SlideShare a Scribd company logo

Hackers Cracker Network Intruder

Download as PPT, PDF
Erdo Deshiant Garnaby
Erdo Deshiant Garnaby

Hackers Cracker Network Intruder

Food
1 of 25
Hackers, Crackers, and Network Intruders
Agenda • Hackers and their vocabulary • Threats and risks • Types of hackers • Gaining access • Intrusion detection and prevention • Legal and ethical issues
Hacker Terms • Hacking - showing computer expertise • Cracking - breaching security on software or systems • Phreaking - cracking telecom networks • Spoofing - faking the originating IP address in a datagram • Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore • Port Scanning - searching for vulnerabilities
Hacking through the ages • 1969 - Unix ‘hacked’ together • 1971 - Cap ‘n Crunch phone exploit discovered • 1988 - Morris Internet worm crashes 6,000 servers • 1994 - $10 million transferred from CitiBank accounts • 1995 - Kevin Mitnick sentenced to 5 years in jail • 2000 - Major websites succumb to DDoS • 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) • 2001 Code Red – exploited bug in MS IIS to penetrate & spread – probes random IPs for systems running IIS – had trigger time for denial-of-service attack – 2nd wave infected 360000 servers in 14 hours • Code Red 2 - had backdoor installed to allow remote control • Nimda -used multiple infection mechanisms email, shares, web client, IIS • 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
The threats • Denial of Service (Yahoo, eBay, CNN, MS) • Defacing, Graffiti, Slander, Reputation • Loss of data (destruction, theft) • Divulging private information (AirMiles, corporate espionage, personal financial) • Loss of financial assets (CitiBank)
CIA.gov defacement example
Web site defacement example
Types of hackers • Professional hackers – Black Hats – the Bad Guys – White Hats – Professional Security Experts • Script kiddies – Mostly kids/students • User tools created by black hats, – To get free stuff – Impress their peers – Not get caught • Underemployed Adult Hackers – Former Script Kiddies • Can’t get employment in the field • Want recognition in hacker community • Big in eastern european countries • Ideological Hackers – hack as a mechanism to promote some political or ideological purpose – Usually coincide with political events
Types of Hackers • Criminal Hackers – Real criminals, are in it for whatever they can get no matter who it hurts • Corporate Spies – Are relatively rare • Disgruntled Employees – Most dangerous to an enterprise as they are “insiders” – Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise
Top intrusion justifications • I’m doing you a favor pointing out your vulnerabilities • I’m making a political statement • Because I can • Because I’m paid to do it
Gaining access • Front door – Password guessing – Password/key stealing • Back doors – Often left by original developers as debug and/or diagnostic tools – Forgot to remove before release • Trojan Horses – Usually hidden inside of software that we download and install from the net (remember nothing is free) – Many install backdoors • Software vulnerability exploitation – Often advertised on the OEMs web site along with security patches – Fertile ground for script kiddies looking for something to do
Back doors & Trojans • e.g. Whack-a-mole / NetBus • Cable modems / DSL very vulnerable • Protect with Virus Scanners, Port Scanners, Personal Firewalls
Software vulnerability exploitation • Buffer overruns • HTML / CGI scripts • Poor design of web applications – Javascript hacks – PHP/ASP/ColdFusion URL hacks • Other holes / bugs in software and services • Tools and scripts used to scan ports for vulnerabilities
Password guessing • Default or null passwords • Password same as user name (use finger) • Password files, trusted servers • Brute force – make sure login attempts audited!
Password/key theft • Dumpster diving – Its amazing what people throw in the trash • Personal information • Passwords • Good doughnuts – Many enterprises now shred all white paper trash • Inside jobs – Disgruntled employees – Terminated employees (about 50% of intrusions resulting in significant loss)
