DOCSLIB.ORG

Digital Mafia: Into the Cybercrime World July 2010

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Digital mafia: into the cybercrime world July 2010 Cybercrime is today a lucrative business that generates more than one trillion dollars profits every year. According to analysts, cybercrime is reaching the turnover spawn by drug traffic ing. !"igital mafia: into the cybercrime world! is the new en$uiry published by %right enitrely &ocused on computer crime. 'he en$uiry is based on the contribution o& leading specialists in the field o& cybercrime and security. 'han s to# (aoul Chiesa, )enry *elto angas, + sana *ry hod o, ,nternews - raine, .rancesca %osco and -/,C(,. Preface by 0ianmaria 1ernetti Information Technology is one of the fastest evolving industries ever. The mass widespread of electronic devices, from computers to mobile phones, has radically changed the way people work, communicate and interact it has changed as well the way organised crime gangs work, communicate and interact. Cybercrime is today a lucrative business, generating more than one trillion dollars profits every year# according to several analysts, cybercrime is reaching the turnover spawn by drug traffic ing. Data available are impressive# in 2002, about 132,425 phishing attac s 6identity the&t7 were recorded worldwide. ,t is worth to note that 258 o& all the attac s were launched by eight main criminal groups9 during the second semester o& 2002, a gang called Avalanche was responsible &or the ::8 o& the phishing assaults. 'he rise o& cybercrime as a massive phenomenon has been made possible by several &actors. 'he e;ponential growth o& the world wide web has given birth to new models o& scale economies which are the ideal terrain &or illegal activities. 'he rise o& social interaction websites, such as social networ s, has increased the di<usion o& private data users that can be potentially and o&ten easily stolen. .inally, the e;treme =e;ibility o& digital in&rastructures such as servers and providers allows gangs to launch attac s without being obstacled by physical boundaries or geographical limits. 'han s to these elements, organised gangs dispose o& a power&ul tool to e;ert political pressure too# the (ussian %usiness /etwor represents the ideal case history to understand the role cybercrime can play on diplomacy and global affairs. 'his is particularly true &or specific geographical areas# >astern >urope, the %al ans, Caucasus, (ussia and &ormer soviet countries are the most important hub o& illegal digital activities. A mi; o& high ,' education level and corruption has made possible the creation o& multi-national cybercrime gangs such as the (%/# power&ul, =e;ible, with strong ties with the political establishment and able to operate on a truly global perspective. Considering this, what are and what can be the measures to prevent and struggle the cybercrime phenomenon@ +n a juridical level, several initiatives have been carried on in the last ten years by international organisations and national institutions. ,n 2001, the >uropean -nion adopted the Convention on Cybercrime, the first treaty committed to fight computer crimes and internet &rauds. 'he Convention, signed by Canada, Japan, -BA and Bouth Africa too, has been en&orced in the last years, but has not represented yet a concrete countermeasure. As &ar as social contrast is concerned, currently it seems to be difficult to set up pragmatic obAectives. 'he point C hard to e;plode C is that cybercrimes are publicly perceived less dangerously than crimes as drug or human traffic ing. Dhereas is somewhat easier to per&orm an e<ective awareness-raising communication &or the latter topics, how does one deal with the tas o& raising awareness on cybercrime issues? ,n this perspective, one o& the main obstacles is communication# contrary to drug traffic ing-related matters, cybercrime attac s and operations rarely appear on newspapers and magazine, being isolated in technical magazines &or insiders. 'he lac o& proper communication and in&ormation impede consumers to set up a real approach to counterfight cybercrime. 'he goal o& our en$uiry is to underline that today cybercrime poses a big threat &or the international civil society, no less than drug traffic ing or money laundering# underestimating this &act would mean losing an important step in the social struggle against transnational organised crime. 'o understand trends and technologies, to communicate and in&orm is, in our opinion, the best way to raise awareness on a growing phenomenon that affects the way people wor , communicate and interact. !ybercrime: reasons, evolution of the players and an analysis of their modus operandi by (aoul Chiesa This article aims to run a first analysis of the roots of cybercrime, while applying a sort of profiling to the attackers from the past and nowadays, analysing the historical evolution of cybercriminals and their behaviour. 