IS 376: Computer Crimes

1
IS 376 Computer Crimes

• March 16, 2006

2
Computer Crimes

• Computer are tools for work, study, and
  entertainment. But they can also be tools for
  committing crimes.
• Computer-assisted crimes Computers are used as a
  supporting tool to commit these crimes, but the
  offenses could be committed otherwise.
• E.g., identity theft, fraud, sabotage, misuse of
  personal data, embezzlement, pornography
• Computer-focused crimes These are committed as a
  direct result of computer technologies. No
  parallels in the non-computer world.
• E.g., hacking, viruses.

3
Hackers From Heroes to Hooligans (1)

• Phase I The Early Years (1960s- 1970s)
• Originally, hacker in Yiddish stood for an inept
  furniture maker (who makes furniture with an axe)
• In the early days of computer hackers, it
  referred to a creative programmer who wrote
  clever code.
• The first operating systems and computer games
  were written by hackers.
• The term hacking was a positive term.
• Hackers were usually high-school and college
  students.

4
Hackers From Heroes to Hooligans (2)

• Phase II (late 1970s through mid-1990s) Hacking
  takes on a more negative meaning.
• A hacker was described by the media to be someone
  who used computers, without authorization,
  sometimes to commit crimes.
• Early computer crimes were launched against
  business and government computers.
• Adult criminals began using computers to commit
  their crimes.

5
Hackers From Heroes to Hooligans (3)

• Phase III (Since the mid-1990s) The Web Era
• The increased use of the Internet for school,
  work, business transactions, and recreation makes
  it attractive to criminals with basic computer
  skills.
• Crimes include the release of malicious code
  (viruses and worms).
• Unprotected computers can be used,
  unsuspectingly, to accomplish network disruption
  or commit fraud.
• Hackers with minimal computer skills can create
  havoc by using malicious code written by others.
• These three phases have paralleled significant
  milestones in the history of the Internet.

6
Hackers Come in Different Colors

• White Hat hackers ethical hackers who use
  their skills for the quest of knowledge or for
  the good of system security by raising awareness.
  Positively motivated.
• Black Hat hackers those who use their hacking
  skills for revenge, sabotage, blackmail or
  personal greed. Malicious in nature, and is
  considered to be a low form of hacking by the
  hacker community.

7
Hacker Groups (1)

• Cyberterrorists employ hacker-type techniques to
  threaten or attack against systems, networks, and
  data. The purpose is destruction.
• Typically target government or military
  facilities
• Cyber warriors use their hacking skills to
  penetrate central systems often for legitimate
  purposes. Some are hired to do this.
• E.g., CyberAngels, a volunteer group that spans
  across over 70 countries in battling against
  child pornography and cyberstalking
• Hacktivists break into computer systems in order
  to promote or further a particular cause or
  agenda.
• E.g., virtual sit-ins, blockades, email bombs,
  website defacing

8
Hacker Groups (2)

• Malware writers not purely limited to hackers,
  but certainly include some of them create
  malicious software such as viruses, worms, and
  Trojan horses.
• Phreakers specialize in hacking telephone
  networks and related technologies.
• E.g., to make free phone calls, change phone
  bills.
• Script kiddies display limited hacking skills
  and have to rely on scripts or programs developed
  by more competent hackers for hacking activities.
• Warez d00dz (Wares Dudes) obtain and distribute
  illegal copies of software online.

9
The Hacker Ethic (1980s)

• Access to computers should be unlimited and
  total.
• All information should be free.
• Mistrust authority promote decentralization.
• Hackers should be judged by their hacking, not
  bogus criteria such as degrees, age, race, or
  position.
• You can create art and beauty on a computer.
• Computers can change your life for the better.
• (Widely circulated on the Internet in the 1980s
  by Steven Levy)

10
The Hacker Ethic (1990s)

• Above all else, do no harm.
• Protect privacy.
• Waste not, want not.
• Exceed limitations.
• The communicational imperative.
• Leave no traces.
• Share!
• Fight cyber-tyranny.
• Trust, but test.
• (Summarized by Steve Mizrach)

11
Hacking vs. Cracking

• The hacker community (the true hackers) has
  been quite unhappy about the negative
  connotations associated with the terms hacker
  and hacking in recent decades.
• As a result, they have tried to advocate the use
  of alternative terms cracker cracking to
  refer to a person who does the following
• Gains unauthorized access to others computer
  systems
• Digs into the code to run a program illegally
• Floods Internet sites and thus denies services to
  legitimate users (denial of services)
• Deliberately defaces web sites for personal greed
  reasons or for revenge
• And, of course, engages in criminal activities
  for personal gains through computer systems
• The boundaries between these two terms, however,
  has been very much blurred by the media.

12
Who Are Those Hackers Anyway?

• A typical hacker is generally perceived to be
• Almost always male
• Aged from mid-teens to mid-20s
• Lacking in social skills
• Fascinated (or even obsessed) with computer
  technology
• An underachiever in other areas (e.g., school)
  who sees the computer as a means of being
  important or powerful (or to show their worth and
  what they are capable of doing)

13
The Psychological Profiles of the Typical Hackers

• Introverted
• Have a history of significant family problems in
  childhood
• Display online computer dependency (addiction)
• Have an ethical flexibility to justify their
  actions
• Have a stronger loyalty to their computer
  specialty than to their employers
• Think they are special (therefore can stand
  above rules governing others)
• Have a lack of empathy (tend to ignore the impact
  of their actions on others)

14
Computer Fraud and Abuse Act (CFAA, 1986)

• It is a crime to access, alter, damage, or
  destroy information on a computer without
  authorization.
• Computers protected under this law include
• government computers,
• financial systems,
• medical systems,
• interstate commerce, and
• any computer on the Internet.

15
USA Patriot Act (USAPA, 2001)

• Amends the CFAA.
• Allows for recovery of losses due to responding
  to a hacker attack, assessing damages, and
  restoring systems.
• Higher penalties can be levied against anyone
  hacking into computers belonging to criminal
  justice system or the military.
• The government can monitor online activity
  without a court order.

16
Computer Forensics

• Catching Hackers requires law enforcement to
  recognize and respond to myriad hacking attacks.
• Computer forensics tools may include
• Undercover agents,
• Honey pots (sting operations in cyberspace),
• Archives of online message boards,
• Tools for recovering deleted or coded
  information.
• Computer forensics agencies and services include
• Computer Emergency Response Team (CERT),
• National Infrastructure Protection Center (NIPC),
• Private companies specializing in recovering
  deleted files and e-mail, tracking hackers via
  Web site and telephone logs, etc.