Once inside, the hacker can... • Modify logs – To cover their tracks – To mess with you • Steal files – Sometimes destroy after stealing – A pro would steal and cover their tracks so to be undetected • Modify files – To let you know they were there – To cause mischief • Install back doors – So they can get in again • Attack other systems
Intrusion detection systems (IDS) • A lot of research going on at universities – Doug Somerville- EE Dept, Viktor Skorman – EE Dept • Big money available due to 9/11 and Dept of Homeland Security • Vulnerability scanners – pro-actively identifies risks – User use pattern matching • When pattern deviates from norm should be investigated • Network-based IDS – examine packets for suspicious activity – can integrate with firewall – require one dedicated IDS server per segment
Intrusion detection systems (IDS) • Host-based IDS – monitors logs, events, files, and packets sent to the host – installed on each host on network • Honeypot – decoy server – collects evidence and alerts admin
Intrusion prevention • Patches and upgrades (hardening) • Disabling unnecessary software • Firewalls and Intrusion Detection Systems • ‘Honeypots’ • Recognizing and reacting to port scanning
Risk management Probability Impact Ignore (e.g. delude yourself) Prevent (e.g. firewalls, IDS, patches) Backup Plan (e.g. redundancies) Contain & Control (e.g. port scan)
Legal and ethical questions • ‘Ethical’ hacking? • How to react to mischief or nuisances? • Is scanning for vulnerabilities legal? – Some hackers are trying to use this as a business model • Here are your vulnerabilities, let us help you • Can private property laws be applied on the Internet?
Port scanner example
Computer Crimes • Financial Fraud • Credit Card Theft • Identity Theft • Computer specific crimes – Denial-of-service – Denial of access to information – Viruses Melissa virus cost New Jersey man 20 months in jail • Melissa caused in excess of $80 Million • Intellectual Property Offenses – Information theft – Trafficking in pirated information – Storing pirated information – Compromising information – Destroying information • Content related Offenses – Hate crimes – Harrassment – Cyber-stalking • Child privacy
Federal Statutes • Computer Fraud and Abuse Act of 1984 – Makes it a crime to knowingly access a federal computer • Electronic Communications Privacy Act of 1986 – Updated the Federal Wiretap Act act to include electronically stored data • U.S. Communications Assistance for Law Enforcement Act of 1996 – Ammended the Electronic Communications Act to require all communications carriers to make wiretaps possible • Economic and Protection of Proprietary Information Act of 1996 – Extends definition of privacy to include proprietary economic information , theft would constitute corporate or industrial espionage • Health Insurance Portability and Accountability Act of 1996 – Standards for the electronic transmission of healthcare information • National Information Infrastructure Protection Act of 1996 – Amends Computer Fraud and Abuse Act to provide more protection to computerized information and systems used in foreign and interstate commerce or communications • The Graham-Lynch-Bliley Act of 1999 – Limits instances of when financial institution can disclose nonpublic information of a customer to a third party
Legal Recourse • Average armed robber will get $2500-$7500 and risk being shot or killed; 50-60% will get caught , convicted and spent an average of 5 years of hard time • Average computer criminal will net $50K-$500K with a risk of being fired or going to jail; only 10% are caught, of those only 15% will be turned in to authorities; less than 50% of them will do jail time • Prosecution – Many institutions fail to prosecute for fear of advertising • Many banks absorb the losses fearing that they would lose more if their customers found out and took their business elsewhere – Fix the vulnerability and continue on with business as usual