'he article will then Eoom on the modus operandi used by the actors, organised by macro areas, as well as the business model o& the criminal organisations dealing with cybercrime. ,t is e;tremely important to learn the details o& cybercrime i& we want to fight it. And, it is not about a new story, as the ne;t sentence states# "very new technology opens the doors to new criminal approaches F'his is a statement on the &ate o& the modern underground. 'here will be none o& the nostalgia, melodrama, blac hat rhetoric or white hat over-analysis that normally accompanies such writing. Bince the early si;ties there has been just one continuous hac ing scene. .rom phrea ing to hac ing, people came and have gone, e;plosions o& activity, various geographical shi&ts o& in=uence. %ut although the scene seemed to constantly redefine itsel& in the ebb and =ow o& technology, it always had a direct lineage to the past, with similar traditions, culture and spirit. ,n the past &ew years this connection has been completely severed. And so there is very little point in writing about what the underground used to be9 leave that to the historians. 1ery little point writing about what should be done to make everything good again9 leave that to the dreamers and idealists. ,nstead , am going to lay down some cold hard &acts about the way things are now, and more importantly, how they came to be this way. 'his is the story o& how the underground diedG. 6&rom H*hrac I, ,ssue J :K, article J 14, by HAnonymousI# 'he -nderground Lyth, April 11th, 20037 , have decided to start my contribution $uoting this very recent article &rom *hrac , the hac er’s magazine by decades now. Ly article in &act will not argue on the long-time debate on black#hat or white#hat, while it will try to supply a detailed overview o& the attac er’s evolutions and their techni$ues along the years. ,n order to begin with the hac ing roots, there is not a specific year when the hac ing phenomenon started# someone claims 12N2, others around 1230O1231. 'he truth is that, probably, a lot o& computer incidents 6break?ins7 happened well be&ore the first official and public cases, but in any case the first wave o& computer hac ers started bac after the movie Dargames was released, bac in 1234. 'eenagers &rom all over the world, mainly &rom -BA, Canada, Australia and >urope, began as ing their parents to buy them the very first home computers, toys li e the Commodore C?:K and the Binclair PQ Bpectrum, along with those weird Hmodem adaptersI. 'hose teens then began dialing into %%B 6%ulletin %oard Bystems7, learnt how to access Q.25 networ s and how to run wardialing scans all over the world. 'al ing about the used attac ’s techni$ues, at these times we were used to see stu< li e password guessing, wardialingOscanning 6both &or *Cs connected to modems, and systems connected to X.25 networ s worldwide7 and trying de&ault accounts. ,n this era those hac ers were, definitely, still matching the clichR o& the hac er as we mean today. /evertheless, they were curious guys, loo ing &or networ and computer accesses in order to learn. $%&'#$%%( , have split the decade 1230-1220 into two di<erent parts. 'his mainly happened because o& two, di<erent aspects. .irst o& all, the growing hac ing scene created its own press arm, meaning magazines 6e?Eines7 such as 2:00 Lagazine# the )ac er’s Suarterly and *hrac . 'his meant that now the hac ing underground have its own magazines and the ability to have a voice shouting out what is happening and what the hac ing scene is doing. As a secondary but pretty important aspect, those hac ers C located in di<erent parts o& the world, as wonder&ully detailed by Buelette "rey&uss in her boo H-nderground# 'ales o& )ac ing, Ladness and +bsession on the >lectronic .rontierI C had their very first chance to share together the results o& their attac s and learned nowledge. 'his is a real important issue, since it is in this second part o& the 30’s that those hac ers began to hac in groups, starting posting their findings on %%B and X.25?located public systems, such as Altos, *egasus, SB" and so on, as they will eep on doing &or a part o& ne;tMs decade 61221-12257. +n the attac ’s point o& view, nothing changed that much since the earlier period o& time# password guessing and systems scanning were still the mainly used approaches. ,t was e;actly by this approach that )agbard and *engo, two members &rom the CCC 6Chaos Computer Club, a German-based organisation and the oldest hac ing group in >urope7 began hac ing -B Lilitary and 0overnment computer systems, as e;plained by Cli<ord Btoll in its boo , H'he Cuc ooMs >gg# 'rac ing a Bpy 'hrough the Laze o& Computer >spionageI, published in 1232.
Recommended publications
  • What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity

    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
  • The Underground Economy.Pdf

    The Underground Economy.Pdf

    THE THE The seeds of cybercrime grow in the anonymized depths of the dark web – underground websites where the criminally minded meet to traffic in illegal products and services, develop contacts for jobs and commerce, and even socialize with friends. To better understand how cybercriminals operate today and what they might do in the future, Trustwave SpiderLabs researchers maintain a presence in some of the more prominent recesses of the online criminal underground. There, the team takes advantage of the very anonymity that makes the dark web unique, which allows them to discretely observe the habits of cyber swindlers. Some of the information the team has gathered revolves around the dark web’s intricate code of honor, reputation systems, job market, and techniques used by cybercriminals to hide their tracks from law enforcement. We’ve previously highlighted these findings in an extensive three-part series featured on the Trustwave SpiderLabs blog. But we’ve decided to consolidate and package this information in an informative e-book that gleans the most important information from that series, illustrating how the online criminal underground works. Knowledge is power in cybersecurity, and this serves as a weapon in the fight against cybercrime. THE Where Criminals Congregate Much like your everyday social individual, cyber swindlers convene on online forums and discussion platforms tailored to their interests. Most of the criminal activity conducted occurs on the dark web, a network of anonymized websites that uses services such as Tor to disguise the locations of servers and mask the identities of site operators and visitors. The most popular destination is the now-defunct Silk Road, which operated from 2011 until the arrest of its founder, Ross Ulbricht, in 2013.
  • Asia-Europe Meeting

    Asia-Europe Meeting

    Asia-Europe Meeting Topic A: Identifying, Sharing and Remediating Faults in Cybersecurity Topic B: Tackling Local, Regional and Global Hunger MUNUC 32 TABLE OF CONTENTS ______________________________________________________ Letter from the Chair………………………………………………………….. 3 Topic A ………………………………………………………………………..… 4 Statement of the Problem…………………………………………….. 4 History of the Problem……………………………………….…..…….. 9 Past Actions…………………………………………………………….. 14 Possible Solutions………………………………………………………. 18 Bloc Positions…………………………………………………………… 20 Glossary…………………………………………………………………. 22 Topic B ………………………………………………………………...………. 23 Statement of the Problem…………………………………………….23 History of the Problem………………………………………………… 28 Past Actions…………………………………………………………….. 31 Possible Solutions………………………………………………………. 33 Bloc Positions…………………………………………………………… 35 Glossary…………………………………………………………………. 37 Bibliography……………………………………….…………………………. 38 2 Asia-Europe Meeting | MUNUC 32 LETTER FROM THE CHAIR ______________________________________________________ Dear Delegates, Welcome to the Asia-Europe Meeting Forum, or ASEM, at MUNUC 32! My name is Randolph Ramirez, and I usually go by Randy. I am a third year here at The University of Chicago studying Statistics and Political Science. I was born and raised in Wilton, Connecticut, and coming out to attend UChicago was my first trip out to Illinois! All throughout high school I was heavily involved in Model Congress, and partaking in MUNUC my first year here helped transition me into the world of Model UN! I am certain that this conference and committee will be a success, and I cannot wait to experience it with you all! The Asia-Europe Meeting Forum will offer a multitude of experiences, problems, solutions, and overall will hopefully give a descriptive look into the affairs of the two regions. Throughout this experience, I hope delegates learn the various factors that make solving the issues of cybersecurity and huger instability a difficult endeavor, and how best to go about solving them.
  • Beware of These Common Scams

