计算机犯罪与职业道德课件

计算机犯罪与职业道德ComputerCrimeIntroductionHackingOnlineScamsFraud,Embezzlement,Sabotage,InformationTheft,andForgeryCrimeFightingVersusPrivacyandCivilLibertiesIntroductionComputersAreToolsComputersassistusinourwork,expandourthinking,andprovideentertainment.ComputersAreUsedtoCommitCrimesPreventing,detecting,andprosecutingcomputercrimeisachallenge.HackingThePhasesofHackingPhaseOne:Theearlyyears1960sand1970s.Originally,hackerreferredtoacreativeprogrammerwroteclevercode.Thefirstoperatingsystemsandcomputergameswerewrittenbyhackers.Thetermhackingwasapositiveterm.Hackerswereusuallyhigh-schoolandcollegestudents.Q:Describeamodern-dayversionof“clever”hacks.HackingThePhasesofHacking(cont’d)PhaseTwo:Hackingtakesonamorenegativemeaning.1970sthrough1990s.Authorsandthemediausedthetermhackertodescribesomeonewhousedcomputers,withoutauthorization,sometimestocommitcrimes.Earlycomputercrimeswerelaunchedagainstbusinessandgovernmentcomputers.Adultcriminalsbeganusingcomputerstocommittheircrimes.Q:DistinguishbetweenthehackingdonebyKevinMitnickandRobertJ.Morris.HackingThePhasesofHackingPhaseThree:TheWebEraBeginninginthemid-1990s.TheincreaseduseoftheInternetforschool,work,businesstransactions,andrecreationmakesitattractivetocriminalswithbasiccomputerskills.Crimesincludethereleaseofmaliciouscode(virusesandworms).Unprotectedcomputerscanbeused,unsuspectingly,toaccomplishnetworkdisruptionorcommitfraud.Q:Whyaredenial-of-serviceattacksdifficulttoprevent?HackingHactivism…istheuseofhackingexpertisetopromoteapoliticalcause.Thiskindofhackingcanrangefrommildtodestructiveactivities.Someconsiderhactivismasmodern-agecivildisobedience.Othersbelievehactivismdeniesotherstheirfreedomofspeechandviolatespropertyrights.Q:Arguethecasethathactivismisethical.HackingTheLawComputerFraudandAbuseAct(CFAA,1986)Itisacrimetoaccess,alter,damage,ordestroyinformationonacomputerwithoutauthorization.Computersprotectedunderthislawinclude:governmentcomputers,financialsystems,medicalsystems,interstatecommerce,andanycomputerontheInternet.Q:Isyourpersonalcomputerprotectedunderthislaw?HackingTheLaw(cont’d)USAPatriotAct(USAPA,2001)AmendstheCFAA.Allowsforrecoveryoflossesduetorespondingtoahackerattack,assessingdamages,andrestoringsystems.Higherpenaltiescanbeleviedagainstanyonehackingintocomputersbelongingtocriminaljusticesystemorthemilitary.Thegovernmentcanmonitoronlineactivitywithoutacourtorder.Q:Areanti-hackinglawsadequate?HackingCatchingHackers…requireslawenforcementtorecognizeandrespondtomyriadhackingattacks.Computerforensicstoolsmayinclude:Undercoveragents,Honeypots(stingoperationsincyberspace),Archivesofonlinemessageboards,Toolsforrecoveringdeletedorcodedinformation.Computerforensicsagenciesandservicesinclude:siteandtelephonelogs,etc..Q:Whatcomputerforensicstoolsoragencieshavebeeninthenewslately?HackingQuestionsAboutPenaltiesIntentShouldhackerswhodidnotintendtododamageorharmbepunisheddifferentlythanthosewithcriminalintentions?AgeShouldunderagehackersreceiveadifferentpenaltythanadulthackers?DamageDoneShouldthepenaltycorrespondtotheactualdamagedoneorthepotentialfordamage?HackingSecuritySecurityweaknessescanbefoundinthecomputersystemsusedby:businesses,government(classifiedandunclassified),andpersonalcomputers.Causesofsecurityweakness:characteristicsoftheInternetandWeb,humannature,inherentcomplexityofcomputersystems.Q:Howsecureisyourcomputerathome?Atwork?HackingSecuritycanbeimprovedby:Ongoingeducationandtrainingtorecognizetherisks.Bettersystemdesign.Useofsecuritytoolsandsystems.Challenging“others”tofindflawsinsystems.Writingandenforcinglawsthatdon’tstymieresearchandadvancement.Q:Doesweaksecurityjustifyintrusion?OnlineScamsAuctionsSellingandbuyinggoodsonlinehasbecomepopular.Problems:sellersdon’tsendthegoods,sellerssendinferiorgoods,priceisdrivenupbyshillbidding,andillegalgoodssold.Solutions:educatecustomers,Fraud,Embezzlement,Sabotage,IdentityTheft,andForgerySomeCausesofFraudCredit-CardStolenreceipts,mailednotices,andcards.Interceptionofonlinetransactionorweake-commercesecurity.Carelesshandlingbycard-owner.ATMStolenaccountnumbersandPINs.Insiderknowledge.AcounterfeitATM.TelecommunicationsStolenlong-distancePINs.Clonedphones.Q:Whatisthelegaldefinitionoffraud?Embezzlement?Sabotage?Theft?Fraud,Embezzlement,Sabotage,IdentityTheft,andForgerySomeDefensesAgainstFraudCredit-CardInstantcredit-cardcheck.Analysisofbuyingpatterns.Analysisofcreditcardapplications(todetectidentitytheft).VerifyuserwithCallerID.ATMRedesignedATMs.Limitedwithdrawal.Telecommunicationsmatchphone“signature”withserialnumber.identifyphonewithoutbroadcastingserialnumber.Q:Identifyabusiness’defenseagainstfraudthatyouhavewitnessed.Fraud,Embezzlement,Sabotage,IdentityTheft,andForgeryForgerySomeCausesPowerfulcomputersanddigitalmanipulationsoftware.High-qualityprinters,copiers,andscanners.SomeDefensesEducateconsumersandemployees.Useanti-counterfeitingtechniquesduringproduction.Usecounterfeitdetectionmethods.Createlegalandproceduralincentivestoimprovesecurity.Q:Howwouldyoueducateyourpeersabouttherisksofdigitalforgery?Aparent?Achild?CrimeFightingvs

PrivacyandCivilLibertiesScamsCrimeFightingAutomatedsurveillancesoftwaretolookforsuspiciousWebactivity.PrivacyandCivilLibertiesNosearchwarrantnorproofofprobablecause.BiometricsCrimeFightingExactmatchofbiologicalcharacteristicstoauniqueperson.PrivacyandCivilLibertiesEasytobuildcompletedossieronpeople.Q:Howmuchofyourprivacyandcivillibertiesareyouwillingtogiveupinordertoallowlawenforcementtobetterfightcomputercrime?CrimeFightingvs

PrivacyandCivilLibertiesSearchandSeizureofComputersCrimeFightingObtainevidenceofacrime.PrivacyandCivilLibertiesDay-to-daybusinessceases;non-criminalcontactwithothersends.TheCybercrimeTreatyCrimeFightingU.S.andEuropeangovernmentsagreetocooperatewithinvestigations.PrivacyandCivilLibertiesPotentialforgovernmentspyingisgreat.Q:MighttherebeincriminatingdatastoredaboutyouinthelogsofyourISP?Currentsituation

ofcybercrimeinChina

ThedevelopmentofInternetAcowwaslostinJan14th2003.Ifyouknowwhereitis,pleasecontactwithme.MyQQnumberis87881405.

QQisoneofthemostpopularIMinChina.NumberofcasesAgeoftheoffendersComputerCrimeVsComputerfacilitatedcrimeMajorcategoriesof

cyberfacilitatedcrimeHackingcase:HOW?

MajorcategoriesofintrusiontechnologyusedbyhackersinthecasesweinvestigatedHackingcase:HOW?ThefollowingintrusionmethodsincreasedrapidlyinrecentyearandbecameoneofthemajorintrusiontechnologyLarge-scaleintrusionbyexploitingvulnerabilityofclientsoftwareLarge-scaleintrusionbydecoyinguserstoinstallmaliciouscodethroughP2P,IM,EmailnetworkCaseexampleAvirusonQQ(amostpopularIM)werecreatedtospreadmalwareinordertocreatanIRCbotnet:60,000hostswereinfected.“Pleasevisit”WHowdidthecriminal(“hackers”)occupythevictimhosts?Thosewhodon’tknowalotabouttechnologymakeprofitbydamagethenetworksecuritydirectly.Thosewhoknowtechnologymakeprofitbysellingtechnology.“Hacking”withoutknowledgeoftechnology

Caseexample:NetbankaccountsstealingCaseoutline:InAugust,amaliciouscodewerewidelydistributedandmorethan300Netbankaccountswerestolen.Thesuspectintrudedintoawebsiteandputmaliciouscodeonthemainwebpage.Whenusersbrowsingthewebsite,themaliciouscodewillbeinstalledautomaticallyontotheuser’shosts.ThemaliciouscodewillstealallkindofNetbankaccountsandpostontoanotherwebsitehackedbythesuspect.However:Thesuspectknownothingabouthackingtechnology.Thesuspectboughtthemaliciouscodeandvictimwebsitestotallyfromotherhackers.Thesuspectonlyworkingstepbystepaccordingtothemanualprovidedbyotherhackers.Hackingcases:WHY?Hackingcases:WHERE?

HowdidtheyconnectedtoInternet?Mobile/Wirelesscrimeincreasedatthesametime.Hackingcases:TARGET?Personalcomputersbecomethemajorpartofvictimincomputercrimeinrecentyear.“Preference”ofhackersSmalldamageLessprofit.(Newbie)SeveredamageLessprofit.(Exploitbuyer)SmallDamageMoreProfit(Experiencedhacker)SeveredamageMoreprofit.(Almostnone)DamagetoInternetSecurityProfitWhydidtheybecomecriminal?Theythink:It’snotacrime,it’sjustagame.AlotofpeopledoitonInternet,soIcandoit.Iknowit’sacrime,butIneedmoney.Icanhidemyselfverywell.Noonewillinvestigateit.WhatwelearnfromthesedataComputercrimeandtraditionalcrimeareinterminglewitheachother.XSSvulnerabilitywithphishingDDOS/IRCbotnetwithextortion…Currentprotectiontechnologyhavenotsuccessfullyprotectagainstfollowingattackyet.SqlinjectionXSSDistributemalwareoverP2P/IMnetworkSocialengineering…WhatwelearnfromthesedataThosewhodon’tknowalotoftechnologycausemostofthedamagetoInternetdirectly.Theirmajoraimistomakeprofitbystealingidentity,Netbankaccount,onlinestockaccount,onlinegameaccountetc.Mostofthemdon’trealizedthatthereactivitycauseseveredamagetoInternetsecurity.WhatwelearnfromthesedataExploit/Maliciouscodesellerisoneofthemostbigthreattocybersecurity.Investigationofexploitandmaliciouscodeshouldbeemphasizedbycyberpolice.Personalcomputerisbecomingthemajortargetofcomputercrime.Antivirussoftwarewillplayamoreimportantroleincyberprotection.Howcananti-virusindustryhelpcyberpolice?Reporttopoliceauthoritybeforepublishingthedetailinformationaboutthemalcode/virusWehaveinvestigatethesourceofseveralvirusthisyear.However,thedetailinformationabouttheviruswerepublishedandthesuspectneveraccesstherelatednetworkresourceanymore.Ifyoureportingtousbeforehand,thesourceofmostidentitystealingma