Unit 6.1.pdf

Full Transcript

Computer crimes & InTRO TO Artificial Intelligence UNIT 6.1, BU1173 TEXTBOOK: CHAPTER 9 (Kizza, 2023, pp. 187-203) Today’s AGENDA Review (Kahoots) Part One: Computer Crimes Social and Ethical Consequences Artificial Intelligence PART ONE COMPUTER CRIMES Terminology: VIRUS Word origin: Latin = poison. Biological Virus: a foreign agent injecting itself into a living body, feeding on it to grow, multiply, and spread. As the body weakens and loses its ability to fight foreign invaders and eventually succumbs to the virus if not treated. Computer Virus: a self-propagating computer program designed to alter or destroy a computer system’s resources. It attaches itself to software, grows, reproduces many times, and spreads in the new environment. It spreads by attacking major system resources including data and sometimes hardware, weakening the capacity of these resources to perform the needed functions, and eventually bringing the system down Terminology: HACKING A computer attack technique that utilizes the internetworking between computers and communication devices. As long as computers are not interconnected in a network, hacking cannot take place. COMPUTER SYSTEM CRIMES Computer system crimes often take the form of attacks, which can be categorized into two main types: penetration attacks and denial of service attacks. These attacks can originate from various sources, including insider threats, hackers, criminal groups, and hacktivists, each with their own motivations and methods. Understanding the different types of computer system attacks is crucial for developing effective cybersecurity measures. This Photo by Unknown Author is licensed under CC BY PENETRATION ATTACKS Full Access Local or Global Penetration attacks involve breaking into a Penetration attacks can be local, where the computer system using known security intruder gains access to a computer on a vulnerabilities to gain full access to all of the local network, or global, where the attack system's resources. This allows the intruder to originates thousands of miles away on the alter data files, change data, plant viruses, or internet. install damaging programs. Insider Threats Hacker Techniques Disgruntled current or former employees, Hackers use a variety of techniques to contractors, or business partners are a penetrate computer systems, including major source of penetration attacks, as downloading attack scripts and protocols they already have unrestricted access to from the internet and launching them the computer system. against victim sites. DENIAL OF SERVICE ATTACKS 1 Bandwidth Exhaustion Denial of service (DDoS) attacks aim to exhaust the network bandwidth, router processing capacity, or network stack resources, eventually breaking the network connectivity to the victims. 2 Victim Identification Perpetrators use freely available scan software to identify weakly secured computers, then break into them and install software to conceal their activities. 3 IMAGE SOURCE Coordinated Attacks The compromised victim machines are then used to mount attacks on other machines in the network, often by sending streams of packets as "projectiles" to the secondary victims. MOTIVES FOR COMPUTER CRIMES Political Activism Vendetta & Hoaxes Hacker Ethics Hacktivism, or politically motivated computer attacks, are carried out by groups with various causes, such as the Zapatista movement in Mexico or supporters of Serbia during the NATO bombing of Yugoslavia. Some computer crimes are driven by personal vendettas or the desire to play jokes, such as spreading false virus warnings or other hoaxes that cause panic among users. Hackers may be motivated by a set of beliefs and ethics, such as the belief in free access to information and computers, distrust of authority, and the desire to create art and beauty on a computer. MALICIOUS MOTIVES 1 Terrorism and Extortion 2 Espionage 3 Hate and Personal Gain Political and military espionage, as well as Cyber terrorists target enterprise systems, business and industrial espionage, have found The growth of computer and institutions, and governments, often with the new opportunities in the digital age, with the telecommunication technology has also goal of instilling fear and doubt and internet providing a fertile ground for cyber enabled the spread of hate and violence, as compromising the integrity of data in order to sleuthing and corporate computer attacks. well as crimes motivated by personal gain, extort money. fame, or the simple desire for fun. THE RISE OF HACKING Early Hacking 1 For a long time, penetration attacks were limited to in-house employeegenerated attacks and theft of company property. Disgruntled insiders were a major source of computer crimes. 