1

Cybercrimes and Countermeasures

Noe Aguero Brandon Gandy Rayvincent Laoang Juan Mejia Benjamin Valdez

MIS 304 Dr. Fang Fang Spring 2010 Cal State University San Marcos May 10, 2010 2

Introduction

In the wake of the twenty-first century, many have found ways to challenge the system. These systems, consisting of computers, are accessed without permission and are manipulated or exploited. A new era deemed the Information Age has become fascinating yet bleak at the same time. With the growing amount of concern, these incidents have become categorized into “cybercrimes.” In the following paragraphs, several questions shall be answered, such as; How much of an impact is it in the U.S.?

How does one become a victim? What is a hacker? And what can one do to prevent it from happening to them?

Hacking, A History Lesson

As early as the 1970’s, people were trying to find a way to gain unauthorized access into the telephone lines. Without access to personal computers, telephone lines were readily available and were a stepping stone into what hacking could be, thus giving us the term known as phreaking. Phreaking is the art and science of cracking the phone network (Phone Phreaking, The Telecommunications Underground, 2004). In

1970, a man by the name of John Draper had found a way to make free phone calls from a payphone. In September 1970, Draper had found a toy whistle distributed with the Cap’n Crunch cereal perfectly simulated the tone necessary to make free calls from payphones. By covering the one of the holes and blowing thorugh the whistle, he produced a tone with the frequency of exactly 2600Hz (hertz)...this happened to be the exact note that AT&T and other long-distance companies used to indicate that long- distance lines were available (Chirillo, 2001). Hacking into the phone lines had become 3

almost a game for the underground phreaking community. John Draper became infamously known as Captain Crunch (Chirillo, 2001).

The 1980’s was known as the “Golden Age” of computers because the personal computer had become more common to consumers. Also, the Internet was released to the public by ARPAnet. In 1983, ARPAnet and Defense Data Networks begin to use

TCP/IP protocol: thus the Internet is born (Segaller, 1998). In the 1980’s the personal computer became the new system to hack with. In America, first-generation computer hackers used Apple II conputers and in Europe , they favored the C64 computers

(Chirillo, 2001). The birth of the Internet had sprouted new followers and users, some who chose to take advantage of this “new network.” They were to be known as computer hackers.

Ronald Austin was a new name to be recognized in the hacking underground.

The first hackers to become publicly recognized were Ronald Austin and the members of the 414-gang-based in Milwaukee, Wisconsin. It was the 1983 discovery of these hackers that sparked the debate over hackers and computer security. The 414-gang had penetrated the computer system of a Sloan-Kettering cancer hospital in New York

City. After an interview in the New York Times, they accidentally erased the contents of a certain file they should not have, destroying all of its contents (Chirillo, 2001). Prior to

1983, the American public had barely any clue on what a hacker was. During this time, hackers seemed like curious nerds. Now the term hacking, was introduced and was already receiving negative connotations.

With the Internet becoming a household name, the 1990’s gave a new name to hackers which was known as crackers. A cracker is a person who circumvents or 4

defeats the security measures of a network of particular computer system to gain unauthorized access. Though the classic goal of a cracker is to obtain information illegally from a computer system or to use computer resources illegally, the goal of the majority of crackers is just to break into the systems (Chirillo, 2001).

Another term introduced in the 1990’s was the cyberpunk. The word cyberpunk derives from cybernetics = humans or society nteracting with machines [from the the greek kybernetes = first mate or pilot], and punk = virtually lawless individual with a mildly anarchistic social view, Cowboy style, living in the underground (Chirillo, 2001).

This was popularized in the 1995 film, Hackers, starring Angelina Jolie, Matthew Lillard, and Jonny Lee Miller. It was in this film that the cyberpunk was personified. The film depicted a group of individuals who dressed a certain way and talked a certain way

(The Internet Movie Database, 2010). These characters, although fictional, gave viewers a stereotype from which to take note of. These people were rebels who wanted to find ways to figuratively “take apart’ systems and put them back together or alter them.

The 90’s became a place where hacking and cracking became a dangerous concept. Cracking was now being used maliciously in order to commit crimes. In 1994,

Russian hacker Vladimir Levin engineered a heist from Citibank, tricking the company's computers into distributing an estimated $10 million to him and his accomplices in several countries. When Levin pled guilty in January 1998, he admitted using passwords and codes stolen from Citibank customers to make transfers to his accounts.

When Levin was extradited to the U.S. in 1997, he was described in the newspapers as the mastermind behind the internet's first-ever bank raid (PBS.org, 2010). Up until this 5

point of time, no one actually knew that banks and financial institutions could be hacked into. It was here when the U.S. Government realized that this could become a growing problem for years to come.

