DOCSLIB.ORG

CS-C3130 Information Security Examination 2016-10-27 SOLUTIONS Lecturer: Tuomas Aura

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CS-C3130 Information Security Examination 2016-10-27 SOLUTIONS Lecturer: Tuomas Aura CS-C3130 Information security Examination 2016-10-27 SOLUTIONS Lecturer: Tuomas Aura No electronic equipment or reference material is allowed in the examination. Advice: Because of the large number of students, the exam questions this year may appear quite short and simple. Relatively short solutions are sufficient, but that means you should think extra carefully about them. 1. Payment systems In addition to the card number, credit and debit cards have a short security code printed on the card. It is 3-4 digits long and often printed on the back of the card next to the cardholder signature panel. The code has many names, for example CVC2 in MasterCard and CVV2 in Visa. These codes have been added to credit and debit cards after the year 1997. Explain in detail the purpose and working principles of this this feature. Solution outline (best if written into full sentences): CVV2 is an additional customer authentication mechanism It is used for cardholder-not-present transactions o Typically used on the web and phone shopping o Replaces the PIN for authentication where chip and PIN cannot be used Merchant verifies the correctness of the code online from the issuer o through the Visa or MasterCard network o Merchant is not allowed to store the code in a database with other credit card details Goal: to reduce misuse of stolen credit card numbers o Prevents one kind of “identity theft” o Online merchant’s customer database may be compromised, e.g. by SQL injection attack, but CVV2 cannot leak because it is not there o CVV2 is not on the mag stripe or chip, and thus mag stripe skimmers do not get the code o CVV2 is not embossed on the card, and thus won’t be imprinted on old-fashioned paper slips o User should not store CVV2 in phone-based or browser-based wallets, but that cannot be enforced Code changes when card renewed, while the card number (PAN) does not Less important notes: o CVV2 could also reduce the harm from customer account hijacking if asked for every transaction, but most online shops do not work this way o Printing the code on the backside hides it from shoulder surfing and one-sided photos of the card, but that is not essential (Amex has a similar code on the front) Does not help against phishing, corrupt merchants, copying by those who physically handle the card o If the code is leaked, the card has to be replaced 2. Access control Carol is the system administrator on the office Linux server, which has four users: the bosses Alice and Bob, and the development team A members Carol and David. Here is the output of the ls -l command on a folder on the computer: -rw------- 1 david teama 18378002 27 Oct 03:11 code.zip -rw-r----- 1 alice teama 8943593 27 Oct 03:02 spec.doc -r--r----- 1 bob bosses 288431 10 Jul 2015 synergy.pptx -rw----r-- 1 alice bosses 20322136 21 Jun 05:06 yacht.jpg Problem: Show the protection state for the above objects in the form of an access control matrix. If your solution matrix does not give a complete picture, add an explanation. Solution: code.zip spec.doc synergy.pptx yacht.jpg alice - rw r rw bob - - rw (3) - (1) carol (2) rw rw rw rw david rw r - r Explanations: (1) Group permissions override the world permissions when the user belongs to the group. (2) Administrator can gain access with sudo or logging in as root. (This can in the matrix or as a separate note.) (3) The owner of a file can change the permissions. (This can be in the matrix or as a separate note.) 3. Data encryption Every morning after arriving at the factory, Alice logs into her Windows workstation with her username and password. She then works on her secret product-plan documents, which are encrypted with the Encrypting File System (EFS). In the evening, she logs off and goes home. Bob, the industrial spy, has infiltrated Alice’s company as a sanitation consultant. What different ways does Bob have for getting access to Alice’s secret documents? Solution outline (best if written into full sentences): Bob probably prefers attack methods that go unnoticed. As a hired consultant (or cleaner), he may be able to roam around the building freely. Sorry about the confusing joke but “sanitation consultant” is more likely to work on toilet hygiene than on IT services, and certainly not on data sanitization. User login credential, typically a password, is the per-user master secret in EFS. o The keys are not on the computer in