Chapter 3

Computer and Internet Crime

Chapter 3 - Computer and Internet Crime 1

 Chapter 3 - Objectives
1. Discuss key trade-offs and ethical issues associated with
safeguarding of data and information systems.
2. Identify reasons for the increase in the number of Internet-
related security incidents.
3. Describe the most common types of computer security
attacks.
4. Outline the characteristics of common perpetrators
including their objectives, available resources, willingness to
accept risk, and frequency of attack.
5. Describe a multi-level process for managing Internet
vulnerabilities based on the concept of reasonable
assurance.
6. Outline the actions that must be taken in response to a
security incident.
Chapter 3 - Computer and Internet Crime 2
 IT Security Incidents
Year Number of Incidents Reported

2003 137,529
2002 82,094
2001 52,658
2000 21,756
1999 9,859

1998 3,734

1997 2,134 Total: 1988-2003: 319,992

Source: CERT Web site at www.CERT.org/stats

Chapter 3 - Computer and Internet Crime 3

 Increased Internet Security
Incidents
1. Increasing complexity increases
vulnerability.
2. Higher computer user error and access
to information.
3. Expanding and changing environment
introduces new risks.
4. Increased reliance on commercial
software with known vulnerabilities.
Chapter 3 - Computer and Internet Crime 4
 Types of Internet Attacks
• Virus
• Worm
• Trojan Horse
• Denial-of-Service Attacks

Chapter 3 - Computer and Internet Crime 5

 Virus
• The term “computer virus” is an
umbrella term used for many types of
malicious code.
• A virus is usually a piece of programming
code that causes some unexpected and
usually undesirable event.
• Most viruses deliver a “payload” or
malicious act.

Chapter 3 - Computer and Internet Crime 6

 Virus
• Viruses may execute and affect your
computer in many different ways.
– Replicate themselves
– Reside in memory and infect other files
– Modify and/or create new files
• Most common viruses are “macro” viruses.
These viruses use an application language
such as VBScript to infect and replicate
documents and templates.
Chapter 3 - Computer and Internet Crime 7
 Worm
• A worm is a computer program, which
replicates itself and is self-propagating.
Worms, as opposed to viruses, are meant to
spawn in network environments.
(http://www.easydesksoftware.com/glossary.htm)
• Worms are also harmful and they differ from
standard viruses in that they have this ability
to “self-propagate” without human
intervention.
Chapter 3 - Computer and Internet Crime 8
 Trojan Horse
• A Trojan horse is a program that gets
secretly installed on a computer, planting
a harmful payload that can allow the
hacker to do such things as steal
passwords or spy on users by recording
keystrokes and transmitting them to a
third party.

Chapter 3 - Computer and Internet Crime 9

 Trojan Horse – Logic Bomb
• A logic bomb is a type of Trojan horse
that executes when a specific condition
occurs.
• Logic bombs can be triggered by a
change in a particular file, typing a
specific series of key strokes, or by a
specific time or date.

Chapter 3 - Computer and Internet Crime 10

 Denial-of-Service Attack
• A denial-of-service attack is one in which a
malicious hacker takes over computers on the
Internet and causes them to flood a target site
with demands for data and other tasks.
SCO and Microsoft – MyDoom.a and .b
• Denial of service does not involve a computer
break-in; it simply keeps the target machine so
busy responding to the automated requests that
legitimate users cannot get work done.

Chapter 3 - Computer and Internet Crime 11

 Denial-of-Service Attack
• Zombies are computers that send these
requests.
• Spoofing is the practice of putting a
false return address on a data packet.
• Filtering is the process of preventing
packets with false IP addresses from
being passed on.

Chapter 3 - Computer and Internet Crime 12

 Classification of Perpetrators of
Computer Crime
Type of Objective Resources available to Level of risk Frequency of
perpetrator perpetrator taking Attack
acceptable to
perpetrator

Hacker Test limits of system, gain publicity Limited Minimal High

Cracker Cause problems, steal data, corrupt Limited Moderate Medium

systems

Insider Financial gain or disrupt Knowledge of systems Moderate Low

company’s information systems and passwords

Industrial spy Capture trade secrets or gain Well funded, well trained Minimal Low
competitive advantage

Cybercriminal Financial gain Well funded, well trained Moderate Low

Cyberterrorist Cause destruction to key Not necessarily well Very high Low
infrastructure components funded nor well trained

See: Three Blind Phreaks

Chapter 3 - Computer and Internet Crime 13
 Hacker
• A hacker is an individual who tests the
limitations of systems out of
intellectual curiosity.
• Unfortunately, much of what hackers
(and crackers) do is illegal.
– Breaking into networks and systems.
– Defacing web pages.
– Crashing computers.
– Spreading harmful programs or hate messages.

