Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
27 Oct 09Casual Cyber CrimeBrian Baskin
Hello!• – Computer Forensic Leader• DoD Cyber Crime Center– Defense Cyber Investigations TrainingAcademy (DCITA) – Deputy ...
Legal v. Illegal• “Unauthorized” vs. “Illegal”– Terms of Service vs. Law– Lines severely blurred since the DMCA– “copyrigh...
Consumers v. Criminals• Consumers are emotional and loyal• Will trust in a vendor until they feelbetrayed– If betrayed eno...
The Elephant in the Room
Apple iPhone• Unlocking the phone– Modify firmware to allow it to connect tonon-AT&T networks– Currently legal under exemp...
Apple iPhone• The Bad– Apple / AT&T lose money if users switch networks– Pirated apps– Apps that conflict with Apple / AT&...
Apple iPhone• The Good– Unlimited Functionality• SwirlyMMS – text messaging with MMS– Apple/AT&T added MMS 14 months later...
Apple iPhone• The … curious?– OpenSSH – SSH Server– LigHTTPD – Web Server• With PHP and SQLite capabilities– Veency – VNC ...
Apple iPhoneApple: Think Different (like everyone else)
Apple iPhone
Apple iPhone• So simple, even a skiddie could do it…• 3 Step Process with redsn0w orgreenpois0n[3]– Download software and ...
And now for somethingcompletely different
Data on Websites• If it’s on the web is it:– Published?– Public?– Open for access?• Where does the onus of securitymoralit...
College Admissions• March 2005, steps posted to “hack” to checkcollege admission results on ApplyYourself• Results were al...
College Admissions• 119 Harvard Business School hopefulsattempted URL change– All were rejected from the school as aresult...
First Sale Doctrine• Copyright limitation implemented in theCopyright Act of 1976– Copyright owner cannot limit your abili...
First Sale Doctrine• And in walks the DMCA…– Timothy S. Vernor v. Autodesk Inc.– Company liquidated inventory of AutoCAD– ...
Gaming• Video Gaming is big business– 42% of all US homes have a console [6]– Average gamer spends over $700/yr [7]– Howev...
Gaming• Since the beginning there was hacking• Modifications were prohibitively complex– LPT ports, terminal applications–...
Gaming• Modifications are now extremely simple• Solderless solutions with ON/OFFswitches• Drag-n-dropsolutions onMicroSD
Gaming• The Bad:– Piracy– Online cheating• The Good:– Backup / import saved games– Cheat codes– Homebrew / new functionali...
Gaming• Nintendo DS– Simple Slot-1 card with MicroSD reader– Drag-and-drop apps and ROMs– Homebrew:• MP3 / Movie player• W...
Gaming• Nintendo Wii– Solderless Modchip– Hardmod (bad)– Softmod (good)– USB HDD support– Homebrew:• DVD Player• Media Cen...
Gaming• Nintendo Wii– Hardmod• Allows for playing burned games– Softmod• Allows for playing game images• Runs homebrewCurr...
Gaming• Legalities– Console producers heavilydiscourage homebrew apps andmodding– 28 Sep 09 – Wii 4.2 System updateseeks a...
Gaming• Modifying a console to bypass copycontrol protection is a violation of DMCA– Aug 2009 - Matthew Crippen, 27 yr old...
Conclusion• Things are going to get much worsebefore they get better– Corporations / governments are slow toevolve and rel...
Conclusion• Consumers are on the losing side– Suppliers will constantly find new ways toexploit hardware/software– Consume...
Conclusion• Education is the primary answer– Public need better education on copyrightsand legal system, and it needs to s...
Conclusion• Words to watch in the next year:• “Making available”– RIAA’s legal suits were partially based notupon committi...
References1. http://www.wired.com/threatlevel/2009/07/jailbreak/2. http://support.apple.com/kb/HT37433. http://blog.iphone...
The End• Thoughts / Questions / Dull Objects?Twitter: bbaskinEmail: brian@thebaskins.com
Upcoming SlideShare
Loading in …5
×

Casual Cyber Crime

7,597 views

Published on

We're living in an age of devices and applications that push the boundaries of dreams, an age of instant gratification, but also the age of Digital Rights Management and Copyright laws. With questionably illegal modifications becoming simple enough for children to use, where does the line get drawn between squeezing more functionality out of your digital devices and software and breaking felony laws? In this talk attendees will explore the justifications and rationales behind the use of questionable hardware and software modifications and understand the mentality behind why their use is rapidly catching on in the general population.