the night when Alice as logged off. o Password reset won’t help. Ways of getting the password: o shoulder surfing o installing a key logger or camera o copying the cached passwords from the hard drive at night and cracking offline o tricking Alice to log in on another, compromised computer that logs the credentials o Alice may have used use the same or similar password in other services. Ways of getting the decryption keys (without password): o DMA attacks may be able to recover the keys the memory, but require Bob to install a specialized hardware device to a bus inside the PC (or on Thunderbolt port). o Cold boot of locked machine when Alice is on a break and has locked the screen might also recover the keys from memory. o Hibernation file is a memory dump and thus may contain the keys, but only if hibernation is enabled on the computer and no disk encryption such as BitLocker is in use. Ways of accessing the data directly (without password): o Alice might leave the workstation unlocked e.g. during lunch, and Bob can just walk in and access the data. o Trojan/rootkit/spyware can be installed on computer directly in the night, e.g. by editing the disk contents or resetting the admin password. This is possible because EFS does not protect the integrity of the system files. However, this requires great skill to avoid detection and system failures. o Bob could plug in the malicious USB stick and hope that Alice logs in without noticing it. He could also leave the USB stick lying around and hope that Alice checks it out. A purpose-built malicious USB device can send malicious input to the computer e.g. to install the Trojan with Alice’s rights. Minor data leaks: o temp files possibly not encrypted by EFS o file and folder names leak some information in EFS o print spool, or printouts lying on her desk o watching while Alice works on the documents Misuse of failure recovery mechanisms: o Bob could add himself as a data recovery agent. For example, he could reset a local Admin password, log in as the admin, and modify the recovery agent settings. o Bob could learn the location of backups (may be encrypted depending on the backup mechanism) and cloud copies of the data (always plaintext). o Bob may find the EFS key backup printout or USB stick in Alice’s office, or her pw on a yellow sticker or in a notebook. o Windows domain admins act as the default recovery agents, so a successful hacking of the domain admin accounts or social engineering can also lead to recovery of Alice’s EFS keys. Human attacks o social engineering against Alice: love, blackmain etc. o social engineering against IT support In addition to recovering the password or decryption key, Bob needs to exfiltrate the data. o Bob can copy the disk at night and decrypt the files later. o Malware can upload files to cloud. 4. User authentication Acme Inc. has created a cloud-based online service where the users can register and set up a username and password. So far, they have one million registers users. The passwords are machine-generated random 12- character strings with the following character set: 0123 4567 89bc dfgh jklm npqr stvw xz+# The passwords are stored as hash values that are truncated to 128 bits: hash = truncate(SHA-256(password), 128) Sadly, the password database has leaked to the deep web where Wile E., a notorious hacker, has found them, and he now plans to do some brute-force cracking. a) How much does it cost for the attacker to crack the password of the user rrunner? b) How much does it cost for the attacker to crack all the passwords? c) How can the security of the passwords storage be improved for the future without incurring significant costs? How would your solution change the answers to parts (a) and (b)? Since no pocket calculator is available, an approximate answer for is sufficient parts (a) and (b), but please show the intermediate steps of your calculations. Useful data: A high-performance GPU can compute 1000 million SHA-256 hash values per second. One GPU day costs about $1 considering that the price of the GPU is spread over a three-year lifetime. One day is 86400 seconds. Solution outline Since the passwords are random, brute-force cracking is the best attack. The hash is pretty long, so that precomputation is not feasible and collisions are too rare to be taken into account. a) One user’s password: o 32^12 = 2^60 = (2^5)^12 ≈ 10^18 hash values (or half of this) o 10^18 / 10^9 = 10^9 ≈ 2^30 seconds o 1 day = 86400 seconds o 10^9 / 86400 ≈ 11574 GPU days = $11574 o Approximation: 10^9 / 86400 ≈ 10^9/10^5 = 10000 GPU days = $10000 o On average 50% of the above, i.e.