Chapter 3 - Computer and Internet Crime 14

 Hacker
• Crackers are hackers who break code.
• Malicious insiders are a security
concern for companies. Insiders may
be employees, consultants, or
contractors. They have knowledge of
internal systems and know where the
weak points are.

Chapter 3 - Computer and Internet Crime 15

 Forms of Computer Criminals
• Malicious insiders are the number one security
concern for companies.
• Industrial spies use illegal means to obtain trade
secrets from the competitors of firms for which
they are hired.
• Cybercriminals are criminals who hack into
computers and steal money.
• Cyberterrorists are people who intimidate or
coerce a government to advance their political or
social objectives by launching attacks against
computers and networks.
Chapter 3 - Computer and Internet Crime 16
 Legal Overview
• Fraud is obtaining title to property through
deception or trickery.
• To prove fraud four elements must be
shown:
– The wrongdoer made a false representation of
the material fact.
– The wrongdoer intended to deceive the innocent
party.
– The innocent party justifiably relied on the
misrepresentation.
– The innocent party was injured.
Chapter 3 - Computer and Internet Crime 17
 Reducing Internet Vulnerabilities
• Risk assessment is an organization’s review of
the potential threats to its computer and network
and the probability of those threats occurring.
• Establish a security policy that defines the
security requirements of an organization and
describes the controls and sanctions to be used
to meet those requirements.
• Educate employees, contractors, and part-time
workers in the importance of security so that they
will be motivated to understand and follow
security policy.

Chapter 3 - Computer and Internet Crime 18

 Prevention
• Install a corporate firewall.
• Install anti-virus software on personal computers.
• Implement safeguards against attacks by malicious insiders.
• Address the ten most critical Internet security threats (10
each in Windows and UNIX):
• Verify backup processes for critical software and databases.
• Conduct periodic IT security audits.
• MS Patch for IE. Implications of changes, speed of reaction

Chapter 3 - Computer and Internet Crime 19

 Detection
• Intrusion detection systems monitor system and
network resources and activities and, using
information gathered from theses sources, they
notify authorities when they identify a possible
intrusion.
• Honeypot is a computer on your network that
contains no data or applications critical to the
company but has enough interesting data to lure
intruders so that they can be observed in action.

Chapter 3 - Computer and Internet Crime 20

 Response
• Incident notification is the plan and process
used to notify company individuals when a
computer attack has happened. In addition,
your company should be prepared to:
– Protect evidence and activity logs
– Incident containment
– Incident eradication
– Incident follow-up

Chapter 3 - Computer and Internet Crime 21

 Summary
• Business managers, IT professionals, and
IT users all face a number of ethical
decisions regarding IT security.
• The increased complexity of the
computing environment has led to an
increase in the number of security
related issues.

Chapter 3 - Computer and Internet Crime 22

 Summary
• Common computer attacks include
viruses, worms, Trojan horses, and
denial-of-service attacks.
• Computer hackers include general
hackers, crackers, and malicious
insiders.

Chapter 3 - Computer and Internet Crime 23

 Summary
• A strong security program is a safeguard
for a company’s systems and data.
• An incident response plan includes:
– Protect evidence and activity logs.
– Incident containment.
– Incident eradication.
– Incident follow-up.

Chapter 3 - Computer and Internet Crime 24

 Case 1
Cybercrime: Even Microsoft is
Vulnerable
• On October 27, 2000, Microsoft
acknowledges that its security had been
breached and that outsiders using a
Trojan house virus had been able to
view source code for computer
programs under development .

Chapter 3 - Computer and Internet Crime 25

 Case 2
Visa Combats Online Credit
Card Fraud
• Visa-branded credit cards generate
almost $2 trillion in annual volume and are
acceptable at over 22 million location
around the world. Visa is reviewing new
ways of authenticating user transactions.

Chapter 3 - Computer and Internet Crime 26

 In the News, and more…

• Teen Hacker avoids jail sentence

• The Register: Security and Viruses
• Google News: Hacking, Computer Security,
etc

Chapter 3 - Computer and Internet Crime 27