Lec 05 - Cyber Crime
Lec 05 - Cyber Crime
Lec 05 - Cyber Crime
Lecture 05 :
CYBER CRIME
Course Teacher :
Colonel S M Saiful Islam, SUP, psc
CSE (BUET), MBA (IBA), MDS
ITIL® (Expert), Prince2® (Practitioner), CDCP®, ISO 27001 Lead Auditor®
25-Feb-24 Lecture - 6 2
Incident - 2
You are one of the top students in your university’s computer science program of
200 students. You are surprised when you are met after class by two
representatives from a federal intelligence agency. Over dinner, they talk to you
about the increasing threat of cyberterrorist attacks launched on the United States
by foreign countries and the need to counter those attacks. They offer you a
position on the agency’s supersecret cyberterrorism unit, at a starting salary 50
percent higher than you know other computer science graduates are being offered.
Your role would be to both develop and defend against new zero-day exploits that
could be used to plant malware in the software used by the government and
military computers. Would such a role be of interest to you?
What questions might you ask to determine if you would accept their offer of
employment?
25-Feb-24 Lecture - 6 3
Incident - 3
You are the CFO of a sporting goods manufacturer and distributor. Your firm has
annual sales exceeding $500 million, with roughly 25 percent of your sales coming
from online purchases. Today, your firm’s Web site was not operational for almost an
hour. The IT group informed you that the site was the target of a distributed denial-
of-service attack. You are shocked by an anonymous call later in the day in which a
man tells you that your site will continue to be attacked unmercifully unless you pay
him $250,000 to stop the attacks.
25-Feb-24 Lecture - 6 4
IT security incidents : A major Concern
Security of information should be balanced against other business needs. Business
managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as :
• If a firm is a victim of a computer crime, should it
‒ pursue prosecution of the criminals at all costs
‒ maintain a low profile to avoid the negative publicity
‒ inform its affected customers
‒ or take some other action?
• How much effort and money should be spent to safeguard against computer
crime? (In other words, how safe is safe enough?)
25-Feb-24 Lecture - 6 5
IT security incidents : A major Concern
Security of information should be balanced against other business needs. Business
managers, IT professionals, and IT users all face a number of ethical decisions
regarding IT security, such as :
• If a firm is a victim of a computer crime, should it pursue prosecution of the criminals
at all costs, maintain a low profile to avoid the negative publicity, inform its affected customers,
or take some other action?
• How much effort and money should be spent to safeguard against computer
crime? (In other words, how safe is safe enough?)
• If a company realizes that it has produced software with defects that make it
possible for hackers to attack customer data and computers, what actions
should it take?
• What should be done if recommended computer security safeguards make
conducting business more difficult for customers and employees, resulting in
lost sales and increased costs?
25-Feb-24 Lecture - 6 6
Learning Objectives
1. What key trade-offs and ethical issues are associated with the safeguarding of
data and information systems?
2. Why has there been a dramatic increase in the number of computer related
security incidents in recent years?
3. What are the most common types of computer security attacks?
4. Who are the primary perpetrators of computer crime, and what are their
objectives?
5. What are the key elements of a multilayer process for managing security
vulnerabilities based on the concept of reasonable assurance?
6. What actions must be taken in response to a security incident?
7. What is computer forensics, and what role does it play in responding to a
computer incident?
25-Feb-24 Lecture - 6 7
Event
25-Feb-24 Lecture - 6 8
Event…..contd.
There are three primary categories of events:
25-Feb-24 Lecture - 6 11
Vulnerability
25-Feb-24 Lecture - 6 12
Accident
An unplanned, uncontrolled event that has led to or could have led to injury
to people, damage to plant, machinery or the environment or some other
loss.
▪ unforeseen and unplanned events or circumstances, often with lack of
intention or necessity.
▪ it usually implies a generally negative outcome which may have been
avoided or prevented had circumstances leading up to the accident)
Types –
▪ Procedural (most common; didn’t follow procedures)
▪ Engineered (flaws in design)
▪ Systemic (complex systems)
25-Feb-24 Lecture - 6 13
Why Computer Incidents Are So Prevalent?
25-Feb-24 Lecture - 6 14
Country ranking based on percent of infected computers
25-Feb-24 Lecture - 6 15
Types of Exploits
• Email spam is the abuse of email systems to send unsolicited email to large
numbers of people.
• The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act
January 2004 says that it is legal to spam, provided the messages meet a few basic
requirements—spammers cannot disguise their identity by using a false return address,
the email must include a label specifying that it is an ad or a solicitation, and the email
must include a way for recipients to indicate that they do not want future mass mailings.
25-Feb-24 Lecture - 6 17
Types of Exploits
• Phishing is the act of fraudulently using email to try to get the recipient to
reveal personal data. In a phishing scam, con artists send legitimate-looking
emails urging the recipient to take action to avoid a negative consequence or
to receive a reward.
• Smishing is another variation of phishing that involves the use of Short
Message Service (SMS) texting. In a smishing scam, people receive a
legitimate-looking text message on their phone telling them to call a specific
phone number or to log on to a Web site.
