cyber crime prepared for the southern massachusetts e-commerce network nov 5 2004 by suzanne mello
DESCRIPTION
E-Commerce Network - Suzanne Mello - Nov Computer Forensics What is it? an autopsy of a computer or network to uncover digital evidence of a crime an autopsy of a computer or network to uncover digital evidence of a crime Evidence must be preserved and hold up in a court of law Evidence must be preserved and hold up in a court of law Growing field – Many becoming computer forensic savvy FBI, State and Local Police, IRS, Homeland Security FBI, State and Local Police, IRS, Homeland Security Defense attorneys, judges and prosecutors Defense attorneys, judges and prosecutors Independent security agencies Independent security agencies White hat or Ethical Hackers White hat or Ethical Hackers Programs offered at major universities such as URI Programs offered at major universities such as URITRANSCRIPT
Cyber Crime Cyber Crime Prepared for the Southern Massachusetts Prepared for the Southern Massachusetts
E-Commerce NetworkE-Commerce NetworkNov 5 2004Nov 5 2004
bybySuzanne MelloSuzanne Mello
www.suzannemello.comwww.suzannemello.com
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Computer Crime Computer Crime
Computer used to commit Computer used to commit a crimea crime
Child porn, threatening Child porn, threatening email, assuming someone’s email, assuming someone’s identity, sexual harassment, identity, sexual harassment, defamation, spam, phishingdefamation, spam, phishing
Computer as a target of a Computer as a target of a crime crime
Viruses, worms, industrial Viruses, worms, industrial espionage, software piracy, espionage, software piracy, hackinghacking
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Computer ForensicsComputer ForensicsWhat is it?What is it?
an autopsy of a computer or network to an autopsy of a computer or network to uncover digital evidence of a crimeuncover digital evidence of a crime
Evidence must be preserved and hold up Evidence must be preserved and hold up in a court of lawin a court of law
Growing field – Many becoming Growing field – Many becoming computer forensic savvycomputer forensic savvy
FBI, State and Local Police, IRS, FBI, State and Local Police, IRS, Homeland SecurityHomeland Security
Defense attorneys, judges and Defense attorneys, judges and prosecutorsprosecutors
Independent security agenciesIndependent security agencies White hat or Ethical HackersWhite hat or Ethical Hackers Programs offered at major universities Programs offered at major universities
such as URIsuch as URIhttp://homepage.cs.uri.edu/faculty/wolfe/cfhttp://homepage.cs.uri.edu/faculty/wolfe/cf
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Uncovering Digital EvidenceUncovering Digital EvidenceSmart Criminals don’t use their Smart Criminals don’t use their
own computersown computers
Floppy disksFloppy disksZip/Jazz disksZip/Jazz disksTapesTapesDigital camerasDigital camerasMemory sticksMemory sticksPrintersPrintersCDsCDsPDAsPDAsGame boxesGame boxesNetworksNetworksHard drivesHard drives
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Digital EvidenceDigital Evidence
Criminals Hide EvidenceCriminals Hide Evidence
Delete their files and emailsDelete their files and emails
Hide their files by encryption, Hide their files by encryption, password protection, or password protection, or embedding them in unrelated embedding them in unrelated files (dll, os etc)files (dll, os etc)
Use Wi-Fi networks and cyber Use Wi-Fi networks and cyber cafes to cover their trackscafes to cover their tracks
Forensics Uncover EvidenceForensics Uncover Evidence
Restore deleted files and emails – Restore deleted files and emails – they are still really there!they are still really there!
Find the hidden files through Find the hidden files through complex password, encryption complex password, encryption programs, and searching programs, and searching techniquestechniques
Track them down through the Track them down through the digital trail - IP addresses to ISPs digital trail - IP addresses to ISPs to the offenderto the offender
Not obvious…….it’s most likely hidden on purpose or needs to be unearthed by forensics experts
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
The Crime SceneThe Crime Scene(with Computer Forensics)(with Computer Forensics)
Similar to traditional crime scenesSimilar to traditional crime scenes
Must acquire the evidence while Must acquire the evidence while preserving the integrity of the evidencepreserving the integrity of the evidence
No damage during collection, No damage during collection, transportation, or storagetransportation, or storageDocument everythingDocument everythingCollect everything the first timeCollect everything the first time
Establish a chain of custodyEstablish a chain of custody
But also different…….But also different…….
Can perform analysis of evidence on Can perform analysis of evidence on exact copy!exact copy!
Make many copies and investigate Make many copies and investigate them without touching originalthem without touching original
Can use time stamping/hash code Can use time stamping/hash code techniques to prove evidence hasn’t techniques to prove evidence hasn’t been compromisedbeen compromised
Top Cyber Crimes that Top Cyber Crimes that Attack BusinessAttack Business
SpamSpamViruses/WormsViruses/Worms
Industrial Espionage and HackersIndustrial Espionage and HackersWi-Fi High Jacking Wi-Fi High Jacking
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
SpamSpam““Spam accounts for 9 out of every 10 Spam accounts for 9 out of every 10
emails in the United States.” emails in the United States.” MessageLabs, Inc., an email management MessageLabs, Inc., an email management
and security company based in New and security company based in New York.York.
