The document provides an overview of cybercrime challenges in the United States. It discusses the history of cybercrime dating back to the 1960s and outlines some key statistics on cybercrime complaints and losses. It also summarizes the profiles of typical cybercriminals and describes some common cybercrimes that concern the US government and businesses, such as corporate espionage, insider threats, email extraction, and hacking. Finally, it outlines efforts by the US federal and state governments to combat cybercrime through executive action, legislation, and law enforcement agencies.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Legal Research in the Age of Cloud ComputingNeal Axton
This presentation discusses the impact of the mass communication technologies including the Internet and Cloud Computing on the practice of law and legal research. This presentation was given the Advanced Legal Research class at William Mitchell College of Law in St. Paul, Minnesota of August 23, 2013 by Neal R. Axton, JD, MLIS.
Dr. Shawn P. Murray was invited to the National Security Institute in April 2012 to present current topics related to social engineering and the threats they pose to organizations and their sensitive information. This presentation analyzes the principles of social engineering tactics as they relate to technology and security practices. Dr. Murray is a well known Cyber Security professional and has presented at various conferences regarding Cyber Security and Information Assurance topics.
Legal Research in the Age of Cloud ComputingNeal Axton
This presentation discusses the impact of the mass communication technologies including the Internet and Cloud Computing on the practice of law and legal research. This presentation was given the Advanced Legal Research class at William Mitchell College of Law in St. Paul, Minnesota of August 23, 2013 by Neal R. Axton, JD, MLIS.
Globalization has made the use of computer to grow drastically over the years. More people from different parts of the world are coming closer to one another through computers. The World Wide Web has enabled this phenomenon to be possible, but also, it has led to the emergence of cyber crimes. Although law enforcement agencies have come up with security policies, the number of crimes related to computer theft and hacking is still alarming
Lecture presentation to identify sets of principles, standards, or rules that guide the moral action of an individual; illustrate morality and code of conduct; apply the ten commandments of computer ethics; determine some ethical issues in computing; analyze the relevant laws in computing; criticize and argue legal issues of Data Privacy, Cybercrime and Intellectual Property.
NENA 2017 Doxing and Social EngineeringJack Kessler
PSAPs and their personnel are susceptible to cyber-attack techniques like social engineering and doxing, due mainly to the vast amounts of personal data available on the Internet, in addition to the inherently helpful nature of people. This presentation demonstrates how 9-1-1 professionals may be unknowingly broadcasting information that hackers can use to do damage to people and infrastructure and how PSAPs can mitigate these risks.
The FBI–Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected.There is much debate over public access to strong encryption.
With the advent of Social Media and Internet Technology, children have become vulnerable to cybercrimes such as cyberbullying, cyber stalking and childabuse. This presentation is an eyeopener and spreads awareness about the cyber threats prevalent on internet and gives tips on best practices for ensuring cyber safety and educates the children and the parent on how to deal with such problems .This presentation was delivered recently by Cyber law expert, Karnika Seth in Thiruvanthpuram at a National Consultation on Legislative and Executive measures required to safeguard children online.
Slides to facilitate a conversation with school leaders & administrators around emerging issues related to Digital Citizenship. Both to raise awareness of the multifaceted nature of the subject and identify action items for schools moving forward.
The material here is taken from Mike Ribble's "Nine Elements of Digital Citizenship".
http://digitalcitizenship.net
CheckAlt RDC is a revolutionary remote deposit capture system designed to increase
profit and reduce operating capital faster than any financial institution.
Globalization has made the use of computer to grow drastically over the years. More people from different parts of the world are coming closer to one another through computers. The World Wide Web has enabled this phenomenon to be possible, but also, it has led to the emergence of cyber crimes. Although law enforcement agencies have come up with security policies, the number of crimes related to computer theft and hacking is still alarming
Lecture presentation to identify sets of principles, standards, or rules that guide the moral action of an individual; illustrate morality and code of conduct; apply the ten commandments of computer ethics; determine some ethical issues in computing; analyze the relevant laws in computing; criticize and argue legal issues of Data Privacy, Cybercrime and Intellectual Property.
