson Games, Inc. v.
U.S. Secret Service as an example.
9. Privacy Advocates
Position
• Any supervision and/or government
oversight abridges the 1st Amendment, and
should be prohibited as a matter of law.
• Critics – have suggested that their position
is untenable as it fails to recognize the
dangers inherent in anonymous
communication. They argue that an
unregulated global exchange encourages
deviance.
14. Examples of Cyber Crime
1. Online Banking Fraud
2. Fake Antivirus
3. Standard Traveler Scams
4. Advanced Fraud
5. Online Payment Card Fraud
6. Copyright infringing software
7. Copyright infringing music and video
15. Introduction to Identity Theft
and Identity Fraud
1. To apply for a new driving license
2. To open new bank account
3. To apply for credit card
4. To apply for loan
5. To get a job
16. Common ways Identity Theft
Occurs
1. Defrauding business or institution
2. Stealing records from their employer
3. Bribing an employee who has access to the records
4. Conning information out of employee
5. Hacking into the organization’s computers
6. Rummaging through your trash
17. How Thieves Steal Your
Identity:
1. Phishing
2. Spain
3. Spyware
4. Pharming
5. Keyloggers
6. Trojan horse
18. How You Can Protect Yourself
1. Keep personal data private
2. Use strong password
3. Practice safe surfing on public hotspot
4. Secure your wireless network
5. Review your financial statements promptly
19. Types of Computer Forensics
Techniques
1. Computer Forensics
a. Acquisition
b. Identification
c. Evaluation
d. Presentation
2. Digital Forensics
24. Cybercrime
Any abuse or misuse of computer
systems which result in direct
and/or concomitant losses
25. Problems with
definitions
definitions vary by agency, legislation, and
enforcement
can not be used to replace traditional statutes
extortion is extortion is extortion regardless
of the method employed to communicate the
threat.
TERMS WILL BE USED INTERCHANGEABLY
26. Traditional Problems
Associated With
Computer Crime
While criminals have always displayed an
ability to adapt to changing technologies,
law enforcement agencies and government
institutions, bound by bureaucracy, have
not.
Computer crime, in particular, has proven a
significant challenge to LE personnel for a
variety of reasons.
27. Traditional Problems
Associated with
Computer Crime
Physicality and jurisdictional concerns
Lack of communication b/w agencies
Physicality and jurisdictional concerns
Intangibility of physical evidence
Lack of communication between
agencies
Inconsistency of law and community
standards
Intangibility of evidence
Cost/benefit to perpetrator
28. Physicality and
Jurisdictional Concerns
intangibility of activity and location are not provided for
by law – individuals sitting at their desk can enter
various countries without the use of passports or
documentation.
vicinage – an element necessary for successful
prosecution requires the specification of the crime scene
(physical not virtual), i.e., “ Where did the crime actually
occur?” If a Citadel cadet from 4th Battalion illegally
transferred money from The Bank of Sicily to The Bank
of London, where did the crime occur? Which laws
apply?
29. Jurisdiction
Which agency is responsible for
the investigation of a particular
incident.
Using the previous example, which
agency has primary jurisdiction
over the thief?
30. Lack of communication
between agencies
i.e., traditional lack
of collaboration
further
compounded by
the introduction of
international
concerns
31. Inconsistency of law and
community standards
i.e., definitions of obscenity, criminality, etc. –
further complicated on the international level
where some societies may tolerate, or even
condone, certain behaviors
Example: Antigua, Caracas, and the Dominican
Republic all challenge American sovereignty
over wagers placed by Americans through online
casinos and sports books
32. Intangibility of evidence
patrol officers unsure as to
recognition of evidence
patrol officers unsure of method of
preservation of evidence
33. Cost/benefit to
perpetrator
much less expensive AND the risk of
successful prosecution is slight
do not need method of transportation
do not need funds
do not need storage capabilities
are not labor intensive and can be
committed alone
All these significantly decrease the risk
to the deviant and severely hamper law
enforcement efforts.
34. Perceived insignificance
and stereotypes
stereotypes of computer
criminals often involve non-
threatening, physically
challenged individuals (i.e.,
“computer geeks”)
stereotypes of computer
crimes usually involve
hacking and improper use
35. Prosecutorial
Reluctance
Apathy (or perhaps laziness)
Lack of concern of constituents
Lack of cooperation in extradition requests
Victim’s reluctance to prosecute
Labor intensive nature of case preparation
Lack of resources for offender tracking
36. Lack of Reporting
Fortune 500 companies
have been electronically
compromised to the tune
of at least $10
Billion/year
Although this number is
increasing, early studies
indicated that only 17%
of such victimizations
were reported to the
police.
