CIT 485 Advanced Cybersecurity Cybercrime CIT 485 Advanced
CIT 485: Advanced Cybersecurity Cybercrime CIT 485: Advanced Cybersecurity Slide #1
Topics 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. What is cybercrime? Spam and Phishing Fraud Intrusions Extortion (ransomware and more) Data Breaches Identity Theft Intellectual Property Theft Cyberbullying and cyberstalking Cyberterrorism and cyberwarfare Cybercrime Laws CIT 485: Advanced Cybersecurity Slide #2
Cybercrime includes crimes in which �the computer is the target of a crime, such as denial of service or installation of malware, �the computer is used to commit traditional crimes, such as fraud, sometimes called cyber-assisted crimes. �the computer is an accessory or a device that contains data incidental to the crime, such as location data. There are many different types of cybercrime. CIT 485: Advanced Cybersecurity Slide #3
Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately. �Types: E-mail, IM, wiki, comment spam. Used to deliver other attacks �Malware �Phishing and other fraud enticements Slide #4
Over 90% of e-mail is spam! CIT 485: Advanced Cybersecurity Slide #5
Phishing E-mail CIT 485: Advanced Cybersecurity Slide #6
Phishing Site CIT 485: Advanced Cybersecurity Slide #7
Fraud is any misrepresentation of fact that lets another do something or refrain from doing something that causes loss. Example: Advance-fee scam �AKA: 419 scam or Nigerian Prince scam �Promises victim a share of a large sum of money in return for a small up front payment. �Dates back to 18 th century. CIT 485: Advanced Cybersecurity Slide #8
Fraud Examples �Carding �Purchase items with stolen card numbers. �Create copies of cards, then use quickly to withdraw maximum funds from ATMs or cash advances. �Identity theft �Steal SSNs and other identity information, then �Take out loans, get credit cards, etc. in person’s name. �File fraudulent tax forms to claim refunds �Obtain SSNs from big data breaches, or �Hack tax preparers who have everything needed. �Obtain business credentials to wire money. CIT 485: Advanced Cybersecurity Slide #9
Identity Theft Identity theft is deliberate use of someone else’s identity to obtain money or harass the victim. Motives for identity theft include �Financial: bank accounts, credit cards, tax refunds, taking out loans, using victim’s insurance, etc. �Hiding from debts or law enforcement. Identity information includes a person’s name, date of birth, SSN, fingerprints driver’s license, bank account number, health or tax records, etc. �Can be obtained on an individual basis, or �Large data breaches can leak identity of millions. CIT 485: Advanced Cybersecurity Slide #10
Intrusions �Criminals intrude into networks and systems to �Obtain information to sell or use in another scheme. �Obtain computing resources to use for tasks like cryptocurrency mining. �Intrusions often result in the installation of malware on the victim’s system(s). CIT 485: Advanced Cybersecurity Slide #11
Data Breaches A data breach is a security incident resulting in confirmed disclosure of data to an unauthorized party. � 2018: 53, 000 incidents + 2216 data breaches �Targets: 50% small business, 24% healthcare, 14% public Major data breaches Year Organization Data 2009 Rock. You 32 million plaintext passwords 2013 Target 70 million credit cards 2015 Anthem 80 million records including SSNs 2017 Equifax 145 million credit records CIT 485: Advanced Cybersecurity Slide #12
Verizon DBIR 2018 Slide #13
Extortion Criminals contact victims to demand money in order for the criminal to take or not take an action, such as �Providing the key to decrypt the victim’s data, which the criminal secretly encrypted using ransomware. �Not releasing private data of a person or company that was obtained by a previous intrusion. �Not performing a denial of service attack against an organization. CIT 485: Advanced Cybersecurity Slide #14
Tblocker Ransomware CIT 485: Advanced Cybersecurity Slide #15
Intellectual Property Criminals want to obtain information assets, such as �Copyrighted software, music, or other media. �Patented inventions. �Corporate secrets, such as plans for a new product. IP “theft” is different from actual theft in the real world �Victim usually still has the “stolen” information, so �Without good logging and audit processes, an organization may not detect such a “theft” until a competitor produces their own version of the product. �Cyberespionage frequently targets military and other high tech products. CIT 485: Advanced Cybersecurity Slide #16
Windows 10 source code CIT 485: Advanced Cybersecurity Slide #17
Cybercrime Organization Sponsors �Governments, corporations, activists, organized crime. Cybercrime Boss �Plans crime, recruits tech providers and money mules. Technology Providers �Deployment providers �Malware authors �Botnet masters Money Mules �Ship stolen goods, use fake cards, wire transfers. �Cybercrime limited by the number of mules available. CIT 485: Advanced Cybersecurity Slide #18