In 2001, an incident had occurred where the world would realize that this was becoming a global problem. The “ILOVEYOU” Virus first appeared in email boxes in the

South Pacific and spread across the world from Hong-Kong to Europe to the United

States in less than a day. Government organizations and large corporations were forced to shut down their e-mail systems in order to prevent widespread contamination. As a result, business was brought to a standstill while the infection was contained. At its height, ILOVEYOU infected 10 percent of computers connected to the Internet, causing

$5.5 billion in damage (Winferno Software, 2006). The author of the worm, Onel de

Guzman of the Philippines, was arrested with a co-conspirator, Reomel Ramones. The two were released when the authorities realized there were no laws in the Philippines against writing malware. De Guzman had been forced to drop out of a University because his thesis, a proposal for commercializing a password-stealing trojan horse, was rejected by the faculty (Seltzer, 2010).

In recent news, Google, the world’s largest search engine admitted to being hacked into. Google made headlines when it went public with the fact that Chinese hackers had penetrated some of its services, such as Gmail, in a politically motivated attempt at intelligence gathering. The news here is not that Chinese hackers engage in these activities or that their attempts are technically sophisticated -- we knew that already -- it's that the U.S. government inadvertently aided the hackers (Schneier, 6

2010). So, with acknowledging that cybercrimes are a big problem in the world, how large is it really in the United States?

How Big of a Priority Should Internet Security Be in the United States?

The question we have to ask ourselves is how big of a problem is internet security and cyber crimes in the United States? Imagine waking up to $100,000 in credit debt, 2 foreclosed mortgages and a credit score that has dropped 300 points all under your name. For most people this would be devastating to their financial security and overall well being. Unfortunately, too many people are at risk of cyber crimes in the

United States and don’t even know it. “A survey conducted by the Science Applications

International Corp. in 1996 found that 40 major corporations reported losing over $800 million to computer break-ins. An FBI survey of 428 government, corporate and university sites found that over 40% reported having been broken into at least once in the last year. One third said that they had been broken into over the Internet. Another survey found that the Pentagon's systems that contain sensitive, but unclassified information had been accessed via networks illegally 250,000 times and only 150 of the intrusions were detected. The FBI estimates that U.S. businesses loose $138 million every year to hackers (Mills 1).” These statistics show that even corporations with the highest amount of security in the world are vulnerable to identity theft through internet.

The rise of the sophisticated cyber criminal has become one of the fastest growing security threats to citizens in the nation.

There are two myths about internet security and the first is “it would never happen to me” where as the second is “you can only be a victim if you go on 7

unprotected websites”. Both these theories are untrue because, “From January 1, 2008

– December 31, 2008, the IC3 website received 275,284 complaint submissions. This is a (33.1%) increase when compared to 2007 when 206,884 complaints were received.

These filings were composed of complaints primarily related to fraudulent and non- fraudulent issues on the Internet (Deloitte 1).” Some of these cyber crimes are due to lottery scams, phishing for identity theft, free credit report scams, work at home scams and property investment schemes. Since the early 2000’s internet security has been a serious problem in the United States and has been on the rise for the past 10 years in a row. From identity theft, to pyramid schemes, to losing millions and millions of dollars due to cyber crimes citizens of the United States should be highly aware of the dangers their unprotected computers can bring them. Professional hackers are growing by the thousands every year and within 1 hour of work can know where a person lives, how much money they make, their social security number and how to deplete their savings accounts from their online banking. “The total dollar loss from all referred cases of fraud in 2008 was $264.6 million with a median dollar loss of $931.00 per complaint. This is up from $239.1 million in total reported losses in 2007.” With hundreds of millions of dollars being lost every year because of internet security being compromised, the

United States has had a huge problem for many years now.

The United States has been the leader in technology growth for the past century, but since the birth of the internet the U.S. has been a top the most internet security complaints in the world. Over 90 percent of all internet security complaints in the world came from the United States of America and “77.4% were male and 50% resided in one of the following states: California, New York, Florida, Texas, District of Columbia, and 8

Washington (Kemnitzer).” Cyber crimes in the United States are a big concern for everyone who uses the internet and has seemed to be unpreventable so far. The two primary mechanisms by which the fraudulent contact has taken place were, “e-mail

(74.0%) and webpage’s (28.9%).” Email has been the #1 fastest communication tool for businesses in the past decade, as well as the most targeted internet service in the

United States. It is vitally important that businesses keep their employee emails inside the company, so important information and new ideas are not compromised by professional hackers. There is too much money at stake for a breach of security within the IT department to happen. This could be because of a lack of awareness or a lack of importance between upper management and the IT department for some companies.

