Course Title :

GED-2211: Professional Ethics and Environmental Protection

Credit Hour: 3.0

Lecture 05 :
CYBER CRIME

Course Teacher :
Colonel S M Saiful Islam, SUP, psc
CSE (BUET), MBA (IBA), MDS
ITIL® (Expert), Prince2® (Practitioner), CDCP®, ISO 27001 Lead Auditor®

Department of Computer Science & Engineering

Bangladesh University of Professionals
 Incident - 1

You are a member of the Human Resources Department of a three-year-old

software manufacturer that has several products and annual revenue in excess of
$500 million. You’ve just received a request from the manager of software
development to hire three notorious crackers to probe your company’s software
products in an attempt to identify any vulnerabilities. The reasoning is that if anyone
could find a vulnerability in your software, they could. This will give your firm a head
start on developing patches to fix the problems before anyone can exploit them.
You’re not sure, and you feel uneasy about hiring people with criminal records and
connections to unsavory members of the hacker/ cracker community.

What would you do?

25-Feb-24 Lecture - 6 2
 Incident - 2

You are one of the top students in your university’s computer science program of
200 students. You are surprised when you are met after class by two
representatives from a federal intelligence agency. Over dinner, they talk to you
about the increasing threat of cyberterrorist attacks launched on the United States
by foreign countries and the need to counter those attacks. They offer you a
position on the agency’s supersecret cyberterrorism unit, at a starting salary 50
percent higher than you know other computer science graduates are being offered.
Your role would be to both develop and defend against new zero-day exploits that
could be used to plant malware in the software used by the government and
military computers. Would such a role be of interest to you?

What questions might you ask to determine if you would accept their offer of
employment?

25-Feb-24 Lecture - 6 3
 Incident - 3

You are the CFO of a sporting goods manufacturer and distributor. Your firm has
annual sales exceeding $500 million, with roughly 25 percent of your sales coming
from online purchases. Today, your firm’s Web site was not operational for almost an
hour. The IT group informed you that the site was the target of a distributed denial-
of-service attack. You are shocked by an anonymous call later in the day in which a
man tells you that your site will continue to be attacked unmercifully unless you pay
him $250,000 to stop the attacks.

What do you say to the blackmailer?

25-Feb-24 Lecture - 6 4
 IT security incidents : A major Concern
Security of information should be balanced against other business needs. Business
managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as :
• If a firm is a victim of a computer crime, should it
‒ pursue prosecution of the criminals at all costs
‒ maintain a low profile to avoid the negative publicity
‒ inform its affected customers
‒ or take some other action?
• How much effort and money should be spent to safeguard against computer
crime? (In other words, how safe is safe enough?)

25-Feb-24 Lecture - 6 5
 IT security incidents : A major Concern
Security of information should be balanced against other business needs. Business
managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as :
• If a firm is a victim of a computer crime, should it pursue prosecution of the criminals
at all costs, maintain a low profile to avoid the negative publicity, inform its affected customers,
or take some other action?

• How much effort and money should be spent to safeguard against computer
crime? (In other words, how safe is safe enough?)
• If a company realizes that it has produced software with defects that make it
possible for hackers to attack customer data and computers, what actions
should it take?
• What should be done if recommended computer security safeguards make
conducting business more difficult for customers and employees, resulting in
lost sales and increased costs?
25-Feb-24 Lecture - 6 6
 Learning Objectives
1. What key trade-offs and ethical issues are associated with the safeguarding of
data and information systems?
2. Why has there been a dramatic increase in the number of computer related
security incidents in recent years?
3. What are the most common types of computer security attacks?
4. Who are the primary perpetrators of computer crime, and what are their
objectives?
5. What are the key elements of a multilayer process for managing security
vulnerabilities based on the concept of reasonable assurance?
6. What actions must be taken in response to a security incident?
7. What is computer forensics, and what role does it play in responding to a
computer incident?
25-Feb-24 Lecture - 6 7
 Event

➢ An event is simply a state of change to an IT service.

➢ In programming and software design, an event is an action or occurrence
recognized by the software, often originating asynchronously from the
external environment, that may be handled by the software.
➢ Computer events can be generated or triggered by the system, by the
user, or in other ways
➢ Events can be warnings and exceptions generated by the software based
on user actions (clicking on a link with your mouse), or system
occurrences (running out of memory).

