2036CCJ Cyber-crime (Week 1-6)

Ace your homework & exams now with Quizwiz!

CC Generation 2

Committed across networks, crime as hybrids

Of the attempted cyber security incidents (AUS) what are the top 4 tactics used?

- Email phishing and social engineering fraud - Malware infection - Other types of compromise - DoS attack

Of the successful cyber security incidents (AUS) what are the top 4 tactics used?

- Malware infection - Email phishing and social engineering fraud - Other types of compromise - DoS attack

What are the characteristics of cyber-crime ?

- Organised - Financially motivated - Technologically sophisticated - Transnational

What percentage of the world population use the internet as at 2016 ?

40%

How many phone scam reports did the ATO receive in the 5 months between Jan 2016 and May 2016 ?

40.5K

What percentage of victims reports of cyber-crime in AUS are from females ?

44%

What percentage of developing countries have access to the internet ?

47%

What percentage of businesses had experienced at lease one successful cyber attack against them ?

58%

While it is typically large, multinational or government organisations cyber security incidents which are reported in the media, a significant proportion of attacks are targeted at small and medium business. What percentage of attacks target small-medium Australian businesses ?

60%

Why is portability and transferability important to technology become a 'crime enabler'

Advances in technology now enable large datasets to be created, and easily distributed with relative ease and cheaply --> i.e. 1TB hard drives, increasing internet speeds enabling superfast transfers, smart phones, real-time but at a distance thanks to availability of mobile internet, enables people to post information instantaneously of where law enforcement are located or conducting activities, use of cryptocurrencies which leave little to no paper trail unlike cash or other 'traditional bank transactions', provides an avenue for secure text communications rendering wiretaps, or metadata searches obsolete.

What is the core agency in US for cyber fraud ?

Internet Crime Complaint Center (IC3)

What is National Fraud Intelligence Bureau (NFIB) ? (UK)

National policing lead for fraud. Uses millions of reports of fraud and cyber crime to identify serial offenders, organised crime gangs and established as well as emerging crime types

What is IC3s mission ?

To provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated fraud schemes and to develop effective alliances with law enforcement and industry partners

- BEC (business email compromise) - Romance and confidence fraud - Non-payment and non-delivery

Top 3 crimes by reported loss in US

- dating scams & romance scams - investment scams

Top 3 fraud/cyber-crimes by reported loss to ACCC in AUS

What is advance fee fraud ?

Very common and vary in type, style and delivery but all are after the same thing - to get you to pay for non-existent funds or goods. The perpetrators are experts in conning people by coming up with various reasons why you need to send money for things like legal fees, government charges, United Nations anti-terrorism or money laundering certificates & may refer you to others masquerading as banks or lawyers, and often use official looking logos on letters and emails.

What activities constitute "offences against a computer system ? "

illegal access illegal interception data interference system interference's misuse of devices hacking

What does the ACCC do ?

publishes fraud and scam statistics

Types of catergories of cyber-crime included in the Australian Cybercrime Act 2001 (Cth) ? How does the Act differentiate between types of cyber-crimes ?

- Crime directed at computers (true cybercrime) or other ICTs; or - Crime where computers of ICTs are an integral part of the offence

In the ACA 2001 what does "Crime directed at computers (true cybercrime) or other ICTs" include ?

- Cyber Fraud - Offences against a computer system

What does the NCCS look into ?

- Cyber attacks - Cyber theft - Other computer security incidents

When was did the Cyber-security National Action Plan (US) come into force ?

2016

Of the affected business in Australia affected by one or more cyber security incidents how many report to an external party ?

48%

What was the reported $ losses due to ATO scams to Australian victims between Jan 2016 and May 2016 ?

$1.2M

How much are Australian TFNs worth ?

$1K

How much are Australian Medicare details worth ?

$200

What is the total financial investment by the Australian Government into cyber security over the next 4 years ?

$230M

What is the average cost of a cyber crime attack to businesses in Australia ?

$276K

What are the reported losses due to cyber crime in AUS ?

$300M

What are reported losses of male victims of cyber-crime in AUS ?

$35.6M

Australian identity credentials are worth how much on the dark net ?

$50-$5.2K

There has been an increase in scams targeting business and Government. How many victims ?

90% of businesses have faced some form of successful attempt, or attempt of cyber-crime in last year

What percentage of security incidents involved human error ?

95%

LulzSec

an underground group, an offshoot of the international hacking collective Anonymous

'Computer as a target' refers to ...

Offences where a computer itself is the target of a crime (HACKING)

What does Malicious Software (#2) refer to IN RELATION TO HACKING ?

