Internet vulnerabilities criminal activity
Download
1 / 39

Internet Vulnerabilities Criminal Activity - PowerPoint PPT Presentation


  • 271 Views
  • Updated On :

Internet Vulnerabilities & Criminal Activity. Criminology Theories & Cyber Crime 11.1 4/19/10. Classifications of Cyber Crimes. Cyber trespass Crossing boundaries into other people’s property &/or cause damage Hacking, defacement, malware Cyber deceptions & thefts

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Internet Vulnerabilities Criminal Activity' - cricket


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Internet vulnerabilities criminal activity l.jpg

Internet Vulnerabilities & Criminal Activity

Criminology Theories & Cyber Crime

11.1

4/19/10


Classifications of cyber crimes l.jpg
Classifications of Cyber Crimes

  • Cyber trespass

    • Crossing boundaries into other people’s property &/or cause damage

    • Hacking, defacement, malware

  • Cyber deceptions & thefts

    • Stealing money or resources

    • Credit card fraud, IP violations

  • Cyber pornography

    • Breach laws of obscenity

  • Cyber violence

    • Psychological or physical harm to others

    • Hate speech, stalking


Cyber criminals l.jpg
Cyber Criminals

  • Broad range of persons

    • Students, terrorists, amateurs, organized crime groups

  • More likely to have affluent socioeconomic backgrounds

  • Has knowledge of computers & the Internet which enables him/her to commit crime of choice

  • Any technically oriented person has potential to become cyber criminal

  • Cyber criminal has changed since the ‘80’s and 90’s when cyber crime was infiltration by hacking


Fbi s definitions of cyber criminals l.jpg
FBI’s Definitions of Cyber Criminals

  • Crackers

    • Young offenders seeking intellectual stimulation

  • Criminals

    • Adult subgroups

    • Commit fraud, damage systems undertake espionage

  • Vandals

    • Not pursuing intellectual stimulation

    • Motivated by revenge


Typology for cyber criminals l.jpg
Typology for Cyber Criminals

  • White-collar criminals

    • Vengeful criminals

      • Disgruntled employees

    • Patient criminals

      • Desire more than what they have

      • Negative state of mind not immediately obvious

    • Desperate criminals

      • Facing financial crisis

      • Easiest to catch


Typology for cyber criminals cont l.jpg
Typology for Cyber Criminals cont.

  • Hackers

    • Old School Hackers

      • Computer experts

      • Used technology in new, innovative ways

  • Internals

    • Disgruntled or ex-employees

  • Cyber punks

    • Antisocial, socially inept, angst toward the world

    • Direct anger into cyberspace

  • Professional criminals & cyber terrorists

    • Guns for hire

    • Good at espionage, leave no trace

  • Newbies & Script Kiddies

    • Want recognition but lack skills

    • Usually teenagers looking for recoognition


  • Typology for cyber criminals cont7 l.jpg
    Typology for Cyber Criminals cont.

    • Crackers

      • Obtain & use data illegally, IP violators

      • Password crackers

        • Concerned with cryptography & encoding

        • Will use any means to discover passwords

      • Executable program crackers

        • Programs should obey humans

        • Reverse engineer programs so changes can be made

        • Have years of experience programming

        • Can easily discover program weaknesses

      • Hobbyists

        • Cross between above 2 groups

        • Cracks code for knowledge

        • May release cracked code to the public


    Typology for cyber criminals cont8 l.jpg
    Typology for Cyber Criminals cont.

    • Con artists

      • Great actors

      • Motivations

        • Financial stress - need money

        • Power - control over victims, smarter, better than victims

        • Challenge - enjoy what they do, mastered the skill

        • Punish the victim - victim deserves what they get

      • Techniques used

        • Familiarization - flatter victim, gain victims trust

        • Risk free investments - con man will refund all victim’s money if the plan fails

        • Avoiding questions - talk a lot, vague answers, spout useless jargon

        • Pressurizing tactics - once in a lifetime chance, will regret it if not done


    Typology for cyber criminals cont9 l.jpg
    Typology for Cyber Criminals cont.

    • Psycho-criminals

      • Mentally ill - need no external conditions to commit crimes

      • Pedophiles

        • Abnormal sexual attraction to children

        • Larger pool of victims online

      • Cyberstalkers

        • Torment victims at a distance

        • Usually have sexual motivations, power & control

      • Serial Killers

        • Internet used as tool to track down victims

        • Disorganized - low IQ, social outcast, bad at covering tracks

        • Organized - high IQ, Know what he/she wants & how too get away with it. Most dangerous of all cyber criminals.