25-Feb-24 Lecture - 6 8
 Event…..contd.
There are three primary categories of events:

▪ An informational event is a type of event is used to check the status of a device or

services to confirm it’s working and capture statistics for determining patterns of
behavior. Like heartbeats, informational events happen because your infrastructure
is working, and data is being generated and moved through your network.
▪ Warning events are generated when a device or service is approaching some pre-
defined threshold. Warnings are intended to notify the operations
people/processes/tools so they can proactively take any necessary actions to
prevent an exception.
▪ Exception events indicate that a service or device is currently operating outside the
‘normal’ or ‘expected’ parameters (thresholds). This means that the business service
is impacted, and the device or service displays a failure (fault), performance
degradation, or loss of functionality (server down, insufficient disk space, slow
response time).
25-Feb-24 Lecture - 6 9
 Incident
▪ IT events that are “unexpected” (warnings or exceptions) and anomalies
may trigger a response known as an incident.
▪ Sometimes incidents are harmless and reflect a temporary, self-correcting
situation, other times they can mean trouble—either that a failure has
occurred, or that there is a situation imminent that could lead to a failure if
not corrected.
▪ It focuses on returning the performance of an organization’s services to
normal as quickly as possible, minimizing the impact on business
operations
▪ Anomalies are unusual behaviors, not all of which are negative, but they
are created by AI and machine learning to reflect changes in behavior that
may or may not be normal.
25-Feb-24 Lecture - 6 10
 Risk
• A risk is the potential that something unwanted and harmful may occur
• It is very important for the manufacturer and the user to have some
understanding to know about the risks connected with any product and
know how much it will cost to reduce the risk.
• We can take a risk when we undertake something or we use a product
that is not safe.

25-Feb-24 Lecture - 6 11
 Vulnerability

• A vulnerability, in information technology (IT), is a flaw in code or design that

creates a potential point of security compromise for an endpoint or network.
• It is a term that refers to a flaw in a system that can leave it open to attack.
• It creates possible attack vectors, through which an intruder could run code
or access a target system’s memory.
• vulnerabilities are exploited by code injection and buffer overruns, hacking
scripts, applications, and free hand-coding
• vulnerabilities information should not be published at all, because the
information can be used by an intruder
• It can happen because of Hardware, Software, Network, and Procedural
vulnerabilities.

25-Feb-24 Lecture - 6 12
 Accident

An unplanned, uncontrolled event that has led to or could have led to injury
to people, damage to plant, machinery or the environment or some other
loss.
▪ unforeseen and unplanned events or circumstances, often with lack of
intention or necessity.
▪ it usually implies a generally negative outcome which may have been
avoided or prevented had circumstances leading up to the accident)

Types –
▪ Procedural (most common; didn’t follow procedures)
▪ Engineered (flaws in design)
▪ Systemic (complex systems)

25-Feb-24 Lecture - 6 13
 Why Computer Incidents Are So Prevalent?

1. Increasing Complexity Increases Vulnerability.

2. Higher Computer User Expectations.
3. Expanding and Changing Systems Introduce New Risks.
4. Bring Your Own Device.
5. Increased Reliance on Commercial Software with Known Vulnerabilities.

25-Feb-24 Lecture - 6 14
 Country ranking based on percent of infected computers

25-Feb-24 Lecture - 6 15
 Types of Exploits

• Virus is a piece of programming code, usually disguised as something else,

that causes a computer to behave in an unexpected and usually undesirable
manner.
• Worm is a harmful program that resides in the active memory of the computer
and duplicates itself. Worms differ from viruses in that they can propagate
without human intervention, often sending copies of themselves to other
computers by email.
• Trojan Horse is a program in which malicious code is hidden inside a
seemingly harmless program. The program’s harmful payload might be
designed to enable the hacker to destroy hard drives, corrupt files, control the
computer remotely, launch attacks against other computers, steal passwords
or Social Security numbers, or spy on users by recording keystrokes and
transmitting them to a server operated by a third party
25-Feb-24 Lecture - 6 16
 Types of Exploits

• Email spam is the abuse of email systems to send unsolicited email to large
numbers of people.
• The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
January 2004 says that it is legal to spam, provided the messages meet a few basic
requirements—spammers cannot disguise their identity by using a false return address,
the email must include a label specifying that it is an ad or a solicitation, and the email
must include a way for recipients to indicate that they do not want future mass mailings.