Load more

Recommended publications
  • The Nutshell Studies of Unexplained Death Stephanie Witt
    School of Graduate and Professional Studies 100 Campus Circle, Owings Mills, Maryland 21117 1-877-468-6852 accelerate.stevenson.edu STEVENSON UNIVERSITY FORENSICS JOURNAL VOLUME 4 EDITORIAL BOARD EDITOR-IN-CHIEF Carolyn Hess Johnson, Esq. PUBLISHER Carolyn Hess Johnson, Esq. EDITORS Abigail Howell Stephanie Witt COVER PHOTO Bruce Goldfarb Assistant to the Chief Medical Examiner, Maryland DESIGN & LAYOUT Chip Burkey Cassandra Bates Stevenson University Marketing and Public Relations Office Copyright © 2013, author(s) and Stevenson University Forensics Journal. No permission is given to copy, distribute or reproduce this article in any format without prior explicit written permission from the article’s author(s) who hold exclusive rights to impose usage fee or royalties. FORENSICS JOURNAL Welcome to our fourth annual Stevenson University Forensics Journal. This year, as always, we bring fresh voices and perspectives from all aspects and areas of the field. I am pleased to note that a new section has been added this year, highlighting the process of library research in the vast field of Forensic Studies. Our Stevenson University librarians bring the research pro- cess into the twenty-first century by showcasing a variety of on-line resources available to researchers. Also of note is the connection between our cover photo and the interview conducted with Dr. David Fowler, Chief Medical Examiner for the State of Maryland. Assistant Editor Stephanie Witt joins the Journal as a contributor to explain the fascinating Nutshell Series of Unexplained Deaths. We are privileged this year to have the Honorable Lynne A. Battaglia providing her insights into the Court’s perspective on the prominent role of forensic evidence in modern litigation.
    [Show full text]
  • ONLINE DATING SERVICES. Emerging Consumer Law Issues
    LAURA RODRIGUEZ RENGIFO ONLINE DATING SERVICES. Emerging consumer law issues. LLM RESEARCH PAPER LAWS 532: CONSUMER LAW FACULTY OF LAW 2015 2 Contents I. ABSTRACT. ............................................................................................................................ 3 Word length 3 II. INTRODUCTION. ................................................................................................................... 4 III. AN INSIGHT IN THE ODS CURRENT PARADIGM. ......................................................... 5 IV. THE ROMANCE SCAMS. ................................................................................................... 7 A ODS Users are Vulnerable Consumers: The perfect target for scammers. .............................. 9 IMAGE 1. .................................................................................................................................... 10 1 The concept of “Vulnerable Consumers” and its implications. ................................................ 11 IMAGE 2. .................................................................................................................................... 14 B Recommendations about how to address Romance Scam And ODS user vulnerability: ....... 14 V. ISSUES THAT ARISE FROM THE ODS “TERMS AND CONDITIONS”. ....................... 18 A.ODS Privacy concerns. ............................................................................................................ 19 B Spam and unwanted messages. ...............................................................................................
    [Show full text]
  • Exploring Online Dating Scams and Identity Fraud
    Aunshul Rege - What’s Love Got to Do with It? Exploring Online Dating Scams and Identity Fraud Copyright © 2009 International Journal of Cyber Criminology (IJCC) ISSN: 0974 – 2891 July - December 2009, Vol 3 (2): 494–512 This is an Open Access article distributed under the terms of the Creative Commons Attribution-Non- Commercial-Share Alike License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited. This license does not permit commercial exploitation or the creation of derivative works without specific permission. What’s Love Got to Do with It? Exploring Online Dating Scams and Identity Fraud Aunshul Rege1 Rutgers University, USA Abstract Cyberspace has become an alternative medium for experiencing new and creative romantic endeavors with few spatio-temporal limits. E-love networks have proliferated since the mid-1990s and are expected to generate $1.9 billion by 2012. However, this successful global industry is a frequent venue of cyber crime, which poses serious problems for matchmaking services and daters worldwide. This paper offers an overview of romance scams and identity fraud at dating sites, developing a typology of cyber criminals and analyzing each type along the dimensions of criminal techniques, organizations, and ideologies. The theoretical framework for this paper borrows from criminal organization and network-based theories. Document analysis is conducted on data from dating sites, news and media sites, anti-scam commissions, law enforcement agencies, and government agencies, from 2000 to 2009. Twenty keyword combinations are used to gather 170 documents, which are then sorted around four intersecting themes: online dating, scams and frauds, the organization of cyber criminals, and prevention and regulation.
