Cmpe 471 Computer Crime: Techniques and Countermeasures

1
Cmpe 471Computer Crime Techniques and
Countermeasures
2
A Computer Crime Glossary

• Back door
• access codes or procedures that are secret
  (undocumented) and hard-coded for accessing
  information. Some back doors exist in
  commercially provided software packages and
  consist of simple passwords for 3rd party
  software accounts. Alternatively backdoors can be
  inserted into an existing program to provide
  unauthorised access later. Such a modified
  program is a type of Trojan horse.

3
A Computer Crime Glossary

• Data didling
• the act of modifying data for fun and profit
  such as modifying grades, changing credit
  ratings, altering security clearance information,
  fixing salaries, or circumventing bookkeeping and
  audit regulations.

4
A Computer Crime Glossary

• Data leakage
• the uncontrolled, unauthorised transmission of
  classified information from a data centreor
  computer system to the outside world. Data
  leakage can be accomplished by physical removal
  of data storage devices or more subtly.

5
A Computer Crime Glossary

• Impersonation
• the act of pretending to be authorised to enter a
  secure location, such as entering a secure site
  equipped with tool kits that impersonate the
  manufacturer of computer equipment or entering a
  site equipped with janitorial supplies.

6
A Computer Crime Glossary

• Logic bomb
• a program similar to time bomb but the
  explosion occurs because of a particular logic
  condition, such as not having the authors name
  in the payroll file. Logic bombs are a type of
  Trojan horse.

7
A Computer Crime Glossary

• Piggybacking
• the action of physically entering secure premises
  by following an authorised person through a
  security grid. Piggybacking can also include
  unauthorised access to information through a
  terminal already logged on with an authorised ID.

8
A Computer Crime Glossary

• Sabotage
• this term comes from the French word meaning
  wooden shoe and was used to describe clumsy
  work. In the late 19th century, it became a
  tactic used by militant trade unionists. It now
  means any deliberate damage to operations or
  equipment.

9
A Computer Crime Glossary

• Salamis
• the technique of accumulating round-off errors or
  other small quantities in calculations and saving
  them for later withdrawal. Salamis is usually
  applied to money, although it could be part of an
  inventory theft scheme.

10
A Computer Crime Glossary

• Scavenging
• the act of using discarded listings, tapes, or
  other information storage media to determine
  useful information, including access codes,
  passwords, or sensitive data. It is also known as
  dumpster diving.

11
A Computer Crime Glossary

• Simulation
• the act of using computers to simulate a complex
  system in order to defraud it, e.g., inventing
  transactions to produce a prearranged bottom-line
  in a financial report.

12
A Computer Crime Glossary

• Superzapping
• the act of using powerful utility software such
  as query to access secure information.
• Time bomb
• a program or batch file that waits for a specific
  time to trigger. These programs are most often
  used by dishonest employees who learn they are to
  be fired. Time bombs are a type of Trojan horse.

13
A Computer Crime Glossary

• Trojan horse
• an innocent-looking program that has nefarious
  (wrong) functions. It is so-called by reference
  to Odysseus wooden horse, which was filled with
  soldiers and helped to capture Troy. These
  programs might alter data, record passwords for
  later inspection, or even put together another
  program from pieces stored inside other Trojan
  horses.

14
A Computer Crime Glossary

• Virus
• Similar to a worm, a virus resides inside a
  program where it transforms an ordinary program
  into an unintended Trojan horse. Viruses infect
  executable code, .EXE, .COM, etc., and boot
  sectors on disks and reproduce themselves.

15
A Computer Crime Glossary

• Wiretapping
• the act of eavesdropping on data or voice
  transmissions. Using a portable TV and about 50
  in parts from an electronics store, a
  knowledgeable person can see and record
  everything being transmitted between a host and
  terminal on an asynchronous communications
  channel. From intercepting the data, it is simple
  to modify and/ or insert false transactions.

16
A Computer Crime Glossary

• Worm
• a program that spreads through a computer system
  or network by replicating itself like the
  Internet warm or by transferring a copy of itself
  elsewhere and destroying the previous version.