    Beware of These Common Scams

    Beware of these common scams Nigerian Scams People claiming to be officials, businessmen or surviving relatives of former government officials in countries around the world send countless offers via e-mail, attempting to convince consumers that they will transfer thousands of dollars into your bank account if you will just pay a fee or "taxes" to help them access their money. If you respond to the initial offer, you may receive documents that look "official." Unfortunately, you will get more e-mails asking you to send more money to cover transaction and transfer costs, attorney's fees, blank letterhead and your bank account numbers and other sensitive, personal information. Tech Support Scams A tech support person may call or email you and claim that they are from Windows, Microsoft or another software company. The person says your computer is running slow or has a virus and it’s sending out error messages. Scammers will ask you to visit a website that gives them remote access to your computer. If the caller obtains access they can steal personal information, usernames and passwords to commit identity theft or send spam messages. In some cases, the caller may even be asked for a wired payment or credit card information. Lottery Scams In foreign lottery scams, you receive an email claiming that you are the winner of a foreign lottery. All you need to do to claim your prize is send money to pay the taxes, insurance, or processing or customs fees. Sometimes, you will be asked to provide a bank account number so the funds can be deposited.
  • Shadowcrew Organization Called 'One-Stop Online Marketplace for Identity Theft'

    Shadowcrew Organization Called 'One-Stop Online Marketplace for Identity Theft'

    October 28, 2004 Department Of Justice CRM (202) 514-2007 TDD (202) 514-1888 WWW.USDOJ.GOV Nineteen Individuals Indicted in Internet 'Carding' Conspiracy Shadowcrew Organization Called 'One-Stop Online Marketplace for Identity Theft' WASHINGTON, D.C. - Attorney General John Ashcroft, Assistant Attorney General Christopher A. Wray of the Criminal Division, U.S. Attorney Christopher Christie of the District of New Jersey and United States Secret Service Director W. Ralph Basham today announced the indictment of 19 individuals who are alleged to have founded, moderated and operated "www.shadowcrew.com" -- one of the largest illegal online centers for trafficking in stolen identity information and documents, as well as stolen credit and debit card numbers. The 62-count indictment, returned by a federal grand jury in Newark, New Jersey today, alleges that the 19 individuals from across the United States and in several foreign countries conspired with others to operate "Shadowcrew," a website with approximately 4,000 members that was dedicated to facilitating malicious computer hacking and the dissemination of stolen credit card, debit card and bank account numbers and counterfeit identification documents, such as drivers' licenses, passports and Social Security cards. The indictment alleges a conspiracy to commit activity often referred to as "carding" -- the use of account numbers and counterfeit identity documents to complete identity theft and defraud banks and retailers. The indictment is a result of a year-long investigation undertaken by the United States Secret Service, working in cooperation with the U.S. Attorney's Office for the District of New Jersey, the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice, and other U.S.
  • F-1 Attachment F ACCESSING the FCC NETWORK USING WINDOWS

    F-1 Attachment F ACCESSING the FCC NETWORK USING WINDOWS

    Attachment F ACCESSING THE FCC NETWORK USING WINDOWS 3.1 OR 3.11 This attachment describes how to access the FCC Network from a system that is running the Microsoft Windows 3.1 or Windows for Workgroups 3.11 operating system. This involves using the FCC-supplied Point-to-Point Protocol (PPP) Dialer. This attachment summarizes the hardware and software required for the PPP Dialer, then describes the procedures for performing the following tasks: C Downloading the Dialer files from the Internet or the FCC Bulletin Board C Extracting the Dialer from the downloaded files C Installing the Dialer application C Configuring PPP C Establishing a PPP connection The attachment also describes how to troubleshoot and uninstall the PPP Dialer application, and tells how to get help from the FCC. Conventions The instructions in this attachment use the following typographical conventions: bold Represents objects on the screen that you click with the mouse pointer, including buttons, Internet links, icons, tabs, menu items (e.g., Cancel button, Auctions link, Save option in the File menu). italic Represents field names or areas of a screen (e.g., Licensee Name field, Applicant Information area of a screen). bold italic Represents characters that you must type exactly as they appear in the instructions. For example, if you are instructed to type http://www.fcc.gov, you should type all of the characters shown in bold italic exactly as they are printed. SMALL CAPS Represents keys on the keyboard (e.g., ENTER, CTRL, ESC). F-1 Hardware and Software Requirements Applicants who want to connect to the FCC Network using the FCC PPP Dialer will need the following hardware and software.
  • Is the Mafia Taking Over Cybercrime?*