Internet security continues to be the number one priority for big businesses, as well as been a bigger and bigger problem throughout the years.

Not only are cyber crimes growing by the hundreds in the United States but the type of cyber criminal has too. With the move to “Stealth techniques, this enables cyber criminals to act without fear of timely detection, let alone capture and successful prosecution. It is among some of the most insidious—and profitable—of crimes, and can be conducted from a well-equipped workstation, perhaps within your own organization

(Cyber Crime 1). This type of criminal can be difficult to recognize and devastating when detected. These criminals continue to get smarter and invent new ways to hack into companies networks and individuals private accounts. Since this has been a growing concern for many years now, “Lloyd's of London, one of world's largest insurance firms, has partnered with San Jose; California based Counterpane Security, Inc. to offer 9

insurance against business losses due to mischief by hackers (Enos 1).” This has been such a common problem in the past 10 years that companies feel that they have to be covered just in case there was a security breach.

According to a new cyber security report, “Many organizations are focused on stopping random hackers and blocking pornography when they should be concerned with bigger threats from professional cybercriminals (Barron and Krieg 1).” This could be a costly mistake for U.S. based companies, because it is the professional hacker who can compromise your organizations secrets as well as take millions of dollars before anybody in the company notices. "Indeed, driven by the prospect of significant profits, cyber crime innovation and techniques have outpaced traditional security models and many current signature-based detection technologies." This is a serious problem that has to be addressed by every major corporation and successful individual that relies on the internet during their daily life. There is a lot of money to be made in the cyber crime industry and with the newest technology at these criminals disposal the amount of crimes that could be committed are endless. “An increasing number of criminals and criminally minded enterprises have hired, purchased, or otherwise acquired the ability to infiltrate systems with new penetration techniques while developing a criminal e- business network. Concurrently, an increasing number of hackers have turned professional. Some who once attacked IT systems for the intellectual challenge and to match wits with (or to aggravate) others in their field have discovered strong financial rewards in online crime (Mills 1).” The average internet hacker used to do these crimes for fun just to see if they were smart enough to actually pull them off. Now that they can actually make some serious money from their trait, the number of internet security 10

complaints has risen by 30 percent. As long as there is money to be made and a reasonable way of making it, there will always be criminals and the crimes that come along with them.

How Do Criminals Use the Internet To Commit Unlawful Crimes?

According to, are U.S. military and civilian computer systems safe? By Patrick

Marshall, hackers range from international gangs to the agents of other countries.

Lawmakers and cyber security analysts agree the U.S. is woefully unprepared to deal with the challenge. Some analysts argue that to counter the threat the United States will not only have to spend hundreds of billions of dollars but also fundamentally change the way Americans work with computers and the Internet (Marshall, 2010). Criminals can use the internet in a variety of ways to commit unlawful crimes. For instance, the usage of e-mail bomb, e-mail threats, spam, online scams, online shopping, online banking, online auction fraud, phishing, scammers, carders, identity theft, web wreckers, and cyber stalkers to name a few. It is essential to understand the different techniques used by online hackers to avoid becoming a victim. Knowing the different techniques gives the common online user red flags on what to expect if a scam may be happening to them. Becoming aware of the different procedures is the best tool used to combat online hacking. The educational knowledge aspect is of great importance.

An e-mail bomb occurs when hundreds of e-mail messages are sent to one e- mail address in an effort to overload the account and shut that e-mail inbox down. On the other hand, threats and/or harassment sent via e-mail are called e-mail threats. In a feature story, James Speedy of Seattle, Washington, was arrested by local police in 11

April 2004 for allegedly stalking singer Avril Lavigne. The 30 year old was accused of sending the 19 year old pop star harassing letters, gifts, and e-mail messages. Seattle

Detective Jerry Reiner said the content of the letters and e-mails was enough to put

Lavigne and her family in fear for their lives. After his release on a $5,000 bail he voluntarily went into counseling for his obsession with Lavigne (Hitchcock, 2006). In another similar case, an Indiana man was arrested for continuing to harass a local news anchorwoman after he had been ordered to undergo mental health counseling. Tamron

Hall, the anchorwoman, received e-mails, postal letters, and phone messages at WFLD-

TV, a Chicago Fox affiliate, from Tonny Horne in 2003. He was arrested in June 2003, pled guilty to cyber stalking in October 2003, and was subsequently sentenced to two and a half years of mental health probation, which meant he had to attend counseling.

