Ransomware involves the kidnapping of an organization’s electronically stored assets. They are sealed with encryption devices that prevent the owner from accessing the data or assets. When the owner pays the ransom through remote financial channels the kidnappers release the assets to the owner by providing him with the encryption information. If your business or organization was victimized with a ransomware attack what would you do? Provide at least one reason why you would pay and one reason why you wouldn’t give in to the kidnapper’s demands. Cite case examples to support one or both sides.
1
CYBER CRIME
Chapter 4
Objectives
· Explore the current state of Internet crimes
· Discuss emerging trends in Web-based crime
· Describe the six classifications of motive for computer intruders
· Become familiar with more computer terms and recent laws that aid the government in cracking down on computer criminals
· Gain knowledge of modern terrorists and their use of technology which is changing the face of terrorism
Details
I.Web-Based Criminal Activity: Introduction
· Originally “computer crime” referred to theft of computers or components
· Cyberage changed the focus to “theft of information”
· Combination of the computer and telecommunications has increased crime in cyberspace
· The Anonymity factor has expanded the number of offenders
· Internet gambling promoted by the Web increased across the country
· People who would never walk into an Adult book store view porn at home
· Individuals who would be afraid to commit a violent bank robbery would alter bank records or manipulate stock records
· People who were reluctant to take revenge through traditional avenues may feel comfortable posting embarrassing or compromising information on the Web
· Hackers have become a significant threat to achieve publicity
· Hacker group named “ Global Hell” suspected of hacking into Army, FBI and WH
· Impact of computer crime
· Financial losses
· Personal security (Identity theft)
· Industrial espionage
· International security
· Public safety
·
Eco-terrorism
· Traditional competition among companies may have escalated to malicious destruction of data or theft by physical means
· The internet introduced interconnectivity of technical devices within corporations which increased the vulnerability of companies’ information assets
· Impact of a physical mail bomb (explosive device) was limited to the immediate physical area surrounding the packaging
· Impact of an e-mail bomb is potentially very broad and may include a dismantling of the company’s informational infrastructure
·
Viruses
· ( 1960’s) first computer virus named, “the rabbit’: reduced productivity of computer systems by cloning themselves and occupying system resources
· Rabbits were local and could not spread across systems
· Caused by mistakes or pranks by system programmers
· Four Distinct Eras of Computer Viruses
· Classical Era (1960’s-1970’s); system anomalies; accidents; pranks by system administrators
· Floppy Era (1980’s-1990’s); infection of DOS machines spread by removable media; easy to detect, isolate and eliminate
· Macro Era (1990’s-2000’s); infect documents and templates, not
programs; virus infects system when user opens the corrupted document
(Microsoft-Macintosh); further spread by e-mails, networks and the
Internet
· Melissa Virus (1999); infected 20% of US largest businesses; created by David Smith, advertised to contain password to Adult Web sites; propagated itself by sending virus to victim’s computer address files;
Sentenced to 20 months in federal prison and $5,000 fine
· Internet Era ( 2000-present); used infected systems address book to spread infections
· CodeRed: scanned internet for vulnerable machines, then infected them
· Nimda: infected computers with corrupt e-mails that entered computer if user viewed MS Outlook through a preview window
·
Denial of Service (DoS) Attacks
· Primary objective is to disable a system, not access
· Mail bombing: jam system server with voluminous e-mails
· Manipulation of phone switches
· Low level data transmission
· Directed at Amazon, eBay and Yahoo
·
Distributed Denial of Service (DDoS) Attacks
· (1991); first DDoS attacks; use large batches of compromised computers, named Zombies or bots, to increase their impact on victims
· Most owners of Zombie computers were unaware that they were compromised
· Motivations range from boredom to theft to extortion
· Hacktivists have launched DDoS attacks against religious and financial organizations
· (2006) Organized crime family was threatened with DDoS attack of the org’s
online gaming site. The org paid protection money (extortion)
·
Spam: Abuse of electronic messaging systems to randomly or indiscriminately send unsolicited bulk messages
· Traditionally used by businesses to advertise
· Also used by porn sites
· Recent study disclosed significant loss of productivity by businesses caused by workers deleting spam from their computers at work; $22 billion
· Attacks increasing: spread viruses; malware, DDoS, identity theft, promote political extremism
· (2006) Can Spam Act used to convict Daniel Lin; three years, federal prison; $10,000 fine
· Distributed millions of e-mail messages with fraudulent header information through a variety of zombie computers advertising health care products
· Ransomeware
· Used most often to extort money from victims
· Malware program which encrypts or disables computer system until demands are met (extortion)
· Originally surfaced in 1989 then went low key until 2005
· Greatest risk to cyber criminal is being identified when money is transferred
· Create e-shell companies to accept ransom money
· Use legitimate online merchant to receive money from victim for commission based referral service
II. Theft of Information, Data Manipulation and Web Encroachment
· Two methods of obtaining confidential information- computer system intrusion & employees
· Employees are the most vulnerable component
· Criminals use deceptive practices through social engineering to gain access to company computers or telephone systems
