Monday, January 4, 2010

CYBER CRIME AND SECURITY

ABSTRACT:

The terms computer crime and cybercrime are more properly restricted to describing criminal activity in which the computer or network is a necessary part of the crime, these terms are also sometimes used to include traditional crimes, such as fraud, theft, blackmail, forgery, and embezzlement, in which computers or networks are used. As the use of computers has grown, computer crime has become more important.

Computer crime can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access (unauthorized access), illegal interception (by technical means of non-public transmissions of computer data to, from or within a computer system), data interference (unauthorized damaging, deletion, deterioration, alteration or suppression of computer data), systems interference (interfering with the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data), misuse of devices, forgery (ID theft), and electronic fraud.

Computer crime issues have become high-profile, particularly those surrounding hacking, copyright infringement through warez, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

Contents

  • Cyber crime

  • Specific computer crimes

    • Spam

    • Phishing

    • Fraud

    • Obscene or offensive content

    • Harassment

    • Drug trafficking

    • Cyberterrorism

  • Documented cases

  • Applicable laws

  • Security

  • Approaches

  • Some techniques

  • Applications

  • Conclusion.

  • References


CYBER CRIME:

Learn cyber crime why?

Because –

­Everybody iis using COMPUTERS..

From white collar criminals tto t terroriistorganizations And

ffrom Teenagers tto Adults

Conventional crimes llike Forgery,, extortion,, kidnapping

etc.. are being committed with tthe hellp of computers

New generation iis growing up with computers

MOST IMPORTANT - Monetary ttransactions

are moving on tto tthe IINTERNET

Computer crime, cybercrime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. Computer crime encompass a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories:

(1) crimes that target computer networks or devices directly;

(2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.



Examples of crimes that primarily target computer networks or devices would include,

  • Malware and malicious code

  • Denial-of-service attacks

  • Computing viruses

Examples of crimes that merely use computer networks or devices would include,

  • Cyber stalking

  • Fraud and identity theft

  • Phishing scams

  • Information warfare

A common example is when a person starts to steal information from sites, or cause damage to, a computer or computer network. This can be entirely virtual in that the information only exists in digital form, and the damage, while real, has no physical consequence other than the machine ceases to function. In some legal systems, intangible property cannot be stolen and the damage must be visible, e.g. as resulting from a blow from a hammer. Where human-centric terminology is used for crimes relying on natural language skills and innate gullibility, definitions have to be modified to ensure that fraudulent behavior remains criminal no matter how it is committed.

A computer can be a source of evidence. Even though the computer is not directly used for criminal purposes, it is an excellent device for record keeping, particularly given the power to encrypt the data. If this evidence can be obtained and decrypted, it can be of great value to criminal investigators.

In news:

  • 1 out of 5 children received a sexual solicitation or approach over the Internet in a one-year period of time (www.missingchildren.com)

  • California warns of massive ID theft – personal data stolen from computers at University of California, Berkeley (Oct 21, 2004 IDG news service)

  • Microsoft and Cisco announced a new initiative to work together to increase internet security
    (Oct 18, 2004 www.cnetnews.com)

  • Cyber attack–Customer information misappropriated through unauthorised access to privileged systemsor other electronic means]

  • For example:

  • through tapping the ATM/POS network connection cables,

  • hacking into the network computer,


Specific computer crimes

USING MALWARES:

Malware: Malware is Malicious Software - deliberately created and specifically designed to damage, disrupt or destroy network services, computer data and software.

There are several types

Computer virus: program which can copy itself and surreptitiously infect another computer, often via shared media such as a floppy disk, CD, thumb drive, shared directory, etc. Viruses are always embedded within another file or program.

  • Worm: self-reproducing program which propagates via the network.