An interesting fact is that Horne was the first person in Illinois to be convicted of cyberstalking (Hitchcock, 2006). Even though, well known people like celebrities have a greater exposure to online hacking it can still happen to the common everyday individual.

The FBI’s Internet Fraud Complaint Center and Internet Fraud Watch issued a list of what they consider to be the top 10 online scams: online auctions, general merchandise sales (non-delivery of items), Nigerian money offers, information/adult services (pornography), internet access services (misrepresented or services not provided), computer equipment/software (never delivered or misrepresented), work-at- home plans, lotteries, fake checks, advance fee loans (Hitchcock, 2006). An online scam is the same as scams offline where the offer is just too good to be true but some people still fall for it. In a credit card fraud case a women by the name of Annette was 12

checking her bank statement in September 2000 and found a debit for Skiftelecom in

Stavropol, Russia, for the amount of $15.08. When Annette reported the unauthorized charge to her bank, she was told that most consumers don’t check their bank statements or credit card bills and that’s how companies or people such as Skiftelecom can get away with charging small amounts. If they can do it to hundreds or thousands of people a company like Skiftelecom can make a large profit and never get caught. After becoming aware of the situation Annette had her credit cards canceled and replaced with new account numbers. She later did an investigation and found she wasn’t the only one who’d been charged by Skiftelcom. All the victims involved in the incident with

Skiftelcom had something in common, they either had their Web site hosted by a

Canadian company called Softcomca or purchased something from a Web site hosted by Softcomca (Hitchcock, 2006).

“”Prior to the Internet, auction fraud was simply not a problem.”” Said Los

Angeles US Attorney Christopher Painter. ““In traditional auctions you could meet the buyer and seller and inspect the merchandise. At the very least, you could make sure the merchandise actually existed. In online auctions, however, you don’t know who the seller is, where he is, or whether the offered items even exist. And all too often, they do not”” (Krebs, 2000). Online auction fraud occurs when a seller offers something that is not what they claim, such as forged autographs or memorabilia; pirated software, videos

, or music; and any prize that is not as initially described (Hitchcock, 2006). Jodie

Bernstein, director of the FTC’s Bureau of Consumers Protection, said the most frequently reported incidences of online auction fraud involve non-delivery or 13

misrepresentation of goods bid for on the Internet. She added that auction fraud usually is perpetrated against inexperienced Internet users, both young and old (Krebs, 2000).

Another way hackers can victimize online users is by using a technique known as phishing. Phishing is when scammers try to get you to reply or take them up on an offer to make money, or they claim your account needs to be verified by reconfirming everything from your user ID and password, to credit, banking, and other information

(Hitchcock, 2006). In September 2009, some unlucky visitors at the New York Times

Web site clicked on an ad that attempted to install malware. The advertisement displayed a popup window informing readers that their computer might be infected with a virus; only by purchasing a new virus product could they be sure of having a clean system. The times later acknowledged the seam in a posting on its Web site; “Some

NYTimes.com readers have seen a pop-up box warning them about a virus and directing them to a site that claims to offer antivirus software….If you see such a warning, we suggest that you not click on it. Instead, quit and restart your Web browser.” Phishers and scammers use this and other new tactics to deceive unsuspecting victims (Robert, Dec 2009).

Web wreckers and cyber stalkers go hand in hand. Web wreckers are people who put up harassing Web pages about another person or persons. On the other hand, cyber stalkers involve people who track another person or persons’ online activities.

Cyber stalking can sometimes lead to physical stalking (Hitchcock, 2006). Recent surveys show that fifty percent of teens who enter chat rooms say they have shared personal information with strangers including their phone numbers, addresses and where they go to school. 73 percent of sexual solicitation online happens while youth 14

are using their home computers. In the worst cases, the cyber takers lure kids to secret meetings where they are sexually abused and even killed. According to the Center for

Missing and Exploited Children, two out of every five missing teens ages 15 to 17 are abducted in connection with Internet activity (Hagelin, 2010). Some cyber stalking statistics from WHOA include: more than 68 percent of victims harassed/stalked online are Caucasian, 74 percent are women, 48 percent are 18-30 years of age, half the offenders are strangers to the victims, just over 50 percent of offenders are male, the majority of cases begin with e-mail threats, followed by message boards, IMs, then chat.

California has the most cyber stalking cases, followed by New York, Florida, Canada,

Pennsylvania, and Virginia. Over 70 percent of all cases reported by WHOA were resolved by contacting the offender’s ISP; this was followed by victims changing their e- mail address; username, nickname, and/or profile (Hitchcock, 2006).