    Is the Mafia Taking Over Cybercrime?*

    Is the Mafia Taking Over Cybercrime?* Jonathan Lusthaus Director of the Human Cybercriminal Project Department of Sociology University of Oxford * This paper is adapted from Jonathan Lusthaus, Industry of Anonymity: Inside the Business of Cybercrime (Cambridge, Mass. & London: Harvard University Press, 2018). 1. Introduction Claims abound that the Mafia is not only getting involved in cybercrime, but taking a leading role in the enterprise. One can find such arguments regularly in media articles and on blogs, with a number of broad quotes on this subject, including that: the “Mafia, which has been using the internet as a communication vehicle for some time, is using it increasingly as a resource for carrying out mass identity theft and financial fraud”.1 Others prescribe a central role to the Russian mafia in particular: “The Russian Mafia are the most prolific cybercriminals in the world”.2 Discussions and interviews with members of the information security industry suggest such views are commonly held. But strong empirical evidence is rarely provided on these points. Unfortunately, the issue is not dealt with in a much better fashion by the academic literature with a distinct lack of data.3 In some sense, the view that mafias and organised crime groups (OCGs) play an important role in cybercrime has become a relatively mainstream position. But what evidence actually exists to support such claims? Drawing on a broader 7-year study into the organisation of cybercrime, this paper evaluates whether the Mafia is in fact taking over cybercrime, or whether the structure of the cybercriminal underground is something new. It brings serious empirical rigor to a question where such evidence is often lacking.
  • Web Warriors – CBC Documentary

    Web Warriors – CBC Documentary

    Cyber Crime Unit The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. 1 Computer Security Risks • A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability • A cybercrime is an online or Internet-based illegal act Hackers Crackers Script Kiddies Corporate Spies Unethical Cyberextortionists Cyberterrorists Employees Pages 556 - 557 Discovering Computers 2011: Living in a Digital World 2 Chapter 11 3 HACKER Someone who gets into another persons computer or network ILLEGALLY. Say their intent is to improve SECURITY. Have advanced COMPUTER and NETWORK skills. CRACKER 4 Someone who gets into another persons computer or network ILLEGALLY. Their intent is to: 1. GET RID OF data 2. STEAL information 3.Other SPITEFUL acts. Have advanced COMPUTER and NETWORK skills. 5 SCRIPT KIDDIE Not as knowledgeable as a cracker but has the SAME intent. Often use PREWRITTEN hacking and cracking software packages to crack into computers. 6 CYBEREXTORTIONIST Uses EMAIL as a channel for BLACKMAIL. If they are not paid a sum of money, they threaten to: 1. REVEAL confidential material 2. TAKE ADVANTAGE OF a safety flaw 3. BEGIN an attack that will compromise a organization’s network 7 CYBERTERRORIST They use the INTERNET or NETWORK to destroy or damage computers for GOVERNMENTAL motives. Targets may be: 1. Nation’s AIR TRAFFIC system 2. ELECTRICITY-generating companies 3. TELECOMMUNICATION infrastructure 8 CORPORATE SPYS Have OUTSTANDING computer and networking skills and are hired to break into a specific computer and ROB its exclusive FILES and information or to help identify SAFETY risks in their own ORGANIZATION.
  • Financial Fraud and Internet Banking: Threats and Countermeasures

