cyber crime prepared for the southern massachusetts e-commerce network nov 5 2004 by suzanne mello

Cyber Crime Cyber Crime Prepared for the Southern Massachusetts Prepared for the Southern Massachusetts

E-Commerce NetworkE-Commerce NetworkNov 5 2004Nov 5 2004

bybySuzanne MelloSuzanne Mello

www.suzannemello.comwww.suzannemello.com

E-Commerce Network - Suzanne Mello E-Commerce Network - Suzanne Mello - Nov 5 2004- Nov 5 2004

Computer Crime Computer Crime

Computer used to commit Computer used to commit a crimea crime

Child porn, threatening Child porn, threatening email, assuming someone’s email, assuming someone’s identity, sexual harassment, identity, sexual harassment, defamation, spam, phishingdefamation, spam, phishing

Computer as a target of a Computer as a target of a crime crime

Viruses, worms, industrial Viruses, worms, industrial espionage, software piracy, espionage, software piracy, hackinghacking


Computer ForensicsComputer ForensicsWhat is it?What is it?

an autopsy of a computer or network to an autopsy of a computer or network to uncover digital evidence of a crimeuncover digital evidence of a crime

Evidence must be preserved and hold up Evidence must be preserved and hold up in a court of lawin a court of law

Growing field – Many becoming Growing field – Many becoming computer forensic savvycomputer forensic savvy

FBI, State and Local Police, IRS, FBI, State and Local Police, IRS, Homeland SecurityHomeland Security

Defense attorneys, judges and Defense attorneys, judges and prosecutorsprosecutors

Independent security agenciesIndependent security agencies White hat or Ethical HackersWhite hat or Ethical Hackers Programs offered at major universities Programs offered at major universities

such as URIsuch as URIhttp://homepage.cs.uri.edu/faculty/wolfe/cfhttp://homepage.cs.uri.edu/faculty/wolfe/cf


Uncovering Digital EvidenceUncovering Digital EvidenceSmart Criminals don’t use their Smart Criminals don’t use their

own computersown computers

Floppy disksFloppy disksZip/Jazz disksZip/Jazz disksTapesTapesDigital camerasDigital camerasMemory sticksMemory sticksPrintersPrintersCDsCDsPDAsPDAsGame boxesGame boxesNetworksNetworksHard drivesHard drives


Digital EvidenceDigital Evidence

Criminals Hide EvidenceCriminals Hide Evidence

Delete their files and emailsDelete their files and emails

Hide their files by encryption, Hide their files by encryption, password protection, or password protection, or embedding them in unrelated embedding them in unrelated files (dll, os etc)files (dll, os etc)

Use Wi-Fi networks and cyber Use Wi-Fi networks and cyber cafes to cover their trackscafes to cover their tracks

Forensics Uncover EvidenceForensics Uncover Evidence

Restore deleted files and emails – Restore deleted files and emails – they are still really there!they are still really there!

Find the hidden files through Find the hidden files through complex password, encryption complex password, encryption programs, and searching programs, and searching techniquestechniques

Track them down through the Track them down through the digital trail - IP addresses to ISPs digital trail - IP addresses to ISPs to the offenderto the offender

Not obvious…….it’s most likely hidden on purpose or needs to be unearthed by forensics experts


The Crime SceneThe Crime Scene(with Computer Forensics)(with Computer Forensics)

Similar to traditional crime scenesSimilar to traditional crime scenes

Must acquire the evidence while Must acquire the evidence while preserving the integrity of the evidencepreserving the integrity of the evidence

No damage during collection, No damage during collection, transportation, or storagetransportation, or storageDocument everythingDocument everythingCollect everything the first timeCollect everything the first time

Establish a chain of custodyEstablish a chain of custody

But also different…….But also different…….

Can perform analysis of evidence on Can perform analysis of evidence on exact copy!exact copy!

Make many copies and investigate Make many copies and investigate them without touching originalthem without touching original

Can use time stamping/hash code Can use time stamping/hash code techniques to prove evidence hasn’t techniques to prove evidence hasn’t been compromisedbeen compromised

Top Cyber Crimes that Top Cyber Crimes that Attack BusinessAttack Business

SpamSpamViruses/WormsViruses/Worms

Industrial Espionage and HackersIndustrial Espionage and HackersWi-Fi High Jacking Wi-Fi High Jacking


SpamSpam““Spam accounts for 9 out of every 10 Spam accounts for 9 out of every 10

emails in the United States.” emails in the United States.” MessageLabs, Inc., an email management MessageLabs, Inc., an email management

and security company based in New and security company based in New York.York.

““We do not object to the use of this slang We do not object to the use of this slang term to describe UCE (unsolicited term to describe UCE (unsolicited commercial email), although we do commercial email), although we do object to the use of the word “spam” as object to the use of the word “spam” as a trademark and the use of our product a trademark and the use of our product image in association with that term” image in association with that term”

www.hormel.comwww.hormel.com


Can-Spam Act of 2003Can-Spam Act of 2003Controlling the Assault of Non-Solicited Pornography and Marketing Controlling the Assault of Non-Solicited Pornography and Marketing Act (Can-Spam)Act (Can-Spam)Signed into law by President Bush on Dec 16, 2003Signed into law by President Bush on Dec 16, 2003

Took effect Jan 1, 2004Took effect Jan 1, 2004

Unsolicited commercial email must:Unsolicited commercial email must: Be labeledBe labeled Include Opt-Out instructionsInclude Opt-Out instructions No false headersNo false headers

FTC is authorized (but not required) to establish a “do-not-email” FTC is authorized (but not required) to establish a “do-not-email” registryregistry

www.spamlaws.com –lists all the latest in federal, state, and www.spamlaws.com –lists all the latest in federal, state, and international lawsinternational laws

Suzanne Mello - Nov 5 2004Suzanne Mello - Nov 5 2004

Spam is HostileSpam is HostileYou pay for Spam, not SpammersYou pay for Spam, not Spammers

Email costs are paid by email Email costs are paid by email recipientsrecipients

Spam can be dangerousSpam can be dangerous Never click on the opt-out link!Never click on the opt-out link!