Cyberbullying is a form of bullying or harassment using electronic means, such as social media. �Posting rumors or threats. �Revealing personal information. �Hate speech. Slide #19
Cyberstalking is the use of information resources to stalk or harass an individual or organization. It is a form of cyberbullying. �A criminal offense under various state laws. �Often accompanied by real world stalking. �Often performed by predators who enjoy harassing either friends/romantic partners or random people. �Includes monitoring target’s online activities through social media and open sites, obtaining the victim’s password, and installing spyware to help monitor the victim. CIT 485: Advanced Cybersecurity Slide #20
Remote Access Trojans CIT 485: Advanced Cybersecurity Slide #21
RAT User Interface Slide #22
RAT Control Panel CIT 485: Advanced Cybersecurity Slide #23
Doxing is the practice of broadcasting private or identifiable information about an individual or organization for a variety of motives including �Political activism (hacktivism). �Cyberbullying or cyberstalking. �Extortion. Examples �In the 1990 s, anti-abortion activists posted home addresses and photos of doctors as a hit list. �After the 2013 Boston Marathon bombing, vigilantes on reddit misidentified several people as suspects. CIT 485: Advanced Cybersecurity Slide #24
Cybercrime Laws: US Computer Fraud and Abuse Act (CFAA) written in 1986 to amend existing computer fraud law. �Makes knowingly accessing a “protected computer” without authorization or exceeding authorized access a crime. �Any computer with Internet access is likely a “protected computer”. Controversy: Aaron Schwartz case �Aaron Schwartz created a script to automatically download many articles from JSTOR, violating their Terms of Service. �Federal prosecutors charged him with 11 violations of CFAA with maximum penalty of 35 years, $1 million fine. CIT 485: Advanced Cybersecurity Slide #25
Cybercrime Laws: International Convention on Cybercrime �International treaty to harmonize cybercrime laws. �Ratified by 57 nations, including USA. �Major nations like Russia, Brazil, India oppose treaty. Common legal framework to aid law enforcement with borderless computer crimes, but �Some aspects of treaty may be impossible to implement in all countries. US freedom of speech conflicts with some aspects of framework. �Controversy exists about criminalization of “hacking tools” which are used by defenders as well as criminals. CIT 485: Advanced Cybersecurity Slide #26
Cyberterrorism is the use of electronic resources to conduct violent acts in order to achieve political goals through intimidation. �Large-scale long term denial of service attacks or denial of service attacks focused on emergency services like 911. �Erasure of all computer’s storage systems in an organization. �Usurping control of SCADA (Supervisory Control And Data Acquisition) systems to destroy controlled hardware. �Shutting down a country’s power grid. CIT 485: Advanced Cybersecurity Slide #27
Cyberwarfare CIT 485: Advanced Cybersecurity Slide #28
Stuxnet Malware that targeted SCADA systems in Iran that operated centrifuges used to refine Uranium. �Spread via network and USB drives, so it could reach airgapped networks. �Altered centrifuge rotational frequency rapidly from over 1 k. Hz to 2 Hz and back, wearing out motors to gradually destroy centrifuges. �Accidentally discovered when infecting systems outside of Iran. CIT 485: Advanced Cybersecurity Slide #29
References 1. Nate Anderson. Meet the men who spy on women through their webcams: The Remote Administration Tool is the revolver of the Internet's Wild West. Ars Technica, http: //arstechnica. com/techpolicy/2013/03/rat-breeders-meet-the-men-who-spy-on-womenthrough-their-webcams/, 2013. 2. Will Gragido and John Pirc. Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats. Syngress. 2011. 3. Honeynet Project. Know Your Enemy, 2 nd edition, Addison-Wesley, 2004. 4. IBM X-Force Threat Intelligence Index 2018. 5. Verizon. 2018 Data Breach Investigation Report. 2018. 6. Michael E. Whitman and Herbert J. Mattord. Principles of Information Security, 6 th Edition. Course Technology. 2017. CIT 485: Advanced Cybersecurity Slide #30
Released under CC BY-SA 3. 0 § This presentation is released under the Creative Commons Attribution-Share. Alike 3. 0 Unported (CC BYSA 3. 0) license § You are free: § to Share — to copy and redistribute the material in any medium § to Adapt— to remix, build, and transform upon the material § to use part or all of this presentation in your own classes § Under the following conditions: § Attribution — You must attribute the work to James Walden, but cannot do so in a way that suggests that he endorses you or your use of these materials. § Share Alike — If you remix, transform, or build upon this material, you must distribute the resulting work under this or a similar open license. § Details and full text of the license can be found at https: //creativecommons. org/licenses/by-nc-sa/3. 0/ CIT 485: Advanced Cybersecurity Slide #31
- Slides: 31