Computer Crime and CyberCrime - PowerPoint PPT Presentation

Loading...

PPT – Computer Crime and CyberCrime PowerPoint presentation | free to view - id: 142a84-MWFmN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Computer Crime and CyberCrime

Description:

To review the environment of computer crime and cybercrime ... offence either predates the emergence of the computer or could be committed without them. ... – PowerPoint PPT presentation

Number of Views:497
Avg rating:3.0/5.0
Slides: 25
Provided by: cgai
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Computer Crime and CyberCrime


1
Computer Crime and CyberCrime
  • Why we need Computer Forensics

2
Objectives
  • To review the environment of computer crime and
    cybercrime
  • To relate to computer forensics practice
  • the challenges which need to be addressed and
  • the skills and techniques we need to be
    developing

3
Computer Crime Environment
  • Cheap and easy access to tools for computer crime
  • Skills low skill base required
  • Computer systems are badly designed
  • Not enough thought given to security or integrity
  • Initial detection of crime can be difficult
  • Reluctance of victims to prosecute and publicise
    crime
  • Lack of knowledge and awareness of victims
  • Wider societal issue of haves and have nots

4
Opportunities
  • Computers and computer systems offer new
    opportunities for crime
  • More people with computer skills, therefore there
    are more potential criminals
  • Access to computer crime is very cheap
  • Computer systems are badly designed
  • Not enough thought given to security or integrity
  • Detection becomes much more difficult
  • Reluctance of victims to publicise crime

5
Why do People Carry out Computer Crime ?
  • Discovery of loopholes, providing opportunity
  • Understanding systems (electronic joyriding)
  • They think they can get away with the crime
  • Majority of thieves are caught by accident
  • Ineffectiveness of formal and / or informal
    sanctions
  • Computer criminals dont know about Computer
    Forensics
  • They think stealing from a large company wont
    hurt
  • Financial gain
  • Occupationally related - caused by dissatisfied
    employees
  • Masqueraders (those who operate under the
    identity of another user)
  • Clandestine users (those who evade access
    controls and auditing)
  • Misfeasors (those who have legitimate
    authorisation but misuse their privileges)
  • Technology provides easier, quicker and larger
    opportunity
  • Issue in pornography and paedophile rings
  • Perception of victimless crime

6
Computer Crime and Cybercrime
  • Computer crime
  • A crime in which the perpetrator uses special
    knowledge about computer technology
  • Cybercrime
  • A crime in which the perpetrator uses special
    knowledge of cyberspace

From Furnell (2002)
7
Further Definitions (UK Audit Commission)
  • Computer assisted crimes
  • Cases in which the computer is used in a
    supporting capacity, but the underlying crime or
    offence either predates the emergence of the
    computer or could be committed without them. The
    headings of fraud, theft, unauthorised private
    work, misuse of personal data, sabotage and
    pornography can all be considered to fit into
    this category
  • Computer focussed crimes
  • Cases in which the category of crime has emerged
    as a direct result of computer technology and
    there is no direct parallel in other sectors.
    From the Audit Commissions headings, the
    problems of hacking and viruses clearly fall
    within this category
  • This categorisation in no way indicates any
    difference in levels of seriousness between
    assisted and focussed, indeed financial losses
    from fraud dwarf all other categories of crime in
    terms of scale

8
Example
Can further categorise by splitting into
computer based (PC based) and Internet
9
Categorisation by Victim
  • Against organisations (source nhtcu)
  • sabotage of data or networks, virus attacks,
    financial fraud, theft of proprietary
    information, denial of service, unauthorised
    website access / misuse, spoofing, theft of
    hardware, telecomms fraud
  • By organisations against employees and / or
    public
  • misuse of funds (eg pensions), false accounting,
    industrial espionage
  • Against individuals
  • Cyber-stalking, e-mail issues (phishing, flaming,
    defamation, harassment), access to personal data
    (identity theft), manipulation and / or loss of
    data, economic theft

10
(No Transcript)
11
CRIME SCENE CRIME SCENE CRIME SCENE
12
Computer Security Institute Categorisations
  • Theft of proprietary information
  • Sabotage of data or networks
  • Telecom eavesdropping
  • System penetration by outsider
  • Insider abuse of Net access
  • Financial fraud
  • Denial of service
  • Spoofing
  • Virus
  • Unauthorised insider access
  • Telecom fraud
  • Active wiretapping
  • Laptop theft

Source CSI/FBI Computer Crime and Security Survey
(2001)
13
Social Engineering
  • Weakest point in any computer or information
    system is the human
  • Social engineering is a con game persuading
    another person to do what you want them to do
  • Based on the premise that as humans we want to be
    helpful
  • Look the part (could be technical could be
    physical) and ask the question

14
Implications for Computer Forensics Practice
  • We need to be aware of the range of threats and
    types of attack
  • Awareness of the types of digital evidence we
    seek
  • Skills and techniques we need to be developing

15
(No Transcript)
16
(No Transcript)
17
(No Transcript)
18
(No Transcript)
19
(No Transcript)
20
Is action always a crime ?
  • Hacking example
  • Is hacking always a crime or are there situations
    when it is acceptable behaviour?

21
Case against Hacking
  • It is difficult to detect when a hack has
    occurred
  • Misconception that because there is no victim no
    crime has occurred !
  • Difficulty in accepting concept of apparent crime
  • Often hacking is not enough, alteration or
    destruction or planting of a virus / logic bomb
    is the next stage !
  • Public announcements of hacking may effect
    customer trust

22
Case to support Hacking
  • All information should be free
  • if it were free there would be no need for
    intellectual property or security
  • Break-ins show security problems
  • allows designers to do something about it
  • Hackers are doing no harm and changing nothing
  • merely learning how systems operate
  • Hackers break into systems to watch for instances
    of data abuse and to help keep Big Brother at bay
  • Skill in penetration testing helps
    organisations

23
Hackers and their Motivations
24
Summary
  • New opportunities and instances of computer crime
    and cyber crime are developing all the time
  • We need to be aware of the threat
  • As well as developing protection we need to be
    able gather appropriate digital evidence
  • Implications for CPD
About PowerShow.com