Computer Forensics and Cyber Crime PDF

Computer Forensics and Cyber Crime CHAPTER 7 Avenues for Prosecution and...

Computer Forensics and Cyber Crime CHAPTER 7 Avenues for Prosecution and Government Efforts Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Introduction Law enforcement administrators have faced traditional challenges, such as:  Smaller agencies lacking resources available, leading to greater reliance on state and federal agencies, which results in overburdening of those agencies  Historically, apathy towards nonviolent crime  Glacially slow pace of legislative action Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Traditional Statutes The primary federal law enforcement provisions, relating to cybercrime exist under Title 18, for crimes such as:  Fraud and Embezzlement  Terrorism or Espionage  Child Seduction & Exploitation  Stalking  Kidnapping (The Hobbs Act)  Forgery and Counterfeiting  Extortion  RICO  Access Device Fraud  Illegal Wiretapping Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Traditional Statutes Supplemental federal criminal law relating to cybercrime includes:  Title 15: Credit card Fraud and Software Piracy  Title 17: Copyright Infringement Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Computer Fraud and Abuse Act of 1986 (CFAA) Prior version, the Counterfeit Access Device & computer Fraud & Abuse Act of 1986 – 18 U.S.C. §1030 (also called the Hacking Statute) focused narrowly on unauthorized access to a computer.  Considered ineffective: Too vague, overemphasized access to financial information and government computers  Only one successful prosecution under original act Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Computer Fraud and Abuse Act of 1986 (CFAA) Later expansion applied the Act to computers used in commerce & communication; applied to all financial records Tailored it to apply to intentional, not inadvertent, intrusions Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes National Information Infrastructure Act of 1996 (NIIPA) Focused on loopholes, areas unaddressed by CFAA:  Instances of accidental intrusion  Offenses committed via computer  Offenses committed with computer technology  When computer data is not the primary target  All computers not involved in commerce but attached to the Internet Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Expanded to include:  Transmitting classified government information  Obtaining information from financial institutions, private sector computers, and the U.S. government  Affecting the government's use of a U.S. department or agency nonpublic computer  Fraud related to any of the previous activities  Hacking & malicious programming, including any unintentional damages  Trafficking in passwords  Extortion related to any of the above activities Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes Response: The PROTECT (Prosecutorial Remedies and Other Tools to End the Exploitation of children Today) Act, which provided for:  Mandatory life penalty for repeat child sex offenders  Criminal history/background checks for volunteer organizations  Electronic eavesdropping for cases of child abuse or kidnapping Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Identity Theft and Assumption Deterrence Act of 1998 (ITADA) Now a crime to possess another’s personal (public or nonpublic) identifying information Also, now unlawful to "Knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law" Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Identity Theft and Assumption Deterrence Act of 1998 (ITADA) Identifying information includes:  Name  Social Security number  Date of birth  Official state or government issued driver’s license or identification number  Alien registration number  Passport number  Employer or taxpayer identification number Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes The Financial Modernization Act of 1999 Contains the Financial Privacy Rule, which states that financial institutions must disclose privacy practices and provide for "opt-out" of disclosure of some personal information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Fair and Accurate Credit Transactions Act of 2003 (FACTA) Major provisions include:  Free credit report  Fraud and active duty alerts  Truncation of credit/debit account numbers (to address dumpster-diving)  Truncation of Social Security numbers  One-call fraud alerts and enhanced victims' resolution process Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes  Mandate card issuers to investigate change of address requests and requests for new, additional cards  Blocking or elimination of fraudulent information  Fraud alert requirements for consumer reporting agencies  Requirement of consumer reporting agencies to divulge consumer credit scores  Limits the comingling of medical and financial information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes  Debt collectors now obliged to tell third-party employers that debt may be result of identity theft, provide info on how to resolve disputes, and provide all info about debt; also, cannot put debt, result of identity theft, into collection  Civil action available when violations occur Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Additional Efforts to Protect Personal Information Drivers Privacy Protection Act: Prohibits use of Social Security numbers and other personal information from a motor vehicle record in any situation not expressly permitted by law Health Insurance Portability & Accountability Act: Restricts health care organizations from disclosing Social Security numbers and health information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Federally Funded Initiatives and Collaborations The President’s Working Group on Unlawful Conduct on the Internet brought together the business community, government entities, and civil liberty/nonprofit advocacy organizations to evaluate: Sufficiency of existing federal laws Whether new technologies legal authorities needed to investigate and/or prosecute Internet crime Whether education and “empowerment tools” can minimize the risks associated with this behavior Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Packet Sniffers and Key Loggers Dragonware software suite (made up of Carnivore, Packeteer, Coolminer) intended to reconstruct the Web-surfing trail of someone under investigation.  This was packet-sniffing software, where communication on the Internet broken down into packets, transmitted, then reassembled at the destination. Cyber Knight project used the Magic Lantern key logger to record keystrokes and mouse clicks for unscrambling encrypted files Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Data Mining Uses statistical models, algorithms, and/or artificial intelligence to analyze large data sets, with analysis parameters looking at:  Association of connected events  Sequence of path analysis, of events  Classification of new patterns  Clustering of groups of previously unknown facts  Forecasting future activities Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Conclusions Recognition of problems has increased exponentially, with still much work needed Continue to use traditional statutes, pending enactment of technology specific legislation, due to encouragement of policymakers and administrators While international cooperation has increased, competitive issues about sovereignty hinders the continuing efforts Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved

Computer Forensics and Cyber Crime PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue