CyberCrime Week 4-Ransomware
1
CYBER CRIME
Chapter 4
Objectives
· Explore the current state of Internet crimes
· Discuss emerging trends in Web-based crime
· Describe the six classifications of motive for computer intruders
· Become familiar with more computer terms and recent laws that aid the government in cracking down on computer criminals
· Gain knowledge of modern terrorists and their use of technology which is changing the face of terrorism
Details
I.Web-Based Criminal Activity: Introduction
· Originally “computer crime” referred to theft of computers or components
· Cyberage changed the focus to “theft of information”
· Combination of the computer and telecommunications has increased crime in cyberspace
· The Anonymity factor has expanded the number of offenders
· Internet gambling promoted by the Web increased across the country
· People who would never walk into an Adult book store view porn at home
· Individuals who would be afraid to commit a violent bank robbery would alter bank records or manipulate stock records
· People who were reluctant to take revenge through traditional avenues may feel comfortable posting embarrassing or compromising information on the Web
· Hackers have become a significant threat to achieve publicity
· Hacker group named “ Global Hell” suspected of hacking into Army, FBI and WH
· Impact of computer crime
· Financial losses
· Personal security (Identity theft)
· Industrial espionage
· International security
· Public safety
· Eco-terrorism
· Traditional competition among companies may have escalated to malicious destruction of data or theft by physical means
· The internet introduced interconnectivity of technical devices within corporations which increased the vulnerability of companies’ information assets
· Impact of a physical mail bomb (explosive device) was limited to the immediate physical area surrounding the packaging
· Impact of an e-mail bomb is potentially very broad and may include a dismantling of the company’s informational infrastructure
· Viruses
· ( 1960’s) first computer virus named, “the rabbit’: reduced productivity of computer systems by cloning themselves and occupying system resources
· Rabbits were local and could not spread across systems
· Caused by mistakes or pranks by system programmers
· Four Distinct Eras of Computer Viruses
· Classical Era (1960’s-1970’s); system anomalies; accidents; pranks by system administrators
· Floppy Era (1980’s-1990’s); infection of DOS machines spread by removable media; easy to detect, isolate and eliminate
· Macro Era (1990’s-2000’s); infect documents and templates, not
programs; virus infects system when user opens the corrupted document
(Microsoft-Macintosh); further spread by e-mails, networks and the
Internet
· Melissa Virus (1999); infected 20% of US largest businesses; created by David Smith, advertised to contain password to Adult Web sites; propagated itself by sending virus to victim’s computer address files;
Sentenced to 20 months in federal prison and $5,000 fine
· Internet Era ( 2000-present); used infected systems address book to spread infections
· CodeRed: scanned internet for vulnerable machines, then infected them
· Nimda: infected computers with corrupt e-mails that entered computer if user viewed MS Outlook through a preview window
· Denial of Service (DoS) Attacks
· Primary objective is to disable a system, not access
· Mail bombing: jam system server with voluminous e-mails
· Manipulation of phone switches
· Low level data transmission
· Directed at Amazon, eBay and Yahoo
· Distributed Denial of Service (DDoS) Attacks
· (1991); first DDoS attacks; use large batches of compromised computers, named Zombies or bots, to increase their impact on victims
· Most owners of Zombie computers were unaware that they were compromised
· Motivations range from boredom to theft to extortion
· Hacktivists have launched DDoS attacks against religious and financial organizations
· (2006) Organized crime family was threatened with DDoS attack of the org’s
online gaming site. The org paid protection money (extortion)
· Spam: Abuse of electronic messaging systems to randomly or indiscriminately send unsolicited bulk messages
· Traditionally used by businesses to advertise
· Also used by porn sites
· Recent study disclosed significant loss of productivity by businesses caused by workers deleting spam from their computers at work; $22 billion
· Attacks increasing: spread viruses; malware, DDoS, identity theft, promote political extremism
· (2006) Can Spam Act used to convict Daniel Lin; three years, federal prison; $10,000 fine
· Distributed millions of e-mail messages with fraudulent header information through a variety of zombie computers advertising health care products
· Ransomeware
· Used most often to extort money from victims
· Malware program which encrypts or disables computer system until demands are met (extortion)
· Originally surfaced in 1989 then went low key until 2005
· Greatest risk to cyber criminal is being identified when money is transferred
· Create e-shell companies to accept ransom money
· Use legitimate online merchant to receive money from victim for commission based referral service
II. Theft of Information, Data Manipulation and Web Encroachment
· Two methods of obtaining confidential information- computer system intrusion & employees
· Employees are the most vulnerable component
· Criminals use deceptive practices through social engineering to gain access to company computers or telephone systems
· Criminals disguise themselves as vendors for security system or IT department
· Employees fail to protect their passwords due to laziness and lack of security awareness
· Criminals use shoulder surfing as a method to gain confidential information: watching over someone’s shoulder as they log on or input data into their computer