NENA 2017 Doxing and Social EngineeringJack Kessler
PSAPs and their personnel are susceptible to cyber-attack techniques like social engineering and doxing, due mainly to the vast amounts of personal data available on the Internet, in addition to the inherently helpful nature of people. This presentation demonstrates how 9-1-1 professionals may be unknowingly broadcasting information that hackers can use to do damage to people and infrastructure and how PSAPs can mitigate these risks.
The FBI–Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected.There is much debate over public access to strong encryption.
With the advent of Social Media and Internet Technology, children have become vulnerable to cybercrimes such as cyberbullying, cyber stalking and childabuse. This presentation is an eyeopener and spreads awareness about the cyber threats prevalent on internet and gives tips on best practices for ensuring cyber safety and educates the children and the parent on how to deal with such problems .This presentation was delivered recently by Cyber law expert, Karnika Seth in Thiruvanthpuram at a National Consultation on Legislative and Executive measures required to safeguard children online.
Slides to facilitate a conversation with school leaders & administrators around emerging issues related to Digital Citizenship. Both to raise awareness of the multifaceted nature of the subject and identify action items for schools moving forward.
The material here is taken from Mike Ribble's "Nine Elements of Digital Citizenship".
http://digitalcitizenship.net
CheckAlt RDC is a revolutionary remote deposit capture system designed to increase
profit and reduce operating capital faster than any financial institution.
The Six Highest Performing B2B Blog Post FormatsBarry Feldman
If your B2B blogging goals include earning social media shares and backlinks to boost your search rankings, this infographic lists the size best approaches.
Each technological age has been marked by a shift in how the industrial platform enables companies to rethink their business processes and create wealth. In the talk I argue that we are limiting our view of what this next industrial/digital age can offer because of how we read, measure and through that perceive the world (how we cherry pick data). Companies are locked in metrics and quantitative measures, data that can fit into a spreadsheet. And by that they see the digital transformation merely as an efficiency tool to the fossil fuel age. But we need to stretch further…
SS236 Unit 8 Assignment Rubric Content 70 Points Do.docxaryan532920
SS236 Unit 8 Assignment Rubric
Content 70 Points
Does the learner demonstrate an understanding of unit learning
outcomes and course material? The Unit 8 Project includes the
following/answers the following questions:
• Were you surprised by the political ideology to which you
belong? Why or why not?
• What are the origins of that political ideology?
• What are your ideology’s prospects for future political
success? Do you anticipate that the percentage of adults/
registered voters aligned with the same political ideology as
you are likely to increase or decrease in the near future?
• How might this ideological group impact political parties
and elections?
• Support your answer(s) with information obtained from the
text and at least two academic sources.
• Does the paper meet the length requirement?
Style 15 Points
Does the learner express his or her thoughts and present his or her
own views in a reasoned manner? Does the learner include the
following components:
• An introductory paragraph with a thesis statement?
• Clearly written paragraphs with topic sentences, body of
evidence, a conclusion sentence?
• A conclusion paragraph?
Mechanics 15 Points
Does the writing show strong composition skills? Does the leaner
include the following components?
• An APA formatted paper that includes an APA reference
page?
• Are the sentences complete?
• Is the grammar correct?
• Is the spelling and punctuation correct? Is APA used
properly?
• Are there any typos?
Total 100 Points
Classification of Computer Crime
Defining computer crime sufficiently is a daunting and difficult task. Nevertheless there are, generally, four categories of computer crime, including (1) the computer as a target, (2) the computer as an instrument of the crime, (3) the computer as incidental to crime, and (4) crimes associated with the prevalence of computers. Definitions can become rapidly outdated, as new technology has consistently bred new offenses and victimizations.
1 The Computer as a Target
Crimes where the computer itself is the target include the denial of expected service or the alteration of data. In other words, the attack seeks to deny the legitimate user or owner of the system access to his or her data or computer. Network intruders target the server and may cause harm to the network owners or the operation of their business.
