Transcript chapter 9

Module 9: Computer Crimes
Introduction
History of Computer Crimes
Computer Systems Attacks
Motives
Costs and Social Consequences
Ethical and Social...J.M.Kizza
1
Introductions
A computer crime is an illegal act that involves a
computer system or computer related system like a
telephone, microwave, satellite or other
telecommunications system that connect one or more
computers or computer related systems, either as an
object of a crime, an instrument used to commit a crime
or a repository of evidence related to a crime.
Illegal acts fall within the domains of the commission of crimes
which a legislature of a state or a nation has specified and
approved. Human acts using computers or computer related
technologies that encroach within the limits of the commission’s
boundaries, are considered illegal and they include:
–
–
–
–
–
Intrusions of the Public Switched Network
Intrusions into Public Packet Networks
Network integrity violations
Privacy violations
Industrial espionage
Ethical and Social...J.M.Kizza
2
–
–
–
–
Pirated computer software
Fraud,
Internet/email abuse,
Using computers or computer technology to commit murder,
terrorism, pornography and hacking
Most computer attacks on the resources above fall into
three categories below. Our focus in this chapter will be
on the last category [1,2]:
– Natural or Inadvertent attack that include accidents originating
from natural disaster like fire, floods, windstorms, lightening
and earthquakes, and they usually occur very quickly without
warning, and are beyond human capacity, often causing serious
damage to affected cyberspace resources.
– Human blunders, errors, and omissions that are usually caused
by unintentional human actions. Unintended human actions are
usually due to design problems, such attacks are called
malfunctions. Malfunctions, though occurring more frequently
than natural disasters, are as unpredictable as natural disasters.
– Intentional threats that are actually intended and they originate
from humans caused by illegal or criminal acts from either
insiders or outsiders, recreational hackers, and criminal. For the
remainder of this chapter we are going to focus on this.
Ethical and Social...J.M.Kizza
3
History of Computer Crimes
Hacking, as a computer attack technique, utilizing the
internetworking between computers and communication
devices did not start until the 1970s . The first recorded
hacking activity was in 1971 when John Draper, commonly
known as "Captain Crunch," discovered that toy whistle
from a cereal box can produce the precise tone of 2600
hertz, needed to make free long distance phone calls [4] .
With this act, "Phreaking", a cousin of hacking, entered our
language.
Hacking activities started picking up pace in the 1980s. The
movie “WarGames" in 1983, the science fiction watched by
millions, glamorized and popularized hacking and it is
believed by many that the movie gave rise to the hacking
phenomena. The first notable system penetration attack
actually started in the mid-80s with the San Francisco based
414-Club. The 414- Club was the first national news making
hacker group (414 was based on a 414 Area code in
Milwaukee, Wisconsin.)
Ethical and Social...J.M.Kizza
4
Small hacker groups started forming like the Legion of
Doom in U.S.A. and the Chaos Computer Club in
Germany. From that point on other headline making
attacks from hacker groups in Australia, Germany,
Argentina and U.S.A followed. Ever since, we have been
on a wild ride.
In 1984, the 2600: The Hacker Quarterly, a hacker
magazine was launched and the following year, the
Electronic hacking magazine Phrack was founded.
As the Internet grew as well as computer networks,
hacker activities increased greatly that in 1986 the U.S.
Congress passed the Computer Fraud and Abuse Act.
Hacker activities that had only been in U.S.A started to
spread worldwide.
In 1987 the Italian hacker community launched the
Decoder magazine similar to the U.S.A’s 2600: Hacker
Quarterly [4].
Ethical and Social...J.M.Kizza
5
The first headline making hacking incident that used a
virus and got national and indeed global headlines took
place in 1988 when a Cornell graduate student created a
computer virus that crashes 6,000 computers and
effectively shut down the Internet for two days [5]. Robert
Morris action forced the U.S.A government to form the
federal Computer Emergency Response Team to
investigate similar and related attacks on the nation’s
computer networks.
The 1990s saw heightened hacking activities and serious
computer network “near” meltdowns including the 1991
expectation without incident of the "Michelangelo" virus
that was expected to crash computers on March 6, 1992,
the artist's 517th birthday. In 1995 the notorious, selfstyled hacker Kevin Mitnick was first arrested by the FBI
on charges of computer fraud that involved the stealing of
thousands of credit card numbers.
Mitnick’s hacking activities, however, started in the mid
1980s with his secret monitoring of e-mails of officials of
companies like MCI and Digital Equipment.
Ethical and Social...J.M.Kizza
6
The year 2000 probably saw the most
costly and most powerful computer
network attacks that included the
“Melissa”, the “Love Bug”, the “Killer
Resume”, and a number of devastating
Distributed Denial of Service attacks. The
following year, 2001, the elusive “Code
Red” virus was released. The future of
viruses is as unpredictable as the kinds of
viruses themselves.
Ethical and Social...J.M.Kizza
7
Types of Computer Attacks
Types of Computer Attacks:
– Penetration Attack Type -involves breaking into a
system using known security vulnerabilities to gain
access to any cyberspace resource –
There is steady growth of these attacks – see the CERT
Report below.
Denial of Service Attacks – they affect the
system through diminishing the system’s ability
to function; hence, they are capable of bringing
a system down without destroying its resources
Ethical and Social...J.M.Kizza
8
Ethical and Social...J.M.Kizza
2000
1998
1997
1996
1995
1994
1993
1992
1991
1990
1989
1988
Number of Incidents
12000
10000
8000
6000
4000
2000
0
Years
9
Motives of Attacks
– Vendetta/Revenge
– Joke/Hoax/Prank
– The Hacker's Ethics - This is a collection of
motives that make up the hacker character
– Terrorism
– Political and Military Espionage
– Business ( Competition) Espionage
– Hate (national origin, gender, and race)
– Personal gain/Fame/Fun/Notoriety
– Ignorance
Ethical and Social...J.M.Kizza
10
Costs and Social Consequences
psychological effects – These depend on the attack motive and may
result in long psychological effects such as hate. Psychological
effects may lead to individual reclusion, increasing isolation, and
such trends may lead to dangerous and costly repercussions on
the individual, corporations and society as a whole.
moral decay – There is a moral imperative in all our actions.
When human actions, whether bad or good, become so frequent,
they create a level of familiarity that leads to acceptance as
“normal”. This type of acceptance of actions formerly viewed as
immoral and bad by society is moral decay. There are numerous
e-attacks that can cause moral decay. In fact, because of the recent
spree of DDoS, and email attacks, one wonders whether people
doing these acts seriously consider them as immoral and illegal
any more!
Loss of privacy – After the recent headline making e-attacks on
CNN, Ebay, E*Trade, and Amazon, and the email attacks that
wrenched havoc on global computers, there is a resurgence in the
need for quick solutions to the problem that seems to have hit
home
Ethical and Social...J.M.Kizza
11