Cyber Crimes Exam1

Malware

software that is designed to disrupt, damage, or gain access to unauthorized access to a computer system; virus, trojan horse, worm, spyware, adware

cybercrimes

Inspire fear in consumers & lead to a lack of trust in the security & safety of e-commerce .Present unique and difficult challenges to law enforcement & other governmental officials

Cyber

attached to a computer system

New Threats

Distribution of child pornography, financial crimes, corporate & governmental espionage, exploitation, stalking, identity theft

Insiders

Pose the greatest threat

Legislation & Law

are playing catch-up with technology; insufficient laws

Complications

there is a significant inconsistency in defining computer crime offenses, there is no systematic data collection procedure for cybercrimes, offenses vary greatly in character

Victimization

Increased use of computers, Increased availability of technical information on virus creation & computer hacking techniques

Carter’s Classification

computer as a target, computer as an instrument of a crime, computer as incidental to a crime, crimes associated with the prevalence of computers

Computer as Target

data alteration, network intrusion, computer vandalism, etc

Computer as Instrument

when the computer is used to gain some other criminal objective; theft, fraud, threats & harassment, bullying

Computer as Incidental

money laundering, criminal enterprise, child pornography, luring victims

Crimes Associated w computer

intellectual property theft, component theft, counterfeiting, identity theft

Type 1 Offenses

A single or discreet event from the point of view of the victim, involves use of malware, can be but not facilitated by computer software vulnerabilities.

Type 2 Offenses

Do not involve malware, generally involve repeated contacts or events from the point of view of the victim, do not usually involve the use of malware; cyberstalking, harassment, child predation, extortion

Hacker

No universal meaning, popular consensus is that they are bad people, establish their own sets of values which often conflict w the laws and values of greater society, 90% male, 80% under 30, 60% started early

Insider attack methods

Social engineering, authorized use of an orgs systems, bypassing security & control processes, compromised accounts

Crackers

a malicious hacker, there is no final authority on who determines when or how a hacker becomes this, no clear way to cross line back to hacker either.

Script Kiddies

often described as a scourge or pestilence on the internet, do not have enough skill to write their own programs or explore new exploits themselves, instead they download attack programs. primarily concerned with bragging & attacking each other or anyone else who draws their wrath

White Hat Hacker

ethical hacker; forms include: software testing by manufacturers, independent verification of software function & security, reverse engineering, training, bug bounty.

Tiger Teams

teams of hackers hired to “test” the defenses of an organization

Gray Hat Hackers

typically behaves in ethical manner, but sometimes violates accepted ethics. Accepted ethics include: do not profit from intrusion, do not intentionally harm a computer system, attempt to inform a system administrator of security flaws; “hackers are not bad guys, computer criminals are”

Black Hat Haters

cracker or malicious hacker; only network intrusion & other “hacker-like” activities committed in conflict w hacker ethics, quite open about their ideas, opinions, & technology. Most claim to benefit the systems they intrude upon bc they do not destroy data & alert system administrators to security flaws

Hacktivists

hackers that have come together to challenge the treatment of their peers by the government. use hacker skills & attitudes to convey a political message

The Internet of Things

anything that has a chip & connectivity, cell phones, household appliances, engines, industrial equipment, GPS Systems, cars

Social Norms

Technology, knowledge, commitment, categorization, law

Knowledge

hacker identity is built upon a devotion to learn & understand technology, most hackers are self taught

why?

Money, ideology, espionage, fun & thrill

Choice Theory

an individual commits a crime because he or she makes a rational choice to do so by weighing the risks & benefits of committing the act. When risks outweigh the benefits, the person will not commit the act. When the risk do not outweigh the benefits the person WILL commit the act

Routine Activities Theory (RAT)

based on rational theory. Developed by Lawrence Cohen & Marcus Felson. They argue that there is always a steady supply of offenders who are motivated to commit crime.

