Cyber Crimes CH 1 Test Review
What is ransomware?
Computer systems that are infected with malicious code (malware) and the data within them are made unavailable and inaccessible to owners and/or legitimate users until a fee is paid to the cybercriminal.
Commonly encountered methods of identity theft
Dumpster diving, phishing, packet sniffing, retail scams, shoulder scamming, skimming
How do identity thieves operate?
Identity theft can be committed through a variety of techniques consisting of those that employ the use of computers, those that employ other high technology devices, or those that employ old fashioned physical con artistry and thievery.
Responses to identity theft
Law enforcement agencies can run into some difficulty when dealing with credit card companies and banks when trying to solve identity theft cases that can result in an inability to close the case. Investigating identity theft can also be complicated by the fact that the crime may involve a combination of physical world techniques and internet based techniques. Some law enforcement departments cannot maintain trained personnel to handle these investigations because they cannot afford proper equipment and training. Do not give out personal information like a social security number or bank account numbers over the phone. Delete emails asking for banking information to help someone who is in need of assistance. Shred all papers containing social security numbers, names, addresses and similar information before throwing them into the trash. Be careful with credit card receipts and carbons. Destroy the receipts and trash them at another location.
What is denial of service attacks?
Refers to an attack in which an internet website or network server is flooded with enormous amounts of data that in essence consumes all resources of the target computer system.
What is high technology crime?
Refers to any crime involving the use of high technology devices in its commission. i.e. computer, tablets, telephones, etc.
Denial of service attacks
Result in the target computer crashing or shutting down. Advances in computer technology have resulted in computer systems today that are able to handle larger amounts of data requests. Goal is to prevent legitimate users from accessing the computer.
What are the two primary classifications of identity theft?
Situations in which an individual's identity is stolen and the thief assumes the physical identity of the victim. Situations of identity theft are rarely encountered. Situations involving credit fraud/financial fraud.
T/F: As connections to the internet become more reliable and more people connect, more important services tend to be provided online.
T
T/F: As of September 2007, the global internet penetration rate is estimated at 51%.
T
T/F: Because of the availability of internet services through mobile devices, internet has been consistently growing.
T
T/F: Cybercrime "knows no physical or geographic boundaries" and can be conducted with less effort, greater ease, and at greater speed than traditional crime.
T
T/F: Cybercrime can be perpetrated by individuals, groups, businesses, and nation-states.
T
T/F: Global satellite networks can provide internet access to remote areas.
T
T/F: Jurisdictional issues are one of the problems associated with high-technology crimes.
T
T/F: Most countries have at least one internet service provider.
T
T/F: One of the more common targets for a computer virus is the boot sector of the target computer's hard drive.
T
T/F: The internet penetration rate refers to "the percentage of the total population of a given country or region that uses the internet."
T
T/F: There are very few places on Earth where you cannot access the internet.
T
T/F: There is no universal definition to cybercrime
T
T/F: Viruses are deposited on the boot sector so that each time the computer is booted up the virus will load itself and run its program.
T
T/F: Viruses are quite possibly the biggest and most expensive problem facing computer users today.
T
What are the hacking stages?
Targeting is the first step in the pre-hack stage. May physically select a target that is of interest to them. Use of a port scanner (software packages that scan computer networks to determine if any computers have open port settings). The second stage of pre-hacking is known as the researching and information gathering phase. Physically visiting. Researching (social engineering-reverse social engineering)
What is web spoofing?
The act of web spoofing involves the redirection of a user's internet browser to a given website when the user types in a Once within the grip of these sites it is
Online identity or virtual identity
This is a third form of identity theft that is rarely discussed. Person can gain control of the screen name of another person, they can log into their social networking sites and change settings and post comments about others who are in the victim's social circle. The theft of someone's virtual identity can be committed as a means of harassment or as a means of sending advertisements and solicitations to larger groups of people to whom the identity thief would not normally have access.
Theft of a victims credit identity?
This is the fastest growing high technology crime in the world.
What is phreaking?
Today, the term "phreaking" refers to any activity resulting in the individual gaining use of telecommunications services without paying for such services.
What is packet sniffing?
a packet sniffing program is a software program that allows users to intercept data while it is en route to a website. This could allow an individual to intercept credit card information while the data is being transferred to a commercial website. Will read the headers of packets containing credit card information and then make a copy of the information and forward it to the packet sniffing software's administrator. All of the information is then collected and the individual may begin to make purchases using the credit card number as they were received.
Two problems associated with jurisdictional issues
a. Very difficult to determine who has authority to investigate these crimes. b. A person can live in one country, but the crime is committed in another country.
Hacking is the most famous and commonly read about computer crime.
a. unauthorized access to another person's computer b. involves the use of a computer as an instrument of the crime c. computers used in hacking will probably maintain some form of evidence that could be used to confirm the identity of the hackers
What is carding?
all forms of identity theft related to the theft of a victim's credit card.
What is a hactivist?
an individual who hacks as a means of spreading their political message.
What is a cyberterrorist?
an individual who uses their hacking ability to instill a sense of fear into the public.
What is a grey hat hacker?
combination of black and white hats. May appear to be a form of blackmail, in the business world such decisions may be a matter of cost benefit analysis. Practice has witnessed a decrease in use as more businesses have elected to prosecute individuals who attempt these acts. Will search target computers, gain access, notice the system's owner, but they will normally elect to offer to repair the defect for a small amount of money.
What is are script kiddies?
earn their names from their ability to surf the internet looking for hacker utility programs and then launching the programs at a target computer system. Most dangerous of the hackers because they do not know how the program will affect the computer system the attack is being launched upon.
What is identity theft?
generally defined as the theft of someone's identity through the use of some form of personal identifying information, with the information being used for some fraudulent activity.
What is a cracker?
generally used to refer to one who violates software copyright protections and gains inappropriate access to password protected files and services.
What is a hacker?
individuals who were using their personal computers to gain unauthorized access to other individuals' and businesses' computers.
What is dumpster diving?
involves a focus on a search for any documents with credit card information and a user's account information.
What is a white hat hacker?
main objective is to provide computer security programs that will protect systems from being illegally and maliciously penetrated. Will still search out target computers and then attempt to hack into the systems, but once successful, they will normally cease their activities and alert the owner of the computer system to the vulnerability.
What is phishing?
refers to a process whereby an identity thief will attempt to get a potential identity theft victim to provide them with personal information needed to engage in identity theft. The victim might not realize that the information is being requested by a non trusted source. Oftentimes the victim of one of these scams will receive an email or other communication that appears official and requests that the person submit this information in order to maintain their accounts.
What is IP Spoofing?
refers to the process of forging a computer's internet protocol (IP) address.
What is skimming?
refers to the use of small, often handheld devices that can store several hundred credit card numbers, cardholders names, and card expiration dates. Skimmer devices work in much the same manner as the electronic card readers that are used in commercial venues when one uses their credit card or debit card.
What are the six types of hackers?
1. Black-hat hackers 2. White-hat hackers 3. Grey-hat hackers 4. Script kiddies 5. Hactivists 6. Cyberterrorists
How does Casey traditionally define computer crime?
Criminal activities involving a computer that are made illegal through statute.
What is cyber crime?
Cyber crime refers to any crime that involves a computer and a network, in which a computer may or may not have played an instrumental part in the commission of the crime.
What are the hacker techniques?
Data manipulation: refers to the process by which an individual changes data or deletes data from a computer system as a means of causing harm (almost always financial) to the computer's owner. Trojan Horse: commonly sent to a target computer system via emails to legitimate users of the system. To sabotage the computer network in order to gain access to other computers on the network. To see how the introduction of additional programs will affect the entire system's operations.
What is assuming the life of a potential victim?
Difficult to accomplish. It is possible for a terrorist organization or an extremist group to assume another's identity in an attempt to remain hiding during the planning stages of an attack. Person may find themselves seeking a lifestyle that is beyond their means and may find that living someone else's life allows them an escape.
Identity theft penalty enhancement act of 2004
Maintains increased penalties for individuals who engage in identity theft related activities as a means of furtherance of another crime. Individuals who use their position within a company as a means of obtaining information to be used in an act of identity theft can face increased punishment under this legislation. The above statutes are federal statutes but all states have also passed their own identity theft related statutes. The federal and state governments have made prosecuting individuals for identity theft much easier. Many states have begun limiting the amounts of personal information that individuals can obtain without a thorough verification process.
Hacker/phreaker subculture
There are many individuals who violate computer systems but do so without removing any data from the system or causing any damage to the system. To a hacker there is no such thing as secured information. The majority of hackers also appear to believe that information should not be secure.
What is a black hat hacker?
violate computer security for little reason beyond maliciousness or for personal gain. Writes programs to damage computer systems and networks. Result is that computer security and antivirus manufacturing have become full-time enterprises
What are retail scams?
when a potential victim comes along, the identity thief makes a telephone call to the cashier pretending to be a member of the company's lost prevention or security team. The clerk will be asked to read the check or credit card numbers over the phone.
What is shoulder surfing?
when a user takes out his or her credit card to pay for their merchandise, either in preparation for the payment or after payment has been made and the user is waiting to sign the credit card slip, the identity theft will peer over the user's shoulder.