Offender disseminates viruses, worms, spyware, backdoors, scare-ware, ransom wear, adware and/or Trojans onto target computer. The nature of which depends on the purpose for which it has been distributed

Particular environments increases one's exposure and proximity to dangerous situations, BUT whether a person becomes a crime victim depends on their presumed subjective utility over alternative targets

Opportunity model of victimisation

What is the least valuable Australian identity credential?

Passwords

3 core criminological theories are applicable to Cyber crime - what are they ?

Social Learning Theory General Theory of Crime Space Transition Theory

Several theories (new and old) are applicable to cyber crime. What are they ?

Social Learning Theory General Theory of Crime Space transition theory

More than half of victimised businesses are alerted to possible breaches by external third parties, before they detect it themselves ?

True

Health information and medical records are worth how much on the dark net ?

US$12.20

UTI ?

Unintentional Insider Threats

What activities are considered to be 'advance fee fraud' ?

romance scams inheritance scams investment scams fraudulent financial transactions

What does the Australian Consumer Fraud Taskforce do ?

Comprised of a rich tapestry of agencies and departments with responsibility for consumer protection and policing in areas of scams and frauds

CC Generation 1

Computers used to assist traditional offending

'Computer as a target' offenders are against...

Confidentiality Integrity and availability of data and systems

Why has cybercrime and crimes enabled by cyber technology have continued to increase ?

Connectedness and rapid development (and affordability)

What is physical guardianship ?

target hardening tools

What factors affect or influence criminal decision-making and behaviour according to Routine Activities Approach/Theory ?

target suitability and guardianship

Why is PII valuable ?

to commit identity fraud; file tax returns, apply for loans & credit cards; launch phishing attacks

Computer supported

traditional crimes where use of the computer is an incidental aspect of the commission of the crime , but can be enhanced by use of technology

What is hacking ?

unauthorised access to computers or computer systems; malicious software; DoS attacks

What is data breach ?

use of phishing and social engineering

Data value

vary in price; like any market, varies according to availability, volume, accessibility and potential use

According to Opportunity model of victimisation particular environments increase ones exposure and proximity to dangers situations... BUT...

whether a person becomes a crime victims depends on their presumed subjective utility over alternative targets

According to Akers the 4 learning mechanisms in Social Learning theory are - differential association - definitions - differential reinforcement - imitation Explain differential reinforcement

Definitions supporting criminal behaviour is critical to justify behaviour, reinforcement is needed - financial or social. Positive reaction to behaviour will encourage future behavior of a similar kind + perceived or actual punishment will decrease behaviour

The following is what ? Age Sex Race Income Marital status Education Occupation

Demographic characteristics

What is the premise of Lifestyle exposure theory ?

Demographic differences in likelihood of victimisation are attributed to differences in personal lifestyles of victims

What does DoS attacks (#2) refer to IN RELATION TO HACKING ?

Denial of Service

What makes a target suitable ?

Depends on the offenders interests. May be a computer system/network; data; harassment of an individual; exploitation of a child; terrorist activities

What is Malicious Software ?

Designed to disrupt, damage, or gain unauthorised access to a computer system, without the knowledge of the owner

The costs to businesses of attempted, and success cyber security incidents involves many activities. What activity do businesses have to undertake as a result of the incident which is 53% of the total cost ?

Detection and recovery

What is Routine Activities Approach/Theory ?

Direct contact predatory victimisation occurs when there is a convergence in both space and time of three factors 1. Motivated offender 2. Suitable target 3. Absence of capable guardian

Of all types of cyber security incidents experienced by businesses, which incident type results in the highest average cost to business ?

DoS attacks

What is the focus of the Australian Cyber Security Strategy ?

Efforts of multiple agencies to provide a secure cyberspace for Australia. Working with international agencies to promote free, open and secure Internet, and redoubling our efforts to counter the spread of extremist and terrorist violence

The following are what ? - there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information - likely to result in serious harm to one or more individuals - entity has not been able to prevent the likely risk of serious harm with remedial action

Eligible data breaches according to Notifiable Data Breaches scheme

The following are what ? - a device containing customers' personal information is lost or stolen - a database containing personal information is hacked - personal information is mistakenly provided to the wrong person

Examples of a data breaches

Ashley Madison.com data breach

Exposed passwords, credit card information and activities of users

According to Akers the 4 learning mechanisms in Social Learning theory are - differential association - definitions - differential reinforcement - imitation Explain definitions

Exposure and engagement with peers or attitudes and norms which favour breaking law or providing justifications that neutralize possible negative consequences of deviance

LulzSec case study

Extensive breach of the computer systems belonging to Sony Pictures Europe. Published the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony Authorities have said the Sony breach ultimately cost the company more than $US600,000

Phone based scams are still more prevalent that online scams ?