Recommended

How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .Greater Noida Institute Of Technology
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismVarshil Patel
 
General Aware Ness On Cyber Security & Ethical
General Aware Ness On Cyber Security & EthicalGeneral Aware Ness On Cyber Security & Ethical
General Aware Ness On Cyber Security & Ethicaldiwakar sharma
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 

Recommended

How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .Greater Noida Institute Of Technology
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismVarshil Patel
 
General Aware Ness On Cyber Security & Ethical
General Aware Ness On Cyber Security & EthicalGeneral Aware Ness On Cyber Security & Ethical
General Aware Ness On Cyber Security & Ethicaldiwakar sharma
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
All about Hacking
All about HackingAll about Hacking
All about HackingMadhusudhan G
 
Computer crime hacking
Computer crime hackingComputer crime hacking
Computer crime hackingtangytangling
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingsilambarasansam
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursMotherGuardians
 
Etical hacking
Etical hackingEtical hacking
Etical hackingtalhaabid
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015Andrzej Bartosiewicz
 
ethical hacking
ethical hackingethical hacking
ethical hackingNeelima Bawa
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)rishirvk1995
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensicSANTANU KUMAR DAS
 
DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plGani Amanda Abdulah
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 

More Related Content

What's hot

Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer SecurityVibrant Event
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursMotherGuardians
 
Etical hacking
Etical hackingEtical hacking
Etical hackingtalhaabid
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1abdifatah said
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hackingWaseem Rauf
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Intro to information security
Intro to information securityIntro to information security
Intro to information securityViraj Ekanayake
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 

What's hot (20)

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Trends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yoursTrends in electronic crimes and its impact on businesses like yours
Trends in electronic crimes and its impact on businesses like yours
 
Etical hacking
Etical hackingEtical hacking
Etical hacking
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Basic security concepts_chapter_1
Basic security concepts_chapter_1Basic security concepts_chapter_1
Basic security concepts_chapter_1
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015DNS Cybersecurity in 2012-2015
DNS Cybersecurity in 2012-2015
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 
Fundamental of ethical hacking
Fundamental of ethical hackingFundamental of ethical hacking
Fundamental of ethical hacking
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Intro to information security
Intro to information securityIntro to information security
Intro to information security
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
 
Cyber crime and forensic
Cyber crime and forensicCyber crime and forensic
Cyber crime and forensic
 

Viewers also liked

DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plGani Amanda Abdulah
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011lbcollins18
 
04b storing data - storage devices
04b storing data - storage devices04b storing data - storage devices
04b storing data - storage deviceshorrorland
 
Ch2 presenting the internet.
Ch2 presenting the internet.Ch2 presenting the internet.
Ch2 presenting the internet.cs001
 
Network structure and data sources
Network structure and data sourcesNetwork structure and data sources
Network structure and data sourcesDragan Gasevic
 
Computer organisation
Computer organisationComputer organisation
Computer organisationASHIMA1993
 
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan KomputerPresentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan KomputerBelinda Isamar
 
Interacting with Your Computer
Interacting with Your ComputerInteracting with Your Computer
Interacting with Your ComputerUjjwal 'Shanu'
 
Ch5 storagedevices(updated)
Ch5 storagedevices(updated)Ch5 storagedevices(updated)
Ch5 storagedevices(updated)cs001
 
Input devices [autosaved]
Input devices [autosaved]Input devices [autosaved]
Input devices [autosaved]Zahida Pervaiz
 

Viewers also liked (20)

DDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.plDDoS dengan LOIC, HOIC dan Slowloris.pl
DDoS dengan LOIC, HOIC dan Slowloris.pl
 
Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011Computer security and_privacy_2010-2011
Computer security and_privacy_2010-2011
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
UAS TESTING
UAS TESTINGUAS TESTING
UAS TESTING
 
Chapter 6
Chapter 6Chapter 6
Chapter 6
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Measuring & improving drive performance
Measuring & improving drive performanceMeasuring & improving drive performance
Measuring & improving drive performance
 
Hacker&cracker
Hacker&crackerHacker&cracker
Hacker&cracker
 
04b storing data - storage devices
04b storing data - storage devices04b storing data - storage devices
04b storing data - storage devices
 
Ethical Hacking
Ethical Hacking Ethical Hacking
Ethical Hacking
 
Ch2 presenting the internet.
Ch2 presenting the internet.Ch2 presenting the internet.
Ch2 presenting the internet.
 