· Employees discard confidential information in common garbage receptacles instead of designated Confidential Bins or paper shredders
· Business and government entities do not set employee training as a high priority
· Trade Secrets and Copyrights
· Some criminals sell proprietary information to industry competitors for personal gain or national patriotism
· Gillette corporation employee was caught using company equipment to solicit bids for the design specs for Gillette’s Mach-3 razor
· French government ( Intelligence Service) used eavesdropping devices on French planes to obtain confidential information from an American company that was competing against a French company for business contracts
· Political Espionage
· Advanced technology has also increased the threats to the nation’s public infrastructure from communications to banking
· Theft of information is a significant threat
· Government entities have been criticized for not investing enough money to protect secrets technologically stored or created
· Recent audit of laptop computers for US State Department:
· did not have an accurate accounting for classified and unclassified laptop computers in bureaus covered in the audit
· 27 laptops were missing
· 35 were not available for inspection
· 57 had been disposed
· 215 laptops were inspected for encryption protection: 172 failed
· FBI estimates at least 120 foreign governments actively pursuing information in the US
· Traditional methods of stealing CPU’s, employee laptops and other devices are very common
· Employees failed to adequately safeguard the laptops in many cases
III. Cyberterrorism :
· politically or religiously motivated attack against data compilations, computer programs, and/or information systems
· intended to disrupt and/or deny service or acquire information
· which disrupts the social, physical, or political infrastructure of a target
· Computers may be the target or be incidental to the activity i.e. the means of retrieving the information
· Attacks may be in the form of hackng, DDoS, viruses, worms
· Centers of Disease Control (CDC)
· Altering small portion of a formula for a vaccination
· Changing labeling instructions for biological contaminants
· Systematically removing years of priceless research or patients records
· Introduction of viruses or worms could wreak havoc on public health
· A virus destroyed over 40% of patient’s records in one US hospital
· Terrorist Organization Propaganda Dissemination
· International (Nation of Islam) and domestic (White Aryan Resistance) use virtual platforms to spread their messages
· Solicit funds and recruit new members
· Communicate with each other via e-mails using strong encryption protections
· Ramzi Yousef (WTC bombing conspirator had bombing plans in encrypted files on his laptop computer)
· Launching of DDoS and defacement of Web sites of foreign governments
· Chinese hackivists threatened to launch DoS attacks against American financial institutions and government sites following the crash of a US spy plane and Chinese fighter plane
· Neotraditional Crime
· Dissemination of Contraband
· Child Pornography: Many pedophiles and child porn peddlers meet on the electronic bulletin boards and chat rooms
· They are protected under the First Amendment because they have the same “common carrier” status as the telephone company and post office
· Example: NAMBLA (North American Man Boy Love Association) has a Web-site
· Motivations for child pornography possession
· Pedophilia or hebephilia: satisfies sexual fantasies or provide gratification for those individuals who are sexually interested in prepubescent children or adolescents
· Sexual miscreants: satisfies a new and different sexual stimuli
· Curiosity seekers: possession satisfies a peculiar curiosity
· Criminal opportunists: possession and subsequent distribution is designed for economic profit
· Profile of Offenders ( Office of Juvenile Justice and Delinquency Prevention & National Center for Missing and Exploited Children)
· White males older than 25
· Majority (83%) had images of prepubescent children engaging in sex
· More than 20% depicted sexual violence toward the children
· 40% arrested for child porn were considered “dual offenders” (also sexually victimized children)
· 15% attempted to sexually victimize children by soliciting undercover police who posed online as minors
· Most of the child porn cases (60 %) originated from local and state agencies; balance by federal and international authorities
· Above statistics are based upon arrest records only so extent of online victimization of children via the Internet is difficult to determine
· On Line Victim Profile
· Children who express frustration with parental controls or appear naïve or vulnerable
· Children are confused about their sexuality
· Children who express feelings of being outsiders from their peer groups
· Children who enjoy unsupervised computer communications
· Many children actively seek association with adult suitors but many are lured into fictional relationships that encourage dangerous liaisons
· Online Pharmacies
· Convenient in terms of shopping and ordering
· Many operate illegally w/o licenses or dispense medicines in states where they are not licensed
· Some don’t require a valid prescription
· Some dispense medicine on demand w/o prescription
· “ Operation Cyber Chase” 2005
· Illegal online pharmaceutical sales operation based in India
· Supplied drugs for 200 Web sites
· Sold $20 million worth of controlled substances w/o prescriptions global customers
· FBI and DEA arrested individuals from India, Canada and US
· Seized $7 million from banks and 7 million doses of drugs
· Online Gambling
· First online gambling casino launched (Internet Casinos, Inc.)