False

True or false ? High self-control is one of the best correlates of crime and consistently linked to crime and deviance

False

What is the NCSS (US) ?

National Computer Security Survey

How could you apply Social Learning Theory to DIGITAL PIRACY ?

Need to download music or movie files without authorisation Individual needs to interact with fellow digital pirates, learn how and where to do downloads Imitate what they have observed Learn definitions supportive of violation of intellectual property laws Rewarded financially and/or socially for efforts to reinforce behaviour Friends/relationships provide information on methods of pirating and location of material; skills are learnt from interacting with others Peer associations assist in learning new methods of downloading through imitation and in supporting views of the 'lack of harm' and 'guidelines' indicating behavior is unethical

What is the dark figure of cyber crime ?

Not all attacks (attempted or successful) are reported to agencies or law enforcement. Only reported incidents end up in official reports/statistics. Resulting in a 'black hole' of information.

What is gain control of a computer ? in terms of UNAUTHORISED ACCESS 'computer as a target' motivations

Offenders can use/take over computers for unauthorised purposes i.e. war-driving - Use of service - Provides anonymous access to illegal content - Point of entry for computer system - Intercept communication

What is modification / impairment of data ? in terms of UNAUTHORISED ACCESS 'computer as a target' motivations

Offenders may not only gain access to data but may modify it in some way - to harm a company or conceal information - for financial or other advantage - changing grades; increasing credit limits

Attention

Various factors increase or decrease the amount of attention paid. Includes distinctiveness, effective valence, prevalence, complexity, functional value. Differs for individuals depending on characteristics such as sensory capacities, arousal level, perceptual set, past reinforcement).

True or false ? Low self-control is one of the best correlates of crime and consistently linked to crime and deviance

True

What does Hack or Malicious Code refer to ? IN TERMS OF UTI

an outsider's electronic entry acquired through social engineering (e.g., phishing email attack, planted or unauthorized USB drive) and carried out via software, such as malware and spyware

Cyber dependant

crimes that are true cybercrimes, can only exists because the technology exists

CC Generation 3

True cybercrime (opportunities created by the development of internet)

True / False ? Reporting data breaches in Australia has been made compulsory

True. Effective 22 February 2018

Social Security numbers are worth how much on the dark net ?

US$55.70

Health information and medical records are worth how much on the dark net ?

US$59.80

Passwords are worth how much on the dark net ?

US$75.80

Cyber enabled

existing/traditional crimes are perpetrated through the use of the internet

Opportunity model of victimisation has 2 central propositions, what are they ?

- An individuals routine activity patterns and lifestyle contributes to creation of criminal opportunity structure by enhancing contact between potential offenders and victims - The value of person/object and its level of guardianship determine choice of particular crime target

Basic postulates of Routine Activities Approach/Theory ?

- Assumption that there will always be motivated offenders. - Focus on social and technological changes that can affect crime rates. - Interested in examining how daily behavioural routines increase proximity of an attractive target to motivated offenders

Necessary conditions for effective modeling in Social Learning Theory, according to Bandura ?

- Attention - Retention - Reproduction - Motivation

ABS Census - a target ? why ?

high profile target public comments about privacy and security embarrass Australian government internationally building a reputation / ego based known / guaranteed event

What does Loss of Portable Equipment refer to ? IN TERMS OF UTI

lost, discarded, or stolen data storage device, such as a laptop, PDA, smart phone, portable memory device, CD, hard drive, or data tape

What is an Unintentional Insider Threats (UTI)

A current or former employee, contractor or business partner, who has or had authorised access to an organization's network, system, or data and who, through action or inaction without malicious intent, causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organisation's information or information systems.

What does Australian Cybercrime Online Reporting Network (ACORN) do ?

A national policing initiative and a national online system that allows the public to securely report instances of cybercrime. It will also provide advice to help people recognise and avoid common types of cybercrime.

What is social guardianship ?

protection from family or social networks

What do the Australian Consumer and Competition Commission (ACCC) ?

publishes fraud and scam statistics

What is this statement referring too ? "Much research on victimisation related to mainstream volume crimes such as burglary, rape and domestic violence, very little research on fraud and cybercrime victims"

Common perception that fraud and cybercrime is a 'victimless' crime that has little impact

What is personal guardianship ?

self-protective behaviours (and situational crime prevention)

What does Accidental Disclosure refer to ? IN TERMS OF UTI

sensitive information posted publicly on a website unintentionally; mishandled; sent to the wrong party via email, fax, or mail

Why are credentials valuable data ?

stealing intellectual property, espionage, launch phishing attacks

What does the NCSS (US) do ?