Network structure and data sources
Network structure and data sourcesNetwork structure and data sources
Network structure and data sources
 
Computer organisation
Computer organisationComputer organisation
Computer organisation
 
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan KomputerPresentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
Presentasi chap 6 Penipuan dan Teknik Penyalahgunaan Komputer
 
Interacting with Your Computer
Interacting with Your ComputerInteracting with Your Computer
Interacting with Your Computer
 
Ch5 storagedevices(updated)
Ch5 storagedevices(updated)Ch5 storagedevices(updated)
Ch5 storagedevices(updated)
 
Input devices [autosaved]
Input devices [autosaved]Input devices [autosaved]
Input devices [autosaved]
 

Similar to Hackers Cracker Network Intruder

Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 
9. Computer Ethics.ppt
9. Computer Ethics.ppt9. Computer Ethics.ppt
9. Computer Ethics.pptasm071149
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotST_World
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Vibrant Event
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 

Similar to Hackers Cracker Network Intruder (20)

Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
9. Computer Ethics.ppt
9. Computer Ethics.ppt9. Computer Ethics.ppt
9. Computer Ethics.ppt
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Hackers
HackersHackers
Hackers
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Web security
Web securityWeb security
Web security
 
Ethical hacking (legal)
Ethical hacking (legal)Ethical hacking (legal)
Ethical hacking (legal)
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
9 - Security
9 - Security9 - Security
9 - Security
 
Chapter5.ppt
Chapter5.pptChapter5.ppt
Chapter5.ppt
 
Hacking
Hacking Hacking
Hacking
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
Ethical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer SecurityEthical Hacking - Introduction to Computer Security
Ethical Hacking - Introduction to Computer Security
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 

More from Erdo Deshiant Garnaby

Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringErdo Deshiant Garnaby
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesErdo Deshiant Garnaby
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyErdo Deshiant Garnaby
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuErdo Deshiant Garnaby
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityErdo Deshiant Garnaby
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityErdo Deshiant Garnaby
 

More from Erdo Deshiant Garnaby (16)

Computer Security Hacking
Computer Security HackingComputer Security Hacking
Computer Security Hacking
 
Org Design
Org DesignOrg Design
Org Design
 
HOS Talent management presentation
HOS Talent management presentationHOS Talent management presentation
HOS Talent management presentation
 
Talent management
Talent managementTalent management
Talent management
 
Unit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resourcesUnit+nine+ +additional+topics+and+resources
Unit+nine+ +additional+topics+and+resources
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoringUnit+six+ +windows+file+protections+and+monitoring
Unit+six+ +windows+file+protections+and+monitoring
 
microsoft+windows+security
microsoft+windows+securitymicrosoft+windows+security
microsoft+windows+security
 
Unit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machinesUnit+three+ +computer+basics+and+virtual+machines
Unit+three+ +computer+basics+and+virtual+machines
 
Unit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+securityUnit+eight+ +ubuntu+security
Unit+eight+ +ubuntu+security
 
Unit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safetyUnit+two+ +cyber+ethics+and+online+safety
Unit+two+ +cyber+ethics+and+online+safety
 
Unit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntuUnit+seven+ +introduction+to+linux+and+ubuntu
Unit+seven+ +introduction+to+linux+and+ubuntu
 
Unit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurityUnit+four+ +principles+of+cybersecurity
Unit+four+ +principles+of+cybersecurity
 
introduction to cyber patriot and cyber security
introduction to cyber patriot and cyber securityintroduction to cyber patriot and cyber security
introduction to cyber patriot and cyber security
 
Cyber Ethics
Cyber EthicsCyber Ethics
Cyber Ethics
 

Recently uploaded

HIGH PRESSURE PROCESSING ( HPP ) .pptx
HIGH PRESSURE PROCESSING ( HPP ) .pptxHIGH PRESSURE PROCESSING ( HPP ) .pptx
HIGH PRESSURE PROCESSING ( HPP ) .pptxparvin6647
 
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
526350093-Online-Food-Ordering-System-Ppt.pptx
526350093-Online-Food-Ordering-System-Ppt.pptx526350093-Online-Food-Ordering-System-Ppt.pptx
526350093-Online-Food-Ordering-System-Ppt.pptxJaidBagwan2
 
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一Fi sss
 
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...AmitSherawat2
 
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THAT
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THATFUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THAT
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THATBHIKHUKUMAR KUNWARADIYA
 
Estimation of protein quality using various methods
Estimation of protein quality using various methodsEstimation of protein quality using various methods
Estimation of protein quality using various methodsThiviKutty
 
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?t6tjlrih
 
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012rehmti665
 
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭o8wvnojp
 
Prepare And Cook Meat.pptx Quarter II Module
Prepare And Cook Meat.pptx Quarter II ModulePrepare And Cook Meat.pptx Quarter II Module
Prepare And Cook Meat.pptx Quarter II Modulemaricel769799
 
thanksgiving dinner and more information
thanksgiving dinner and more informationthanksgiving dinner and more information
thanksgiving dinner and more informationlialiaskou00
 
Planning your Restaurant's Path to Profitability
Planning your Restaurant's Path to ProfitabilityPlanning your Restaurant's Path to Profitability
Planning your Restaurant's Path to ProfitabilityAggregage
 
Irradiation preservation of food advancements
Irradiation preservation of food advancementsIrradiation preservation of food advancements
Irradiation preservation of food advancementsDeepika Sugumar
 
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...srsj9000
 
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...Suhani Kapoor
 
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceJp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 

Recently uploaded (20)

Call Girls in Hauz Khas⎝⎝9953056974⎝⎝ Delhi NCR
Call Girls in Hauz Khas⎝⎝9953056974⎝⎝ Delhi NCRCall Girls in Hauz Khas⎝⎝9953056974⎝⎝ Delhi NCR
Call Girls in Hauz Khas⎝⎝9953056974⎝⎝ Delhi NCR
 
HIGH PRESSURE PROCESSING ( HPP ) .pptx
HIGH PRESSURE PROCESSING ( HPP ) .pptxHIGH PRESSURE PROCESSING ( HPP ) .pptx
HIGH PRESSURE PROCESSING ( HPP ) .pptx
 
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Ghitorni Delhi 💯Call Us 🔝8264348440🔝
 
526350093-Online-Food-Ordering-System-Ppt.pptx
526350093-Online-Food-Ordering-System-Ppt.pptx526350093-Online-Food-Ordering-System-Ppt.pptx
526350093-Online-Food-Ordering-System-Ppt.pptx
 
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一
(办理学位证)加州大学圣塔芭芭拉分校毕业证成绩单原版一比一
 
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...
2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 Endocrine System.ppt2.6 E...
 
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THAT
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THATFUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THAT
FUTURISTIC FOOD PRODUCTS OFTEN INVOLVE INNOVATIONS THAT
 
Estimation of protein quality using various methods
Estimation of protein quality using various methodsEstimation of protein quality using various methods
Estimation of protein quality using various methods
 
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?
如何办韩国SKKU文凭,成均馆大学毕业证学位证怎么辨别?
 
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012
Call Girls Laxmi Nagar Delhi reach out to us at ☎ 9711199012
 
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭
咨询办理南卡罗来纳大学毕业证成绩单SC毕业文凭
 
Prepare And Cook Meat.pptx Quarter II Module
Prepare And Cook Meat.pptx Quarter II ModulePrepare And Cook Meat.pptx Quarter II Module
Prepare And Cook Meat.pptx Quarter II Module
 
thanksgiving dinner and more information
thanksgiving dinner and more informationthanksgiving dinner and more information
thanksgiving dinner and more information
 
Planning your Restaurant's Path to Profitability
Planning your Restaurant's Path to ProfitabilityPlanning your Restaurant's Path to Profitability
Planning your Restaurant's Path to Profitability
 
Irradiation preservation of food advancements
Irradiation preservation of food advancementsIrradiation preservation of food advancements
Irradiation preservation of food advancements
 
9953330565 Low Rate Call Girls In Sameypur-Bodli Delhi NCR
9953330565 Low Rate Call Girls In Sameypur-Bodli Delhi NCR9953330565 Low Rate Call Girls In Sameypur-Bodli Delhi NCR
9953330565 Low Rate Call Girls In Sameypur-Bodli Delhi NCR
 
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...
Best Connaught Place Call Girls Service WhatsApp -> 9999965857 Available 24x7...
 
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...
VIP Russian Call Girls in Cuttack Deepika 8250192130 Independent Escort Servi...
 
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceJp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Jp Nagar Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
Cut & fry Potato is Not FRENCH FRIES ..
Cut & fry Potato is Not FRENCH FRIES ..Cut & fry Potato is Not FRENCH FRIES ..
Cut & fry Potato is Not FRENCH FRIES ..
 

Hackers Cracker Network Intruder

  • 2. Agenda • Hackers and their vocabulary • Threats and risks • Types of hackers • Gaining access • Intrusion detection and prevention • Legal and ethical issues
  • 3. Hacker Terms • Hacking - showing computer expertise • Cracking - breaching security on software or systems • Phreaking - cracking telecom networks • Spoofing - faking the originating IP address in a datagram • Denial of Service (DoS) - flooding a host with sufficient network traffic so that it can’t respond anymore • Port Scanning - searching for vulnerabilities
  • 4. Hacking through the ages • 1969 - Unix ‘hacked’ together • 1971 - Cap ‘n Crunch phone exploit discovered • 1988 - Morris Internet worm crashes 6,000 servers • 1994 - $10 million transferred from CitiBank accounts • 1995 - Kevin Mitnick sentenced to 5 years in jail • 2000 - Major websites succumb to DDoS • 2000 - 15,700 credit and debit card numbers stolen from Western Union (hacked while web database was undergoing maintenance) • 2001 Code Red – exploited bug in MS IIS to penetrate & spread – probes random IPs for systems running IIS – had trigger time for denial-of-service attack – 2nd wave infected 360000 servers in 14 hours • Code Red 2 - had backdoor installed to allow remote control • Nimda -used multiple infection mechanisms email, shares, web client, IIS • 2002 – Slammer Worm brings web to its knees by attacking MS SQL Server
  • 5. The threats • Denial of Service (Yahoo, eBay, CNN, MS) • Defacing, Graffiti, Slander, Reputation • Loss of data (destruction, theft) • Divulging private information (AirMiles, corporate espionage, personal financial) • Loss of financial assets (CitiBank)
  • 8. Types of hackers • Professional hackers – Black Hats – the Bad Guys – White Hats – Professional Security Experts • Script kiddies – Mostly kids/students • User tools created by black hats, – To get free stuff – Impress their peers – Not get caught • Underemployed Adult Hackers – Former Script Kiddies • Can’t get employment in the field • Want recognition in hacker community • Big in eastern european countries • Ideological Hackers – hack as a mechanism to promote some political or ideological purpose – Usually coincide with political events
  • 9. Types of Hackers • Criminal Hackers – Real criminals, are in it for whatever they can get no matter who it hurts • Corporate Spies – Are relatively rare • Disgruntled Employees – Most dangerous to an enterprise as they are “insiders” – Since many companies subcontract their network services a disgruntled vendor could be very dangerous to the host enterprise
  • 10. Top intrusion justifications • I’m doing you a favor pointing out your vulnerabilities • I’m making a political statement • Because I can • Because I’m paid to do it
  • 11. Gaining access • Front door – Password guessing – Password/key stealing • Back doors – Often left by original developers as debug and/or diagnostic tools – Forgot to remove before release • Trojan Horses – Usually hidden inside of software that we download and install from the net (remember nothing is free) – Many install backdoors • Software vulnerability exploitation – Often advertised on the OEMs web site along with security patches – Fertile ground for script kiddies looking for something to do
  • 12. Back doors & Trojans • e.g. Whack-a-mole / NetBus • Cable modems / DSL very vulnerable • Protect with Virus Scanners, Port Scanners, Personal Firewalls
  • 13. Software vulnerability exploitation • Buffer overruns • HTML / CGI scripts • Poor design of web applications – Javascript hacks – PHP/ASP/ColdFusion URL hacks • Other holes / bugs in software and services • Tools and scripts used to scan ports for vulnerabilities
  • 14. Password guessing • Default or null passwords • Password same as user name (use finger) • Password files, trusted servers • Brute force – make sure login attempts audited!