  • Trojan horse: program which purports to do one thing, but secretly does something else; example: free screen saver which installs a backdoor

  • Root kit: set of programs designed to allow an adversary to surreptitiously gain full control of a targeted system while avoiding detection and resisting removal, with the emphasis being on evading detection and removal

  • Botnet: set of compromised computers ("bots" or "zombies") under the unified command and control of a "botmaster;" commands are sent to bots via a command and control channel (bot commands are often transmitted via IRC, Internet Relay Chat).

  • Spyware: assorted privacy-invading/browser-perverting programs

Malware: an inclusive term for all of the above -- "malicious software

Ex: David Smith & The Melissa VirusExample

Spam

Spam, or the unsolicited sending of bulk email for commercial purposes, is unlawful to varying degrees. As applied to email, specific anti-spam laws are relatively new, however limits on unsolicited electronic communications have existed in some forms for some time.

Spam originating in India accounted for one percent of all spam originating in the top 25 spam-producing countries making India the eighteenth ranked country worldwide for originating spam.



.


Phishing

Phishing is a technique used by strangers to "fish" for information about you, information that you would not normally disclose to a stranger, such as your bank account number, PIN, and other personal identifiers such as your National Insurance number. These messages often contain company/bank logos that look legitimate and use flowery or legalistic language about improving security by confirming your identity details.

      1. Fraud

Computer fraud is any dishonest misrepresentation of fact intended to induce another to do or refrain from doing something which causes loss.In this context, the fraud will result in obtaining a benefit by:

  • altering computer input in an unauthorized way. This requires little technical expertise and is not an uncommon form of theft by employees altering the data before entry or entering false data, or by entering unauthorized instructions or using unauthorized processes;

  • altering, destroying, suppressing, or stealing output, usually to conceal unauthorized transactions: this is difficult to detect;

  • altering or deleting stored data; or

  • altering or misusing existing system tools or software packages, or altering or writing code for fraudulent purposes. This requires real programming skills and is not common.

Other forms of fraud may be facilitated using computer systems, including bank fraud, identity theft, extortion, and theft of classified information(Csonka, 2000)

      1. Obscene or offensive content

The content of websites and other electronic communications may be distasteful, obscene or offensive for a variety of reasons. In some instances these communications may be illegal.

Many jurisdictions place limits on certain speech and ban racist, blasphemous, politically subversive, libelous or slanderous, seditious, or inflammatory material that tends to incite hate crimes.

The extent to which these communications are unlawful varies greatly between countries, and even within nations. It is a sensitive area in which the courts can become involved in arbitrating between groups with entrenched beliefs.

      1. Harassment

Whereas content may be offensive in a non-specific way, harassment directs obscenities and derogatory comments at specific individuals focusing for example on gender, race, religion, nationality, sexual orientation. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties (see cyber bullying, cyber stalking, harassment by computer, hate crime, Online predator, and stalking). Any comment that may be found derogatory or offensive is considered harassment.

      1. Drug trafficking

Drug traffickers are increasingly taking advantage of the Internet to sell their illegal substances through encrypted e-mail and other Internet Technology. Some drug traffickers arrange deals at internet cafes, use courier Web sites to track illegal packages of pills, and swap recipes for amphetamines in restricted-access chat rooms. The rise in Internet drug trades could also be attributed to the lack of face-to-face communication. These virtual exchanges allow more intimidated individuals to more comfortably purchase illegal drugs. The sketchy effects that are often associated with drug trades are severely minimized and the filtering process that comes with physical interaction fades away. Furthermore, traditional drug recipes were carefully kept secrets. But with modern computer technology, this information is now being made available to anyone with computer access.

      1. Cyberterrorism

Government officials and Information Technology security specialists have documented a significant increase in Internet problems and server scans since early 2001. There is a growing concern among federal officials.that such intrusions are part of an organized effort by cyberterrorists, foreign intelligence services, or other groups to map potential security holes in critical systems. A cyberterrorist is someone who intimidates or coerces a government or organization to advance his or her political or social objectives by launching computer-based attack against computers, network, and the information stored on them.

Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources (Parker 1983). As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. At worst, cyberterrorists may use the Internet or computer resources to carry out an actual attack. As well there are also hacking activities directed towards individuals, families, organised by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing etc.



    1. Documented cases

  • The Yahoo! website was attacked at 10:30 PST on Monday, 7 February 2000. The attack lasted three hours. Yahoo was pinged at the rate of one gigabyte/second.

  • On 3 August 2000, Canadian federal prosecutors charged MafiaBoy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks on Amazon.com, eBay, Dell Computer, Outlaw.net, and Yahoo.

  • MafiaBoy had also attacked other websites, but prosecutors decided that a total of 66 counts was enough. MafiaBoy pleaded not guilty. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in DDoS attacks.

  • In 26 March 1999, the Melissa worm infected a document on a victim's computer, then automatically sent that document and copy of the virus via e-mail to other people. 21 January 2003

  • Two years jail for UK virus writer who infected 27,000 PCs

    1. Applicable law

      1. United States

  • Access Device Fraud. 18 U.S.C. § 1029. Fraud and related activity in connection with access devices.

  • Computer Fraud and Abuse Act. 18 U.S.C. § 1030--Fraud and related activity in connection with computers.

  • CAN-SPAM ACT. 15 U.S.C. § 7704. Controlling The Assault of Non-Solicited Pornography and Marketing Act of 2003.

      1. Canada

  • Criminal Code of Canada, Section 342.1. Unauthorized Use of Computer.

  • Criminal Code of Canada, Section 184. Interception of Communications

  • Computer Crime in Canada

      1. United Kingdom

  • The Computer Misuse Act 1990 (chapter 18.)

  • The Regulation of Investigatory Powers Act 2000 (chapter 23.) .

      1. Australia

  • Cybercrime Act 2001 (Commonwealth)

  • Crimes Act 1900 (NSW): Part 6, ss 308-308I.

  • Criminal Code Act Compilation Act 1913 (WA).

      1. Malaysia

  • Computer Crimes Act 1997 (Act 563)

      1. Pakistan

  • Prevention of Electronic Crimes Ordinance 2007

  • Electronic Transactions Ordinance 2002

      1. Singapore

  • Computer Misuse Act 1993 (Chapter 50A)

      1. India

  • INFORMATION TECHNOLOGY ACT 2000 Online

      1. Others

  • Council of Europe Convention on Cybercrime

  • Global Survey of Cybercrime Law

  • Unauthorized Access Penal Laws in 44 Countries



CRIME SECURITY: Computer security is a branch of technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.

SOME APPROACHES:

Here are several approaches to security in computing, sometimes a combination of approaches is valid:

  1. Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity).

  2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example).

  3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity).

  4. Trust no software but enforce a security policy with trustworthy mechanisms.

HARDWARE MECHANISMS THAT PROTECT COMPUTERS AND DATA:

Hardware based or assisted computer security offers an alternative to software-only computer security. Devices such as dongles may be considered more secure due to the physical access required in order to be compromised.

While many software based security solutions encrypt the data to prevent data from being stolen, a malicious program may corrupt the data in order to make it unrecoverable or unusable. Hardware-based security solutions can prevent read and write access to data and hence offers very strong protection against tampering.



SECURE OPERATING SYSTEMS:

One use of the term computer security refers to technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and used to produce what may be some of the most impenetrable operating systems ever. Though still valid, the technology is in limited use today, primarily because it imposes some changes to system management and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology that can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a Computer security policy is the Bell-La Padula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.



If the operating environment is not based on a secure operating system capable of maintaining a domain for its own execution, and capable of protecting application code from malicious subversion, and capable of protecting the system from subverted code, then high degrees of security are understandably not possible. While such secure operating systems are possible and have been implemented, most commercial systems fall in a 'low security' category because they rely on features not supported by secure operating systems (like portability, et al.). In low security operating environments, applications must be relied on to participate in their own protection. There are 'best effort' secure coding practices that can be followed to make an application more resistant to malicious subversion.