Documents the nature, prevalence, and impact of cyber intrusions against businesses in the United States

What does this statement mean ? Australia along with US, Russia, UK are highly connected countries.

Large majority (if not all) citizens/individuals have ready access to the internet and online engagement. That's what creates the opportunities for cybercrime.

What are some of costs to businesses as a result of cybercrime?

Reputation Opportunity costs from loss of IP Cost of remedy Legal costs Loss in trust in partnerships Lost productivity Ransom Cost to Australian economy Implementing new cyber security strategies Cost of investigation / examination Lost confidence

Apart from phone and online scams, what are other types of scams seen in Australia ?

SMS Door-to-door Employment Investment Romance Advance fee fraud Threat and penalty Prize Lottery Charity Small business False billing

How has technology become a 'crime enabler' ? How does technology assist criminal activities ?

Scale (increased the scale at which victims exists) Accessibility Anonymity Portability and transfer-ability Global reach Absence of capable guardian Organised crime

Why do scammers seek iTunes cards from victims as 'payment' or financial support (falsely represented) ?

Scammer can sell the voucher numbers on the online black market and put the credit into online accounts to purchase goods & services

What are the most common type of cyber activities experience by Australian businesses ?

Spear phishing emails - hundreds a day

What are 'other computer security incidents' ?

Spyware, adware, hacking, phishing, spoofing, pinging, port scanning, and theft of other information, regardless of whether the breach was successful

Who leads cyber security threat response activities (US) ?

The Department of Justice, acting through the FBI and the National Cyber Investigative Joint Task Force (NCIJTF)

Who leads cyber security intelligence support and related activities (US) ?

The Office of the Director of National Intelligence, through its Cyber Threat Intelligence Integration Center

- Non-payment and non-delivery - Personal data breach - Payment scams

Top 3 fraud/cyber-crimes reported by victims in US

- Phishing - Advance fee fraud - False billing scams

Top 3 fraud/cyber-crimes reported by victims to ACCC in AUS

What is Action Fraud ? (UK)

UK's national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime. Central point of contact for information about fraud and financially motivated internet crime

Of all types of cyber security incidents experienced by businesses, which incident type results in the lowest average cost to business ?

Wirus/worm/trojan or malware

What are the reported losses due to cyber crime in US ?

$1.3B

What dollar value in losses do investment scams cost Australians ?

$59M

What activities constitute "Crime where computers of ICTs are an integral part of the offence"

- Cyber fraud - Advance fee fraud - Identify theft

What is the dark figure of cyber crime in AUS (approx) ?

15%

What percentage of less developed countries have access to the internet ?

15%

How many cases of cyberfraud in AUS (approx) ?

200K

How many cases of computer misuse in UK (approx) per year ?

2M

How many cases of cyberfraud in UK (approx) per year ?

3.6M

How many cases of cyberfraud in US (approx) ?

300K

How many victims over cyber-crime in AUS ?

300K

What percentage of victims reports of cyber-crime in AUS are from males ?

39%

Of the affected business in Australia affected by one or more cyber security incidents how many do not report the incident ?

45%

True / False ? Attacks occur from both inside and external in 'Computer as a target' offences

True

True / False ? RAA not focused on assessing motives but on factors affecting victimization

True

True / False ? The ATO census system issues a result of DoS/DDos attack

True

Routine Activities Approach/Theory theorist ?

Cohen and Felson (1979)

Opportunity model of victimisation theory theorist ?

Miethe & Meier (1990)

What is Opportunity model of victimisation theory ?

Combination of RAA and Lifestyle approaches

Space Transition Theory theorist ?

Jaishankar (2008)

What percentage of business victimised (AUS) sustained financial losses exceeding $10,000 in 2005 ?

68%

What percentage of business victimised (US) sustained financial losses exceeding $10,000 in 2005 ?

68%

What percent of the global population have access to mobile broadband ?

84%

Approximately how many attempted or successful online fraud and cyber crime incidents (UK) are unreported ?

85%

What percentage of business experienced an cyber security attack/attacks (AUS) in 15/16 ?

86%

What percentage of business victimised (US) detected multiple cyber security incidents in 2005 ?

86%

What challenges, besides under reporting, is faced in cyber crime and fraud data collection / statistics ?