· Criminals disguise themselves as vendors for security system or IT department
· Employees fail to protect their passwords due to laziness and lack of security awareness
· Criminals use shoulder surfing as a method to gain confidential information: watching over someone’s shoulder as they log on or input data into their computer
· Employees discard confidential information in common garbage receptacles instead of designated Confidential Bins or paper shredders
· Business and government entities do not set employee training as a high priority
· Trade Secrets and Copyrights
· Some criminals sell proprietary information to industry competitors for personal gain or national patriotism
· Gillette corporation employee was caught using company equipment to solicit bids for the design specs for Gillette’s Mach-3 razor
· French government ( Intelligence Service) used eavesdropping devices on French planes to obtain confidential information from an American company that was competing against a French company for business contracts
· Political Espionage
· Advanced technology has also increased the threats to the nation’s public infrastructure from communications to banking
· Theft of information is a significant threat
· Government entities have been criticized for not investing enough money to protect secrets technologically stored or created
· Recent audit of laptop computers for US State Department:
· did not have an accurate accounting for classified and unclassified laptop computers in bureaus covered in the audit
· 27 laptops were missing
· 35 were not available for inspection
· 57 had been disposed
· 215 laptops were inspected for encryption protection: 172 failed
· FBI estimates at least 120 foreign governments actively pursuing information in the US
· Traditional methods of stealing CPU’s, employee laptops and other devices are very common
· Employees failed to adequately safeguard the laptops in many cases
III. Cyberterrorism
:
· politically or religiously motivated attack against data compilations, computer programs, and/or information systems
· intended to disrupt and/or deny service or acquire information
· which disrupts the social, physical, or political infrastructure of a target
· Computers may be the target or be incidental to the activity i.e. the means of retrieving the information
· Attacks may be in the form of hackng, DDoS, viruses, worms
· Centers of Disease Control (CDC)
· Altering small portion of a formula for a vaccination
· Changing labeling instructions for biological contaminants
· Systematically removing years of priceless research or patients records
· Introduction of viruses or worms could wreak havoc on public health
· A virus destroyed over 40% of patient’s records in one US hospital
· Terrorist Organization Propaganda Dissemination
· International (Nation of Islam) and domestic (White Aryan Resistance) use virtual platforms to spread their messages
· Solicit funds and recruit new members
· Communicate with each other via e-mails using strong encryption protections
· Ramzi Yousef (WTC bombing conspirator had bombing plans in encrypted files on his laptop computer)
· Launching of DDoS and defacement of Web sites of foreign governments
· Chinese hackivists threatened to launch DoS attacks against American financial institutions and government sites following the crash of a US spy plane and Chinese fighter plane
· Neotraditional Crime
· Dissemination of Contraband
· Child Pornography: Many pedophiles and child porn peddlers meet on the electronic bulletin boards and chat rooms
· They are protected under the First Amendment because they have the same “common carrier” status as the telephone company and post office
· Example: NAMBLA (North American Man Boy Love Association) has a Web-site
· Motivations for child pornography possession
· Pedophilia or hebephilia: satisfies sexual fantasies or provide gratification for those individuals who are sexually interested in prepubescent children or adolescents
· Sexual miscreants: satisfies a new and different sexual stimuli
· Curiosity seekers: possession satisfies a peculiar curiosity
· Criminal opportunists: possession and subsequent distribution is designed for economic profit
· Profile of Offenders ( Office of Juvenile Justice and Delinquency Prevention & National Center for Missing and Exploited Children)
· White males older than 25
· Majority (83%) had images of prepubescent children engaging in sex
· More than 20% depicted sexual violence toward the children
· 40% arrested for child porn were considered “dual offenders” (also sexually victimized children)
· 15% attempted to sexually victimize children by soliciting undercover police who posed online as minors
· Most of the child porn cases (60 %) originated from local and state agencies; balance by federal and international authorities
· Above statistics are based upon arrest records only so extent of online victimization of children via the Internet is difficult to determine
· On Line Victim Profile
· Children who express frustration with parental controls or appear naïve or vulnerable
· Children are confused about their sexuality
· Children who express feelings of being outsiders from their peer groups
· Children who enjoy unsupervised computer communications
· Many children actively seek association with adult suitors but many are lured into fictional relationships that encourage dangerous liaisons
· Online Pharmacies
· Convenient in terms of shopping and ordering
· Many operate illegally w/o licenses or dispense medicines in states where they are not licensed
· Some don’t require a valid prescription
· Some dispense medicine on demand w/o prescription
· “ Operation Cyber Chase” 2005
· Illegal online pharmaceutical sales operation based in India
· Supplied drugs for 200 Web sites
· Sold $20 million worth of controlled substances w/o prescriptions global customers
· FBI and DEA arrested individuals from India, Canada and US
· Seized $7 million from banks and 7 million doses of drugs
· Online Gambling
· First online gambling casino launched (Internet Casinos, Inc.)