· Revenues for 2005 were $10 billion; projected to increase to $180 billion by 2015
· Significant support from politicians, labor unions and community groups
· Lack of physicality makes online casinos accessible to any user with a computer, Iphone or IPAD
· Continuous operation makes them accessible 24/7
· Accessibility to minors increase the consumer base as proper age verification is not attempted
· Increase in e-banking allows users to access funds w/o leaving their chair; psychological intangibility of e-cash encourages customers to overspend
· Risks to individuals and communities
· Addiction
· Bankruptcy
· Crime
· Fail to create jobs or other revenue
· Threatening and Harassing Communications
· Stalking: willful, malicious, and repeated following and/or harassing another person in an effort to inflict or cause fear of actual harm through words or deeds
· Offender profile: White males(18-35)
· Victim profile: Females or Children
· Categories of Motivation
· Obsessional Stalkers: re-establish relationship with unwilling partner and are considered to be the most dangerous
· Love Obsession Stalker: individuals have low self-esteem and target victim they hold in high regard
· Erotomaniacs: stalkers are delusional and believe victims are in love with them or had a previous relationship with them
· Vengeance or Terrorist Stalker: economic gain or revenge
· Cyberstalking: same definition as stalking but done by electronic means
· Activities may be threatening or may result in injury
· Sending barrage of threatening e-mails
· Cyberharassment
· Activities are threatening, harassing or injurious on their face
· Focuses on actual harm suffered including defacement of character
· Posting fictitious or slanderous information in a public forum
· Courts have been reluctant to establish electronic boundaries of the First Amendment and have narrowly interpreted cyberstalking and cyberharassment legislation
· Cyberbullying: Aggressive, intentional act carried out by a group or individual, using electronic forms of contact, repeatedly and over time against a victim who cannot easily defend themselves
· May be committed using e-mails, social networking sites, Web pages, blogs, chat rooms, or instant messaging
· Case example: 10/17/2006, Megan Meier, 13, committed suicide after receiving hateful e-mails and IM’s from an adult female (mother of former friend and classmate of Megan) posing as a teen-age boy. Suspect was indicted on several charges and found guilty on one misdemeanor violation of the “Computer Fraud and Abuse Act”, subsequently overturned
· Online Fraud: fraud is the intentional deception, misrepresentation, or falsehood made with the intention of receiving unwarranted compensation or gratification
· Internet has provided cybercriminals anonymity and accessibility to the global community of citizens and businesses
· Auction Fraud: common fraudulent activity on the Internet: 4 types
· Nondelivery: accepts payment for item, fails to deliver
· Misrepresentation: deceives bidder on condition of item
· Fee-stacking: adds hidden charges to the advertised price of an item (ship-handling)
· Shill bidding: seller drives up price of their own item by making bids on their own items
· Case Example: page 10
· Online Credit Card Fraud
· Skimming: fraudsters install devices on card readers located in ATM’s, gas pumps, restaurants wherever magnetic strip credit card readers are employed. The information is transferred to another card for downloading
· Radio Frequency Identification (RFID): fraudsters use them to copy credit card information as they walk past individuals in street, subways, malls, concerts, etc.
· Information gleaned from the above techniques may be sold on carding sites where other criminals can purchase credit card dumps
· Securities Fraud
· Manipulating stock prices by posting false information on fraudulent Web sites and legitimate Web sites
· Page 104-105 for cases
· Insider Trading
· Individuals using chat rooms to provide others with material non-public information on companies
· Note case on page 105
· e-Fencing: sale of stolen goods through tech means
· organized retail theft rings post stolen goods on online auction sites
· Fraudulent Instruments: Counterfeiting & Forgery
· Counterfeiting: act of creating a fraudulent document with criminal intent
· Forgery: act of falsifying a document with criminal intent
· Made easier with high-level graphics software and hardware advances
· Create fraudulent payroll checks and generate forged signatures for authentication
· Ancillary Crimes
· Money Laundering: enterprise or practice of engaging in deliberate financial transactions to conceal the identity, source, and/or destination of income.
· Three stages
· Placement: initial point of entry for illicit funds (open account)
· Layering: develop complex network of transactions to obscure source of illegal funds
· Integration: return funds to legitimate economy