Data alteration and denial directly target the computer by attacking the useful information stored or processed by the computer. Altered data may affect business decisions made by the company or may directly impact individuals by altering their records. Furthermore, this activity, in some circumstances, results in the expenditure of great resources to recover the data. Although malicious network intruders may alter critical data, the most common source of such damage is an employee of the affected company. The primary difference between data alteration and network ...
LandscapingA local landscaping company that provides lawn-mowing.docxsmile790243
Landscaping
A local landscaping company that provides lawn-mowing, trimming and general landscape duties wants to get a jump on its competition by determining which houses in a section of town would best respond to marketing materials. A measure of which homeowners to approach would include their income, size of their yard and compare that against historical data on which homes have had landscaping services.
You were able to dig up a random sample of 30 households, given in the file Landscaping.xls. Using Excel, create a scatter plot of Lot Size vs. Income, color coded by the outcome variable Yes/No. Make sure to obtain a well-formatted plot (remove excessive background and gridlines; create legible labels and a legend, etc.). Hint: First sort the data by the outcome variable, and then plot the data for each category as separate series. Create the same plot, this time using Tableau. Compare the two processes of generating the plot in terms of effort as well as the quality of the resulting plots. What are the advantages of each? Explain.
Management Information Systems for The Information Age
Haag, S., & Cummings, M. (2013). Management information systems for the information age .
New York: McGraw-Hill.
MANAGEMENT INFORMATION I
svsTEMs r FOR THE 1N~ORMAT10N AGE
> > Ninth Edition Stephen HAAG I Maeve CUMMINGS
L_ - - -- ____,
-·
EXTENDED LEARNING MODULE H
Define computer crime and list three types of computer crime that can be
perpetrated from inside and three from outside the organization.
Identify the seven types of hackers and explain what motivates each group.
Define digital forensics and describe the two phases of a forensic investigation.
Describe what is meant by anti-forensics and give an example of each
of the three types.
Describe two ways in which businesses use digital forensics .
...
-f 1ntroductio~
Computers play a big part in crime. They're used to commit crime, unfortunately. But
they are also used to solve crimes. This should come as no surprise since computers
are by now such an integral player in every part of our lives. Computers are involved in
two ways in the commission of crime: as targets and as weapons or tools. A computer
or network is a target when someone wants to bring it down or make it malfunction, as
in a denial-of-service attack or a computer virus infection. Crimes that use a computer
as a weapon or tool would include acts such as changing computer records to com-
mit embezzlement, breaking into a computer system to damage information, and steal-
ing information like customer lists. See Figure H.l for examples of computer-related
offenses in which computers are used as weapons/tools and targets of crime.
Some crimes are clearly what we call computer crimes, like Web defacing, denial-of-
service attacks, e-mail scams, and so on. But as is the case in so many parts of our modern
lives, computers are also so integrated into crime that it's hard to separate them ou ...
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
Slides from the 2014 GRC Conference Presented by:
Jeff Spivey, CRISC, CPP
Vice President of Strategy, RiskIQ, Inc.
President, Security Risk Management, Inc
Adair Barton, CPA, CISA
Vice President of Internal Audit
Dycom Industries, Inc.
and
David A. Less, CISA, CISM
CIO & SVP
Sunteck, Inc.
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
Roberto Preatoni & Fabio Ghioni - Corp-vs-Corp. Fabio Ghioni - Esperto in Tecnologie non convenzionali e del rischio, e in strategia
per la difesa nel Cyber Warfare Profiling. Fabio Ghioni, editorialista, Fabio Ghioni saggista, Fabio Ghioni conferenziere, Fabio Ghioni consulente strategico, Fabio Ghioni top manager, è riconosciuto come uno dei maggiori esperti mondiali di sicurezza.
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
● US Critical Infrastructure Sectors as Targets, presented by Charles Brooks, Vice President, Government Relations & Marketing, Sutherland Government Solutions and Chairman of the CompTIA New and Emerging Technologies Committee
Dr. Murray presented current issues with IoT technologies at the Information Systems Security Association (ISSA). The ISSA Colorado Springs Chapter - Cyber Focus Day on Wednesday, March 25, 2015 at the University of Colorado Colorado Springs (UCCS). The theme for CFD 2015 was “Cybercrime”.