    [Show full text]
  • Editor in Chief: Nikos Passas
    VOL 67 Issue 1, 2017 ISSN 0925-4994 Editor in Chief: Nikos Passas Table of Contents Assessing the trends, scale and nature of economic cybercrimes: overview and Issues................................................................... 3 A typology of cybercriminal networks: from low-tech all-rounders to high-tech specialists................................................................ 21 Origin, growth and criminal capabilities of cyber criminal networks. An international empirical analysis................................................. 39 Do police crackdowns disrupt drug cryptomarkets? A longitudinal analysis of the effects of Operation Onymous........................................................................................................... 55 Cyberfraud and the implications for effective risk-based responses: themes from UK research................................................................ 77 Crime Law Soc Change (2017) 67:3–20 DOI 10.1007/s10611-016-9645-3 Assessing the trends, scale and nature of economic cybercrimes: overview and Issues In Cybercrimes, Cybercriminals and Their Policing, in Crime, Law and Social Change Michael Levi1 Published online: 11 October 2016 # Springer Science+Business Media Dordrecht 2016 Abstract Trends in police-recorded and (where they exist) household survey- measured cybercrimes for economic gain are reviewed in a range of developed countries – Australia, Canada, Germany, Hong Kong, the Netherlands, Sweden, the UK and the US - and their implications for criminal policy are considered.
    [Show full text]
  • Hacking in a Foreign Language: a Network Security Guide to Russia
    Hacking in a Foreign Language: A Network Security Guide to Russia Kenneth Geers CISSP Briefing Outline 1. Russia as a Threat 2. Russia as a Resource 3. Crossing Borders: Methodology 4. The International Political Scene Russia as a Threat Hacking: A Russian Perspective • Excellent technical education • Understanding of networks, programming • 1980’s: hacked American software in order to make programs work in USSR • Now: many skilled people, too few jobs • Russian police have higher priorities! Financial Incentive • Internet access is expensive – Cheaper to steal access and services • Legit MS Office = 2 months’ salary • CD burner = two weeks’ salary • Russian outdoor markets: – MS Operating System a few dollars • Hacking: more social approval? – Communal sharing culture Cybercrime • Financial crimes: banks, fraud, piracy • Russian citizen Igor Kovalyev: – “Hacking is … one of the few good jobs left.” • Vladimir Levin: – 1994-95 transferred $10 million from Citibank – FBI NYC and Russian Telecoms traced activity to Levin’s St Petersburg employer • Microsoft: Oct 2000: – Traced to IP in St. Petersburg, Russia • Coreflood and Joe Lopez – Keyloggers and Ebay Dmitry Sklyarov • DefCon IX speaker • First Indictment under Digital Millennium Copyright Act (DMCA) – Advanced eBook Processor "AEBPR” – Five Adobe copyright violations • Dmitry: – Computer programmer and cryptanalyst • Long confession on FBI site – Cooperated in prosecuting Elcomsoft – Company acquitted • Victory for the EFF! ZDE = $ • Russian MVD: – Cyber crime doubled in year 2003
    [Show full text]
  • Cyber-Enabled Financial Abuse of Older Americans: A
    Cyber-Enabled Financial Abuse of Older Americans: A Public Policy Problem An interpretative framework investigating the social, economic, and policy characteristics of cyber-enabled older American financial abuse Christine Lyons A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Public Administration College of Public Affairs University of Baltimore Baltimore, Maryland December, 2019 This dissertation is dedicated to those who bravely shared their story with me in confidence. I am truly honored to be entrusted by you with the details of your financial and emotional trauma stemming from a time in your life so vividly painful. ACKNOWLEDGMENTS No one writes a dissertation without significant help from others and this is so very true with this endeavor. I would like to give a special thanks to three strong, admiralty intelligent, and hard-working women, my committee: Dr. Heather Wyatt- Nichol (chair), Dr. Lorenda Naylor, and Dr. Shelly Bumphus. Thank you for not giving up on me and encouraging me to continue to research a much under-studied public administration topic. Without your support, this dissertation would not be finished. I wish to express my thanks to Ms. Nina Helwig; the Adult Protective Services of Montgomery County, MD; and the Fraud Department of the Montgomery County, MD Police. I am also thankful for the time and assistance from Dr. Richard Mestas, as well as two of the best research librarians – Ms. Elizabeth Ventura and Mr. Andrew Wheeler, I am unable to adequately express my gratitude for the unwavering and unconditional support from my life partner of almost forty years, Clint Lyons; our son Clinton, his wife Annie, and our grandchildren CJ, Gabby, Natalie, and Alex; and our daughter Mary-Michael.