· Revenues for 2005 were $10 billion; projected to increase to $180 billion by 2015
· Significant support from politicians, labor unions and community groups
· Lack of physicality makes online casinos accessible to any user with a computer, Iphone or IPAD
· Continuous operation makes them accessible 24/7
· Accessibility to minors increase the consumer base as proper age verification is not attempted
· Increase in e-banking allows users to access funds w/o leaving their chair; psychological intangibility of e-cash encourages customers to overspend
· Risks to individuals and communities
· Addiction
· Bankruptcy
· Crime
· Fail to create jobs or other revenue
· Threatening and Harassing Communications
· Stalking: willful, malicious, and repeated following and/or harassing another person in an effort to inflict or cause fear of actual harm through words or deeds
· Offender profile: White males(18-35)
· Victim profile: Females or Children
· Categories of Motivation
· Obsessional Stalkers: re-establish relationship with unwilling partner and are considered to be the most dangerous
· Love Obsession Stalker: individuals have low self-esteem and target victim they hold in high regard
· Erotomaniacs: stalkers are delusional and believe victims are in love with them or had a previous relationship with them
· Vengeance or Terrorist Stalker: economic gain or revenge
· Cyberstalking: same definition as stalking but done by electronic means
· Activities may be threatening or may result in injury
· Sending barrage of threatening e-mails
· Cyberharassment
· Activities are threatening, harassing or injurious on their face
· Focuses on actual harm suffered including defacement of character
· Posting fictitious or slanderous information in a public forum
· Courts have been reluctant to establish electronic boundaries of the First Amendment and have narrowly interpreted cyberstalking and cyberharassment legislation
· Cyberbullying: Aggressive, intentional act carried out by a group or individual, using electronic forms of contact, repeatedly and over time against a victim who cannot easily defend themselves
· May be committed using e-mails, social networking sites, Web pages, blogs, chat rooms, or instant messaging
· Case example: 10/17/2006, Megan Meier, 13, committed suicide after receiving hateful e-mails and IM’s from an adult female (mother of former friend and classmate of Megan) posing as a teen-age boy. Suspect was indicted on several charges and found guilty on one misdemeanor violation of the “Computer Fraud and Abuse Act”, subsequently overturned
· Online Fraud: fraud is the intentional deception, misrepresentation, or falsehood made with the intention of receiving unwarranted compensation or gratification
· Internet has provided cybercriminals anonymity and accessibility to the global community of citizens and businesses
· Auction Fraud: common fraudulent activity on the Internet: 4 types
· Nondelivery: accepts payment for item, fails to deliver
· Misrepresentation: deceives bidder on condition of item
· Fee-stacking: adds hidden charges to the advertised price of an item (ship-handling)
· Shill bidding: seller drives up price of their own item by making bids on their own items
· Case Example: page 10
· Online Credit Card Fraud
· Skimming: fraudsters install devices on card readers located in ATM’s, gas pumps, restaurants wherever magnetic strip credit card readers are employed. The information is transferred to another card for downloading
· Radio Frequency Identification (RFID): fraudsters use them to copy credit card information as they walk past individuals in street, subways, malls, concerts, etc.
· Information gleaned from the above techniques may be sold on carding sites where other criminals can purchase credit card dumps
· Securities Fraud
· Manipulating stock prices by posting false information on fraudulent Web sites and legitimate Web sites
· Page 104-105 for cases
· Insider Trading
· Individuals using chat rooms to provide others with material non-public information on companies
· Note case on page 105
· e-Fencing: sale of stolen goods through tech means
· organized retail theft rings post stolen goods on online auction sites
· Fraudulent Instruments: Counterfeiting & Forgery
· Counterfeiting: act of creating a fraudulent document with criminal intent
· Forgery: act of falsifying a document with criminal intent
· Made easier with high-level graphics software and hardware advances
· Create fraudulent payroll checks and generate forged signatures for authentication
· Ancillary Crimes
· Money Laundering: enterprise or practice of engaging in deliberate financial transactions to conceal the identity, source, and/or destination of income.
