DB WK 3: Computer Hackers

CYBER CRIME

Chapter 3

Objectives

· Review Traditional Problems in the Recognition and Prosecution of Computer Crime

· Discuss the History of Computer Crimes

· Explore the Traditional Rationales for Phreakers and Hackers

· Discuss the Evolution of Hacking

· Acquire an Appreciation for Computers as Marketable Commodities

· Explore the Current State of Computer Crimes Globally

Details

Traditional Problems vs. Emerging Issues

· Normally criminal statutes are based upon the physical location (vicinage) of the act

· Jurisdictional issues usually involve which court (local, state, federal, military, Indian Reservation), will prosecute the case

· Cybercrime expands beyond the spatial boundaries into global connectivity

· Cybercrime obscures the jurisdictional landscape for traditional crimes

· Identifying the vicinage is difficult

· Scenario: Resident of Tennessee places an illegal wager on a sporting event by purchasing gaming software from a site located overseas

· The winnings are electronically transferred to an account in Las Vegas

· He violated state and federal gambling laws by possessing a gaming device but inconclusive whether he placed any bets

· Conclusion: lack of physicality creates questions about crime being committed and which agency has jurisdiction

· Cybercrime is not enforced by any International Agreements or Memorandums of Understanding

· Many countries have become safe havens for cybercrime because they receive significant compensation in the form of corporate taxes (payoffs) from fraudsters

· Cybercriminals use techniques that mask or block their identities

· Anonymizer: sites which enable the user to mask their IP (computer) addresses through rerouting, remailing, or deletion of header information

· Privacy advocates support the these sites as a nurturing environment for First Amendment

· Criminals use encryption programs to hide their activities

· Federal government attempting to enact laws that would make encryption keys discoverable by subpoena

· Evidence Retrieval

· Internet service providers not required to maintain transmission records like telecommunications companies

· Digital evidence is voluminous thus time consuming for investigators

· Digital evidence is easily modified or deleted

Historical Highlights of Computer Crime

· First computer crime: ( 1800’s) workers at a textile plant destroyed a machine that automated several steps in manufacturing process threatening manual labor jobs

· (1986) Russian KGB operative (Cal Berkeley employee) hacked into military database and obtained information

· (1988) Cornell student created damaging program (Morris worm) that attacked computers via the Internet; damaged 6,000 computers; $5-100 million in losses

Phreakers and Hackers

· Phreakers: manipulation of telecommunication carriers to gain knowledge of telecommunications and/or theft of services

· Illegal access to Private Branch Exchange Systems (Businesses)

· Illegal use of access codes and access tones

· Shoulder surfing: looking over person’s shoulder while dialing

· War dialing: testing numerous codes until one is successful

· Used in college dorms, military bases, traveling business teams

· Hacking: term used by MIT students in 1960’s referring to techniques that identify computer shortcuts or clever pranks; (1980’s) term was popularized in the film, War Games

· Traditional hacker culture was characterized by anti-establishment rhetoric

· Hackers use a service that could be inexpensive except it’s run by profiteering gluttons

· We explore and you call us criminals

· We seek after knowledge and you call us criminals

· We exist without skin color, without nationality, without religious bias and you call us criminals

· Hacker Typologies

· White hat hackers: individuals who identify system vulnerabilities in the interest of promoting heightened security

· Black hat hackers: individuals who identify and exploit system vulnerabilities for illegal purposes such as destruction or theft

· Gray hat hackers: may identify weaknesses in systems for administrators but also sell information to black hat hackers

Computer Intrusion Motivations

· Boredom (informational voyeurism): individuals are motivated by inquisitiveness to sensationalism

· Intellectual challenge (mining for knowledge-pure hackers-thrill seekers): subculture that proclaim to be seekers of knowledge and reject any individuals who use skills for cybercrime

· Revenge (insiders, disgruntled employees): intentional acts of destruction by insiders who become disgruntled after being passed over for promotion or laid off by budget cuts; unintentional breach of security protocols pose most significant threat (failure to protect passwords) cite p. 60 (Seeking Revenge)

· Sexual Gratification (stalking, harassment): Sexual predators

· Economic ( Criminals): Personal gain

· Political (hacktivists, terrorists, spies): Extremist groups target government and business entities for ideological, religious beliefs

Hierarchy of Contemporary Cybercriminals

· Script kiddies: Lowest form of cybercriminal; inexperienced hackers who employ scripts or other programs authored by others to exploit security vulnerabilities

· Motivations range from simple pranks on college campuses to criminal profit when hackers capture bank accounts and password information to access victim’s account

· Cyberpunks: law enforcement labels these individuals who vandalize and destroy computers by introducing viruses and worms for no economic gain

· Crackers: Sophisticated users who employ their knowledge for personal gain

· Cybercriminal Organizations: term does not include traditional organized crime groups but rather groups of individuals who use the internet to communicate collaborate and facilitate cybercrime

· Hacktivists: Fastest growing group of hackers; activist groups added data breaches to their arsenal of destructive weapons

Computers as Targets

· Hardware:

· Computer chips

· Integrated circuits

· CPU’s

· Motherboards

· Ethercards

· Resale of components are high due to difficulty in tracing them

· Blackmarket dealers are organized groups trafficking in stolen computer components that solicit orders and target victims accordingly

· Gray market dealers are legitimate businesses that buy stolen components from thieves and sell to customers who want custom computers

· Theft of Intellectual Property

· Software: Industries involved in mass production of intellectual property have benefited from enhanced production strategies

· Digital pirates have targeted these industries to duplicate and distribute unauthorized copies of their intellectual property

· Top Target Industries: Manufacturing, Sales/distribution, Service, Financial Services, Software Development

· (2010) theft of software for personal computers increased by 14%; $59 billion

· Film Piracy: Optical disc piracy, Internet piracy, video-cassette piracy, theatrical print theft, broadcast piracy

· Overseas market for American films involves new releases and old films

· Primary market in US are those films not yet available on DVD or cable

· Illegal copying and distribution are done by individuals and organized crime groups