Familiarizing oneself with different online hacking procedures is the best tool an individual can achieve. It is of great importance to know the diverse ways in which common everyday individuals become yet another statistic of online hacking fraud. The educational knowledge process is of great importance since online users can retrace steps and see possible signs of fraud thus eventually avoiding becoming a victim of online scams.

What is a Hacker?

A hacker can be any type of computer expert that has the knowledge to break into an information system. Every hacker has his own values, beliefs, and is motivated by different factors. Although all hackers are known for breaking into computers, there are many subdivisions of hackers. Hackers are labeled primarily based on their 15

intentions when breaking into computers. These groups of hackers use different techniques and tools to gain access to personal information and to take control of computer systems. But the most important distinction between the subdivisions of hackers is the reason why they hack. Some hackers may break into a system to cause direct harm, yet other hackers may only be trying to test their own computer security systems. These two extremes of hacking have brought about the five different categories of hackers. The five main categories that hackers have been categorized into include: White hat, Gray hat, Black hat, Script kiddie, and Hacktivist.

Hacker Categories

A White-hat is a hacker who does not have harmful intentions when breaking into a system; furthermore, many of these types of hackers are hired by companies for various positions in the computer technology industry. This type of hacker enjoys learning and working with computer systems, and consequently gains a deeper understanding of the subject (Blomquist). Such people normally go on to use their hacking skills in legitimate ways, such as becoming security consultants (Blomquist).

Gray-hat hackers occupy a shadowy niche somewhere in between these two extremes

(Hansen). While they have no qualms about illegally breaking into computer systems, gray hats generally don't pilfer or damage assets but inform their victims about the security flaws they discover (Hansen). Gray-hat hackers’ main purpose is to show the public that they are capable of hacking into a specific system, but do not intend to cause harm or make money. If the hacker does cause harm or makes money he then will be labeled a black-hat hacker. Therefore, the “Gray” means their borderline between a white-hat hacker and a black-hat hacker. Although they sometimes may not cause 16

harm, they still illegally go into companies’ security systems to find loopholes or weak spots. A great example of what gray hackers are capable of doing occurred on April of

2000. In April 2000, grey hat hackers gained unauthorized access to apache.org

(Finley). These people could have tried to damage apache.org servers, write text offensive to Apache crew, or distribute Trojans or other malicious actions. Instead, they chose just too alert Apache crew of the problems and then published a memo (Finley).

Black Hat hackers are probably the most feared hackers amongst the five hacker categories. These hackers break into computer systems, and use their knowledge to perform various types of illegal activities. Moreover, these hackers are probably the reason why the word “hacker” has a negative stereotype. Black-hat hackers have harmful intentions while hacking into a computer system. They use their hacking knowledge to perform different types of fraud like identity theft, credit card fraud, and perform many different types of scams. These hackers use a variety of tools to perform malicious acts against different organizations, which we will discuss later.

A Script kiddie is hacker who has less understanding or knowledge in the hacking world. These hackers release thousands of worms and viruses a year, yet they are often unfamiliar with the tools they are using. As a result, many of these hackers do not know the impacts that these viruses can bring. Onel de Guzman, the 23-year-old

Filipino hacker who has been tied to the “Love Bug,” claimed he had no idea the worm would be so devastating. It caused an estimated $10 billion in damage worldwide in

May 2000 (Hansen). A Hacktavist is hacker who uses technology to send social, ideological, and religious or political messages. Hacktivism is the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends (Marshall). These 17

tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development

(Marshall). Many of these hackers will engage in hacking information systems only for the purpose of scaring people or causing chaos. Therefore, all terrorist groups that exist in information system fall into the hacktivist category.

Toolkits and Techniques

Every hacker category has different ways of breaking into information systems; therefore, there are many different tools and approaches used by different categories of hackers. As mentioned earlier, Script kiddies send thousands of worms and viruses to different enterprises a year that cause billions of dollars in damages. A virus is a self- replicated program that spreads by going into a specific code, which can be spread by internet network, floppy disks, USB drives, and any type of storage device. A computer worm is very similar to a virus but cannot spread through storage devices. It uses a computer net work to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention (Seeley). Throughout the last decade worms have had major negative impacts on different enterprises. The ‘Morris Worm” is one of the first well known worms to spread in the U.S in 1988. Within the space of hours this program had spread across the U.S. infecting thousands of computers and making many of them unusable due to the burden of its activity (Seeley). A Trojan horse is another type of security-breaking program, which is a piece of executable code hiding in a normal program. When the normal program is opened the hidden code can cause damage to the computer and cause many problems like deleting files. This 18

program is hard to detect because it disguises itself and enters with another program, the program than spreads silently without anyone knowing.

