Computer Forensics And Cyber Crime PDF
Document Details
Uploaded by IndebtedOwl
null
Marjie T. Britz
Tags
Related
- Chapter 20 - 03 - Identify the Roles and Responsibilities Of a Forensic Investigator PDF
- King Fahd University Of Petroleum & Minerals Computer Forensics Lectures 05-07 PDF
- Computer Forensics and Cyber Crime PDF
- Computer Forensics and Cyber Crime PDF
- Computer Forensics And Cyber Crime PDF
- Computer Forensics and Cyber Crime PDF
Summary
This document presents an overview of computer forensics and cybercrime, focusing on identity theft and fraud. It covers topics such as typologies of internet theft, prevalence and victimology, and methods of identity theft, both physical and virtual. The document is a textbook aimed at professionals.
Full Transcript
Computer Forensics and Cyber Crime CHAPTER 5 Identity Theft and Identity Fraud Compute...
Computer Forensics and Cyber Crime CHAPTER 5 Identity Theft and Identity Fraud Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Introduction Identity theft is traditionally used to describe ANY use of stolen personal information. Identity fraud includes identity theft within its purview. Many illegal activities involve fraudulent use of identifying information of a real/fictitious person. Committed when a credible identity is created through access to credit cards, financial or employment records, etc. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Typologies of Internet Theft/Fraud Assumption of Identity Involves one person assuming all aspects of the other’s life Rare, because of the difficulty in accomplishing it Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Typologies of Internet Theft/Fraud Theft for Employment and/or Border Entry Fraudulent use of stolen or fictitious personal information to get work or to gain entry into the U.S. Growing from increase in illegal immigration, alien smuggling Fraudulent documents here include alien registration cards; nonimmigrant visas, passports, and citizenship documents; and border crossing cards Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Typologies of Internet Theft/Fraud Criminal Record Identity Theft/Fraud Aim: evading capture, criminal prosecution Often involves lying to police upon arrest Another version: Reverse criminal record identity theft, using a victim’s identity just to get work Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Typologies of Internet Theft/Fraud Virtual Identity Theft/Fraud Use personal, professional, or other aspects of identity to develop fraudulent virtual personality Easy to accomplish, since it requires little effort For innocent or malevolent reasons Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Typologies of Internet Theft/Fraud Credit Identity Theft/Fraud Use of stolen personal, financial information leading to creation of fraudulent accounts Most common & most feared Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Prevalence and Victimology Difficult to measure because of lack of consistency and accuracy, the latter due to: Perceptions of apathy Lack of reporting by local, state law enforcement to federal agencies Jurisdictional discrepancies regarding how to measure these activities Selective enforcement based on community standards & departmental resources Delayed notification or awareness of victimization Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Prevalence and Victimology Vested interest of private companies to exploit consumer fear Lack of mandatory reporting and inconsistent prosecution by federal agencies Lack of national standards in measurement Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Prevalence and Victimology Primary information sources: Credit reporting agencies Software companies Popular and trade media Government agencies All have agendas: Credit reporting agencies, software companies want to sell you services, products for protection Popular press thrives on consumer fears Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Prevalence and Victimology Victims and the costs associated with victimization are especially difficult to measure because the losses take the form of more than just a dollar amount. Factors: Loss of consumer confidence Delay in victim awareness General lack of reporting Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Prevalence and Victimology Expected to see sharp increases, especially in virtual methods, due to: Increasing globalization of communication and commerce Lack of cooperation by lenders and consumer reporting agencies Lenders don’t want to alienate consumers by creating time-consuming safety measures Credit bureaus make money by selling protection Increased outsourcing of information and services Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Mail Theft Information stolen from mailboxes, including credit card offers, government documents, like Social Security statements and passports, for example. Popcorning: steal information by looking for raised flags which signal outgoing mail Dumpster Diving Searching waste receptacles for identification information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Theft of Computers Physical theft of computers, especially laptops, from airports, hotel rooms, homes, and offices, because they contain personal information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Bag Operations Theft of intelligence By governmental intelligence operatives Often committed in hotel rooms Often done by using corrupted hotel employees Easier to do because of portable mass storage media Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Child Identity Theft Typically committed by parents Dramatically increasing Problems include delayed identification; also, not within the purview of child welfare agencies Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Insiders Since committed by employees, intentionally or accidentally, perhaps the greatest threat Fraudulent/Fictitious Companies Very sophisticated Involves the creation of shell companies to gather personal information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Physical Methods of Identity Theft Card Skimming Theft of personal information encoded on the magnetic strip of credit/debit card ATM Manipulation Includes stealing personal information, like PIN, through use of fraudulent ATM Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Virtual or Internet-Facilitated Methods Capitalizes on the nature of the world wide web, built for efficiency and not security International nature opens up a huge number of potential victims Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Virtual or Internet-Facilitated Methods Phishing Involves fraudulent e-mails seeking information (such as the infamous Nigerian 419 letter), use of fake web sites Difficult to identify offenders Variations include: Spoofing: Soliciting funds via false, but apparently authentic, communications Pharming: Redirecting connection from legitimate IP address to redirect to a mirror site Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Virtual or Internet-Facilitated Methods Redirector: Malware redirects traffic to undesired site Advance-fee/419 fraud: Strangers deceiving people into providing financial information, often due to a promise of a windfall Phishing Trojans or spyware, often to create botnets Floating windows, placed over address bar of a browser, to site to steal personal info Botnets: Change Web site IP address without changing domain name, to steal info and spread malware Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Virtual or Internet-Facilitated Methods Spyware and Crimeware Spyware: takes control of computer's interactions with users to capture info Crimeware: spyware to achieve identity theft, other economically motivated crimes Keyloggers and Password Stealers Keyloggers record key strokes, like passwords; could be hardware or software Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Virtual or Internet-Facilitated Methods Trojans Can have an apparently legitimate purpose; often, keyloggers, password-stealers, or installers of back doors Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Crimes Facilitated by Identity Theft/Fraud Aim: Anonymous entry into private areas to transfer resources Typically a four-phase process: Procure stolen identifiers Create or secure of a breeder document (birth certificate, driver's license, etc.) Use breeder document to create additional fraudulent documents and solidify an identity Employ fraudulent identity to commit criminal act Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Crimes Facilitated by Identity Theft/Fraud Insurance and Loan Fraud Get government loans, enroll at legitimate institution, drop out, pocket the moneys, disappear Immigration Fraud and Border Crossings Fraud includes the goal to secure a border crossing, obtain immigration benefits, engage in acts of terror Example: Three hundred employees arrested at Swift & Company, the world’s second-largest meat processing plant Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Conclusions and Recommendations Expand the definition of personal identifying information to include unique biometric data. Establish a central repository of vital statistics. Develop alternate means to authenticate identity authentication. Prohibit the exportation of personal information to foreign countries. Provide victims with the ability to petition the court for a finding of factual innocence. Provide for consumer-initiated credit “freezes” or “blocks.” Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Conclusions and Recommendations Restrict access and publication of social security numbers. Ban the sale of social security numbers. Require the oversight of data-selling companies. Require enhanced identity authentication practices. Develop a standardized police report. Develop civil remedies and criminal penalties directly proportionate to the loss suffered. Provide civil remedies for victims. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved Conclusions and Recommendations Develop incentives for businesses, financial institutions, and consumer reporting agencies. Hold credit reporting agencies and lenders responsible for their mistakes. Provide for ongoing funding for research, enforcement, and public education ID theft/fraud. Mandate incident reporting. Create a centralized incident database. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz Public All Rights Reserved