Computers in society
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Computers in Society PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

Computers in Society. Introduction. Gary Thomas Sr. Computer Fraud Investigator Corp Fraud Investigative Services Wachovia Corp. Topics of Discussion. IC3 Internet White Collar Crime Unit Phishing Denial of Service Attacks Wireless (WI-FI) US Federal Code Title 18.

Download Presentation

Computers in Society

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Computers in society

Computers in Society


Introduction

Introduction

  • Gary Thomas

    Sr. Computer Fraud Investigator

    Corp Fraud Investigative Services

    Wachovia Corp


Topics of discussion

Topics of Discussion

  • IC3 Internet White Collar Crime Unit

  • Phishing

  • Denial of Service Attacks

  • Wireless (WI-FI)

  • US Federal Code Title 18


Internet white collar crime unit

Internet White Collar Crime Unit

  • IC3 Internet White Collar Crime Unit

    Internet Crime Complaint Center http://www.ic3.gov/ 

  • The Internet Fraud Complaint Center (IFCC) was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to address Internet related criminal complaints, research these complaints, develop and refer the criminal complaints to law enforcement agencies for any investigation they deem to be appropriate.

  • The IFCC continues to emphasize serving the broader law enforcement community, which includes Federal, State, and local agencies. 

  • Crime Partnerships

    INFRAGARD

    FBI

    USS

    Local law enforcements


Phishing

Phishing

Phishing attacks use 'spoofed' e-mails and fraudulent websites

designed to Fool recipients into divulging personal financial data

such as credit card numbers, account usernames and passwords,

social security numbers, etc.

By hijacking the trusted brands of well-known banks, online

retailers and credit card companies, phishers are able to convince

up to 5% of recipients to respond to them.


Phishing1

Phishing

  • Example

    Ebay

    People bid on objects. When it becomes apparent they were out bid

    they are approached via email to purchase the object that they bid

    on but cheaper than it was auctioned off for. They make arrangements

    to pay for the object they give up their credit card numbers and other

    personal information. The people pay for the objects, but they never

    receive them. The communications appears to have the Ebay logo and

    formats normally seen on the Ebay site.


Wachovia

Wachovia

Phishing Site Captured !


Denial of service attacks

Denial of Service Attacks

(Distributed Denial of Service Attack DDOS)

A "denial-of-service" attack is characterized by an explicit attempt

by attackers to prevent legitimate users of a service from using

that service. Examples include attempts to "flood" a network,

thereby preventing legitimate network traffic attempts to disrupt

connections between two machines, thereby preventing

access to a service attempts to prevent a particular individual

from accessing a service attempts to disrupt service to a specific

system or person


10 31 2013

DOS & DDOS Attacks

Denial-of-service (DOS) or Distributed Denial-of-service attacks

(DDOS) can essentially disable your computer or your network.

Depending on the nature of your enterprise, this can effectively

disable your organization.

Some denial-of-service attacks can be executed with limited

resources against a large, sophisticated site. This type of attack

is sometimes called an "asymmetric attack." For example, an

attacker with an old PC and a slow modem may be able to

disable much faster and more sophisticated machines or

networks.


10 31 2013

Methods of Attack

Bots – Zombie PC’s

Trojans –DDOS- Smurf attack

This is a DDOS Attack tool, used by a attacker to send

a specified number of data packets to a victim.

A hacker can control both of these attacks remotely.

Virus – Code Red

Exploited MS OS’s used mathematic algorithm to generate IP addresses to attack. NOTE: First variant of Code Red’s Algorithm code was flawed and only specific IP address ranges were exploited. Once the author found out the algorithm was flawed, he/she corrected the code and the code traversed the world in a matter of hours.


Wireless wi fi

Wireless WI-FI

What is war driving ?

Imagine a car equipped with nothing more than a laptop

computer, a portable GPS receiver, and a wireless network card

slowly strolls through your neighborhood !


What is the war driver doing

What is the War-driver doing ?

The computer is looking for what is called an SSID.

An SSID is your wireless network name and it is

being constantly transmitted by your access point

letting computers know of its presence.

Transmitting SSID’s will improve network access

times, but be aware of the trade off !


What can the war driver see

What can the War-driver see ?

WI-FI programs can track several access points

at the same time and are able to:

·Identify the SSID (if being broadcast)

·Monitor the signal strength

·Check to see if the network is encrypted.

·Obtain the IP address

·Obtain the MAC address

·The war-driver will generally configure his or her

software to log any strong unencrypted signals

even using a GPS receiver to record and log the

coordinates of the strong signal.


Steps to protect your wi fi

Steps to Protect your WI-FI !

  • Do not broadcast (turn off) transmitting your SSID

  • If you must use the SSID, change it from the default value.

  • MAC addresses on a Wireless Access Point (issue) –

    Specific types / wireless hardware vendors are assigned

    specific MAC address ranges. Wireless scanning software

    can identify the MAC and thus a experienced war-drive can

    then associate the MAC with a specific hardware device.

    The next thing they will do is to try to exploit the access

    point using known hardware and software exploits.


Steps to protect your wi fi1

Steps to Protect your WI-FI !

  • Configure the WI-FI access point to only accept connection with known MAC addresses. (your computers)

  • Use some type of Firewall and configure at a high level

  • Use Encryption (the highest WEP level available 64 or 128 bit)

  • Turn off File Sharing

    Given enough time, using Brut Force attacks, a hacker may be able to access your wireless network.


Example of war driving

Example of War-driving

  • Lowe’s (public record)

    Correct Configurations setups

    are a must or you ‘will’ loose

    your identity !


Internet

Internet

  • Firewalls (Hardware & Software) importance of using Firewalls

  • View defaults, change the configurations passwords

  • Anonymizers – what they are, and how they work.


Computers and the law

Computers and the Law

  • Is it cool to access another computer without the person

    knowing ?

  • What about Remote Access software ?

  • What about Hacking another PC ?

  • What about stealing another person’s userid and password ?

  • What about Government and Financial institutions ?


Title 18 federal codes

Title 18 Federal Codes


10 31 2013

Title 18 Section 1030

http://assembler.law.cornell.edu/uscode/

Title 18 Section 1030 – DOJ Detail

http://www.usdoj.gov/criminal/cybercrime/1030_anal.html

Identity Theft & Fraud

http://www.usdoj.gov/criminal/fraud/idtheft.html


10 31 2013

Questions ?


  • Login