• Distributed Denial-of-Service (DDoS) Attack is one in which a malicious

hacker takes over computers via the Internet and causes them to flood a
target site with demands for data and other small tasks.
• Rootkit is a set of programs that enable its user to gain administrator-level
access to a computer without the end user’s consent or knowledge

25-Feb-24 Lecture - 6 17
 Types of Exploits

• Phishing is the act of fraudulently using email to try to get the recipient to
reveal personal data. In a phishing scam, con artists send legitimate-looking
emails urging the recipient to take action to avoid a negative consequence or
to receive a reward.
• Smishing is another variation of phishing that involves the use of Short
Message Service (SMS) texting. In a smishing scam, people receive a
legitimate-looking text message on their phone telling them to call a specific
phone number or to log on to a Web site.
• Vishing is similar to smishing except that the victims receive a voice mail
telling them to call a phone number or access a Web site

25-Feb-24 Lecture - 6 18
 Types of Perpetrators

• Hackers. Test limits of system and/or gain publicity

• Crackers Cause problems, steal data, and corrupt systems
• Malicious insiders Gain financially and/or disrupt company’s information
systems and business operations
• Industrial spies Capture trade secrets and gain competitive advantage
• Cybercriminals Gain financially
• Hacktivists Promote political ideology
• Cyberterrorists Destroy infrastructure components of financial
institutions, utilities, and emergency response units

25-Feb-24 Lecture - 6 19
 Implementing Trustworthy Computing
Trustworthy computing is a method of computing that delivers secure, private, and
reliable computing experiences based on sound business practices—which is what
organizations worldwide are demanding today. Software and hardware
manufacturers, consultants, and programmers all understand that this is a priority for
their customers

For example, Microsoft has pledged

to deliver on a trustworthy computing
initiative designed to improve trust in
its software products

25-Feb-24 Lecture - 6 20
 Microsoft’s four pillars of trustworthy computing
Security Invest in the expertise and technology required to create a trustworthy environment
Work with law enforcement agencies, industry experts, academia, and private sectors
to create and enforce secure computing.
Develop trust by educating consumers on secure computing
Privacy Make privacy a priority in the design, development, and testing of products.
Contribute to standards and policies created by industry organizations and government.
Provide users with a sense of control over their personal information.
Reliability Build systems so that (1) they continue to provide service in the face of internal or
external disruptions; (2) they can be easily restored to a previously known state with no
data loss in the event of a disruption; (3) they provide accurate and timely service
whenever needed; (4) required changes and upgrades do not disrupt them; (5) they
contain minimal software bugs on release; and (6) they work as expected or promised
Business Be responsive—take responsibility for problems and take action to correct them. Be
integrity transparent—be open in dealings with customers, keep motives clear, keep promises,
and make sure customers know where they stand in dealing with the company.

25-Feb-24 Lecture - 6 21
 Safety
▪ Safe operation of system and the prevention of natural or human caused
disasters.
- A ship in the harbor is safe, but that is not what ships are built for
- A thing is safe if its risks are judged to be acceptable.
Engineers have a responsibility to society to produce products that are safe.
▪ Safety is a very unclear term. Unclear because safety is a value judgment
▪ Safety must come with the concept of risk. It is impossible to build
anything to be completely risk-free. How much risk is appropriate? How
much safety is safe enough?

25-Feb-24 Lecture - 6 22
 Safety and Risk
▪ The terms of safety and risk are inter-related.
▪ It is amazing to know that what may be safe enough for one person may
not be for someone else. It is because of either different perceptions
about what is safe
▪ A risk is the potential that something unwanted and harmful may occur

25-Feb-24 Lecture - 6 23
 Safety and Risk Factor
Voluntary vs. involuntary risk
- Many consider something safer if they knowingly take on the risk but
find it unsafe if forced to do so. If the property values are low enough,
some people will be tempted to buy a house near a plant that emits low
levels of toxic waste into the air.
Short-term vs. long-term consequences
- Something that might cause a short-lived illness or disability seems
safer than something that will result in permanent disability. An activity
that may cause a leg to be broken is preferred to a spinal fracture. A
broken leg will recover in a couple of months. Spinal fractures, however,
can lead to permanent disability.

25-Feb-24 Lecture - 6 24
 Risk Analysis
Risk analysis is used for the assessment of the hazards associated with an
industrial or commercial activity and can be summarized by 3 questions
given below:
• What can go wrong? Hazard Identification
• What are the effects and consequences? Consequence Analysis
• How often it will happen? Probability estimation

25-Feb-24 Lecture - 6 27
 Risk-benefit analysis
Risk-benefit analysis is a method that helps engineers to analyze the risk in
a project and to determine whether a project should be implemented or not.
It is very much closer to cost-benefit analysis.
Risk-benefit analysis is being conducted to find out answers to the following
questions:
✓ Is the product worth applying the risk-benefit analysis?
✓ What are the benefits?
✓ Do they outweigh the risks?