Professional Practices PPT Slide on Chapter 5: Crimefrazaslam10
This is a ppt file for the subject "Professional Practices", in which this covers the chapter about crime. This includes hacking, identity theft and fraud, scams and forgery, and laws that rule the web. It shows the different phases of such crimes throughout the history of Internet. It also shows how the practices were starting to form to stop these unlawful activities.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Ii congresso de crimes eletrônicos e formas de proteção – 27 09-2010 – apresentação de fernando pinguelo
1. www.eLLblog.com
info@eLLblog.com
Where law, technology, and human error collide
Fernando M. Pinguelo, Esq.
Norris McLaughlin & Marcus, P.A.
New York | New Jersey | Pennsylvania
fmp@nmmlaw.com
Virtual Crimes – Real Damages
Challenges Posed By Electronic
Crimes In The United States
5. www.eLLblog.com
info@eLLblog.com
A brief history
1967 “number-cropping operation” by a
New York bank employee.
1970s rare and isolated:
MIT student used university computer to
generate tones needed to access phone service.
John Draper discovers whistle in Cap'n Crunch
cereal boxes and reproduces a 2600Hz tone.
6. www.eLLblog.com
info@eLLblog.com
A brief history
1980s computer crimes grow:
Ian “Captain Zap” Murphy - first felon convicted of
computer crime. Murphy hacked AT&T’s
computers and changed billing clock so as to
provide discounted rates during business hours.
U.S. Comprehensive Crime Control Act gives
Secret Service jurisdiction over computer fraud.
War Games introduces public to the phenomenon
of hacking (i.e., war-dialing).
7. www.eLLblog.com
info@eLLblog.com
A brief history
After break-ins into gov’t and corporate
computers, Congress passes Computer Fraud
and Abuse Act, making it a crime. The law does
not cover juveniles.
Computer Emergency Response Team (CERT)
created.
First large-scale computer extortion case is
investigated (under the pretence of a quiz on
the AIDS virus, users download program which
threatens to destroy all their computer data
unless they pay $500 into a foreign account).
8. www.eLLblog.com
info@eLLblog.com
A brief history
1990s
16-year-old student (“Data Stream”) arrested by UK
police for penetrating computers at the Korean
Atomic Research Institute, NASA and several U.S.
government agencies.
CIA Director John Deutsh testifies foreign organized
crime groups behind hacker attacks against U.S.
private sector.
U.S. Communications Decency Act makes it illegal to
transmit indecent/obscene material over Internet.
9. www.eLLblog.com
info@eLLblog.com
A brief history
2000s:
Hackers break into Microsoft's corporate network and
access source code for the latest versions of
Windows and Office software.
Cyberattacks have grown more frequent and
destructive in recent years.
TODAY (Literally): September 27, 2010
“U.S. Wants to Make It Easier to Wiretap Internet”
Federal law enforcement and national security officials are
preparing to seek sweeping new regulations for the Internet.
10. www.eLLblog.com
info@eLLblog.com
Traditional Investigations
• Fingerprints
• Blood
• Fibers
• DNA
• Soil, fluids, debris
• Etc.
Digital Investigations
• Emails
• Documents, spreadsheets, data
bases, images, etc.
• File attributes (i.e., metadata)
• Internet activity
• File transfer and copying
• More…
Forensics
23. www.eLLblog.com
info@eLLblog.com
Malicious Insiders
Proactive:
Watch historical patterns, which may help
catch employee who, for example, regularly
accessed sensitive corporate information
when others within the company did not
Train employees so as to raise staff
awareness about insider threats
Implement effective security policies
24. www.eLLblog.com
info@eLLblog.com
Email Extraction & Spamming
Sending email to thousands of people in
effort to sell a product or for data
collection purposes.
According to the U.S. Attorney’s Office,
nearly every college and university in the
U.S. was impacted by this scheme. Schools
spent significant funds to repair damage
and implement preventive measures.