37. Reasons for non-
reporting:
Consumer confidence – must assure consumers that their
personal data is safe. (ex., Citibank)
Corporate interests – do not want to lose control over their
investigation. They wish to control level of access and scope
of investigation. They naively believe that if criminal activity is
uncovered, they can simply report their findings to the police.
Cost/benefit analysis – believe that the low likelihood of
enforcement and prosecution vs. the high likelihood of lost
consumer confidence is simply not worth it
Jurisdictional uncertainty – many companies are unclear
as to which agency to report to.
39. Lack of Resources
1. Traditional budget constraints
2. Nature of technology
3. Cost of training
4. Cost of additional personnel
5. Cost of hardware
6. Cost of software
7. Cost of laboratory
8. Inability to compete with private
industry
40. Traditional Budget
Constraints
Law enforcement
has always been
significantly under
funded: the public
unwilling to
expend
community funds
on LE training,
personnel, and
technology.
41. Nature of technology
Always changing
requires perpetual training.
(ex. Wireless technologies
and emerging encryption
and steganography
programs are increasingly
common and have
complicated LE efforts)
Thus, training soon
becomes obsolete
42. Cost of Training
Extremely expensive – NTI, for
example, charges more than
$1500 per person. Coupled with
per diem expenses and the cost of
software licenses, this training is all
but out of reach for many
agencies.
43. Cost of additional
personnel
For every officer transferred to
technology crime, another must be
recruited, hired, and trained to take
his/her place.
44. Cost of hardware
equipment soon becomes
obsolete, precluding the purchase
of pricey components
45. Cost of software
Forensic software is extremely
expensive. Products by
Guidance Software, NTI, and
AccessData packages exceed
several hundred dollars for a
single license! Minimum
requirements include: data
duplication, data verification,
data capture, data recovery,
data preservation, and data
analysis. In addition, password
cracking, text searching, and
document viewing tools are
needed.
46. Cost of laboratory
Must find
appropriate,
unallocated
space within or
outside of the
department
(discussed in
detail in Chapter
9)
47. Inability to compete with
corporations
Individuals with forensic training
are highly prized by corporations.
Since they can afford to offer high
salaries and lucrative benefit
packages, they can successfully
lure officers into private practice.
48. Extent of the problem
Computer crimes range in severity from
nuisance activity (i.e., spamming, etc.) to
computer-assisted criminal activity (i.e.,
burglary, fraud, etc.) to computer-initiated
criminal activity (i.e., embezzlement,
fraud, etc.).
Purposes include: white collar crime,
economic espionage, organized crime,
foreign intelligence gathering, terrorism,
sexual deviance, and technologically
innovated traditional crime.
49. Computers as targets
Phreaking
Viruses and worms
Trojans and hacking
Miscellaneous
50. Phreaking
phreaking – activity in which
telecommunications systems are
manipulated and ultimately
compromised – the precursor to
contemporary hacking
51. Viruses and worms
viruses and worms – increasingly
popular, they pose significant
concerns for individuals,
businesses, universities, and
governments. (ex. “Love Bug”
affected at least 45 million
computers and caused billions of
dollars in damages.
52. Trojans and hacking
Tools for stealing data are readily
available for download from the
Internet (including, BackOrifice,
NetBus, and DeepThroat). Such
theft poses significant concern for
corporations and governments, as
trade secrets and public
infrastructures are at risk.
56. Estimates of Computer
Crime
Estimates of computer crime are poor at
best:
Actual costs range from $15 to
$250 billion
Businesses affected range from
25% to 99%
More than ½ of businesses spend
5% or less of their IT budget on security.
A 185% increase in KP cases in
one year!
Estimated that one KP bulletin board
was accessed by over 250 users a day.
57. Extent of business
victimization
25% of respondents detected external
system penetration
27% detected denial of service
79% detected employee abuse of Internet
privileges
85% - detected viruses
19% suffered unauthorized use
19% reported 10 or more incidents
35% reported 2-5 incidents
64% of those acknowledging an attack
reported Web-site vandalism
60% reported denial of service
over 260 million dollars in damages were
reported by those with documentation