Factors for crime to occur

A motivated offender, a suitable target, the absence of a capable guardian

Capable Guardians

Anti-virus software, firewalls, cybersecurity teams, law enforcement

RAT; Online harassment

victims are vulnerable, attractive target, and in proximity

Deterrence Theory

argues that offenders commit crime bc they make a choice to do so. Based on perceived risks & benefits of committing the criminal act. If the risks outweigh the benefits, the offender WILL be deterred from the criminal act

General Deterrence

seeks to deter would-be offenders from committing criminal acts bc of the threat of punishment

Specific Deterrence

Designed to impose a sanction on a convicted offender in order to prevent him or her from continuing to commit criminal acts in the future

Cognitive Development Theory

assumes that individuals develop in a sequential manner

6 stages of moral development

punishment & obedience, Hedonistic Orientation, Interpersonal concordance, law and order orientation, social contract/legalistic, orientation to universal ethical principals

Personality Disorders

Psychologists argue that certain personality characteristics of an individual may influence crime; extroversion, impulsivity, lack of self-control, etc

Social Structure Theories

focus on why lower-class individuals are more likely to commit crime than middle-& Upper-class individuals

Strain Theory

saw crime as a result of a lack of opportunity, in particular economic opportunity; Goals vs. Means

Jurisdiction

Local, Federal, International

Merton’s 5 modes of Adaptation

Conformity, Ritualism, Innovation, Retreatism, Rebellion

General Strain Theory (GST)

developed by Robert Agnew, attempts to explain why individuals who feel stress & strain in their lives are more likely to commit crimes

Agnew; Negative Affective Stages

Anger, frustration, depression, disappointment, fear

Social Process Theory

Focus on the relationship between socialization & crime; analyze the impact of certain factors such as peer group relationships, family relationships, & failure in school on crime

Learning Theory

Individuals commit crime because they learn attitudes, skills, & rationalizations necessary to commit these acts, many times learning takes place w parents and peer interactions.

Sutherland: Differential Association Theory

argues that criminal behavior is a function of learning, not the inability to obtain economic resources

Hacker Subculture

provides context in which hackers situation their actions by rejecting goals & opportunities of the dominant culture. Social Hierarchy, Socialization, & Justifications

Spam Types

Commercial Electronic Mail, Email Scams, Sexually oriented material

CAN-SPAM Prohibits

the use of false or misleading header information, a “from” line that does not accurately identify any person who initiated the message; inaccurate or misleading identification…for purposes of disguising its origin; use of deceptive subject headings

CAN-SPAM Requires

a functioning email return address/other internet based response mechanism, commercial email messages be discontinued withing 10 business days after receipt of opt-out notification from recipient, clear & conspicuous notice of the opportunity to decline to receive further commercial email messages from the sender; and a valid physical postal address of the sender. Warning labels on commercial email messages containing sexually oriented materials

Sexual Content

Notice in the subject heading, links to content only, prior affirmatice consent

Fraudulent Email

Fines & or Imprisonment up to 5 years. Uses a protected computer to relay or retransmit multiple commercial electronic mail messages w the intent to deceive or mislead recipients or any internet access service, as to the origin of such messages.

Address Harvesting

Obtaining e-mail addresses using an automated means from an internet web site or proprietary online service operated by another person, where such service/person, at the time the address was obtained, had provided a notice stating that the operator of such web site or online service will not give, sell, or otherwise transfer electronic address.

Dictionary Attacks

Obtaining email address by using an automated means that generates possible email addresses by combining names, letters, or numbers into permutations

Hijacking

use of automated means to register for multiple email accts or online user accts from which to transmit, or enable another person to transmit, a commercial email that is unlawful

SMTP

Simple Mail Transfer Protocol

SPF

Standard Email Authentication Method. Source server IP belongs to the relevant domain

DKIM

Domain Keys Identified Mail, the message has a private key (hash) that matches with hash that we create using the public key that belong to the email domain and stored in DNS server, thus message is intact

DMARC

Domain Based message authentication, reporting, & conformance

Social engineering

Act of making other people take a action that may not be in their own best interest. Deception, manipulation, emotion/weakness, a deep knowledge of human vulnerabilities, Reconnaissance

Social Engineers

Hackers, Spies, Penetration Tester, Identity Thieves, Recruiters, Disgruntled Employees, Governments, Sales people

Common Attack Types

Customer service, couriers (to get identifying info, signature, gain entry into buildings), phone calls targeting employers, emails