25. www.eLLblog.com
info@eLLblog.com
Hacking
Hackers break into government or
business networks for profit, for the pure
thrill, or for bragging rights.
While off-site hacking once required
expertise in computer programming,
hackers can now retrieve attack scripts
and protocols from the Internet and use
them against victim websites.
26. www.eLLblog.com
info@eLLblog.com
Hacking
Some of our U.S.’s most popular
websites are vulnerable to hacking.
September 21, 2010 Twitter ravaged
with posts that took advantage of a
programming weakness to play pranks,
distribute pornography, and spread
worms to victim-users.
29. www.eLLblog.com
info@eLLblog.com
U.S. Federal & State Action to
Combat Cybercrime
What are federal & state governments doing
to protect the U.S. from cyber attacks?
Federal: Executive, Legislative & Judicial
Action
State: Most proactive states - VA & FL
32. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
CNCI directive established twelve cyber defense
projects, identifying lead agencies for each.
Department of Homeland Security (DHS) becomes lead
agency to protect U.S. computer-reliant critical
infrastructure.
Report reveals deficiencies in key responsibilities since
2005:
Cyber analysis and warning capabilities, cybersecurity
infrastructure, recovery from internet disruption, secure
internal information systems, organizational inefficiencies.
33. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
President Obama
February 2009 - Orders review of cybersecurity
plans and programs throughout federal
government (May 2009 report &
recommendations)
April 2009 - Creates high-level Federal CIO
Coordinate efforts to combat hackers and
cybercriminals
June 2010 - Proposes National Cyber Identity law
September 2010 - Seeks sweeping new regulations
for the Internet
34. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
2009 Report
Significant weakness and
vulnerability in security controls
23 of the 24 major federal agencies
report problems
Problems include reauthentication of
users, encryption, monitor for
security-related events
35. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
Projects include
Trusted Internet Connections
Einstein 2, Einstein 3
Research & Development Efforts
Cyber Counterintelligence Plan
Security of Classified Networks
Expand Education
Leap-Ahead Technology
Deterrence Strategies and Programs
Global Supply Chain Risk Management, and
Public/Private Partnerships
36. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government –
Executive Branch
Despite these efforts, executive branch fell victim to
successful cyber attack in July 2009, when
coordinated assault over several days targeted
websites of several government agencies, causing
major disruptions.
Much work still to be undertaken, but proactive
measures are being employed and progress
continues to be made.
Recent attacks led to proposed legislation to
empower President to disconnect any federal or U.S.
critical infrastructure info system or network for
national security.
37. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Agencies with Cyber Crime Efforts
Department of Justice and FBI lead
the effort to investigate and prosecute
Secret Service
Immigration & Customs Enforcement
Agency
Postal Inspection Service
Bureau of Alcohol Tobacco &
Firearms
38. www.eLLblog.com
info@eLLblog.com
FBI Mission on Cyber Crime
o The FBI's cyber mission is four-fold:
o Stop those behind the most serious computer
intrusions and the spread of malicious code.
o Identify & thwart online sexual predators who
exploit children & circulate child pornography.
o Counteract operations that target U.S.
intellectual property, endangering national
security and competitiveness.
o Dismantle national and transnational organized
criminal enterprises engaging in Internet fraud.
39. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
February 2010 House of Representatives passed
(pending) the Cybersecurity Enhancement Act of 2010.
Assist federal government efforts in developing skilled
personnel for its cybersecurity team
Organize and prioritize various aspects of government’s
cybersecurity research and development
Improve the shifting of cybersecurity technologies to the
marketplace, and
Strengthen role of the National Institute of Standards &
Technology in developing and implementing cybersecurity
public awareness and education programs to promote best
practices.
40. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
The Senate’s cybersecurity proposed legislation
(March 2010): Cybersecurity Act of 2009
Authorize grants to enhance cybersecurity
through research and workforce development
Impose intergovernmental and private sector
mandates on owner/operator of info systems
designated by president as U.S.-critical
infrastructure
i.e., financial networks, electric providers, petro
industry
U.S.-critical infrastructure “threat alerts”
Expands DHS authority
41. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Cyber Crime Efforts
The Senate’s cybersecurity proposed legislation
(March 2010): Cybersecurity Act of 2009
Problems:
Industry opposition
Upcoming election makes it unlikely that
comprehensive reform will pass this year
Cost approximately $1.4 billion from 2011 to
2015
42. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Legislative Efforts
Computer Fraud and Abuse Act (CFAA):
Fraud and related activity in connection with computers
Internet Fraud:
Unfair or deceptive acts or practices; false advertising
Mail, wire, and bank fraud
Internet Sale of Alcohol or Firearms:
Firearms, Liquor traffic, and Shipments into states for
possession or sale
Online Child Pornography, Child Luring, and
Related Activities:
Sexual exploitation and other abuse of children; Transportation
for illegal sexual activity
CAN-SPAM Act 2003:
Delineates between unlawful spam and legal commercial email;
preempts states
43. www.eLLblog.com
info@eLLblog.com
Software Piracy and Intellectual Property
Theft:
Criminal copyright infringement
Frauds and swindles
Protection of trade secrets
Internet Sale of Prescription Drugs and Controlled Substances :
Unfair or deceptive acts or practices; false advertising
Smuggling goods into the United States
Mail, wire, and bank fraud
Federal Food, Drug, and Cosmetic Act
Drug Abuse Prevention and Control
Commonly Applied Federal
Laws
44. www.eLLblog.com
info@eLLblog.com
U.S. Federal Government
Existing Legislative Efforts
•SOX - Sarbanes Oxley Act
•HIPAA – Health Insurance Portability &
Accountability Act
•FACTA - Fair and Accurate Credit
Transaction Act of 2003
•GLB – Gramm-Leach-Bliley Act
•FCRA – Fair Credit Reporting Act
•RFR - “Red Flags Rule”
•FRCP – Amended Federal Rules of Civil
Procedure “eDiscovery”
•Related Industry Regulations
45. www.eLLblog.com
info@eLLblog.com
State Government –
Legislative Efforts
Play key role in security
Suffer from problems experienced
by federal and private sectors
Budget crisis
Delicate balance between security
and constitutional rights
Faulty & Conflicting laws
46. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Legislative Efforts
Virginia Computer Crimes Act
(“VCCA”)
Takes a multifaceted approach to
cybersecurity that includes:
Virginia anti-spam statute
Virginia Cyber Strike Force works with
the U.S. Attorney’s Office, State Police,
and FBI to fight cybercrime
47. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Legislative Efforts
VCCA criminalizes use of
computer/computer network
with intent to falsify/forge electronic mail
transmission info or other routing info
in any manner in connection with
transmission of spam through or into
computer network of an electronic mail
service provider or its subscribers.
48. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Enforcement Efforts
Virginia Computer Crimes Unit
Formed July 1999
Works in cooperation with the U.S.
Attorney’s Office, State Police, and FBI
Investigates & Prosecutes under VCCA
Illegal spamming
Child pornography: production,
distribution & possession
Online enticement of children
Identity theft
49. www.eLLblog.com
info@eLLblog.com
State Government – Virginia Model
Enforcement Efforts
VCCA penalties
Violation of a portion of the statute is a misdemeanor, but it
may be upgraded to a felony if either
the volume of spam transmitted exceeds a number of
recipients or revenue generated from a specific transmission
of spam exceeds an amount.
Makes it a misdemeanor to knowingly sell, give, or otherwise
distribute or possess with the intent to sell, give, or distribute
software that
primarily designed for purpose of facilitating falsification of
transmission info or other routing info of spam;
has only limited commercially significant purpose or use; or
is marketed in facilitating or enabling the falsification of the
transmission information or other routing information of spam
50. www.eLLblog.com
info@eLLblog.com
Conclusion
Crime is a problem that is impossible to solve.
Statutes and law enforcement measures have been one
step behind the criminals in the cyber realm.
Nevertheless, our government and the nation’s
businesses must take whatever steps possible to
combat cybercrime.
Tools for deterrence: Awareness & Education
Cybercrime is NOT a technology issue, it’s a
business issue