Crime and cyber crime
Download
1 / 18

Crime and Cyber-crime - PowerPoint PPT Presentation


  • 147 Views
  • Uploaded on

Crime and Cyber-crime. Pieter Hartel. Crime. Acts or missions forbidden by law that can be punished […] , against: persons (e.g. rape, assault, murder, suicide) property (e.g. fraud, arson, theft, vandalism) the state (e.g. riot, treason, sabotage, terrorism)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Crime and Cyber-crime' - starbuck


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Crime and cyber crime

Crime and Cyber-crime

Pieter Hartel


Crime
Crime

  • Acts or missions forbidden by law that can be punished […], against:

    • persons (e.g. rape, assault, murder, suicide)

    • property (e.g. fraud, arson, theft, vandalism)

    • the state (e.g. riot, treason, sabotage, terrorism)

    • morality (e.g. gambling, drugs, obscenity)

  • Disorder is broader than crime, e.g.

    • Littering, graffiti, loitering, etc.

[Wil98] J. Q. Wilson and R. J. Herrnstein. Crime & Human Nature: The Definitive Study of the Causes of Crime. Free Press, Jan 1998.

Cyber-crime Science


Example
Example

Cyber-crime Science


Cyber crime
Cyber-crime

  • Crime where computers are used as a tool, target or place:

    • Computer assisted crime

      (e.g. Advance fee fraud)

    • Computer integrity crime

      (e.g. DDoS attack)

    • Computer content crime

      (e.g. Software piracy)

[New09] G. R. Newman. Cybercrime. In M. D. Krohn, et al, editors, Handbook on Crime and Deviance. Springer, Nov 2009. http://dx.doi.org/10.1007/978-1-4419-0245-0_25

Cyber-crime Science


Technology and crime
Technology and crime

  • Which of these are “virtual”?

  • Which of these promote anonymity?

Cyber-crime Science


Cyber space vs meat space
Cyber space vs “meat” space

  • “virtual” but that’s nothing new (why?)

  • More easily automated (why?)

  • Harder to police (why?)

Cyber-crime Science


Some examples
Some examples

Cyber-crime Science


Computer assisted crime
Computer assisted crime

  • Murder

    • 13-year old US girl bullied into suicide in 2006

    • 3-month old Korean child dies from neglect in 2010

  • Extortion

    • Virginia DHP ransom demand 10 M $ in 2009

    • BetCris hacker sentenced to 8 years in 2006

    • (New business http://www.prolexic.com/ )

Cyber-crime Science


Computer integrity crime
Computer integrity crime

  • Distributed denial of service (DDoS)

    • Estonian Cyber war in 2007

    • Operation Payback end 2010 – mid 2011

  • Hacking

    • Comcast hackers sentenced to 18 months in 2008

    • Sarah Palin email hacker sentenced to 1 year in 2010

    • Hundreds of incidents

Cyber-crime Science


Computer content crime
Computer content crime

  • Piracy

    • Pirate Bay four sentenced to 1 year in 2009

    • US Software pirate sentenced to 2 years in 2011

  • Data base theft

    • Sony Play station network hack in 2011 exposed 77M accounts, cost 171M$

    • Sonypictures.com exposed 1M passwords

    • TJX Hacker sentenced to 20 years in 2011

Cyber-crime Science


Differences

Old Crime

Serial

Labour intensive

Local

Geographical place

Cyber-crime

Can be Simultaneous

Can be automated

Global

Effort?

Requires conversion to meat space

Differences

Cyber-crime Science


Similarities
Similarities

  • Most Cyber-crime a variant of old crime

    • False billing vs Phishing

    • Click fraud vs Replying to junk mail with bricks

  • Technology used for new crime before

    • Printing press for counterfeiting

    • Telegraph for books by Charles Dickens

Cyber-crime Science


Cyber crime triangle
Cyber-crime triangle

  • A motivated offender “attacks” a suitable target in the absence of a capable guardian:

    • Attacks via vulnerabilities of the users

    • Attacks via vulnerabilities of the systems

    • Propagating attacks

    • Exploiting attacks

Cyber-crime Science


Attack vulnerable user
Attack vulnerable user

  • Social engineer a user

    • 2001 SPAM with AnnaKournikova.jpg.vbs

    • Phishing (More later)

  • Hacking into server

    • Password cracker like L0phtCrack

    • Intelligence from OSN as in the Palin email hack

Cyber-crime Science


Attack vulnerable system
Attack vulnerable system

  • Exploit known vulnerability and install malware on a client

    • Trojan like Zeus for key logging

    • Physical access via autorun

  • Find & exploit vulnerable system

    • Vulnerability scanner like Acunetix

    • SQL injection

Cyber-crime Science


Propagating attacks
Propagating attacks

  • Change the web site on the server

    • Create a drive by download to infect a client

  • Create a botnet out of infected clients to:

    • Send spam

    • Perpetrate a DDoS attack

    • Evade detection

Cyber-crime Science


Exploiting attacks
Exploiting attacks

  • Carding

    • CC theft (skimming, hacking)

    • trade (forum)

    • cashing (online auctions, counterfeit cards at ATM)

  • Online banking fraud

    • Credential theft (phishing)

    • trade (forum)

    • Cashing (money mules)

  • Cyber crime needs meat space…

Cyber-crime Science


Conclusions
Conclusions

  • Increasing specialisation of offenders

  • Increasing sophistication of the tools

  • Key crime opportunities: social engineering, vulnerable systems, and software issues

  • Motive is now mostly money

  • How to prevent all this?

Cyber-crime Science


ad