Published in: Technology
no profile picture user

  • Be the first to comment

  • Be the first to like this

Casual Cyber Crime

  1. 1. 27 Oct 09Casual Cyber CrimeBrian Baskin
  2. 2. Hello!• – Computer Forensic Leader• DoD Cyber Crime Center– Defense Cyber Investigations TrainingAcademy (DCITA) – Deputy Technical Lead• Author / Co-Author of six books• 14 years of network / security / forensics• 20 years of computer hooliganism
  3. 3. Legal v. Illegal• “Unauthorized” vs. “Illegal”– Terms of Service vs. Law– Lines severely blurred since the DMCA– “copyright law now gives content ownersnew powers to silence creators ofunauthorized expression, including fairuse expression”– Julie Cohen, Professor of Law, Georgetown University
  4. 4. Consumers v. Criminals• Consumers are emotional and loyal• Will trust in a vendor until they feelbetrayed– If betrayed enough– and ease of crime is low enough– Consumer  “Criminal”
  5. 5. The Elephant in the Room
  6. 6. Apple iPhone• Unlocking the phone– Modify firmware to allow it to connect tonon-AT&T networks– Currently legal under exemption filedNovember 2006 (expired today, extended)• Jailbreaking (iPhone and iPod Touch)– Allows installation of unauthorized apps– But… won’t somebody please think of thecell towers?![1][2]
  7. 7. Apple iPhone• The Bad– Apple / AT&T lose money if users switch networks– Pirated apps– Apps that conflict with Apple / AT&T business– Device can be used in ways that ruin Apple’sreputation• Obviously, anyone that does this is a bad guy,right?
  8. 8. Apple iPhone• The Good– Unlimited Functionality• SwirlyMMS – text messaging with MMS– Apple/AT&T added MMS 14 months later• Cycorder – Video Recorder• iLocalis – Remote control and locator of iPhone• xGPS – Free GPS reader for Google Maps• NemusSync – Sync Google Calendar• Five icon dock• Read PDF / Word / Excel documents
  9. 9. Apple iPhone• The … curious?– OpenSSH – SSH Server– LigHTTPD – Web Server• With PHP and SQLite capabilities– Veency – VNC Server
  10. 10. Apple iPhoneApple: Think Different (like everyone else)
  11. 11. Apple iPhone
  12. 12. Apple iPhone• So simple, even a skiddie could do it…• 3 Step Process with redsn0w orgreenpois0n[3]– Download software and iPhone firmware– Connect device via USB/FW– Click button to load firmware• Over 4 million iPhones have beenjailbroken[4]
  13. 13. And now for somethingcompletely different
  14. 14. Data on Websites• If it’s on the web is it:– Published?– Public?– Open for access?• Where does the onus of securitymorality lie?– User?– Host?
  15. 15. College Admissions• March 2005, steps posted to “hack” to checkcollege admission results on ApplyYourself• Results were already finalized, just notpublished to student’s page• “Hack”: Append login id to end of query URL[5]• https://app.applyyourself.com/AyApplicantMain/ApplicantDecision.asp?AYID=89CFE0A-424C-4240-Z8D0-9CR5 2623F70&mode=decision&id=1234567
  16. 16. College Admissions• 119 Harvard Business School hopefulsattempted URL change– All were rejected from the school as aresult– Many other schools rejected “hackers”• “a serious breach of trust that cannot becountered by rationalization “– Kim Clark, then Dean at Harvard Business School
  17. 17. First Sale Doctrine• Copyright limitation implemented in theCopyright Act of 1976– Copyright owner cannot limit your ability toresell a product after initial purchase– Challenged by physical vs. digitaldistributions (eBay v. Steam)
  18. 18. First Sale Doctrine• And in walks the DMCA…– Timothy S. Vernor v. Autodesk Inc.– Company liquidated inventory of AutoCAD– Vernor sold software on eBay, had allauctions removed by eBay/Autodesk– Autodesk: EULA prevents resell or transfer,ruled transactions as violations of DMCA– Still awaiting judge’s decision…