    [Show full text]
  • Interstate Mail Order Land Sales
    INTERSTATE MAIL ORDER LAND SALES HEARING BEFORE THE St[BCOMMITTEE ON FRAUDS AND MISR]L- RIg3SENTATIONS AFFECTING THE ELDER{LY OF THE SPECIAL COMMITTEE ON AGING UNITED STATES SENATE EIGHTY-EIGHTH CONGRESS SECOND SESSION PART 3 MAY 20, 1964 Printed for the use of the Special Committee on Aging <*. U.S. GOVERNMENT PRINTING OFFICE 34-56 0 WASHINGTON : 1964 For sale by the Superintendent of Documents, U.S. Government Printing Office Washington, D.C., 20402 - Price 35 cents SPECIAL COMMITTEE ON AGING GEORGE A. SMATHERS, Florida, Chairman PAT McNAMARA, Michigan EVERETT McKINLEY DIRKSEN, Illinois CLAIR ENGLE, California BARRY GOLDWATER, Arizona HARRISON A. WILLIAMS, li., New Jersey FRANK CARLSON, Kansas MAURINE B. NEUBERGER, Oregon WINSTON L. PROUTY, Vermont WAYNE MORSE, Oregon KENNETH B. KEATING, New York ALAN BIBLE, Nevada HIRAM L. FONG, Hawaii FRANK CHURCH, Idaho E. L. MECHEM, New Mexico JENNINGS RANDOLPH, West Virginia EDMUND S. MUSKIE, Maine EDWARD V. LONG, Missouri FRANK E. MOSS, Utah EDWARD M. KENNEDY, Massachusetts RALPH W. YARBOROUGH, Texas J. WILLIAM NOaMAN, Jr., Staff Director JoHN Guy MILLEa, Minority Staff Director SUBCOMMITTEE ON FRAUDS AND MISREPRESENTATIONS AFFECTING THE ELDERLY HARRISON A. WILLIAMS, Jn., New Jersey, Chairman MAURINE B. NEUBERGER, Oregon KENNETH B. KEATING, New York WAYNE MORSE, Oregon WINSTON L. PROUTY, Vermont FRANK CHURCH, Idaho HIRAM L. FONG, Hawaii EDMUND S. MUSKIE, Maine E. L. MECHEM, New Mexico EDWARD V. LONG, Missouri EDWARD M. KENNEDY, Massachusetts RALPH W. YARBOROUGH, Texas WILLIAM E. ORnOL, Professional Staff Member GERALD P. NYE, Minority Professional Staff Member NoTm.-Hearings on interstate mail-order land sales were held and they are identified as follows: Part 1-Washington, D.C., May 18, 1964.