Kevin Mitnick is a hacker, who illegally attained software for mobile phones to try to secure his own systems. Mitnick used a tool called Spoofing, which is now used by many hackers. He became famous for a number of activities: being held responsible for breaking the security on a U.S government computer security advisor’s system, using a technique (IP – Spoofing) that had not been documented before (Jordan). Because a data packet always has the IP address of the source, spoofing tools are used to prevent the detection of the hacker who is sending malicious data. These spoofing tools allow hackers to disguise their IP address to avoid detection by pretending to be another address or even an address that does not exist. Moreover, spoofing tools are used to gain access to a network from outside even through a fire wall. With this tool, Mitnick was able to break into different corporations including Fujitsu, Motorola, and Nokia.

Along with the few techniques we have discussed, hackers use many other different tools and techniques to break into information systems. The following table show the most used toolkits used by hackers (GuQijun).

Denial Of A DoS (Denial-of-Service) tool is used by an attacker to prevent

Service Tools legitimate users from using their subscribed services. DoS attacks aim

(DoS) at a variety of services and accomplish the objective through a variety

of methods.

Scanners A scanner is a tool to obtain information about a host or a network. It is

developed to probe the networks and report security related 19

information

Packet sniffer A packet sniffer is an application that captures data packets, which can

be used to capture passwords and other data in transit over the

Snooper A snooper, also known as spyware, monitors a user’s activities by

snooping on a terminal emulator session, monitoring process memory,

and logging a user’s keystrokes

Root-kit A rootkit is designed to conceal the compromise of a computer's

security, and can represent any of a set of programs which work to

subvert control of an operating system from its legitimate operators

Social Social Engineering is the art of getting persons to reveal sensitive

information about a system. This is usually done by impersonating Engineering someone or by convincing people to believe you have permissions to

obtain such information.

Security A security exploit is a prepared application that takes advantage of a

known weakness. Exploit

20

Password A password cracker finds a user’s password. It is used by both

Crackers computer crackers and system administrators for recovering unknown

or lost passwords.

. Backdoors are programs furtively installed in the target system. They

are malicious replacements of critical system programs that provide Stealth and authentication and system reporting services Back Door

Tools

Key Loggers A key logger is a tool designed to record ('log') every keystroke on an

affected machine for later retrieval.

Malicious A malicious applet or script is a tiny piece of code, which is written in

Applets and web compatible computer languages, such as Java, Jscript and

Scripts Vbscrip.

Logic Bombs A logic bomb is a piece of code surreptitiously inserted into an

application to perform some destructive or security-compromising

activities when a set of specific conditions are met.

Buffer A buffer overflow tool launches attacks by inserting an oversized block

Overflow of data into a program’s input buffer and stack to enable an intruder to 21

execute a piece of malicious code or destroy the memory structure.

These tools range from very sophisticated programs that need a lot of expertise in the field of information systems, to other techniques which require no knowledge in the IT or computer industry. Hackers try to get access to any information that may help them achieve their goal no matter how difficult the information is to attain. They may attempt to guess passwords to access personal information, or may even look for valuable information in the dumpsters. Combining different tools and techniques makes it easier for hackers to break into the information systems of different enterprises.

Countermeasures for Internet Security

With various types of malware and other harmful, unwanted programs out on the internet, it is important to have forms of different countermeasures available. Since many applications on the internet typically require the use of a password to match an account, whether it be an e-mail account, online banking account, or Facebook or

Twitter account, an important thing for users to do is create a strong password.

According to the Microsoft Windows website, “a strong password consist of: Is at least eight characters long, does not contain your user name, real name, or company name, does not contain a complete word, is significantly different from previous passwords.”

(Microsoft Windows) A strong password should also have at least one uppercase letter, one lower case letter, a number, and should also include symbols on the keyboard

(such as ! @ # $ % ^ &). A good idea for creating a strong password is to personally relate it to a hobby you have. For example: ILoveToPlayBasketball!246. Spaces may 22

also be use in creating a strong password as well. Examples of weak passwords would be simple, single words: business, or pen. Having your username backwards as a password is not a good idea either. So if you had the username: SteveSmith123, a weak password would be 321htimSevetS. It is important to create a strong password to protect personal information and it is also a good idea to use different passwords for different applications (using a separate password for your e-mail and another one for your Facebook).