In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection.

Some common languages such as C and C++ are vulnerable to all of these defects (see Seacord, "Secure Coding in C and C++"). Other languages, such as Java, are more resistant to some of these defects, but are still prone to code/command injection and other software defects which facilitate subversion.

Recently another bad coding practice has come under scrutiny; dangling pointers. The first known exploit for this particular problem was presented in July 2007. Before this publication the problem was known but considered to be academic and not practically exploitable.

In summary, 'secure coding' can provide significant payback in low security operating environments, and therefore worth the effort. Still there is no known way to provide a reliable degree of subversion resistance with any degree or combination of 'secure coding.'



CAPABILITIES VS. ACLS:

Within computer systems, the two fundamental means of enforcing privilege separation are access control lists (ACLs) and capabilities. The semantics of ACLs have been proven to be insecure in many situations (e.g., Confused deputy problem). It has also been shown that ACL's promise of giving access to an object to only one person can never be guaranteed in practice. Both of these problems are resolved by capabilities. This does not mean practical flaws exist in all ACL-based systems, but only that the designers of certain utilities must take responsibility to ensure that they do not introduce flaws.

Capabilities have been mostly restricted to research operating systems and commercial OSs still use ACLs. Capabilities can, however, also be implemented at the language level, leading to a style of programming that is essentially a refinement of standard object-oriented design. An open source project in the area is the E language.

First the Plessey System 250 and then Cambridge CAP computer demonstrated the use of capabilities, both in hardware and software, in the 1970s. A reason for the lack of adoption of capabilities may be that ACLs appeared to offer a 'quick fix' for security without pervasive redesign of the operating system and hardware.

The most secure computers are those not connected to the Internet and shielded from any interference. In the real world, the most security comes from operating systems where security is not an add-on, such as OS/400 from IBM. This almost never shows up in lists of vulnerabilities for good reason. Years may elapse between one problem needing remediation and the next

APPLICATIONS:

IN AVIATION

The aviation industry is especially important when analyzing computer security because the involved risks include human life, expensive equipment, cargo, and transportation infrastructure. Security can be compromised by hardware and software malpractice, human error, and faulty operating environments. Threats that exploit computer vulnerabilities can stem from sabotage, espionage, industrial competition, terrorist attack, mechanical malfunction, and human error. The consequences of a successful deliberate or inadvertent misuse of a computer system in the aviation industry range from loss of confidentiality to loss of system integrity, which may lead to more serious concerns such as data theft or loss, network and air traffic control outages, which in turn can lead to airport closures, loss of aircraft, loss of passenger life. Military systems that control munitions can pose an even greater risk.

NOTABLE SYSTEM ACCIDENTS:

In 1994, over a hundred intrusions were made by unidentified hackers into the Rome Laboratory, the US Air Force's main command and research facility. Using trojan horse viruses, hackers were able to obtain unrestricted access to Rome's networking systems and remove traces of their activities. The intruders were able to obtain classified files, such as air tasking order systems data and furthermore able to penetrate connected networks of National Aeronautics and Space Administration's Goddard Space Flight Center, Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations, by posing as a trusted Rome center user. Now, a technique called Ethical hack testing is used to remediate these issues.

Electromagnetic interference is another threat to computer safety and in 1989, a United States Air Force F-16 jet accidentally dropped a 230 kg bomb in West Georgia after unspecified interference caused the jet's computers to release it.

A similar telecommunications accident also happened in 1994, when two UH-60 Blackhawk helicopters were destroyed by F-15 aircraft in Iraq because the IFF system's encryption system malfunctioned.

TERMINOLOGY:

The following terms used in engineering secure systems are explained below.

  • Authentication techniques can be used to ensure that communication end-points are who they say they are.

  • Automated theorem proving and other verification tools can enable critical algorithms and code used in secure systems to be mathematically proven to meet their specifications.