    Crimes in physical space vs crimes in cyber space l.jpg
    Crimes in Physical Space vs Crimes in Cyber Space

    • Transnational nature and jurisdictional issues

      • Attacks can take place anywhere from anywhere

      • Multiple boundaries may be crossed

    • Physical constraints

      • Do not exist in cyber space

      • Crime can happen in milliseconds

    • Proximity

      • No physical proximity required


    Crimes in physical space vs crimes in cyber space cont l.jpg
    Crimes in Physical Space vs Crimes in Cyber Space cont.

    • Scale & multiple victimization

      • Automated process

      • Multiple simultaneous victims for the same effort

    • Conduct at issue may not be illegal

      • Conduct may not be criminalized in country where it originates

      • Cannot extradite criminal unless law of his/her country is broken


    Crimes in physical space vs crimes in cyber space12 l.jpg
    Crimes in Physical Space vs Crimes in Cyber Space

    • Perfect anonymity

      • Can disguise identity in ways impossible in the physical world

      • Can achieve perfect pseudonymity

    • Velocity

      • Criminal activity can happen very rapidly

      • Slammer took down large part of the Internet in 15 minutes


    Space transition theory l.jpg
    Space Transition Theory

    • Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position.

    • Concern for status in physical space does not transition to cyber space.

    • Behavior repressed in physical space are not in cyber space.


    Space transition theory14 l.jpg
    Space Transition Theory

    2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.

    • Disinhibiting effect allows individuals:

      • Open honesty about personal issues

      • To act out on unpleasant needs

    • Deinidividualization - inner restraints are lost when individuals not seen as individuals

      • Leads to behavior that is

        • Less altruistic

        • More selfish

        • More aggressive


    Space transition theory15 l.jpg
    Space Transition Theory

    2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime.

    • Deterrence factor changes

      • Attacks can be made from a remote location

      • Crime reslts not immediately apparent


    Space transition theory16 l.jpg
    Space Transition Theory

    3) Criminal behavior of offenders in cyberspace is likely to be imported to physical space which, in physical space maybe exported to cyberspace as well.

    • Cyber crime has moved from the single individual acting for fame to professional criminals

      • Huge financial gain with little risk

    • Growth of e-commerce attracts criminals to the net


    Space transition theory17 l.jpg
    Space Transition Theory

    4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape

    • Cyber space is transient

    • Cyber space is dynamic

    • Cyber crimes have do not have spatial - temporal restrictions of traditional crimes


    Space transition theory18 l.jpg
    Space Transition Theory

    5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace.

    • Cyberspace allows for recruitment and dissemination

    • Cyberspace is:

      • Unmoderated

      • Easy to access

    • Cyberspace can pose an insider threat

      • Spy / mole

      • Disgruntled employee


    Space transition theory19 l.jpg
    Space Transition Theory

    6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society.

    • Open society allows individuals to voice opinions & vent feelings.

    • Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacks


    Space transition theory20 l.jpg
    Space Transition Theory

    7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes.

    • Cyberspace is international

    • Societal differences between individuals may lead to cyber crime

    • Conflicts between nations carry over into cyberspace


    Routine activity theory l.jpg
    Routine Activity Theory

    • Routine activities in conventional societies provide opportunities for perpetrator to commit crime

    • Three things must be present for crime to occur:

      • Suitable target is available

      • Motivated offender is present

      • Lack of a suitable guardian to prevent crime from occurring

    • Assessment of situation determines whether or not a crime takes place.


    Routine activity theory22 l.jpg
    Routine Activity Theory

    • A suitable target can be:

      • A person

      • An object

      • A place

    • Target comes to the attention of a person searching for a criminal opportunity

    • Targets behavior may place target in contact with perpetrator

    • No significant deterring mechanism is present


    Routine activity theory23 l.jpg
    Routine Activity Theory

    • Motivated Perpetrator

    • Predatory crime is a method for the perpetrator to secure basic needs of desires

    • Actions of perpetrator are intentional and illegal


    Routine activity theory24 l.jpg
    Routine Activity Theory

    • A capable guardian

      • Police patrol, Security guards

      • Neighbors, neighborhood watch, dogs

      • Locks, fences, CCTV systems

      • Passwords, tokens, biometric measures

    • Guardians can be formal or informal

    • Guardians can be human or machine

    • Guardians MUST be capable of acting as a deterrent


    Opportunity theory l.jpg
    Opportunity Theory

    • Opportunity to commit a crime is a root cause of crime

    • No crime can occur without the physical opportunity

    • Opportunity plays a role in all crimes, not just those involving physical property

