Transcript Document

Cyber Crimes
Chunlian QU
7/16/2015
1
What’s Cyber Crimes?

7/16/2015
Cyber crime, also called computer
crime, is any illegal behavior
directed by means of electronic
operations that targets the security
of computer systems and the data
processed .
2
Types of Attacks






7/16/2015
Military and Intelligence Attacks
Business Attacks
Financial Attacks
Terrorist Attacks
Grudge Attacks
“Fun” Attacks
3
Types of Offenders



7/16/2015
Cracker: motivation is to access a
system or data
Criminals: motivation is financial
gain.
Vandals: motivation is to damage
the system or data files.
4
Types of Security




7/16/2015
Physical security
Personnel security
Communications security
Operations security
5
Types of Cyber Crimes
- Breaches of physical security





7/16/2015
Dumpster diving (trashing)
Wiretapping
Eavesdropping on Emanations
Denial or Degradation of Service
Prevention method:
- Locks and keys.
- Natural disasters
- Environmental threats
6
Types of Cyber Crimes
- Breaches of Personnel security





7/16/2015
Masquerading
Social engineering
Harassment
Software piracy
Prevention method:
- Background checks and careful
monitoring on the job
7
Types of Cyber Crimes
- Breaches of communications and data security
(Data attacks)



7/16/2015
Unauthorized Copying of Data
Traffic analysis
Covert channels
8
Types of Cyber Crimes
- Breaches of communications and data security
(Software attacks)






7/16/2015
Trap doors (back doors)
Session hijacking
Tunneling
Timing Attacks
Trojan horses
Viruses and Worms
9
Types of Cyber Crimes
- Breaches of communications and data security
(Software attacks)



7/16/2015
Salamis
Logic bombs
Prevention methods:
- Access control
- Cryptographic methods
- Physical protection and shielding of
network cabling
- Firewall technology
10
Types of Cyber Crimes
- Breaches of operations security






7/16/2015
Data diddling (false data entry)
IP spoofing
Password Sniffing
Scanning
Excess Privileges
Prevention: The only way it can be
effective is if it is integrated into an
organization’s physical, personnel, and
communications security programs.
11
Steps taken after the breach

7/16/2015
The first step is to assess the
situation.
- What is the severity level of the
intrusion?
- Who will be involved in the
investigation?
- Who is responsible for
determining future actions?
12
Steps taken after the breach
7/16/2015

The second step is to repair
damage and prevent recurrence.

Under a serious breach, asking
- Government agencies.
- Private companies.
13
Report Cyber Crimes

7/16/2015
Cyber crimes the NCCS (The FBI’s
National Computer Crimes Squad)
investigates include:
- Intrusions of the Public Switched
Network (the telephone company).
- Major computer network intrusions.
- Network integrity violations.
- Privacy violations
- Industrial espionage.
- Pirated computer software.
- Other crimes where the computer is a
major factor in committing the criminal 14
offense.
Methods of investigations


7/16/2015
The important first step is
determining if a criminal still has
control of any relevant computer.
As a general rule, an investigator
should not let the attacker know
that they are being disconnected
or tracked due to unauthorized
access.
15
Suggestions because of laws



7/16/2015
Firms should secure their networked
information.
Government should assure that their
laws apply to cyber crimes.
Firms, governments, and civil society
should work cooperatively to strengthen
legal frameworks for cyber security.
16