    [Show full text]
  • Illicit Networks and National Security in the Age of Globalization, That Delves Deeply Into Everything Mentioned Above and More
    Edited by Michael Miklaucic and Jacqueline Brewer With a Foreword by Admiral James G. Stavridis, USN Published for the Center for Complex Operations Institute for National Strategic Studies By National Defense University Press Washington, D.C. 2013 Opinions, conclusions, and recommendations expressed or implied within are solely those of the contributors and do not necessarily represent the views of the Defense Department or any other agency of the Federal Government. Cleared for public release; distribution unlimited. Portions of this book may be quoted or reprinted without permission, provided that a standard source credit line is included. NDU Press would appreciate a courtesy copy of reprints or reviews. First printing, April 2013 NDU Press publications are sold by the U.S. Government Printing Office. For ordering information, call (202) 512–1800 or write to the Superintendent of Documents, U.S. Government Printing Office, Washington, D.C. 20402. For GPO publications on-line, access its Web site at: http://www.access. gpo.gov/su_docs/sale.html. For current publications of the Institute for National Strategic Studies, consult the National Defense University Web site at: http://www.ndu.edu. Contents Foreword vii James G. Stavridis Acknowledgments xi Introduction xiii Michael Miklaucic and Jacqueline Brewer Part I. A Clear and Present Danger Chapter 1 3 Deviant Globalization Nils Gilman, Jesse Goldhammer, and Steven Weber Chapter 2 15 Lawlessness and Disorder: An Emerging Paradigm for the 21st Century Phil Williams Chapter 3 37 Can We Estimate the Global Scale and Impact of Illicit Trade? Justin Picard Part II. Complex Illicit Operations Chapter 4 63 The Illicit Supply Chain Duncan Deville Chapter 5 75 Fixers, Super Fixers, and Shadow Facilitators: How Networks Connect Douglas Farah Chapter 6 97 The Geography of Badness: Mapping the Hubs of the Illicit Global Economy Patrick Radden Keefe Chapter 7 111 Threat Finance: A Critical Enabler for Illicit Networks Danielle Camner Lindholm and Celina B.
    [Show full text]
  • America's Invisible Epidemic
    S. HRG. 112–716 AMERICA’S INVISIBLE EPIDEMIC: PREVENTING ELDER FINANCIAL ABUSE HEARING BEFORE THE SPECIAL COMMITTEE ON AGING UNITED STATES SENATE ONE HUNDRED TWELFTH CONGRESS SECOND SESSION WASHINGTON, DC NOVEMBER 15, 2012 Serial No. 112–24 Printed for the use of the Special Committee on Aging ( Available via the World Wide Web: http://www.fdsys.gov U.S. GOVERNMENT PRINTING OFFICE 78–020 PDF WASHINGTON : 2013 For sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512–1800; DC area (202) 512–1800 Fax: (202) 512–2104 Mail: Stop IDCC, Washington, DC 20402–0001 SPECIAL COMMITTEE ON AGING HERB KOHL, Wisconsin, Chairman RON WYDEN, Oregon BOB CORKER, Tennessee BILL NELSON, Florida SUSAN COLLINS, Maine BOB CASEY, Pennsylvania ORRIN HATCH, Utah CLAIRE MCCASKILL, Missouri MARK KIRK III, Illinois SHELDON WHITEHOUSE, Rhode Island DEAN HELLER, Nevada MARK UDALL, Colorado JERRY MORAN, Kansas MICHAEL BENNET, Colorado RONALD H. JOHNSON, Wisconsin KIRSTEN GILLIBRAND, New York RICHARD SHELBY, Alabama JOE MANCHIN III, West Virginia LINDSEY GRAHAM, South Carolina RICHARD BLUMENTHAL, Connecticut SAXBY CHAMBLISS, Georgia CHAD METZLER, Majority Staff Director MICHAEL BASSETT, Ranking Member Staff Director (II) CONTENTS Page Opening Statement of Senator Herb Kohl ............................................................. 1 Statement of Senator Bob Corker .......................................................................... 2 Statement of Senator Bill Nelson ..........................................................................