· Three stages
· Placement: initial point of entry for illicit funds (open account)
· Layering: develop complex network of transactions to obscure source of illegal funds
· Integration: return funds to legitimate economy
Computer Forensics and Cyber Crime
CHAPTER
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Contemporary Computer Crime
4
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Learning Objectives
Explore the current state of Internet crimes in the United States and abroad.
Identify emerging trends in web-based crime.
Develop a working knowledge of the six classifications of motive for modern computer intruders.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Learning Objectives
Become familiar with more computer terms and recent laws that aid the government in cracking down on computer criminals.
Gain knowledge of modern terrorists and their use of technology which is changing the face of terrorism completely.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Web-Based Criminal Activity
Computer crime can involve more than Internet-based activities:
Financial losses
Threats to personal security (i.e., identity theft)
Industrial espionage
Threats to international security
Threats to public safety
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Web-Based Criminal Activity
Online crime, however, can include:
Interference with lawful use of computers, such as eco-terrorism, DOS attacks, use of malware (e.g., viruses, worms) malware, cybervandalism, cyberterrorism, spam, etc.
Theft of information and copyright infringement, such as industrial espionage, ID theft, and ID fraud.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Web-Based Criminal Activity
Dissemination of contraband or offensive materials, such as pornography, child pornography, online gaming, and treasonous or racist material
Threatening communications, such as extortion, cyberstalking, cyberharassment, and cyberbullying
Fraud, such as auction fraud, credit card fraud, theft of services, and stock manipulation
Ancillary crimes, such as money laundering and conspiracy
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Malware: Viruses
Viruses, their design, and dissemination, have gone through different phases:
Classical Era (1960s–1970s): Involved pranks or were accidentally distributed
Floppy Era (1980s–1990s): Targeted DOS machines; primarily distributed via floppy disks
Macro Era (1990s–2000s): Infected documents and templates, rather than programs
Internet Era (2000–present): More sophisticated, seeking out vulnerable systems
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Malware: Worms, DoS, and Botnets
Worms seem primarily used to set up a large-scale DoS attack.
DoS (Denial of Service) and DDOS (Distributed Denial of Service) Attacks
Attempt to overwhelm servers, such as through mail-bombing.
Botnets and Zombie Armies
Using zombies, compromised computers linked to Internet as an army (or botnet), for theft, extortion, or DDOS attack, for example.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Malware: Spam
Spam
Abuse of electronic messaging systems, taking up resources, across multiple platforms
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Malware: Ransomware
Ransomware and the Kidnapping of Information
Malware program that makes digital resources inoperable or inaccessible in extortive scheme
Critical factors can include level of user’s education (less educated, more vulnerable), sophistication of product (not amenable to common software remedies)
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Malware: Ransomware
Examples include the PC Cyborg/Aids information Trojan, distributed through ordinary mail via a floppy, so that once installed, victims had to pay $378 to regain access to all directories and to unencrypt files.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Theft of Information, Data Manipulation, and Web Encroachment
Traditional methods of proprietary information theft can occur due to:
Insiders, on the job or through maintenance back doors
Social engineering, including shoulder surfing and dumpster diving
Theft of equipment
Malware
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Theft of Information, Data Manipulation, and Web Encroachment
Trade Secrets and Copyrights – Concerns:
These forms of intellectual property have value independent of whatever owner produces, such as a razor company designing a new shaving system.
Theft can come from disgruntled employees, competitors, and government entities.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Theft of Information, Data Manipulation, and Web Encroachment
Political Espionage – Seriousness:
FBI estimates that over 120 foreign governments have intelligence operations targeting the U.S.
For example, Israeli intelligence secretly monitored Presidential communications.
SEARCH (2000). The Investigation of Computer Crime. The National Consortium for Justice Information and Statistics: Sacramento, CA.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Cyberterrorism
Adeliberate, politically or religiously motivated attack against data compilations, computer programs, and/or information systems which is intended to disrupt and/or deny service or acquire information which disrupts the social, physical, or political infrastructure of a target.
