Post on 22-Feb-2016
description
Crime and Cyber-crime
Pieter Hartel
Cyber-crime Science2
Crime
Acts or missions forbidden by law that can be punished […], against:» persons (e.g. rape, assault, murder, suicide)» property (e.g. fraud, arson, theft, vandalism)» the state (e.g. riot, treason, sabotage, terrorism)» morality (e.g. gambling, drugs, obscenity)
Disorder is broader than crime, e.g.» Littering, graffiti, loitering, etc.
[Wil98] J. Q. Wilson and R. J. Herrnstein. Crime & Human Nature: The Definitive Study of the Causes of Crime. Free Press, Jan 1998.
Cyber-crime Science3
Example
Burglars steal, destroy Molalla water system computer Published: Thursday, March 25, 2010
By Rick Bella, The Oregonian MOLALLA -- Police are looking for burglars who broke into the city's water-treatment plant and stole the system's computer.
Cyber-crime Science4
Cyber-crime
Crime where computers are used as a tool, target or place:» Computer assisted crime
(e.g. Advance fee fraud)» Computer integrity crime
(e.g. DDoS attack)» Computer content crime
(e.g. Software piracy)
[New09] G. R. Newman. Cybercrime. In M. D. Krohn, et al, editors, Handbook on Crime and Deviance. Springer, Nov 2009. http://dx.doi.org/10.1007/978-1-4419-0245-0_25
Cyber-crime Science
Technology and crime
5
Which of these are “virtual”? Which of these promote anonymity?
Technology Problem Solution WhenSailing ships Privateering Treaties 1856Paper money Counterfeiting Laws,
Technology17th 20th
Revolver Genocide ? ?Cars Theft Locks 20thPhone Nuisance calls Caller-ID 20thInternet Fraud, Theft ? ?
Cyber-crime Science
Cyber space vs “meat” space
“virtual” but that’s nothing new (why?) More easily automated (why?) Harder to police (why?)
6
Cyber-crime Science7
Some examples
Cyber-crime Science8
Computer assisted crime
Murder» 13-year old US girl bullied into suicide in 2006» 3-month old Korean child dies from neglect in 2010
Extortion» Virginia DHP ransom demand 10 M $ in 2009» BetCris hacker sentenced to 8 years in 2006» (New business http://www.prolexic.com/ )
Cyber-crime Science9
Computer integrity crime
Distributed denial of service (DDoS) » Estonian Cyber war in 2007» Operation Payback end 2010 – mid 2011
Hacking» Comcast hackers sentenced to 18 months in 2008» Sarah Palin email hacker sentenced to 1 year in 2010
Cyber-crime Science10
Computer content crime
Piracy» Pirate Bay four sentenced to 1 year in 2009» US Software pirate sentenced to 2 years in 2011
Data base theft» Sony Play station network hack in 2011 exposed
77M accounts, cost 171M$» Sonypictures.com exposed 1M passwords» TJX Hacker sentenced to 20 years in 2011
Cyber-crime Science15
Differences
Old Crime» Serial» Labour intensive» Local» Geographical place
Cyber-crime» Can be Simultaneous» Can be automated» Global» Effort?» Requires conversion to
meat space
Cyber-crime Science16
Similarities
Most Cyber-crime a variant of old crime» Advance fee fraud via email vs letters» Click fraud vs Replying to junk mail with bricks
Technology used for new crime before» Printing press for counterfeiting» Telegraph for books by Charles Dickens
Cyber-crime Science18
Cyber-crime triangle
A motivated offender “attacks” a suitable target in the absence of a capable guardian:» Attacks via vulnerabilities of the users» Attacks via vulnerabilities of the systems» Propagating attacks» Exploiting attacks
Cyber-crime Science19
Attack vulnerable user
Social engineer a user» 2001 SPAM with AnnaKournikova.jpg.vbs» Phishing (More later)
Hacking into server» Password cracker» Intelligence from OSN as in the Palin email hack
Cyber-crime Science20
Attack vulnerable system
Exploit known vulnerability and install malware on a client» Trojan like Zeus for key logging» Physical access via USB sticks and autorun
Find & exploit vulnerable system» Vulnerability scanner like Acunetix» SQL injection
Cyber-crime Science21
Propagating attacks
Change the web site on the server» Create a drive by download to infect a client
Create a botnet out of infected clients to:» Send spam» Perpetrate a DDoS attack» Evade detection
Cyber-crime Science22
Exploiting attacks
Carding» CC theft (skimming, hacking)» trade (forum)» cashing (online auctions, counterfeit cards at ATM)
Online banking fraud» Credential theft (phishing)» trade (forum)» Cashing (money mules)
Cyber crime needs meat space…
Cyber-crime Science24
Conclusions
Increasing specialisation of offenders Increasing sophistication of the tools Key crime opportunities: social engineering,
vulnerable systems, and software issues Motive is now mostly money How to prevent all this?