May take you to hostile web site May take you to hostile web site where mouse-over downloads where mouse-over downloads an .exean .exe

Tells spammers they found a Tells spammers they found a working addressworking address

They won’t take you off the list They won’t take you off the list anywayanyway

What should you do?What should you do? Filter it out whenever possibleFilter it out whenever possible Keep filters up to dateKeep filters up to date If you get it, just delete the emailIf you get it, just delete the email


Viruses and WormsViruses and WormsDifferent types of “ailments”Different types of “ailments”VirusesViruses

software that piggybacks on software that piggybacks on other software and runs when other software and runs when you run something elseyou run something else

Macro in excel, wordMacro in excel, wordTransmitted through sharing Transmitted through sharing programs on bulletin boardsprograms on bulletin boardsPassing around floppy disksPassing around floppy disks

An .exe, .com file in your emailAn .exe, .com file in your emailWormsWorms

software that uses computer software that uses computer networks to find security holes to networks to find security holes to get in to your computer – usually get in to your computer – usually in Microsoft OS!! But worm for in Microsoft OS!! But worm for MAC was recently writtenMAC was recently written


Hackers are EverywhereHackers are Everywhere

Stealing dataStealing data Industrial EspionageIndustrial Espionage Identity theftIdentity theft DefamationDefamation

Deleting data for funDeleting data for fun A lot of bored 16 year olds late at A lot of bored 16 year olds late at

nightnightTurning computers into zombiesTurning computers into zombies

To commit crimesTo commit crimes Take down networksTake down networks Distribute pornDistribute porn Harass someoneHarass someone

Ethical/white hat hackers exist tooEthical/white hat hackers exist too Help break into networks to Help break into networks to

prevent crimesprevent crimes

Mafia Boy


Wireless Fidelity (Wi-Fi)Wireless Fidelity (Wi-Fi)

Using antennas to create “hot spots”Using antennas to create “hot spots”Hotspots – Internet Access (sometimes free)Hotspots – Internet Access (sometimes free)

Newport Harbor - All the boats in Harbor have internet accessNewport Harbor - All the boats in Harbor have internet access San Francisco Giants Stadium – Surf the web while catching a gameSan Francisco Giants Stadium – Surf the web while catching a game UMass (need to register, but it’s free)UMass (need to register, but it’s free) Cambridge, MACambridge, MA Philadelphia, PA – just announced – entire city by 2006Philadelphia, PA – just announced – entire city by 2006


Wi-Fi High JackingWi-Fi High Jacking

60-70% wireless networks are wide open60-70% wireless networks are wide open

Why are the Wi-Fi networks unprotected?Why are the Wi-Fi networks unprotected? Most people say “Our data is boring”Most people say “Our data is boring” But… criminals look for wireless networks to commit But… criminals look for wireless networks to commit

their crimes their crimes And… the authorities will come knocking on your And… the authorities will come knocking on your

door…..door…..


Protect your Computers!Protect your Computers!Use anti-virus software and Use anti-virus software and firewalls - keep them up to datefirewalls - keep them up to date

Keep your operating system up Keep your operating system up to date with critical security to date with critical security updates and patchesupdates and patches

Don't open emails or Don't open emails or attachments from unknown attachments from unknown sourcessources

Use hard-to-guess passwords. Use hard-to-guess passwords. Don’t use words found in a Don’t use words found in a dictionary. Remember that dictionary. Remember that password cracking tools existpassword cracking tools exist

Back-up your computer data on Back-up your computer data on disks or CDs oftendisks or CDs often

Don't share access to your Don't share access to your computers with strangers computers with strangers

IfIf you have a wi-fi network, you have a wi-fi network, password protect itpassword protect it

Disconnect from the Internet Disconnect from the Internet when not in usewhen not in use

Reevaluate your security on a Reevaluate your security on a regular basisregular basis

Make sure your employees Make sure your employees and family members know and family members know this info too!this info too!


Web sites of InterestWeb sites of Interesthttp://homepage.cs.uri.edu/faculty/wolfe/cfhttp://homepage.cs.uri.edu/faculty/wolfe/cfwww.missingchildren.comwww.missingchildren.comwww.spamlaws.com www.spamlaws.com www.netsmartz.orgwww.netsmartz.orghttp://www.ifccfbi.gov - operation web snare – latest http://www.ifccfbi.gov - operation web snare – latest cyber crimes to be aware ofcyber crimes to be aware ofhttp://www.dcfl.gov/dc3/home.htmhttp://www.dcfl.gov/dc3/home.htmhttp://www.cops.org/http://www.cops.org/

SourceSource

http://pdfsdb.com/ppt/cyber-crime-umd-http://pdfsdb.com/ppt/cyber-crime-umd-web-site-university-of-massachusetts-web-site-university-of-massachusetts-401071.html401071.html


cyber crime prepared for the southern massachusetts e-commerce network nov 5 2004 by suzanne mello

Documents