25-Feb-24 Lecture - 6 28
 Risk Assessment

Risk assessment is the process of assessing security-related risks to an

organization’s computers and networks from both internal and external threats. Such
threats can prevent an organization from meeting its key business objectives.
The goal of risk assessment is to identify which investments of time and resources
will best protect the organization from its most likely and serious threats.
In the context of an IT risk assessment, an asset is any hardware, software,
information system, network, or database that is used by the organization to achieve
its business objectives.
A loss event is any occurrence that has a negative impact on an asset, such as a
computer contracting a virus or a Web site undergoing a distributed denial-of-service
attack.

25-Feb-24 Lecture - 6 29
 Risk Assessment

25-Feb-24 Lecture - 6 30
 Establishing a Security Policy

A security policy defines an organization’s security requirements, as well as the

controls and sanctions needed to meet those requirements. A good security policy
delineates responsibilities and the behavior expected of members of the
organization. A security policy outlines what needs to be done but not how to do it.
The details of how to accomplish the goals of the policy are typically provided in
separate documents and procedure guidelines.
• Ethics Policy—This template defines the means to establish a culture of openness, trust, and
integrity in business practices.
• Information Sensitivity Policy—This sample policy defines the requirements for classifying
and securing the organization’s information in a manner appropriate to its level of sensitivity.
• Risk Assessment Policy—This template defines the requirements and provides the authority
for the information security team to identify, assess, and remediate risks to the organization’s
information infrastructure associated with conducting business.
• Personal Communication Devices and Voice-mail Policy—This sample policy describes
security requirements for personal communication devices and voice mail.
25-Feb-24 Lecture - 6 31
 Educating Employees and Contract Workers
Employees and contract workers must be educated about the importance of security
so that they will be motivated to understand and follow the security policies. Users
must understand that they are a key part of the security system and that they have
certain responsibilities like:
• Guarding their passwords to protect against unauthorized access to their
accounts
• Prohibiting others from using their passwords
• Applying strict access controls (file and directory permissions) to protect data
from disclosure or destruction
• Reporting all unusual activity to the organization’s IT security group
• Taking care to ensure that portable computing and data storage devices are
protected (hundreds of thousands of laptops are lost or stolen per year)

25-Feb-24 Lecture - 6 32
 Prevention

• Installing a Corporate Firewall

• Intrusion Detection Systems.
• Installing Antivirus Software on Personal Computers
• Defending Against Cyberterrorism
• Addressing the Most Critical Internet Security Threats
• Conducting Periodic IT Security Audits

25-Feb-24 Lecture - 6 33
 Detection

• Even when preventive measures are implemented, no organization is

completely secure from a determined attack. Thus, organizations should
implement detection systems to catch intruders in the act. Organizations often
employ an intrusion detection system to minimize the impact of intruders

25-Feb-24 Lecture - 6 34
 Response

• Incident Notification.
• Protection of Evidence and Activity Logs
• Incident Containment
• Eradication
• Incident Follow-Up
• Computer Forensics

25-Feb-24 Lecture - 6 35
 Response
A review should be conducted after an incident to determine exactly what happened
and to evaluate how the organization responded. One approach is to write a formal
incident report that includes a detailed chronology of events and the impact of the
incident. This report should identify any mistakes so that they are not repeated in the
future. The experience from this incident should be used to update and revise the
security incident response plan.
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer

25-Feb-24 Lecture - 6 36
 Response
A review should be conducted after an incident to determine exactly what happened
and to evaluate how the organization responded. One approach is to write a formal
incident report that includes a detailed chronology of events and the impact of the
incident. This report should identify any mistakes so that they are not repeated in the
future. The experience from this incident should be used to update and revise the
security incident response plan.
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer

25-Feb-24 Lecture - 6 37
 Response
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer
• A detailed discussion of vulnerabilities that were exploited
• A determination of whether or not the host was compromised as a result of the attack
• The nature of the data stored on the computer (customer, employee, etc.)
• Whether the data is considered personal, private, or confidential
• The number of hours the system was down
• The overall impact on the business
• An estimate of total monetary damage from the incident
• A detailed chronology of all events associated with the incident

25-Feb-24 Lecture - 6 38
 Thank You
For Your Attention
01769004659 foreversaif@gmail.com