  • Capability and access control list techniques can be used to ensure privilege separation and mandatory access control.

  • Chain of trust techniques can be used to attempt to ensure that all software loaded has been certified as authentic by the system's designers.

  • Cryptographic techniques can be used to defend data in transit between systems, reducing the probability that data exchanged between systems can be intercepted or modified.

  • Firewalls can provide some protection from online intrusion.

  • Mandatory access control can be used to ensure that privileged access is withdrawn when privileges are revoked. For example, deleting a user account should also stop any processes that are running with that user's privileges.

  • Secure cryptoprocessors can be used to leverage physical security techniques into protecting the security of the computer system.

  • microkernels can be reliable against errors: eg EROS and Coyotos.

Some of the following items may belong to the computer insecurity article:

  • Anti-virus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software (malware).


Cryptographic techniques involve transforming information, scrambling it so it becomes unreadable during transmission. The intended recipient can unscramble the message, but eavesdroppers cannot.

  • Backups are a way of securing information; they are another copy of all the important computer files kept in another location. These files are kept on hard disks, CD-Rs, CD-RWs, and tapes. Suggested locations for backups are a fireproof, waterproof, and heat proof safe, or in a separate, offsite location than that in which the original files are contained. Some individuals and companies also keep their backups in safe deposit boxes inside bank vaults. There is also a fourth option, which involves using one of the file hosting services that backs up files over the Internet for both business and individuals.

  • Encryption is used to protect the message from the eyes of others. It can be done in several ways by switching the characters around, replacing characters with others, and even removing characters from the message. These have to be used in combination to make the encryption secure enough, that is to say, sufficiently difficult to crack. Public key encryption is a refined and practical way of doing encryption. It allows for example anyone to write a message for a list of recipients, and only those recipients will be able to read that message.

  • Firewalls are systems which help protect computers and computer networks from attack and subsequent intrusion by restricting the network traffic which can pass through them, based on a set of system administrator defined rules.

  • Honey pots are computers that are either intentionally or unintentionally left vulnerable to attack by crackers. They can be used to catch crackers or fix vulnerabilities.

  • Intrusion-detection systems can scan a network for people that are on the network but who should not be there or are doing things that they should not be doing, for example trying a lot of passwords to gain access to the network.

  • Pinging The ping application can be used by potential crackers to find if an IP address is reachable. If a cracker finds a computer they can try a port scan to detect and attack services on that computer.

  • Social engineering awareness keeps employees aware of the dangers of social engineering and/or having a policy in place to prevent social engineering can reduce successful breaches of the network and servers.

  • File Integrity Monitors are tools used to detect changes in the integrity of systems and files.

References

  • Ross J. Anderson: Security Engineering: A Guide to Building Dependable Distributed Systems, ISBN 0-471-38922-6

  • Morrie Gasser: Building a secure computer system ISBN 0-442-23022-2 1988

  • Stephen Haag, Maeve Cummings, Donald McCubbrey, Alain Pinsonneault, Richard Donovan: Management Information Systems for the information age, ISBN 0-07-091120-7

  • E. Stewart Lee: Essays about Computer Security Cambridge, 1999

  • Peter G. Neumann: Principled Assuredly Trustworthy Composable Architectures 2004

  • Paul A. Karger, Roger R. Schell:

Thirty Years Later: Lessons from the Multics Security Evaluation, IBM white paper.

  • Bruce Schneier: Secrets & Lies: Digital Security in a Networked World, ISBN 0-471-25311-1

  • Robert C. Seacord: Secure Coding in C and C++. Addison Wesley, September, 2005. ISBN 0-321-33572-4

Conclusion:

Computer security is critical in almost any technology-driven industry which operates on computer systems.Computer security can also be refered to as computer safety. The issues of computer based systems and addressing their countless vulnerabilities are an integral part of maintaining an operational industry.

1 comment: