SRA211 // Chapter 1
Barrett - research
Insights of cybercriminality and desc of behaviors that are "crimes" vs "terrorism." Computers can be used as both criminal instruments and instruments of warfare. Dynamics/process of cyber crime and cyber terrorism are the same.
Virus writing and malware
Inspires fear and disdain. Virus protection industry is a multimillion dollar businesses. Threats from terrorists and hactivists threaten function of gov't, commerce, and military operations. Corps, gov't agencies, utility companies vulnerable to comp attacks from "outsiders."
Expansion/amount of internet traffic has exceeded estimates of a few years ago, and opportunities to commit computer crimes and tech competence of the criminals have expanded more quickly than our efforts to control them.
TRUE
Most feared online crime = interception of privileged information (Credit Card #'s or passwords), leading to ID theft. Credit issuance abuse - epidemic proportions.
TRUE
Not only is there significant inconsistency in defining computer crime offenses, there is an absence of any attempt to collect offense date systematically.
TRUE
There has been rapid integration of computing, telecom, multimedia and information archiving tech
TRUE
Transactions and behavioral interactions can occur between people worldwide from their homes with no scrutiny by immigration, customs, or other government entity.
TRUE
Gordon and Ford: Type I offenses
Technological crimes - Crime is a single or discreet event from the point of view of the victim - Crime involves the use of malware (viruses, worms, adware) - Crime can, but may not be, facilitated by computer software vulnerabilities Theft/manipulation of data. Singular events from the perspective of the victim that involve malware
Intellectual property theft (trade secrets, illegal reproduction of copyrighted music and movies) has an
incalculable cost. According to MPAA, $6 mill fiscal losses from movie piracy in the US. 40% of loss from uni students. At least 45% of US citizens pirate movies. Most pirated movie of all time = Wolf of Wall Street
The internet has made the world a
smaller place. Easier to communicate with one another. Stock transactions, flight schedules, news, etc., available via the internet.
Completion of first electronic computer
1945
First long-distance electronic communication on the internet
1969
Bureau of Justice Statistics
1970s - highlighted computer crime emergence through series of publications (overview of important issues, comp security, EFT crimes). Reports - limited documentation of actual criminality; no discussion of cybercriminals.
Goal since the emergence of computer crime?
1980s onward: calculate costs associated with offenses to underscore importance of the problem and gather resources to fight it. Calculate monetary amount in $.
Early study to calculate the cost of cybercrime
1991 - study by U.N. Commission on Crime and Criminal Justice
Cyber
Almost anything "real" or "virtual" attached to a computer or network.
Costs in anticipation
Antivirus software
Greatest security threats
Employees or people who had legitimate access to the computers. External security breaches come from hackers telephoning into the systems or accessing via networks. External threats via remote access is a growing problem.
Anderson - classification scheme
Estimate costs of computer crime. 4 categories: - Traditional crimes that are now cyber (conducted primarily online, tax fraud) - Transitional crimes that have changed with advent of the Internet (e-commerce fraud) - New crimes that have been originated since advent of the Internet (malware, viruses, worms) - Crimes that facilitate other crimes through misuse of computers
Common themes with research
- Crime problem classification schemes - Documentation of cases of computer fraud within gov't agencies (trust violations) - Work of hackers via Bitnet era - Creation of computer crime units - Security against firewalls, encryption systems, operation security, private networks, physical security, access controls, biometric security developments - Popular press - case studies The Cuckoo's Egg, Takedown - network incursion. Info about specific offenders.
Cybercrime costs: numbers derived can be more misleading than accurate because?
- Cybercrimes difficult to distinguish from more traditional crimes - Now come to recognize problems of under and overreporting costs of cybercrime depending on whom one asks (ex: restimate to maage public perception and fears about problem. LE Exec and providers of computer security overestimate to increase customers and spending towards cybercrime).
Computer security efforts
- Firewalls, encryption technologies, virus control - Growth occurred without adequate cybercrime research (focused on mechanisms and techniques used)
Malware
Includes computer viruses, worms, Trojan Horses, spyware, adware, or any other destructive software aimed at disrupting normal comp network services, collecting sensitive information, or gaining access to private computers, systems, and networks. Short for malicious software. Often referred to as a "computer contaminant" - is a legal term by US state statute.
Trends that drive the reality of increased cybervictimization
- Increased use of computers by virtually every citizen (increased use of smartphones, connection between movement towards industrialization and increased commercial activity, related increases in Internet connectivity, and rise of cybervictimization - US has highest victimization rate; victimization rate increases with time and societal usage of the Internet). - Increased availability of technical info on virus creation and computer hacking techniques that enable more tech savvy computer criminals (available to insiders and outsiders; insider threats more serious - know where to find vulnerable information. Vulnerability from within an organization is the most dangerous and poses most serious threat. Outsiders attempt to break into a system, while insiders easily bypass safeguards, decreasing chances of being detected. Increase of outsiders due to networking, growth of user friendly internet protocols, adaptable databases within Web pages).
Indirect costs
- Reputational damage - Loss of revenue - Burglary - Damages to international trade - competitiveness - innovation - global economic performance
True costs of cybercrime
- expenditures on mitigation strategies - $ spent on antivirus software and digital firewalls - digital monitoring - ID, catching, punishing cybercriminals
Carter's Classification of Computer Crimes
Computer serves as: - Target of the crime (denial of expected service. Denies legitimate user of comp sys access to their data or computer. Also network intrusions that involve the alteration of data and vandalism - alteration of website.) - Instrument of the crime (computer used to achieve other criminal objective. Theft of service. Use of service without payment. Also instrument to commit fraud, such as online auction fraud with shipments that are late, nothing, or not as advertised.) - Incidental to the crime (incident of criminality uses comp for ease in maintaining efficacy of criminal transactions. Comp facilitates crime. Ex: loan-sharking, drug rings, money laundering, dist of child porn, pedophilia.) - Crimes associated with the prevalence of computers (intellectual property violations, corp espionage, white-collar crime, identity theft, cell phone theft.)
Stuxnet
Computer worm that is the world's first precision guided cybermunition. Designed to undermine Iran's nuclear program.
Scope and nature of cybercrime
Creates misperceptions and fear that exceed the identifiable threats. Dangers posed by cybercriminals/terrorists ARE real and present unique and difficult challenges to law enforcement and gov't officials.
Consumer response
Cybercrimes inspire fear in consumers; lead to lack of trust in security and safety of e-comm and online bus transactions. Fear - result of our reliance on computers and networks for military operations, finance, communications, utilities, mass transit.
1980s publications
Dealt with logistical issues with criminality, methods to prevent computer crimes, practices for effective investigation and prosecution of comp crime cases.
Recent National Infastructure Protection Plan
Defines both acts of terrorism and cyberthreats as among the most important evolving threats to critical infastructures.
Methodology of publications
Describe security issue, offer options for a solution, provide technological procedural alternatives for each potential solution.
Virus writers
Develop tools that can damage and destroy computer systems.
Public perception
Law enforcement/gov't officials are ill-equipped to deal with cybercrimes.
Gordon and Ford: Type II offenses
People crimes Do not involve malware, but involve software Involve repeated contacts or events from the point of view of the victim Ex: Cyberstalking, harassment, child predation, extortion, manipulation of stock market, corp espionage, etc.
Social and econ costs to computer tech advancement
Perverted for criminal and terrorist purposes. Progress in computing, networking, comm, e-comm provides criminals with array of tools and opportunities to perpetrate their crimes. Can roam freely with reckless abandon. Tech advancement occur w/o adequate regulation or monitoring. "Law of the jungle" prevails.
Criminal acts with computers
Prod/dist of child porn, financial crimes, info/corp espionage, exploitation, stalking, ID theft. Openness of internet expand scope of criminal activity
Hackers
Seek to invade our computer networks