    Financial Fraud and Internet Banking: Threats and Countermeasures

    Report Financial Fraud and Internet Banking: Threats and Countermeasures By François Paget, McAfee® Avert® Labs Report Financial Fraud and Internet Banking: Threats and Countermeasures Table of Contents Some Figures 3 U.S. Federal Trade Commission Statistics 3 CyberSource 4 Internet Crime Complaint Center 4 In Europe 5 The Many Faces of Fraud 6 Small- and large-scale identity theft 7 Carding and skimming 8 Phishing and pharming 8 Crimeware 9 Money laundering 10 Mules 10 Virtual casinos 11 Pump and dump 12 Nigerian advance fee fraud (419 fraud) 12 Auctions 14 Online shopping 16 Anonymous payment methods 17 Protective Measures 18 Scoring 18 Europay, MasterCard, and Visa (EMV) standard 18 PCI-DSS 19 Secure Sockets Layer (SSL) and Transport Secured Layer (TLS) protocols 19 SSL extended validation 20 3-D Secure technology 21 Strong authentication and one-time password devices 22 Knowledge-based authentication 23 Email authentication 23 Conclusion 24 About McAfee, Inc. 26 Report Financial Fraud and Internet Banking: Threats and Countermeasures Financial fraud has many faces. Whether it involves swindling, debit or credit card fraud, real estate fraud, drug trafficking, identity theft, deceptive telemarketing, or money laundering, the goal of cybercriminals is to make as much money as possible within a short time and to do so inconspicuously. This paper will introduce you to an array of threats facing banks and their customers. It includes some statistics and descriptions of solutions that should give readers—whether they are responsible for security in a financial organization or a customer—an overview of the current situation. Some Figures U.S.
  • Interaction Dialer Installation and Configuration Guide

    Interaction Dialer Installation and Configuration Guide

    Interaction Dialer Installation and Configuration Guide 2018 R4 Last updated June 6, 2018 (See Change Log for summary of changes.) Abstract This document explains how to install Interaction Dialer. Interaction Dialer is a set of client/server extensions that add predictive dialing and campaign management capabilities to the PureConnect platform. iii Copyright and Trademark Information Interactive Intelligence, Interactive Intelligence Customer Interaction Center, Interaction Administrator, Interaction Attendant, Interaction Client, Interaction Designer, Interaction Tracker, Interaction Recorder, Interaction Mobile Office, Interaction Center Platform, Interaction Monitor, Interaction Optimizer, and the “Spirograph” logo design are registered trademarks of Genesys Telecommunications Laboratories, Inc. Customer Interaction Center, EIC, Interaction Fax Viewer, Interaction Server, ION, Interaction Voicemail Player, Interactive Update, Interaction Supervisor, Interaction Migrator, and Interaction Screen Recorder are trademarks of Genesys Telecommunications Laboratories, Inc. The foregoing products are ©1997-2017 Genesys Telecommunications Laboratories, Inc. All rights reserved. Interaction Dialer and Interaction Scripter are registered trademarks of Genesys Telecommunications Laboratories, Inc. The foregoing products are ©2000-2017 Genesys Telecommunications Laboratories, Inc. All rights reserved. Messaging Interaction Center and MIC are trademarks of Genesys Telecommunications Laboratories, Inc. The foreg oing p rodu cts are ©2001-2017 Genesys
  • Technological Crime Advisory Board