- Difficulty in identifying the victim, eg. bank fraud, is the victim an individual or the bank? - Many victims of a single criminal act, counting victims and/or crime events? eg. mass marketing fraud where there are thousands of victims from a single crime - Jurisdictional boundary issues, where is the crime 'counted'? - Data is distributed across multiple police agencies, government agencies and regulatory authorities

How can General Theory of Crime be applied to identity theft ?

- Easy and simple crime; gain 'quick' cash to support immediate wants

How can General Theory of Crime be applied to online child pornography ?

- Impulsive and focus on easy/simple immediate gratification

How can General Theory of Crime be applied to cyber harassment and stalking ?

- Inability to control their temper and resolve problems physically

What does unauthorised access (#1) refer to IN RELATION TO HACKING ?

- Logging into a computer of system without permission - Using networks to gain remote access - Exploit vulnerabilities

How can General Theory of Crime be applied to - Online harassment and stalking - Online pornography - Digital piracy - Identity theft

- Offender seeking immediate gratification - Offender lacks self-control - Offender lacks internal regulation

General Theory of Crime has been shown to reliably explain several types of cyber crime. What are they ?

- Online harassment and stalking - Online pornography - Digital piracy - Identity theft

A data breach occurs when ...

- Personal information held by an organisation is lost or subjected to unauthorised access or disclosure

Basic postulates of Space Transition Theory ?

- Persons with repressed criminal behavior (in physical space) have a propensity to commit crime in cyberspace, due to their status and position - Identity flexibility, dissociative anonymity, and lack of deterrence in cyberspace enables offenders the choice to commit crime - Criminal behaviour of offenders in cyberspace is likely to be imported to physical space; physical space may be exported cyberspace - Intermittent ventures of offenders in cyberspace and dynamic spatio-temporal nature of cyberspace provides chance to escape - strangers are likely to unite together in cyberspace to commit crime in physical space; associates in physical space are likely to unite to commit crime in cyberspace - Persons from closed society are likely to commit crime in cyberspace - The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cybercrimes

Structural factors

- Proximity and exposure - Pattern the nature of social interaction and predispose individuals to riskier situations

What are the characteristics of a Phishing scam ? (think fishing... wide net)

- Seek to obtain personal information, such as names, addresses, date of birth and tax file numbers - Use link shorteners or embed links that redirect users to suspicious websites in URLs (appear legitimate) - Incorporates threats, fear and/or sense of urgency to manipulate the user into acting quickly

Choice factors

- Target attractiveness and guardianship - Determine the selection of particular crime target within a sociospatial context

Akers reformulated Differential Association to specify learning mechanisms - social learning theory

- differential association - definitions - differential reinforcement - imitation

3 aspects of 'Computer as a target' offences...

- gaining unauthorised access to a computer or computer system; - causing unauthorized damage or impairment to computer data or the operation of the computer or system; - unauthorised interception of computer data

What are the characteristics of a Spear phishing scam ? (think fishing... more specific)

- increase in sophistication of attack - limit the target audience and increase the precision of their messages; increases the appeal of the message and apparent legitimacy - target individuals within a particular business sector, who work in the same company, in the same department, or who share some other common attribute - research their target(s) in order to maximise their chances of success

How can General Theory of Crime be applied to digital piracy ?

-Immediate gratification with little/no effort; little empathy for owners of intellectual property

3 main categories of HACKING

1. Unauthorised access to computers or computer systems 2. Malicious software 3. DoS attacks

In 2015-16 how many data breaches were reported to the Office of the Australian Information Commissioner (OAIC)?

107

In 2014-15 how many data breaches were reported to the Office of the Australian Information Commissioner (OAIC)?

110

How many users were affected by the Ashley Madison.com data breach ?

37M

What is General Theory of Crime?

A theory of self control. Posits that behaviour is regulated by social controls and self controls.

What is Social Learning Theory ?

A theory that learning takes place in a social context and can occur purely through observation or direct instruction, even in the absence of motor reproduction or direct reinforcement.

Offender motivations for UNAUTHORISED ACCESS category 'computer as target' offences

Access to information Modification or impairment of data Want to take over control of computer or system

According to Akers the 4 learning mechanisms in Social Learning theory are - differential association - definitions - differential reinforcement - imitation Explain differential association

An individuals exposure and engagement with peers provides models for deviant behaviour and definitions, eg. attitudes and norms

Spear phising

An offender is likely to use identity or 'hack the identity' of a third party that is to be known or of interest to the intended victim(s), such as a supplier, to leverage existing trust relationships

What is unauthorised access ? in terms of UNAUTHORISED ACCESS 'computer as a target' motivations

At the base level, this involves logging on to a computer and/or system without permission

What does this statement from the Australian Prime Minister relate to ? "As the Snowden disclosures demonstrate, often the most damaging risk to government or business online security is not 'malware' but 'warmware'; the ability of a trusted insider to cause massive disruption to a network or to use legitimate access to obtain classified material and then illegally disclose it."