  19. 19. Gaming• Video Gaming is big business– 42% of all US homes have a console [6]– Average gamer spends over $700/yr [7]– However, average gamer is also 35,overweight, and depressed…[8]– June 2009: Only 50% of gamers wereunder 18 [9]= more gamers have jobs
  20. 20. Gaming• Since the beginning there was hacking• Modifications were prohibitively complex– LPT ports, terminal applications– ROM patching– Modchip soldering
  21. 21. Gaming• Modifications are now extremely simple• Solderless solutions with ON/OFFswitches• Drag-n-dropsolutions onMicroSD
  22. 22. Gaming• The Bad:– Piracy– Online cheating• The Good:– Backup / import saved games– Cheat codes– Homebrew / new functionality– Bypass region locking
  23. 23. Gaming• Nintendo DS– Simple Slot-1 card with MicroSD reader– Drag-and-drop apps and ROMs– Homebrew:• MP3 / Movie player• Web browser• Organizer• DSLinux
  24. 24. Gaming• Nintendo Wii– Solderless Modchip– Hardmod (bad)– Softmod (good)– USB HDD support– Homebrew:• DVD Player• Media Center• Wii Linux
  25. 25. Gaming• Nintendo Wii– Hardmod• Allows for playing burned games– Softmod• Allows for playing game images• Runs homebrewCurrent Exploits:Twilight Hack[10]Bannerbomb[11]Smash Stack[12]Indiana Pwns[13]
  26. 26. Gaming• Legalities– Console producers heavilydiscourage homebrew apps andmodding– 28 Sep 09 – Wii 4.2 System updateseeks and destroys all homebrewapps• Nintendo code was rushed and bugged,bricking legitimate Wiishttp://modtechs.com/tag/matthew-crippen/
  27. 27. Gaming• Modifying a console to bypass copycontrol protection is a violation of DMCA– Aug 2009 - Matthew Crippen, 27 yr oldcollege student, indicted on two counts ofmodifying consoles for friends– Faces 10 years of federal time [14]– Robert Schoch, ICE special agent "Playingwith games in this way is not a game -- it iscriminal." [15]
  28. 28. Conclusion• Things are going to get much worsebefore they get better– Corporations / governments are slow toevolve and rely heavily on law– The public evolves very quickly and relieson morals– Both rely on self-interest, convenience, andgreed
  29. 29. Conclusion• Consumers are on the losing side– Suppliers will constantly find new ways toexploit hardware/software– Consumers will seek ways to extendcapabilities– Corporations will treat consumers ascriminals until… they really do becomecriminals
  30. 30. Conclusion• Education is the primary answer– Public need better education on copyrightsand legal system, and it needs to start withthe kids– Corporations and government need tounderstand the changing movements oftheir bosses (the public)• “I don’t use understand or use it, but I’m going tocontrol it”
  31. 31. Conclusion• Words to watch in the next year:• “Making available”– RIAA’s legal suits were partially based notupon committing a crime, but makingavailable for the opportunity to commit one– HR 1319 (Informed P2P User Act - Rep.Mary Bono, R-CA)
  32. 32. References1. http://www.wired.com/threatlevel/2009/07/jailbreak/2. http://support.apple.com/kb/HT37433. http://blog.iphone-dev.org/post/126908912/redsn0w-in-june4. http://www.wired.com/gadgetlab/2009/08/cydia-app-store5. http://securitytracker.com/alerts/2005/Mar/1013400.html6. http://www.reuters.com/article/pressRelease/idUS164594+03-Jun-2009+BW200906037. http://corp.ign.com/articles/599/599801p1.html8. http://www.stltoday.com/blogzone/life-tech/video-games/2009/08/study-says-average-video-game-player-is-35-and-depr9. http://worthplaying.com/article/2009/8/11/news/64252/10.http://wiibrew.org/wiki/Twilight_Hack11.http://wiibrew.org/wiki/Bannerbomb12.http://wiibrew.org/wiki/Smash_Stack13.http://wiibrew.org/wiki/Indiana_Pwns14.http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202433360949&HighTech_Tug_of_War_Over_iPhone15.http://www.nbcdfw.com/news/tech/Cal-State-Student-Faces-10-Year-Prison-Term-for-Playing-with-Video-Games-52386872.html
  33. 33. The End• Thoughts / Questions / Dull Objects?Twitter: bbaskinEmail: brian@thebaskins.com

×