    Technological Crime Advisory Board

    TECHNOLOGICAL CRIME ADVISORY BOARD CATHERINE 100 North Carson Street JAMES D.EARL CORTEZ MASTO Carson City, Nevada 89701-4717 Executive Director Attorney General Telephone (775) 684-1115 Fax (775) 684-1108 Chair E-Mail: [email protected] ADVISORY BOARD Bill: SB 267 CATHERINE Position: Support CORTEZ MASTO Attorney General, Chair Tech Crime Board Statutory Missions (2 of 7) – NRS 205A VALERIE WIENER o Recommend changes to civil and criminal statutes in light of tech change. Nevada State Senator, Vice o Assist in securing government information systems. Chair TRAY ABNEY Background: Security Issues Associated with Multi-functional Devices (MFDs) Reno / Sparks Chamber of Commerce o CBS News “Copy Machines, a Security Risk?” April 19, 2010 at http://www.cbsnews.com/video/watch/?id=6412572n&tag=mncol;lst;8 DANIEL G. BOGDEN o Board meeting on July 22, 2010: Technological background and concerns United States Attorney, District of Nevada regarding State systems (minutes attached, see pages 26 to 30). DOUGLAS C. GILLESPIE Sheriff, Clark County Risk Analysis Leads in Different Directions for Public and Private Sectors Las Vegas Metropolitan o Nevada State Standard on MFDs (draft attached) is more proscriptive than Police Department SB 267 since State agencies, generally, have IT personnel who can evaluate MIKE HALEY and limit risks associated with some functions of MFDs. Sheriff, Washoe County o Private sector users of MFDs purchase them specifically to connect to a network, which is a risk State IT personnel seek to prevent or mitigate. KEVIN FAVREAU Special Agent in Charge, o Conclusion: SB 267 mitigates the most significant risk to data stored on or Federal Bureau of copied by MFDs; State agencies are required to take additional precautions Investigation (as of finalization of standard); private sector enterprises with IT personnel DALE NORTON should consider State standards in their MFD implementations.
  • ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL Facultad De

    ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL Facultad De

    ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL Facultad de Ingeniería en Electricidad y Computación Maestría en Seguridad Informática Aplicada “DISEÑO E IMPLEMENTACIÓN DE UN SISTEMA DE DEFENSA CONTRA ATAQUES DE DENEGACIÓN DE SERVICIO DISTRIBUIDO EN LA RED PARA UNA EMPRESA DE SERVICIOS.” TESIS DE GRADO PREVIA A LA OBTENCIÓN DEL TÍTULO DE: MAGISTER EN SEGURIDAD INFORMÁTICA APLICADA KAROL PAMELA BRIONES FUENTES OMAR ANTONIO CÓRDOVA BALÓN GUAYAQUIL – ECUADOR 2015 ii AGRADECIMIENTO A Dios, A nuestras familias. iii DEDICATORIA A nuestras familias. iv TRIBUNAL DE SUSTENTACIÓN MSIG. LENIN FREIRE COBO DIRECTOR DEL MSIA MSIG. ROKY BARBOSA DIRECTOR DE TESIS MSIG. ALBERT ESPINAL SANTANA MIEMBRO PRINCIPAL v DECLARACIÓN EXPRESA “La responsabilidad del contenido de esta Tesis de Grado, me corresponde exclusivamente; y, el patrimonio intelectual de la misma, a la ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL” ING. KAROL BRIONES FUENTES CI 0921279162 vi DECLARACIÓN EXPRESA “La responsabilidad del contenido de esta Tesis de Grado, me corresponde exclusivamente; y, el patrimonio intelectual de la misma, a la ESCUELA SUPERIOR POLITÉCNICA DEL LITORAL” ING. OMAR CORDOVA CI 0922892161 vii RESUMEN Internet ha revolucionado la forma en que operan los negocios en la actualidad. Gran cantidad de datos son transmitidos a nivel mundial en tiempo real, como es el caso de las compañías en línea, las cuales dependen de la disponibilidad de sus servicios las veinticuatro horas del día, los trescientos sesenta y cinco días del año para que sus clientes se mantengan conectados de diversas maneras y sin interrupciones. Pero, este nuevo mundo de mayores velocidades, grandes volúmenes de datos y alta disponibilidad de los servicios, trae consigo oportunidades para los criminales cibernéticos, cuyo objetivo es aprovechar el mínimo fallo en los sistemas que operan dentro de la gran red mundial.