Australian Cyber Security Strategy

What is the most valuable Australian identity credential?

Australian passport

Social Learning Theory theorist ?

Bandura / Akers

How does control affect an offenders behaviour according to General Theory of Crime ?

Belief that high criminality individuals have less control placed on them, making them more likely to pursue criminal acts

The following statement refers to what ? "Program that infects the target computer and allows it to be controlled remotely"

Bots

What is the 'crime triangle' ?

Crime occurs when there is a convergence in both space and time of three factors 1. Motivated offender 2. Suitable target / place 3. Absence of capable guardian with an additional layer added - 1. Handler 2. Manager 3. Guardian

Extortion - DoS attacks (#2) refer to IN RELATION TO HACKING ?

Cyber criminals have been known to follow a DDoS attack with a ransom note, demanding money in exchange for stopping the attacks

Business competition - DoS attacks (#2) refer to IN RELATION TO HACKING ?

DDoS attacks can be used by people to make the website of their competition to crash

Hacktivist - DoS attacks (#2) refer to IN RELATION TO HACKING ?

DDoS attacks to express displeasure against targets, ranging from governments to private companies

Typically happen because of human error or innocent mistake...

Data breaches

What are non-financial impacts (possible or real) impact of fraud and/or cyber crime ?

Feelings of anger Feelings of stress Psychological stress Relationship problems Health problems Loss of pension / income Decrease personal credit rating Loss of home Feelings or suicide Suicide attempt/s Mental health trigger

What are arguments against Space Transition Theory ?

Few empirical studies have examined the theory Variants of other theories Inconsistencies with current research on cybercrime offending and victimisation

What similarities do cyber-crime applicable theories have to traditional crime theories ?

Financial (gain) Satisfaction of desires (sexual) Power and control (harrassment, bullying) Thrill (excitement, immediate gratification)

Personal Guardianship activities

Firewalls Anti-virus software Passwords Two-step verification Encryption

According to what theory are individuals who are insensitive, impulsive are more likley to act on the spur of the moment (seek instant gratification) without considering consequences ?

General Theory of Crime

What theory does the following statement relate to ? "Crimes are simple acts that provide immediate gratification; offenders lack self-control and internal regulation"

General Theory of Crime

General Theory of Crime theorist ?

Gottfredson and Hirschi (1990)

Data breaches affected a number of sectors across Australia. What are they ?

Government Finance (including superannuation) Health service providers Retail Online services

Lifestyle exposure theory theorist ?

Hindelang, Gottfredson & Garofalo (1978)

How to offenders select targets for data breaches ?

Identify vulnerabilities Focused on "tricking users"

UTI Threat Vectors (paths/course/route)

Improper of Accidental Disposal of Physical Records Loss of Portable Equipment Accidental Disclosure Hack or Malicious Code

How is malicious software (malware) get distributed ?

In-direct - downloading (email attachment) Direct - physical intervention/infection (usb)

What does this statement refer to ? "Evidence that offenders regularly interact in cyberspace without any 'real world' connection"

Inconsistency of Space Transition Theory with current research on cybercrime offending and victimisation

2 types of adaptations in lifestyle according to Lifestyle Exposure Theory ?

Individual Sub-cultural

What is Denial of Service (DoS) or Distributed Denial of Service (DDoS) ?

Individuals may send thousands of emails or sufficient number of requests to website to overwhelm system - website is unable to cope with the number of requests it is receiving - Also can be achieved from a replicating program such as a virus to overwhelm the system.

What is the Privacy Amendment (Notifiable Data Breaches) Bill 2016 ?

Legislation to make data breach reporting compulsory, under some circumstances

The following statement relates to what victimisation theory ? "People are not equally exposed to high-risk places and times, and they vary in the degree to which they associate with high-risk persons. This translates to a persons lifestyle influencing the exposure and association with high-risk persons"

Lifestyle Exposure Theory

Why is variation in lifestyle important to Lifestyle exposure theory ?

Lifestyle is the context in which daily activities occur; daily activities may bring potential victims in contact with crime or increase risk of victimisation - differential exposure to places, times and people results in variations in victimisation risk

Lifestyle + Associations + Exposure = what ?

Likelihood of personal victimisation

What differences do cyber-crime applicable theories have to traditional crime theories ?

Malware Hacking Concept of space (virtual v physical) Anonymity

Opportunity model of victimisation theorist ?