““We do not object to the use of this slang We do not object to the use of this slang term to describe UCE (unsolicited term to describe UCE (unsolicited commercial email), although we do commercial email), although we do object to the use of the word “spam” as object to the use of the word “spam” as a trademark and the use of our product a trademark and the use of our product image in association with that term” image in association with that term”
www.hormel.comwww.hormel.com
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Can-Spam Act of 2003Can-Spam Act of 2003Controlling the Assault of Non-Solicited Pornography and Marketing Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam)Act (Can-Spam)Signed into law by President Bush on Dec 16, 2003Signed into law by President Bush on Dec 16, 2003
Took effect Jan 1, 2004Took effect Jan 1, 2004
Unsolicited commercial email must:Unsolicited commercial email must: Be labeledBe labeled Include Opt-Out instructionsInclude Opt-Out instructions No false headersNo false headers
FTC is authorized (but not required) to establish a “do-not-email” FTC is authorized (but not required) to establish a “do-not-email” registryregistry
www.spamlaws.com –lists all the latest in federal, state, and www.spamlaws.com –lists all the latest in federal, state, and international lawsinternational laws
Suzanne Mello - Nov 5 2004Suzanne Mello - Nov 5 2004
Spam is HostileSpam is HostileYou pay for Spam, not SpammersYou pay for Spam, not Spammers
Email costs are paid by email Email costs are paid by email recipientsrecipients
Spam can be dangerousSpam can be dangerous Never click on the opt-out link!Never click on the opt-out link!
May take you to hostile web site May take you to hostile web site where mouse-over downloads where mouse-over downloads an .exean .exe
Tells spammers they found a Tells spammers they found a working addressworking address
They won’t take you off the list They won’t take you off the list anywayanyway
What should you do?What should you do? Filter it out whenever possibleFilter it out whenever possible Keep filters up to dateKeep filters up to date If you get it, just delete the emailIf you get it, just delete the email
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Viruses and WormsViruses and WormsDifferent types of “ailments”Different types of “ailments”VirusesViruses
software that piggybacks on software that piggybacks on other software and runs when other software and runs when you run something elseyou run something else
Macro in excel, wordMacro in excel, wordTransmitted through sharing Transmitted through sharing programs on bulletin boardsprograms on bulletin boardsPassing around floppy disksPassing around floppy disks
An .exe, .com file in your emailAn .exe, .com file in your emailWormsWorms
software that uses computer software that uses computer networks to find security holes to networks to find security holes to get in to your computer – usually get in to your computer – usually in Microsoft OS!! But worm for in Microsoft OS!! But worm for MAC was recently writtenMAC was recently written
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Hackers are EverywhereHackers are Everywhere
Stealing dataStealing data Industrial EspionageIndustrial Espionage Identity theftIdentity theft DefamationDefamation
Deleting data for funDeleting data for fun A lot of bored 16 year olds late at A lot of bored 16 year olds late at
nightnightTurning computers into zombiesTurning computers into zombies
To commit crimesTo commit crimes Take down networksTake down networks Distribute pornDistribute porn Harass someoneHarass someone
Ethical/white hat hackers exist tooEthical/white hat hackers exist too Help break into networks to Help break into networks to
prevent crimesprevent crimes
Mafia Boy
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Wireless Fidelity (Wi-Fi)Wireless Fidelity (Wi-Fi)
Using antennas to create “hot spots”Using antennas to create “hot spots”Hotspots – Internet Access (sometimes free)Hotspots – Internet Access (sometimes free)
Newport Harbor - All the boats in Harbor have internet accessNewport Harbor - All the boats in Harbor have internet access San Francisco Giants Stadium – Surf the web while catching a gameSan Francisco Giants Stadium – Surf the web while catching a game UMass (need to register, but it’s free)UMass (need to register, but it’s free) Cambridge, MACambridge, MA Philadelphia, PA – just announced – entire city by 2006Philadelphia, PA – just announced – entire city by 2006
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Wi-Fi High JackingWi-Fi High Jacking
60-70% wireless networks are wide open60-70% wireless networks are wide open
Why are the Wi-Fi networks unprotected?Why are the Wi-Fi networks unprotected? Most people say “Our data is boring”Most people say “Our data is boring” But… criminals look for wireless networks to commit But… criminals look for wireless networks to commit
their crimes their crimes And… the authorities will come knocking on your And… the authorities will come knocking on your
door…..door…..
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Protect your Computers!Protect your Computers!Use anti-virus software and Use anti-virus software and firewalls - keep them up to datefirewalls - keep them up to date
Keep your operating system up Keep your operating system up to date with critical security to date with critical security updates and patchesupdates and patches
Don't open emails or Don't open emails or attachments from unknown attachments from unknown sourcessources
Use hard-to-guess passwords. Use hard-to-guess passwords. Don’t use words found in a Don’t use words found in a dictionary. Remember that dictionary. Remember that password cracking tools existpassword cracking tools exist
Back-up your computer data on Back-up your computer data on disks or CDs oftendisks or CDs often
Don't share access to your Don't share access to your computers with strangers computers with strangers
IfIf you have a wi-fi network, you have a wi-fi network, password protect itpassword protect it
Disconnect from the Internet Disconnect from the Internet when not in usewhen not in use
Reevaluate your security on a Reevaluate your security on a regular basisregular basis
Make sure your employees Make sure your employees and family members know and family members know this info too!this info too!
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004
Web sites of InterestWeb sites of Interesthttp://homepage.cs.uri.edu/faculty/wolfe/cfhttp://homepage.cs.uri.edu/faculty/wolfe/cfwww.missingchildren.comwww.missingchildren.comwww.spamlaws.com www.spamlaws.com www.netsmartz.orgwww.netsmartz.orghttp://www.ifccfbi.gov - operation web snare – latest http://www.ifccfbi.gov - operation web snare – latest cyber crimes to be aware ofcyber crimes to be aware ofhttp://www.dcfl.gov/dc3/home.htmhttp://www.dcfl.gov/dc3/home.htmhttp://www.cops.org/http://www.cops.org/
SourceSource
http://pdfsdb.com/ppt/cyber-crime-umd-http://pdfsdb.com/ppt/cyber-crime-umd-web-site-university-of-massachusetts-web-site-university-of-massachusetts-401071.html401071.html
E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004