  • 15. Password/key theft • Dumpster diving – Its amazing what people throw in the trash • Personal information • Passwords • Good doughnuts – Many enterprises now shred all white paper trash • Inside jobs – Disgruntled employees – Terminated employees (about 50% of intrusions resulting in significant loss)
  • 16. Once inside, the hacker can... • Modify logs – To cover their tracks – To mess with you • Steal files – Sometimes destroy after stealing – A pro would steal and cover their tracks so to be undetected • Modify files – To let you know they were there – To cause mischief • Install back doors – So they can get in again • Attack other systems
  • 17. Intrusion detection systems (IDS) • A lot of research going on at universities – Doug Somerville- EE Dept, Viktor Skorman – EE Dept • Big money available due to 9/11 and Dept of Homeland Security • Vulnerability scanners – pro-actively identifies risks – User use pattern matching • When pattern deviates from norm should be investigated • Network-based IDS – examine packets for suspicious activity – can integrate with firewall – require one dedicated IDS server per segment
  • 18. Intrusion detection systems (IDS) • Host-based IDS – monitors logs, events, files, and packets sent to the host – installed on each host on network • Honeypot – decoy server – collects evidence and alerts admin
  • 19. Intrusion prevention • Patches and upgrades (hardening) • Disabling unnecessary software • Firewalls and Intrusion Detection Systems • ‘Honeypots’ • Recognizing and reacting to port scanning
  • 20. Risk management Probability Impact Ignore (e.g. delude yourself) Prevent (e.g. firewalls, IDS, patches) Backup Plan (e.g. redundancies) Contain & Control (e.g. port scan)
  • 21. Legal and ethical questions • ‘Ethical’ hacking? • How to react to mischief or nuisances? • Is scanning for vulnerabilities legal? – Some hackers are trying to use this as a business model • Here are your vulnerabilities, let us help you • Can private property laws be applied on the Internet?
  • 23. Computer Crimes • Financial Fraud • Credit Card Theft • Identity Theft • Computer specific crimes – Denial-of-service – Denial of access to information – Viruses Melissa virus cost New Jersey man 20 months in jail • Melissa caused in excess of $80 Million • Intellectual Property Offenses – Information theft – Trafficking in pirated information – Storing pirated information – Compromising information – Destroying information • Content related Offenses – Hate crimes – Harrassment – Cyber-stalking • Child privacy
  • 24. Federal Statutes • Computer Fraud and Abuse Act of 1984 – Makes it a crime to knowingly access a federal computer • Electronic Communications Privacy Act of 1986 – Updated the Federal Wiretap Act act to include electronically stored data • U.S. Communications Assistance for Law Enforcement Act of 1996 – Ammended the Electronic Communications Act to require all communications carriers to make wiretaps possible • Economic and Protection of Proprietary Information Act of 1996 – Extends definition of privacy to include proprietary economic information , theft would constitute corporate or industrial espionage • Health Insurance Portability and Accountability Act of 1996 – Standards for the electronic transmission of healthcare information • National Information Infrastructure Protection Act of 1996 – Amends Computer Fraud and Abuse Act to provide more protection to computerized information and systems used in foreign and interstate commerce or communications • The Graham-Lynch-Bliley Act of 1999 – Limits instances of when financial institution can disclose nonpublic information of a customer to a third party
  • 25. Legal Recourse • Average armed robber will get $2500-$7500 and risk being shot or killed; 50-60% will get caught , convicted and spent an average of 5 years of hard time • Average computer criminal will net $50K-$500K with a risk of being fired or going to jail; only 10% are caught, of those only 15% will be turned in to authorities; less than 50% of them will do jail time • Prosecution – Many institutions fail to prosecute for fear of advertising • Many banks absorb the losses fearing that they would lose more if their customers found out and took their business elsewhere – Fix the vulnerability and continue on with business as usual