1 / 33

Computer Crime Computer and Network Security

Computer Crime Computer and Network Security. Identity Theft. Background History and role of the Social Security Number Debate over a national ID Card REAL ID Act. Background. Identity theft: misuse of another person’s identity to take actions permitted the owner

Download Presentation

Computer Crime Computer and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Crime Computer and Network Security

  2. Identity Theft • Background • History and role of the Social Security Number • Debate over a national ID Card • REAL ID Act

  3. Background • Identity theft: misuse of another person’s identity to take actions permitted the owner • Credit card fraud #1 type of identity theft • Ease of opening accounts contributes to problem • 10 million victims in 2004 alone • Average loss: $5,000

  4. Gaining Access to Information • Mailboxes • Lost or stolen wallets • Dumpster diving • Shoulder surfing • Skimmers (wedges) • Phishing

  5. History, Role of Social Security Number • Social Security cards first issued 1936 • Originally used only for SS purposes • Use of SSN has gradually increased • SSN is a poor identification number • Not unique • Rarely checked • No error-detecting capability

  6. Arguments for a National ID Card • Current ID cards are second-rate • Would reduce illegal entry to U.S. • Would prevent illegal aliens from working • Would reduce crime • Other democratic countries have national ID cards

  7. Arguments against a National ID Card • No card positively guarantees identification • No biometric-based system is 100% accurate • No evidence it will reduce crime • Makes government data mining simpler • Make law-abiding people more vulnerable to fraud and indiscretions

  8. The REAL ID Act • Signed in May 2005 • Significantly changes driver’s licenses in the United States • New licenses • Issued by end of 2008 • Required to open bank account, fly on commercial airplane, or receive government service • Requires applicants to supply 4 different Ids • Will probably contain a biometric identifier • Must contain data in machine-readable form

  9. Possible Consequences of New Licenses • Better identification means better law enforcement • People won’t be able to change identities • Parents ducking child support • Criminals on the run • New, centralized databases could lead to more identity theft

  10. Introduction • Computers getting faster and less expensive • Utility of computers increasing • Email • Web surfing • Shopping • Managing personal information • Increasing use of computers  growing importance of computer security

  11. Viruses, Worms, and Trojan Horses • Viruses • Worms • The Internet worm • Trojan horses • Defensive measures

  12. Viruses (1/2) • Virus: piece of self-replicating code embedded within another program (host) • Viruses associated with program files • Hard disks, floppy disks, CD-ROMS • Email attachments • How viruses spread • Diskettes or CDs • Email • Files downloaded from Internet

  13. Viruses (2/2) • Well-known viruses • Brain • Michelangelo • Melissa • Love Bug • Viruses today • Commercial antivirus software • Few people keep up-to-date

  14. Worms • Worm • Self-contained program • Spreads through a computer network • Exploits security holes in networked computers • Famous worms • WANK • Code Red • Sapphire (Slammer) • Blaster • Sasser

  15. The Internet Worm • Robert Tappan Morris, Jr. • Graduate student at Cornell • Released worm onto Internet from MIT computer • Effect of worm • Spread to 6,000 Unix computers • Infected computers kept crashing or became unresponsive • Took a day for fixes to be published • Impact on Morris • Suspended from Cornell • 3 years’ probation + 400 hours community service • $150,000 in legal fees and fines

  16. Trojan Horses • Trojan horse: program with benign capability that masks a sinister purpose • Remote access Trojan: Trojan horse that gives attack access to victim’s computer • Back Orifice • SubSeven • RAT servers often found within files downloaded from erotica/porn Usenet sites

  17. Defensive Measures • System administrators play key role • Authorization: determining that a user has permission to perform a particular action • Authentication: determining that people are who they claim to be • Firewall: a computer monitoring packets entering and leaving a local area network

  18. Phreaks and Hackers • Hackers • Phone Phreaking • The Cuckoo’s Egg • Legion of Doom • U.S. v. Riggs • Steve Jackson Games • Retrospective • Penalties for Hacking

  19. Hackers (1/2) • Original meaning • Explorer • Risk-taker • Technical virtuoso • Hacker ethic • Hands-on imperative • Free exchange of information • Mistrust of authority • Value skill above all else • Optimistic view of technology

  20. Hackers (2/2) • Meaning of “hacker” changed • Movie WarGames • Teenagers accessing corporate or government computers • Dumpster diving • Social engineering • Malicious acts • Destroying databases • Stealing confidential personal information

  21. Phone Phreaking • Phone phreak: someone who manipulates phone system to make free calls • Most popular methods • Steal long-distance telephone access codes • Guess long-distance telephone access codes • Use a “blue box” to get free access to long-distance lines • Access codes posted on “pirate boards”

  22. The Cuckoo’s Egg • Clifford Stoll: system administrator at Lawrence Berkeley Laboratory • Tracked accounting error, discovered unauthorized user • Hacker was accessing military computers • FBI, CIA, NSA, AFOSI, DIA joined search • Trail led to group of West German hackers

  23. Legion of Doom • Elite group of hackers/phreaks recruited by “Lex Luthor” • LOD member Robert Riggs copied E911 Document from a Bell South Computer • Craig Neidorf published edited E911 Document in his BBS magazine, Phrack

  24. U.S. v. Riggs • Riggs and Neidorf arrested • Charged with wire fraud • Interstate transportation of stolen property valued at $79,449 • Computer fraud • Riggs pleaded guilty to wire fraud; went to federal prison • Neidorf pleaded not guilty • Defense showed similar info being sold for < $25 • Prosecution moved to dismiss charges

  25. Steve Jackson Games • Steve Jackson Games (SJG) published role-playing games and operated BBS • Loyd Blankenship • Key SJG employee • LOD member • Published E911 document on his own BBS • Secret Service raided SJG and seized computers, looking for copy of E911 Document • Led to creation of Electronic Frontier Foundation • EFF backed successful SJG lawsuit of Secret Service

  26. Retrospective • Parallels between hackers and those who download MP3 files • Establishment overvalues intellectual property • Use of technology as a “joy ride” • Breaking certain laws that not that big a deal • Parallels between response of Secret Service and response of RIAA • Cyberspace is real • Those who break the law can be identified • Illegal actions can have severe consequences

  27. Penalties for Hacking • Examples of illegal activities • Accessing without authorization any Internet computer • Transmitting a virus or worm • Trafficking in computer passwords • Intercepting a telephone conversation, email, or any other data transmission • Accessing stored email messages without authorization • Adopting another identity to carry out an illegal activity • Maximum penalty: 20 years in prison + $250,000 fine

  28. Denial-of-Service Attacks • Definition • Attacks that consume scarce resources • Defensive measures • Distributed denial-of-service attacks • SATAN

  29. Definition • Denial-of-service attack: an intentional action designed to prevent legitimate users from making use of a computer service • Goal of attack: disrupt a server’s ability to respond to its clients • About 4,000 Web sites attacked each week • Asymmetrical attack that may prove popular with terrorists

  30. Attacks that Consume Scarce Resources • SYN flood attack • Smurf attack • Fill target computer’s hard disk • Email bombing • Worm • Break-in followed by file copying

  31. Defensive Measures • Physical security of server • Benchmarking • Disk quota systems • Disabling unused network services • Turning off routers’ amplifier network capability

  32. Distributed Denial-of-Service Attacks • Attacker gains access to thousands of computers • Launches simultaneous attack on target servers • Defensive measures • Secure computers to prevent hijackings • Check for forged IP addresses

  33. SATAN • Security Administrator Tool for Analyzing Networks (SATAN) • Allows administrators to test their systems • Could be used to probe other computers • Critics worried SATAN would turn unskilled teenagers into hackers • That never happened

More Related