Topics Why study historical records? History of Trends 1960s / 70s – Sabotage Computer Crime Impersonation Phone Phreaking Data Diddling CSH6 CSH6 Chapter 2 Logic Bombs Chapter 2 Trojan Horses “History of Computer Crime” Notorious Worms and Viruses M. E. Kabay Spam Denial of Service With supplemental updates Hacker Underground Recent Developments 1 Copyright © 2014 M. E. Kabay. All rights reserved. 2 Copyright © 2014 M. E. Kabay. All rights reserved. Why study historical Trends records? Early days: sabotage, disgruntled/dishonest Common body of knowledge employees Distinguish amateurs from professionals Physical damage prominent threat until 1980s Shared history of significant events Unauthorized access common What has shaped development of field Telecommunications subversion popular in 1960s/70s Understand references from senior people Malicious software developed in 1980s Put new events and patterns into perspective Fax-based fraud developed in 1980s (4-1-9) Growth of Internet multiplied threats Financial crime mediated by computers & networks grew in 1990s New malware types developed in 1990s Illegitimate uses of e-mail spawned spam, phishing, 4-1-9 e-mail fraud 3 Copyright © 2014 M. E. Kabay. All rights reserved. 4 Copyright © 2014 M. E. Kabay. All rights reserved. Rough Guesses About 1960s / 70s – Sabotage Sources of Damage to IT Before 1993 Computers can be tools and targets of crime Also repositories of evidence 1969.02 – fire in computer center during student riot in Montréal, Québec, Canada Sir George Williams University (now Concordia) $2M damages & 97 people arrested After 1993 In 2001, survey by Novatech showed ~¼ of all computers had been physically assaulted by owner (4,200 respondents) MORAL: remember this fuzzy graph and don’t trust precise statistics about computer crime! 5 Copyright © 2014 M. E. Kabay. All rights reserved. 6 Copyright © 2014 M. E. Kabay. All rights reserved. Albert the Saboteur (1970) Impersonation National Farmers Union Service Corporation 1970-1972 1970: Jerry Neal Schneider Burroughs B3500 mainframe 1980-2003: Kevin Mitnick 56 hard disk head crashes in 2 years 8 hours average downtime 1970s-today: Credit Card Fraud $500,000 electrical system repairs Crashes continued 1990s-today: Identity Theft Rises Suspicion fell on Albert the Operator Loyal employee Night shift for many years without letup Secret video-tape revealed sabotage Liked the excitement of having all those people around 7 Copyright © 2014 M. E. Kabay. All rights reserved. 8 Copyright © 2014 M. E. Kabay. All rights reserved. 1970: Jerry Neal Schneider 1980-2003: Kevin Mitnick (1) Born 1963 Born c. 1951 As young teenager, stole bus rides by using special punch for bus transfers 1968: forms Creative Systems Enterprises Phone phreaking, pranks, breakins using Selling electronic communications equipment social engineering against DEC Dumpster® Diving for parts at PT&T 1981: social engineering to enter PacBell Found discarded (unshredded) procedures Juvenile court ordered psychological study manuals 1 year probation 1971: Ordered new equipment from PT&T by pretending to be employee involved in repairs 1987: arrested for penetrating USCA Then sold it -- ~$200K value Stored stolen VAX VMS code on disks 1972: Arrested and convicted of grand theft 1988: Arrested by FBI; sentenced 1989 to 1 year jail & 6 months rehabilitation 2 months + $500 fine! 9 Copyright © 2014 M. E. Kabay. All rights reserved. 10 Copyright © 2014 M. E. Kabay. All rights reserved. Kevin Mitnick (2) Kevin Mitnick (3) 1992: FBI tried to arrest him for stealing services Became cause célèbre among criminal hackers from phone company computers FREE KEVIN defacements worldwide Went underground Funniest: FREE KEVIN on Mexican Web site 1994: Insults Tsutomu Shimomura after release of KM Physicist & Internet security expert 2000: released from prison Mitnick left rude messages on computer, voice- 3 years parole mail Restricted access to computers Shimomura helped FBI track Mitnick Profits from writing and speaking 1995: FBI arrests Mitnick about criminal career used to 1999: Convicted of wire fraud, computer fraud & reimburse victims illegal interception of wire communication Founded own computer-security firm Sentenced to 46 months federal prison Wrote books about defending against social engineering 11 Copyright © 2014 M. E. Kabay. All rights reserved. 12 Copyright © 2014 M. E. Kabay. All rights reserved. 1970s-Today: Kevin Mitnick (4) Credit Card Fraud (1) Readings about the Mitnick case Credit cards developed after WWII in USA Goodell, J. (1996). The Cyberthief and the Samurai: The True Story of Kevin Mitnick— 1950: Diners Club and the Man Who Hunted Him Down. Dell (New York). ISBN 0-440-22205-2. xix + 328. 