17
Preventing Sabotage

• Proper employee relations
• careful supervision of employees state of mind
• take note of unusual personal problems
• beware if the employee radiates negative energy
  about the systems, peers and the company in
  general
• try to solve the problem before it becomes a
  physical attack
• take measures to prevent unauthorised access to
  information assets

18
Preventing physical piggybacking

• Guard
• physical gates
• outsourced external security company
• proper guard back-up procedures
• prevent more than one person to enter man-trap
  Kuzey Kampus, GarantiB headquarters

19
Preventing logical piggybacking

• Unattended terminals or PCs are the portals for
  logical piggybacking
• configurable time-out function
• automatic branching to a security screen
• user-configurable screen lay-out for
  re-authentication
• integration with a security database
• automatic return to the previous (interrupted)
  state
• apply biometrics

20
Controls Against Program Threats

• Software development
• the design
• writing
• testing
• Programming Controls
• Description of the programming task
• individual task that requires independent thought
• programs are very individualistic
• programmers are solitary people who enjoy working
  alone
• programming is an art only understood by
  programmers

21
Controls Against Program Threats

• None of these arguments hold true!!!
• The basic principles of software engineering are
• division of labour
• reuse of code
• use of standard pre-constructed software tools
• organised activity
• Peer reviews code and design
• modularity, encapsulation and information hiding

22
Controls Against Program Threats

• Writing code in small self-contained units
  modules
• advantages for program development and security
• a module can be isolated from the negative
  effects of other models with which it interacts
  encapsulation
• Information hiding
• other modules know that a module performs a
  certain task, but not know how it performs that
  task

23
Controls Against Program Threats

• Modularity
• Unity performs one purpose
• Smallness consists of an amount of information
  of which a person can readily grasp both
  structure and content
• Simplicity low degree of complexity so that a
  person can readily understand the purpose and
  structure of the module
• Independence performs a task isolated from other
  modules

24
Controls Against Program Threats

• Modularity
• maintenance a module can be replaced with a
  revised one
• understandability small modules are easier to
  understand
• reuse
• correctness an error can be found and corrected
  easily
• testing a single module with well-defined
  inputs, output, function can be tested without
  effecting other modules

25
Controls Against Program Threats

• From a standpoint of security, programmers and
  analysts must be able to understand each module
  as an independent unit and be assured of its
  limited effect on other modules
• Proper modularity leads to modules that have
  minimal interaction with other modules

26
Encapsulation
Independent, loosely coupled modules
Tight coupling
27
Information hiding
Access to all parts of module
Method, data hidden
28
Configuration Management

• A person or system controls and records all
  changes to a program or documentation
• change control board
• judges the desirability and correctness of all
  proposed changes
• to guard against loss of a version of a program
• to manage the parallel development of several
  similar versions of one program
• to provide facilities for controlled sharing of
  modules that combine to form one system

29
Configuration Management

• Security advantages
• protects against unintentional threats
• guard against malicious ones
• protects integrity of programs and documentation

30
Proofs of Program Correctness

• A security specialist wants to make sure that a
  given program computes a particular result and
  computes it correctly.
• Program correctness proofs are hindered by
  several factors
• depends on the programmer to translate programs
  statements into logical implications- translation
  is prone to errors

31
Proofs of Program Correctness

• Deriving the correctness proof from the initial
  assertions and the implications of statements is
  difficult less appropriate for large programs
• the current state of program verification is
  well-developed than code production consistent
  and successful application to large production
  systems is a challenge.

32
Process Improvement

• Development stages
• system requirements design
• software requirements analysis
• preliminary design
• detailed design
• coding and unit testing
• component integration and testing
• subsystem integration and testing
• system integration and testing

33
Process Improvement

• Each of these phases has the following
  requirements
• software development management planning,
  organisation, reviews
• software engineering development, decomposition,
  adherence to standards for coding and language
• formal qualification testing
• software product evaluation
• configuration management

34
Capability Maturity Model

• Software Engineering Institute (SEI) grants CMM
  levels from 1 to 5, 5 being the highest standard
• Initial
• Repeatable
• Defined
• Managed
• Optimising

35
Administrative Controls

• Standards of program development
• Enforcing program development standards
• security audits
• segregation of duties