One countermeasure that can be used to increase internet security is the use of an effective firewall. A firewall is defined as a system or group of systems that enforces an access control policy between two networks. “The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic. Probably the most important thing to recognize about a firewall is that it implements an access control policy. If you don't have a good idea of what kind of access you want to allow or to deny, a firewall really won't help you.”

(Curtin). It's also important to recognize that the firewall's configuration, because it is a mechanism for enforcing policy, imposes its policy on everything behind it.

Administrators for firewalls, typically an IT manager, who manage the connectivity for a large number of hosts consequently have a heavy responsibility.

It is important to understand what a firewall can protect against. Some firewalls permit only email traffic through them, thereby protecting the network against any 23

attacks other than attacks against the email service. Other firewalls provide less strict protections, and block services that are known to be problems.

According to Martin Curtin in an article “Generally, firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world. This, more than anything, helps prevent vandals from logging into machines on your network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.” (Curtin).

Conversely, it is also critical to understand what firewalls cannot protect against.

Firewalls can't protect against attacks that don't go through the firewall. Many organizations that connect to the Internet are very concerned about important data leaking out of the company through that route.

Also revealed by Curtin in his article: “Unfortunately for those concerned, a magnetic tape can just as effectively be used to export data. Many organizations that are terrified (at a management level) of Internet connections have no coherent policy about how dial-in access via modems should be protected. It's silly to build a 6-foot thick steel door when you live in a wooden house, but there are a lot of organizations out there buying expensive firewalls and neglecting the numerous other back-doors into their network. For a firewall to work, it must be a part of a consistent overall organizational security architecture.” (Curtin). Firewall policies must be realistic and reflect the level of security in the network. For example, a site which contains any private or confidential data doesn't need a firewall at all: they shouldn't be hooking up to 24

the Internet in the first place, or the systems with the really secret data should be isolated from the rest of the corporate network.

Some of the types of firewalls that exist: a perimeter firewall, which sits outside the organizational network, this acts as the first device that Internet traffic encounters.

An internal firewall is often used, which is setup inside of the organizational network.

Also, a packet-filtering firewall can be used which examines each part of a message and determines whether to let that part pass. To make this decision, it examines the source address, the destination address, and other data.

Another important countermeasure that should be used by all internet users in order to provide more security, is an effective anti-virus program. In general, anti-virus programs employ many different types of methods in order to detect viruses. Some of them include: signature based detection, heuristic based detection, and also a file emulation technique.

Signature based detection is the most common method. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces. Usually, antivirus software heavily relied upon signatures to identify malware. This can be very effective, but cannot defend against malware unless samples have already been obtained and signatures created.

Because of this, signature-based approaches are not effective against new, unknown viruses. Because new viruses are being created each day, the signature-based detection approach requires frequent updates of the virus signature dictionary. To assist the antivirus software companies, the software may allow the user to upload new 25

viruses or variants to the company, allowing the virus to be analyzed and the signature added to the dictionary.

Some more refined antivirus software uses a heuristic analysis to identify new malware or variants of known malware. Many viruses start as a single infection and through either mutation or refinements by other attackers, can grow into dozens of slightly different strains, called variants. Generic detection refers to the detection and removal of multiple threats using a single virus definition. While it may be useful to identify a specific virus, it can be quicker to detect a virus family through a general signature or through an inexact match to an existing signature. Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature. These signatures often contain non-contiguous code, using wildcard characters where differences lie. These wildcards allow the scanner to detect viruses even if they are padded with extra, meaningless code. Padded code is used to confuse the scanner so it can't recognize the threat.

File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs.

Depending on the actions logged, the antivirus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

VPN’s can also be implemented to provide more an additional measure of security. A virtual private network (VPN) is a computer network that is layered on top of an underlying computer network. The private nature of a VPN means that the data travelling over the VPN is not generally visible to, or is encapsulated from, the underlying network traffic. Similarly, the traffic within the VPN appears to the underlying 26

network as just another traffic stream to be passed. A VPN connection can be envisioned as a "pipe within a pipe", with the outer pipe being the underlying network connection. Secure VPNs use cryptographic tunneling protocols to provide the intended confidentiality (blocking intercept and thus packet sniffing), sender authentication

(blocking identity spoofing), and message integrity (blocking message alteration) to achieve privacy.

In conclusion, anyone who uses the Internet, either on a daily basis, or only occasionally, must become more educated and more aware of cybercrimes, and look up the pertinent information on their countermeasures since personal information should be kept private and secure. 27

References

---Elinor Mills. “Companies unprepared for cybercrime” January 25, 2010

---Lori Enos. “E-Commerce Times, Cyber Crime: A Clear and Present Danger Center for Security & Privacy Solutions.” July 10, 2000.