1951: BankAmericard & MasterCard Hafner, K. & J. Markoff (1991). Cyberpunk: 1958: American Express Outlaws and Hackers on the Computer Frontier. Touchstone Books, Simon & 1960s: aggressive marketing of credit cards Schuster (New York). ISBN 0-671-77879-X. 368. Index. Sending cards to unsuspecting consumers Littman, J. (1996). The Fugitive Game: Online Mailbox theft → surprise bills on first invoice with Kevin Mitnick—The Inside Story of the Great Cyberchase. Little, Brown and 1974: Fair Credit Billing Act to reduce abuses Company (Boston). ISBN 0-316-5258-7. x + 383. 1970s-80s: expansion of electronic confirmation Shimomura, T. & J. Markoff (1996). Takedown: 1980s: Refusal to improve security (no pictures) The Pursuit and Capture of Kevin Mitnick, America's Most Wanted Computer Outlaw—by the Man Who Did It. Hyperion (New York). ISBN 0-7868-6210-6. xii + 324. Index. 13 Copyright © 2014 M. E. Kabay. All rights reserved. 14 Copyright © 2014 M. E. Kabay. All rights reserved. 1990s-now: Identity Credit Card Fraud (2) Theft Rises 1990s: massive increase in credit card & online fraud US Visa/MC: $110M in 1980 vs $1,630M in 1995 One of the fastest growing crimes in USA More recent data*: Identity Theft Resource Center Unauthorized general-purpose credit card http://www.idtheftcenter.org/ transactions = 0.037% all card-present credit card Wealth of resources transactions in 2012 Victim resources Fraud = 0.092% value of transactions) 0.118% all card-not-present transactions ID theft protection tips 0.114% value those transactions) Scams & alerts Global fraud rates across Visa < $0.06/$100 FBI ID Theft Resources http://www.fbi.gov/about- us/investigate/cyber/identity_theft Statistic Brain * < http://www.creditcards.com/credit-card-news/credit-card-industry-facts-personal-debt-statistics-1276.php > http://www.statisticbrain.com/identity-theft-fraud- or < http://tinyurl.com/6hdtv6 > statistics/ 15 Copyright © 2014 M. E. Kabay. All rights reserved. 16 Copyright © 2014 M. E. Kabay. All rights reserved. What ID Thieves Do Consequences for Victims Credit-card expenses relatively easy to correct IFF Locate identifying data Victim checks statement immediately and Social Security Number Reports questionable transactions within time limit Driver's License Bank-account thefts much more difficult to correct Home address, telephone number Money stolen is client’s, not bank’s Mother's maiden name Client has great difficult recovering funds Or just misuse of handle (screen name) for Bill-collectors hound victims relentlessly forged messages Bad credit records difficult to correct, ruin plans, cause Create new credit cards, bank accounts loss of jobs or interfere with hiring Default on loans in victim's name Criminal accusations put victims at serious risk of erroneous arrest or deportation Ruin reputations, credit records Victims may be nailed for child support of total strangers 17 Copyright © 2014 M. E. Kabay. All rights reserved. 18 Copyright © 2014 M. E. Kabay. All rights reserved. Preventing ID Theft Phone Phreaking Phone + freak = phreak Prevent theft: restrict access to your SSN 1950s: Single-frequency signals and other personal data communicated control instructions to SSN may be required by SSA, IRS central switches (computers) employer, financial institution, lender Generating external tone could fool Corner store or video rental should NOT be switch given SSN 2600 Hz tone generated by whistling, NEVER give out credit-card or other personal flute or whistle in Captain Crunch cereal box data over the phone to someone who has called you. Ask for written documents. Hence John Draper phreak became known as Cap’n Crunch Shred papers that include confidential info before discarding. Able to initiate free long-distance Interviewed by Equire 1971 about Destroy computer media before discarding. phreaking – arrested & convicted Don’t use DEBIT cards to buy things Eventually jailed for wire fraud in John Draper 1977 then and now 19 Copyright © 2014 M. E. Kabay. All rights reserved. 20 Copyright © 2014 M. E. Kabay. All rights reserved. Data Diddling: Data Diddling The Equity Funding Fraud Unauthorized modification of data Equity Funding Corporation of America Changes can occur From early 1960s to 1973, immensely successful Before data input firm During data input Buy insurance + invest in mutual funds Before output In 1964, computer problem prevented printing final figures Records affected have included President ordered head of DP to falsify report with Bank records expected profit Payrolls Profit failed to materialize Inventory data Invented false insurance policies to make up Credit records difference Eventually “killed” nonexistent policy holders to School transcripts collect
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages10 Page
-
File Size-