Stages of Social Engineering

Information gathering, pretexting, elicitation, manipulation

Information Gatherting

Dumpster diving, social media, malware, shoulder surfing, watering hole

Manipulation

to influence someone to do something not in their best interest

Phishing

Email from friends, install malware, validating email addresses, getting money, directing to a fraudulent website, stealing credit card info, stealing online acct credentials

Colonial Pipeline Attack

attackers have gained access to an employee’s credentials through phishing attack

Akers: Social Learning Theory

Differential association, definitions, differential reinforcement, imitation

Techniques of Neutralization/ Drift Theory

process of becoming a criminal is a learning experience. Most criminals hold conventional values, norms, & beliefs, but must learn to neutralize the values before committing crime. Allow individuals to drift into criminality and then back into conventional behavior

Subcultural Theories

set of values, norms, & beliefs that differ from the dominant culture. Criminals including computer criminals hold values norms & beliefs that are in opposition to those held in domain culture. Attempted to explain gang formation & crime

Social Control theory

assumes that people will violate the law.

Self-control Theory

a person’s tendency to commit crime can be found in his or her level of self-control. Individuals who lack self-control are more likely to view online pornography & piracy

Karl Marx

Theorized that political change could not be achieved without conflict

Fanon

Justified the use of violence against oppressors

Computer Fraud & Abuse Act

Primary federal statute targeting unauthorized computer use, primarily focusing on unauthorized access & theft of information from computers. Protects any computer connected to a network

Economic Espionage Act

Impose criminal penalties on the theft of trade secrets. Either physically or electronically stored. Person stealing the trade secret must know the theft will cause economic loss & benefit another person. Applies anywhere in the world as long as the perpetrator is a U.S. citizen or company

Copyright Act

includes literary works, musical works, dramatic works, pantomimes & choreographic works, pictorial, & graphic works, motion pictures & audiovisual works, sound recordings & architectural works. Applies to computers typically involves software piracy but also has focused on downloading music & video files

Family Entertainment & Copyright Act

makes it illegal to record, photograph, or otherwise copy a motion picture or other protected work as it is presented or screened in a theater. Also criminalizes the distribution of copyrighted materials before they are released to the public for commercial profit

Title 18

Intentional access, without/exceeding authorization, to a facility providing electronic communication services, obtaining/altering data or preventing authorized access to others. Felony for commercial advantage, malicious destruction, private gain, or further another wrongful act.

Communication Interference

willful or malicious damage to interference to radio, telephone & other means of communication

State Cybercrime Laws

Threshold amts of monetary value, fraudulent/repeated crimes, prior convictions, sensitive data, data of sensitive agencies , traditional crimes-cybercrimes

Confidentiality

ensuring the secrecy of info that is meant to remain private. ex: cybercriminal that breaches a companies network and steals data

Integrity

ensuring that information cannot be altered or tampered with by unauthorized parties. Ex: employee who changes the company’s financial to give himself a bonus or hide a theft

Availability

ensuring that systems & info are available for use by those who need them & are authorized to use them such as employees, customers, & acct holders.

Administrative control

management tool such as procedure, policy, governance, structure, training.

Technical control

rule in software or hardware taht works to protect information & prevent unauthorized access

Physical Controls

protect physical locations where info and systems are accessible

Least privilege

doctrine that limits users to the access and abilities they need to do their jobs but no more than that

Incident Response

Preparation for an incident, Identification & detection of an accident, containment of a threat/attack, recovery & resumption of normal operations, aftermath & lessons learned

Preparation for an Incident

awareness, prevention, and planning

CIS

Center for Internet Security , non-profit org dedicated to developing & promoting best practice solutions for cyber defense, maintains the Critical Security Controls

NIST

National Institute of Standards & Technology, a department of commerce agency, has developed some of the most widely used frameworks & guidance for many types of orgs

ISO

International Organization for Standardization

Justice Process

Investigation, arrest, booking, initial appearance, preliminary hearing, grand jury or information, arraignment, trial, sentencing, appeals, sanction, release

Legal Elements of Criminality

Commission of an act, criminal intent, concurrence, causation, harm

Defense

A legal strategy that defendants use to establish that they should not be found guilty of a specific crime

exclusionary rule

a law that prohibits the use of illegally obtained evidence in a criminal act, “fruit of the poisonous tree”

4th Amendment

protects citizens from unreasonable searches & seizures