Meithe & Meier (1990)

Reproduction

Mirroring. Including physical capabilities, and self-observation of reproduction.

Structural and choice factors affect (can increase) your likelihood of crime victimisation

Opportunity model of victimisation

How could you apply Social Learning Theory to HACKING ?

Peer associations have strong correlation; so too imitation and introduction and reinforcement of beliefs to excuse and justify hacking behaviours Hacking subculture Websites and chatrooms play large role in social learning processes; websites to learn basic hacking techinques

What is the Weakest link in Information Security ?

People / Humans

Why does social engineering work ?

People want to be helpful People want to give good customer service to coworkers, clients, and vendors

Types of guardians in cyber space ?

Personal Social Physical

Updating software/OS, using spam filters and checking email credentials are a form of what cyber guardianship ?

Personal Guardianship

Valuable data in data breaches ?

Personally Identifiable Information (PII) Financial data Credentials

Most common Social Engineering attack ?

Phishing scams

According to Akers the 4 learning mechanisms in Social Learning theory are - differential association - definitions - differential reinforcement - imitation Explain imitation

Plays key role in social learning process; particularly early in learning process. As learning continues, reinforcement and definitions take on increasing importance

What is Social Learning Theory ?

Posits that people learn from one another, via observation, imitation, and modeling. The theory has often been called a bridge between behaviorist and cognitive theories because it encompasses attention, memory, and motivation.

What is Space Transition Theory ?

Proposed individuals behave differently while online than they would in physical space + individual behavioural patterns are different online compared to physical environments

Opportunity model of victimology is a combination of which two theories ?

RAA X Lifestyle

Motivation

Reason to imitate. Includes motives such as past (i.e. traditional behaviorism), promised (imagined incentives) and vicarious (seeing and recalling the reinforced model)

The following refer to what ? - Hacktivist - Extortion - Business competition - Script kiddies

Reasons why DDoS attacks are launched

Retention

Remembering what you paid attention to. Includes symbolic coding, mental images, cognitive organization, symbolic rehearsal, motor rehearsal

What are the key impacts cyber security incidents for businesses ?

Resources Financial Service Reputation Other

What theory does the 'crime triangle' relate to ?

Routine Activities Approach/Theory

Yar (2005) argued what ?

Routine Activities Approach/Theory is not truly applicable to cyber crime as it does not meet the elements of time and space convergence (because cyber environments are spatially and temporarily disconnected

Several theories (victimisation) are applicable to cyber crime. What are they ?

Routine Activities Theory Lifestyle Exposure Theory Opportunity Model of Victimology

Who can you report cyber fraud victimisation to, in AUS ?

ScamWatch, ACORN, CERT, ACCC

Sharing security tips and cyber peers are a form of what cyber guardianship ?

Social Guardianship

What theory does the following relate to ? - Example applied to computer skills/expertise - Individuals need to learn how to operate equipment (ie. computer) and specific procedures (eg. programming) - This learning can occur from others already skilled in these techniques and processes

Social Learning theory

What theory does this statement relate to ? "individuals who have a greater proportion of beliefs that support deviant behaviours, they will be more likely to engage in those activities"

Social Learning theory

The following statement refers to what ? "Generic description of programs that in some way monitor computer use"

Spyware

What are the 2 core factors which affect offender decision making according to the Opportunity model of victimisation ?

Structural Choice

The following is what ? Economic Familial Educational Legal

Structural constraints

Who leads cyber security asset response activities (US) ?

The Department of Homeland Security, acting through the National Cybersecurity and Communications Integration Center

What is a predictor of cyberspace criminal behaviour, according to General Theory of Crime ?

The amount of control placed on the individual by law, society, school, friends, family etc

What is Lifestyle exposure theory ?

The lifestyle/exposure theory is a model of victimology that posits that the likelihood an individual will suffer a personal victimization depends heavily upon the concept of life style. The lifestyle theory is constructed upon several premises.

Social Engineering in the context of UTI

The manipulation of people to get them to unwittingly perform actions that cause harm (or increase the probability of causing future harm) to the confidentiality, integrity, or availability of the organisation's resources or assets, including information, information systems, or financial systems

What are victimisation theories ?

Theories about the factors the place individuals at risk of becoming a victim of crime

What are new / old theories ?

Theories about why some individuals are more likely to commit crime.

Script kiddies - DoS attacks (#2) refer to IN RELATION TO HACKING ?