• Vishing is similar to smishing except that the victims receive a voice mail
telling them to call a phone number or access a Web site
25-Feb-24 Lecture - 6 18
Types of Perpetrators
25-Feb-24 Lecture - 6 19
Implementing Trustworthy Computing
Trustworthy computing is a method of computing that delivers secure, private, and
reliable computing experiences based on sound business practices—which is what
organizations worldwide are demanding today. Software and hardware
manufacturers, consultants, and programmers all understand that this is a priority for
their customers
25-Feb-24 Lecture - 6 20
Microsoft’s four pillars of trustworthy computing
Security Invest in the expertise and technology required to create a trustworthy environment
Work with law enforcement agencies, industry experts, academia, and private sectors
to create and enforce secure computing.
Develop trust by educating consumers on secure computing
Privacy Make privacy a priority in the design, development, and testing of products.
Contribute to standards and policies created by industry organizations and government.
Provide users with a sense of control over their personal information.
Reliability Build systems so that (1) they continue to provide service in the face of internal or
external disruptions; (2) they can be easily restored to a previously known state with no
data loss in the event of a disruption; (3) they provide accurate and timely service
whenever needed; (4) required changes and upgrades do not disrupt them; (5) they
contain minimal software bugs on release; and (6) they work as expected or promised
Business Be responsive—take responsibility for problems and take action to correct them. Be
integrity transparent—be open in dealings with customers, keep motives clear, keep promises,
and make sure customers know where they stand in dealing with the company.
25-Feb-24 Lecture - 6 21
Safety
▪ Safe operation of system and the prevention of natural or human caused
disasters.
- A ship in the harbor is safe, but that is not what ships are built for
- A thing is safe if its risks are judged to be acceptable.
Engineers have a responsibility to society to produce products that are safe.
▪ Safety is a very unclear term. Unclear because safety is a value judgment
▪ Safety must come with the concept of risk. It is impossible to build
anything to be completely risk-free. How much risk is appropriate? How
much safety is safe enough?
25-Feb-24 Lecture - 6 22
Safety and Risk
▪ The terms of safety and risk are inter-related.
▪ It is amazing to know that what may be safe enough for one person may
not be for someone else. It is because of either different perceptions
about what is safe
▪ A risk is the potential that something unwanted and harmful may occur
25-Feb-24 Lecture - 6 23
Safety and Risk Factor
Voluntary vs. involuntary risk
- Many consider something safer if they knowingly take on the risk but
find it unsafe if forced to do so. If the property values are low enough,
some people will be tempted to buy a house near a plant that emits low
levels of toxic waste into the air.
Short-term vs. long-term consequences
- Something that might cause a short-lived illness or disability seems
safer than something that will result in permanent disability. An activity
that may cause a leg to be broken is preferred to a spinal fracture. A
broken leg will recover in a couple of months. Spinal fractures, however,
can lead to permanent disability.
25-Feb-24 Lecture - 6 24
Risk Analysis
Risk analysis is used for the assessment of the hazards associated with an
industrial or commercial activity and can be summarized by 3 questions
given below:
• What can go wrong? Hazard Identification
• What are the effects and consequences? Consequence Analysis
• How often it will happen? Probability estimation
25-Feb-24 Lecture - 6 27
Risk-benefit analysis
Risk-benefit analysis is a method that helps engineers to analyze the risk in
a project and to determine whether a project should be implemented or not.
It is very much closer to cost-benefit analysis.
Risk-benefit analysis is being conducted to find out answers to the following
questions:
✓ Is the product worth applying the risk-benefit analysis?
✓ What are the benefits?
✓ Do they outweigh the risks?
25-Feb-24 Lecture - 6 28
Risk Assessment
25-Feb-24 Lecture - 6 29
Risk Assessment
25-Feb-24 Lecture - 6 30
Establishing a Security Policy
25-Feb-24 Lecture - 6 32
Prevention
25-Feb-24 Lecture - 6 33
Detection
25-Feb-24 Lecture - 6 34
Response
• Incident Notification.
• Protection of Evidence and Activity Logs
• Incident Containment
• Eradication
• Incident Follow-Up
• Computer Forensics
25-Feb-24 Lecture - 6 35
Response
A review should be conducted after an incident to determine exactly what happened
and to evaluate how the organization responded. One approach is to write a formal
incident report that includes a detailed chronology of events and the impact of the
incident. This report should identify any mistakes so that they are not repeated in the
future. The experience from this incident should be used to update and revise the
security incident response plan.
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer
25-Feb-24 Lecture - 6 36
Response
A review should be conducted after an incident to determine exactly what happened
and to evaluate how the organization responded. One approach is to write a formal
incident report that includes a detailed chronology of events and the impact of the
incident. This report should identify any mistakes so that they are not repeated in the
future. The experience from this incident should be used to update and revise the
security incident response plan.
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer
25-Feb-24 Lecture - 6 37
Response
The key elements of a formal incident report include the following:
• IP address and name of host computer(s) involved
• The date and time when the incident was discovered
• The length of the incident
• How the incident was discovered
• The method used to gain access to the host computer
• A detailed discussion of vulnerabilities that were exploited
• A determination of whether or not the host was compromised as a result of the attack
• The nature of the data stored on the computer (customer, employee, etc.)
• Whether the data is considered personal, private, or confidential
• The number of hours the system was down
• The overall impact on the business
• An estimate of total monetary damage from the incident
• A detailed chronology of all events associated with the incident
25-Feb-24 Lecture - 6 38
Thank You
For Your Attention
01769004659 foreversaif@gmail.com