Typical array of methods, like viruses and worms, against U.S. government
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Dissemination of Contraband or Offensive Materials
Child Pornography
Difficult to define, but generally refers to any visual depiction of a lascivious exhibition of the genitals or pubic area or sexually explicit conduct of a minor
Difficult to prosecute, as this raises First Amendment issues about freedom of speech
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Child Pornography
Illegal in all states, prohibited by Federal law
Primary reason for possession is pedophilia or hebephilia, to satisfy sexual fantasies about prepubescent children
Sexual miscreants: to satisfy a desire for new and different sexual stimuli
Curiosity-seekers: to satisfy a peculiar curiosity
Criminal opportunists: to profit from its distribution
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Child Enticement/Exploitation
As a way to generate child pornography and to molest children, online predators use chat rooms to identify victims, especially confused or ostracized kids.
Law enforcement has had great success with sting operations or “honeypots” by using the same strategy as predators, of pretending to be a child and arranging for a meeting.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Online Pharmacies
Used to make legitimate and illegitimate purchases (e.g. anabolic steroids, amphetamines, and painkillers) privately and conveniently
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Online Gambling
Ease of access, including minors
Open all day
e-Banking makes it easier to play
Might generate billions in profit
Internet Gambling Prohibition & Enforcement Act of 2006 makes it illegal, but is difficult to enforce due to lack of public, international cooperation.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Threatening and harassing communications:
Cyberstalking and Harassment
Stalking: Willful, malicious, and repeated following and/or harassing another person in an effort to inflict or cause fear of actual harm through words or deeds committed via electronic means
Cyberstalking: Done via electronic communication
Cyberharassment: Focuses on actual harm suffered, including defacement of character
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Cyberbulling: An aggressive, intentional act carried out by a group or individual, using electronic forms of contact, repeatedly and over time against a victim who cannot easily defend him or herself
Illegal only in some states, not under Federal law
Smith et al., 2008: 376.
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Online Fraud
Intentional deception, misrepresentation, or falsehood made with the intention of receiving unwarranted compensation or gratification
Cuts across gender, social class, and race
Comes in a broad array of forms
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Internet auction fraud can come in the form of:
Nondelivery of goods
Misrepresentation as to condition of an item
Addition of hidden charges (fee-stacking)
Shill bidding (where seller submits bids to drive up price of item)
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Online Credit Card Fraud: Besides traditional fraud, can include:
Skimming (installing devices at ATMs, for example, to steal info from cards)
RFID (taking info from “wave and pay” device, like toll highway transmitters)
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Web-Cramming/ISP Jacking
Web-Cramming: The unauthorized charging of consumers via monthly telecommunication fees
ISP Jacking: Disconnecting individual users from their selected Internet service providers and redirecting them to illegitimate servers to generate long distance charges for those using dial-up
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Fraud via Data Manipulation
Data Diddling: Any method of fraud via data manipulation (usually involves redirecting or rerouting data representing monies or economic exchanges)
Salami technique: Stealing fraction of a cent from millions of accounts, so as to go undetected
IP Spoofing: Manipulation of data packets between computers to mimic a third party and falsely gain access to funds
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
Securities Fraud and Stock Manipulation
Having instant access to stock values and statistics, encouraging day-trading, buying stock with little or no actual knowledge of the company
Vulnerable to dissemination of false information, used to trick individuals to purchase stock at inflated prices
Insider trading: Individuals with access to confidential information unavailable to public use it to make stock purchases/sales, for personal gain
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Neo-Traditional Crime: Old Wine in New Bottles
e-Fencing: Sale of stolen goods through technological means
Fraudulent Instruments: Including counterfeiting and forgery through technological means
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Ancillary Crimes
Money Laundering
An enterprise or practice of engaging in deliberate financial transactions to conceal the identity, source, and/or destination of income
Usually a critical element for organized crime to function
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Ancillary Crimes
Process of Money Laundering
Placement (point of entry of illicit funds)
Layering (using networks to obscure origins of funds)
Integration (return of funds to legitimate economy)
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Ancillary Crimes
Combating Money Laundering
Finding
Freezing (accounts)
Forfeiture (of funds)
This can be accomplished by:
Holding Internet service providers accountable for failure to maintain adequate records
Making financial institutions responsible for inadequate security
Enforcing “Know Your Customers” regulations
Computer Forensics and Cyber Crime, 3rd ed.
Marjie T. Britz
Copyright © 2013 by Pearson Education, Inc.
All Rights Reserved
Conclusions
Technology both enhances & threatens modern society.
Computer crime is increasing for a variety of reasons:
Computers are equivalent to storage warehouses
Increasing connectivity & interdependence of infrastructures
Technical expertise is decreasingly important
Increasing number of threat groups with sophisticated methodologies & advance technology
Government apathy