Solutions/article/bcdc005f1e056210VgnVCM100000ba42f00aRCRD.htm>

---Deloitte Development LLC. “Cyber crime: a clear and present danger combating the

fastest growing cyber security threat.” http://www.deloitte.com/assets/DcomUnitedStates/Local%20Assets/Documents/AERS/u

s_aers_Deloitte%20Cyber%20Crime%20POV%20Jan252010.pdf

---Juanita Ellis/ Timothy Speed. “The Internet Security Guidebook from planning to

development.” Academic Press 2001

---Consumer Fraud Reporting Crime Statistics. 2009 Kemnitzer, Barron & Krieg, LLP

http://www.consumerfraudreporting.org/internet_scam_statistics.htm

---Hagelin, R. (2010). Shutting out cyberstalkers. The Washington Times , pg. B.5.

---Hitchcock, J. (2006). Net Crimes & Misdemeanors: Outmaneuvering Web Spammers,

Stalkers, and Con-Artists, Second Edition. Medford: Information Today, Inc.

---Krebs, B. (2000). FTC Seeks To Stem Online Auction Fraud. LexisNexis Academic .

---Marshall, P. (2010). Are U.S. military and civilian computer systems safe? CQ

Researcher .

---Robert, V. (Dec 2009). Phishers Dangle Some Brand-New Bait. Academic Search 28

Premier , 37-38.

---Hansen, B. (2002, April 12). Cyber-Crime. Should penalties be tougher?. Retrieved

April 17, 2010, from CQ Researcher.

---Blomquist, Brian (May 29, 1999). "FBI's Web Site Socked as Hackers Target Feds".

New York Post. Retrieved on October 21, 2008.

---Jordan, T. (2008). Hacking Digital Media and Technological Determination (pp. 1-6).

Malden, MA: Polity Press.

---Marshall, P. (2010, February 6). Cyber security. Are U.S. military and civilian

computer systems safe? Retrieved on April 21, 2010, from CQ Researcher.

---Seeley, D. (1990). The Internet Worm of 1988, Retrieved May 20, 2004, from http://world.std.com/~franl/worm.html.

---Finley, M. (2000, May 5). Apache Site Defaced. Retrieved April 20, 2010, from

http://www.wired.com/politics/law/news/2000/05/36170

---Gu, Q., Liu, P., & Chu, C. (2004, May 20). Hacking Techniques in Wired Networks.

Retrieved April 6, 2010, from http://ist.psu.edu/s2/paper/hack-wired-network-may-

04.pdf

---Curtin, C. Martin “Firewalls Frequently Asked Questions”

http://www.faqs.org/faqs/firewalls-faq/

---Microsoft Windows – “Tips for Creating a Strong Password”

http://windows.microsoft.com/en-us/windows-vista/Tips-for-creating-a-strong-

password

---Kroenke, David M. – “Using MIS” Pearson Education, Inc. 2009.

----AV Comparatives "Anti-Virus Comparative No. 25". February 2010. Retrieved from 29

Proquest

---Chirillo, J. Hack Attacks Encyclopedia. New York: John Wiley & Sons, Inc. (2001).

---PBS.org. (2010). notable hacks. Retrieved May 2, 2010, from Frontline PBS:

http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html

---Phone Phreaking, The Telecommunications Underground. (2004). Retrieved April 2,

2010, from Telephone Tribute:

http://www.telephonetribute.com/phonephreaking.html

---Schneier, B. (2010, January 23). U.S. enables Chinese hacking of Google. Retrieved

May 3, 2010, from CNN Opinion:

http://www.cnn.com/2010/OPINION/01/23/schneier.google.hacking/index.html

---Segaller, S. (1998). NERDS 2.0.1: A Breif History of the Internet. New York: T.V.

Books, L.LC.

---Seltzer, L. (2010, April 28). 'I Love You' Virus Turns Ten: What Have We Learned?

Retrieved May 3, 2010, from PCMAG.com:

http://www.pcmag.com/article2/0,2817,2363172,00.asp

---The Internet Movie Database. (2010). Hackers (1995). Retrieved May 2, 2010, from

The Internet Movie Database: http://www.imdb.com/title/tt0113243/

---Winferno Software. (2006, July 22). ILOVEYOU Virus. Retrieved May 2, 2010, from

Winferno Software: http://articles.winferno.com/antivirus/iloveyou-virus/