These type of DDoS attacks are performed by cyber vandals using premade scripts and tools disrupt internet users — usually online gamers

LulzSec case study

Took credit for denial-of-service attacks last year against PayPal, Visa, and Mastercard after the payment service providers announced they would stop processing donations intended for the secret-spilling site WikiLeaks

The following statement refers to what ? "Appear to be innocent programs but contain hidden functions"

Trojans / Trojan horses

The following statement refers to what ? "Infects computers and performs a programmed function, deletion or modification of data and installation of other malwear"

Viruses and worms

Indra Fraud / Scam case study

Migrant who had been contacted by scammers, and was convinced to pay over $2000 to 'save' her husband from arrest (which was false)

What percentage did ATO scams (reported) increase by between 2014 and 2015 ?

90%

What is/does the Australian Consumer Fraud Taskforce (ACFT) do ?

Comprised of government regulatory agencies and departments with responsibility for consumer protection and policing in the areas of scams and fraud

What are the following factors of ? - increasing use of social media - iTunes and gift card scams - threat-based and impersonation scams - scams targeting businesses

Emerging scams trends in 2016

What does the following statement refer to ? Whilst similar to transitional crimes and a lot of overlap, technology has created discrete crimes specific to cyberspace. To some extent yes, but majority of cybercrimes only exists because of the technology. Most are existing crimes, created in new ways.

Old Wine in New Bottles

How many potential victims exist (globally) as a result of the rapid development of technology and increased used in daily life ?

Over 4 billion devices are connected globally to mobile broadband

What is the Cyber-security National Action Plan ? (US)

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries and terrorists

What are the reported losses due to cyber fraud as stated by ABS Personal Fraud Survey ?

$3B

What dollar value in losses do dating and romance scams cost Australians ?

$42M

What are key indicators of ATO scam emails ?

- The email address isn't correct, or looks to be linked to a 'spoof/copy' account - the email not being personalised - poor grammar - states that you are eligible for a large unexpected refund - Requests you click on an active link to 'download' something - asks for personal identification documents to 'verify your identity' - requests you open an attachment that is embedded within the email

What are the 3 generations of cyber-crime ?

- computers used to assist traditional offending - committed across networks, crime as hybrids - true cybercrime (opportunities created by the development of internet)

Apply routine activities approach to Advance Fee Fraud ?

A person who spent long hours on the internet would be more likely to become a target to a global pool of motivated offenders. Fewer internet security measures would mean greater likelihood of victimisation because of the absence of capable guardianship to prevent the crime from occurring.

What is this an example of ? 57-year-old man received a call that appeared to originate from Victoria. The victim answered the call and was spoken to by an unknown man. The caller said he was from the ATO, and there was a pending warrant for the victim in relation to outstanding tax owed. The man then instructed the victim to buy $1300 worth of iTunes gift cards, which he did at a local supermarket while still on the phone. The victim was then asked to read the serial numbers of the cards over the phone to the unknown man, which he did

ATO and iTunes Card Scam

What type of fraud do these activities relate to - offers to participate in business deals; - assisting dignitaries by paying fees to move large sums of money out of a foreign country in order to receive a share of the proceeds; - paying fees in order to receive lottery winnings/inheritance/prize - paying money to develop a relationship or marriage

Advance Fee Fraud

What type of cyber-crime or fraud has the highest reported losses for Australian's ?

Advance Fee Fraud - such scams have had a huge impact globally, with Ultrascan (2008) estimating that US$4.3b was lost to advance fee fraud in 2006.

ASCC, ASD, DIO, ASIO, CERT, ACIC and AFP are all apart of what ? (AUS)

Australia's Cyber Security Strategy

What is Australia's legislative regime on cyber-crime ?

Australian Cybercrime Act 2001 (Cth)

How does anonymity 'enable' crime on the internet ?

Creates opportunities for offenders to offend at a distance from their offenders, and in relative secrecy due to privacy software, difficulty in tracing locations, use of false names or false personal accounts/social media profiles. Obviously the most skilled you are, the easier it is to 'cloak' your movements or identity online. However this also means it inhibits detection and prevention by law enforcement

What is 'cyber theft' ?

Crimes in which a computer is used to steal money or other things of value ie. embezzlement, fraud, theft of intellectual property, and theft of personal or financial data.

What is a 'cyber attack' ?

Crimes in which the computer system is the target ie. computer viruses (including worms and Trojan horses), denial of service attacks, and electronic vandalism or sabotage.

A. There are three major categories of cybercrime. What are they ?

Cyber DEPENDANT Cyber ENABLED COMPUTER-SUPPORTED


Related study sets

Nonforfeiture, Dividend, and Settlement Options

View Set

AP Euro Vocab: Period 1: 1450-1648

View Set

Ballast PPP - Ch. 2, Environmental Analysis & Project Planning

View Set

Foundations of Tech semester test

View Set