    [Show full text]
  • Consumer Law 2011 Update
    CONSUMER LAW 2011 UPDATE THE JUDGE’S GUIDE TO FEDERAL AND NEW YORK STATE CONSUMER PROTECTION STATUTES May 1, 2011 [ This Paper May Not Be Reproduced Without The Permission Of Thomas A. Dickerson ] By Justice Thomas A. Dickerson1 1 Thomas A. Dickerson is an Associate Justice of the Appellate Division, Second Department of the New York State Supreme Court. Justice Dickerson is the author of Class Actions: The Law of 50 States, Law Journal Press, 2011; Travel Law, Law Journal Press, 2011; Article 9 [New York State Class Actions] of Weinstein, Korn & Miller, New York Civil Practice CPLR, Lexis-Nexis (MB), 2011; Consumer Protection Chapter 98 in Commercial Litigation In New York State Courts: Third Edition(Robert L. Haig 1 Causes of action alleging the violation of one or more Federal and/or New York State consumer protection statutes are frequently asserted in civil casesi. This annual survey of recent consumer law cases discusses those consumer protection statutes most frequently used in New York State Courts and in the Federal Courts in the Second Circuit. 2010-2011 Developments In 2010-2011 the area of consumer protection law underwent a number of positive developments, which included changes in the area of consumer class actionsii, most especially, the decision of the Second Circuit Court of Appeals in In re American ed.)(West & NYCLA 2010) and over 300 articles and papers on consumer law, class action, travel law and tax certiorari issues, many of which are available at www.courts.state.ny.us/courts/ad2/justice_dickerson.shtml www.classactionlitigation.com/library/ca_articles.html www.consumerlaw.org/links/#travel_articles 2 Express Merchants’ Litigationiii finding class action waivers in some contracts unenforceable.
    [Show full text]
  • Hacking in a Foreign Language: a Network Security Guide to Russia
    Hacking in a Foreign Language: A Network Security Guide to Russia Kenneth Geers Black Hat Amsterdam 2005 Briefing Outline 1. Russia as a threat 2. Russia as a resource 3. Crossing International Borders 4. The International Political Scene Russia as a Threat Hacking: Russian Perspective • Excellent technical education • Understanding of networks, programming • 1980’s: hacked American software in order to make programs work in USSR • Now: many skilled people, too few jobs • Russian police have higher priorities! Hacking: Russian Perspective 2 • Desire for Internet access, but it is expensive – Cheaper to steal access and services! • Legit MS Office = 2 months’ salary • CD burner = two weeks’ salary • Russian outdoor markets: – MS Operating System a few dollars • Hacking: more social approval? – Communal sharing culture Russia and Cybercrime • Russian hackers love financial crimes: banks, investment companies, fraud, piracy • Russian citizen Igor Kovalyev: "Here hacking is a good job, one of the few good jobs left.” • Vladimir Levin: in 1994-95 illegally transferred $10 million from Citibank – FBI NYC and Russian Telecoms traced activity to Levin’s St Petersburg employer • October 2000: Microsoft traced attack to IP address in St. Petersburg, Russia Russia and Cybercrime 2 • High profits bring more investment – New techniques, new revenue • FBI: in 2001, millions of credit card numbers stolen by organized hacking groups in Russia and the Ukraine • Novarg/MyDoom worm: whole world impact • Russian MVD: cyber crime doubled in 2003: 11,000 reported
    [Show full text]
  • Cyberfraud and the Implications for Effective Risk-Based Responses: Themes from UK Research
    This is a repository copy of Cyberfraud and the implications for effective risk-based responses: themes from UK research. White Rose Research Online URL for this paper: http://eprints.whiterose.ac.uk/144360/ Version: Accepted Version Article: Levi, M, Doig, A, Gundur, R et al. (2 more authors) (2017) Cyberfraud and the implications for effective risk-based responses: themes from UK research. Crime, Law and Social Change, 67 (1). pp. 77-96. ISSN 0925-4994 https://doi.org/10.1007/s10611-016-9648-0 © 2016, Springer Science+Business Media Dordrecht. This is a post-peer-review, pre-copyedit version of an article published in Crime, Law and Social Change. The final authenticated version is available online at: https://doi.org/10.1007/s10611-016-9648-0. Uploaded in accordance with the publisher's self-archiving policy. Reuse Items deposited in White Rose Research Online are protected by copyright, with all rights reserved unless indicated otherwise. They may be downloaded and/or printed for private study, or other acts as permitted by national copyright laws. The publisher or other rights holders may allow further reproduction and re-use of the full text version. This is indicated by the licence information on the White Rose Research Online record for the item. Takedown If you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing [email protected] including the URL of the record and the reason for the withdrawal request. [email protected] https://eprints.whiterose.ac.uk/ Cyberfraud and the Implications for Effective Risk-Based Responses: Themes from UK Research Michael Levi, Professor of Criminology, School of Social Sciences, Cardiff University, Wales, UK.
    [Show full text]