    • Reducing opportunity reduces crime


    Displacement theory l.jpg
    Displacement Theory

    • Reductions in opportunity will not reduce crime because crime will be displaced to another location

    • Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in

    • Research on displacement theory has shown crime is not always displaced


    Routine activity theory the internet l.jpg
    Routine Activity Theory & the Internet

    • Opportunity to commit crime is multiplied

    • Target and perpetrator are much more likely to come in contact with each other

    • Victim has to keep returning to scene of the crime

    • Deterrence comes shifting either events or circumstances

      • Neither are easily altered


    Routine activity theory the internet28 l.jpg
    Routine Activity Theory & the Internet

    • Cybercrime has more to do with the effectiveness of indirect guardianship

    • Internet is open & unmoderated

    • Mechanisms of the Internet designed to transfer data, not to examine the data

    • Internet guardianships are all mechanical

      • Reactive, respond to some action - IDS

      • Cannot respond to new, previously untried activity


    Hacker neutralization techniques l.jpg
    Hacker Neutralization Techniques

    • Allows for temporary neutralization of values, beliefs, and attitudes so illegal behaviors can be performed.

    • Justification of an act requires the need to assert its positive values

    • Used by different types of deviants


    Hacker neutralization techniques30 l.jpg
    Hacker Neutralization Techniques

    • Denial of Injury

      • No harm or insignificant harm done to victim

      • No physical information stolen, information in an electronic form

      • Belief that downloading is copying not stealing

      • As long as no one knows their information is being perused, no harm is done


    Hacker neutralization techniques31 l.jpg
    Hacker Neutralization Techniques

    • Denial of Victim

      • Victim is deserving of punishment

      • Four categories of victims

        • Close enemies who have harmed offender directly

        • People who do not conform to normative social roles

        • Groups with tribal stigmas

        • Remote enemies who hold positions perceived as questionable or corrupt

      • Offender may assume role of “avenger” or “crusader for justice”

      • May justify actions as revenge


    Hacker neutralization techniques32 l.jpg
    Hacker Neutralization Techniques

    • Condemnation of the Condemners

      • Divert attention from offenders actions to the motives and behaviors of those condemning offender’s actions

      • Mistrust of authority

      • Promote decentralization

      • Price charged by software companies too high and unfair

      • Victim failed to protect their computer system


    Hacker neutralization techniques33 l.jpg
    Hacker Neutralization Techniques

    • Appeal to higher loyalties

      • Offender doesn’t deny damage, act was done to protect higher loyalties

        • Loyalty to group

        • Responsibility to family or spouse

        • Employer (Corporate crimes)

      • Claim actions were done to acquire knowledge


    Hacker neutralization techniques34 l.jpg
    Hacker Neutralization Techniques

    • Self-fulfillment

      • Illegal activity done for

        • Fun

        • Excitement or thrill

        • Computer virtuosity

      • Offender achieves feelings of superiority & control

      • Voyeurism

      • Demonstration of ability


    Hacker neutralization techniques35 l.jpg
    Hacker Neutralization Techniques

    • Hackers do not use all neutralization techniques

      • Denial of responsibility

      • Sad story

      • Both external forms of neutralization

      • Only use techniques based on internal neutralization

      • Hackers take pride in what they do

      • Hackers feel in shame or guilt


    Computer hackers social organization l.jpg
    Computer Hackers & Social Organization

    • Mutual Association

      • Clear interpersonal relationship

      • No strong or deep interpersonal relationships on or off line

      • Social connections relatively shallow

      • Multiple identities and multiple forum use may limit ability to form interpersonal connections

      • Utilize social networks to exchange knowledge and information


    Computer hackers social organization37 l.jpg
    Computer Hackers & Social Organization

    • Mutual Participation

      • Groups are stratified rather than centrally controlled

      • Participation in groups did not lead to group attacks

      • Many do not want an group affiliation


    Computer hackers social organization38 l.jpg
    Computer Hackers & Social Organization

    • Division of labor

      • Some specialization in group forums does exist

      • Stratification & division of labor

        • Small group of moderators

        • Larger group of users exchanging knowledge & information

      • Loose set of rules

        • Give respect, get respect

        • No flaming

      • Large population of users enforcing the rules


    Computer hackers social organization39 l.jpg
    Computer Hackers & Social Organization

    • Extended duration

      • No group with extended history

      • Relationships appear transitory

      • Relationships within forums weak & short-lived


    ad