2 The Hacker Boom Since the mid-1980s, computer network hacking has been on the rise, mostly due to the wider use of the internet. Hackers penetrate systems for a variety of reasons, including the thrill of the challenge and financial gain. Modern Cybercrime In recent years, we have seen more cases of hacking for illicit financial gain or other malicious purposes, with criminal groups and statesponsored actors joining the fray. 3 HACKTIVISM AND CYBER ACTIVISM This Photo by Unknown Author is licensed under CC BY-SA-NC This Photo by Unknown Author is licensed under CC BY-NC Web Page Defacement DDoS Attacks Government Targets Hacktivists often target the web pages or email servers of Hacktivists have also carried out distributed denial of Hacktivists have even targeted government websites, such selected institutions or groups, overloading them with service (DDoS) attacks, such as those targeting NATO web as the defacement of the US Senate website by supporters messages for their causes, such as the "Electronic servers during the bombing of Yugoslavia, in an effort to of the famed computer hacker Kevin Mitnick while he was Disturbance Theater" in support of the Zapatista movement disrupt the operations of their perceived adversaries. in federal prison. in Mexico. THE IMPACT OF CYBER ATTACKS Disruption Data Compromise Financial Losses Security Challenges Cyber attacks, Penetration attacks The financial impact The evolving nature whether they are can lead to the of cyber attacks can of cyber threats and penetration attacks alteration, theft, or be substantial, with the increasing or denial of service destruction of costs associated sophistication of attacks, can sensitive data, with system attackers pose significantly disrupt compromising the downtime, data significant the normal integrity and recovery, and the challenges for functioning of confidentiality of potential for organizations and computer systems, information vital to extortion, fraud, and individuals in networks, and the individuals, other illicit financial maintaining robust critical infrastructure businesses, and activities. cybersecurity they support. governments. measures. COMBATING CYBER THREATS Threat Awareness Security Measures Incident Response Collaboration Developing a deep Implementing Having a well- Fostering understanding of robust security defined incident collaboration the various types measures, such as response plan in between of cyber threats, firewalls, intrusion place, including government their motivations, detection systems, procedures for agencies, law and their methods and regular detecting, enforcement, and is the first step in software updates, containing, and the private sector effectively can help mitigate recovering from is essential for combating the risk of cyber incidents, is sharing computer crimes. successful cyber crucial for intelligence, attacks. minimizing the coordinating impact of attacks. responses, and apprehending cybercriminals. THE ROLE OF CYBERSECURITY PROFESSIONALS Vulnerability Assessment Threat Monitoring Incident Management Cybersecurity professionals They continuously monitor When a cyber incident does are responsible for for signs of suspicious occur, cybersecurity identifying and addressing activity, such as unusual professionals play a crucial vulnerabilities in computer login attempts, data role in containing the systems and networks, exfiltration, or network damage, investigating the which can be exploited by traffic anomalies, in order to incident, and implementing attackers to gain detect and respond to cyber measures to prevent similar unauthorized access or threats in a timely manner. attacks in the future. disrupt operations. THE FUTURE OF CYBERSECURITY 1 Emerging Technologies The continued development of technologies such as artificial intelligence, machine learning, and quantum computing is expected to have a significant impact on the field of cybersecurity, enabling more sophisticated threat detection and response capabilities. 2 Automation and Orchestration The automation and orchestration of security processes, from vulnerability scanning to incident response, will become increasingly important in keeping pace with the rapidly evolving cyber threat landscape. 3 Collaborative Approaches Effective cybersecurity will require even greater collaboration between governments, law enforcement agencies, and the private sector, as they work together to share intelligence, develop best practices, and coordinate responses to global cyber threats. THE IMPORTANCE OF CYBERSECURITY EDUCATION 1 Raising Awareness 2 Skill Development Educating individuals, from students to Providing comprehensive professionals, about the various types cybersecurity education and training of cyber threats, their potential programs, covering topics such as impacts, and best practices for network security, ethical hacking, prevention and mitigation is crucial for digital forensics, and incident strengthening the overall cybersecurity response, is essential for developing posture. the next generation of cybersecurity professionals. 3 Interdisciplinary Approach Integrating cybersecurity education across multiple disciplines, from computer science and engineering to business and law, can help foster a more holistic understanding of the challenges and solutions in the rapidly evolving digital landscape. THE GLOBAL CYBERSECURITY LANDSCAPE Threat Actors Motivations Targeted Sectors Hackers, Cybercriminals, Financial Gain, Espionage, Government, Critical Nation-State Actors, Ideological Beliefs, Infrastructure, Financial Hacktivists Revenge, Disruption Institutions, Businesses, Individuals THE CALL FOR VIGILANCE Evolving Threats Collaborative Efforts The computer crime landscape is Addressing the global cybersecurity constantly evolving, with new attack challenge requires a collaborative effort vectors, techniques, and motivations involving governments, law enforcement, emerging on a regular basis. Maintaining the private sector, and individual citizens, vigilance and staying ahead of these all working together to strengthen threats is a continuous challenge. defenses and respond effectively to cyber incidents. Proactive Approach Ongoing Vigilance Adopting a proactive approach to Ultimately, the fight against computer cybersecurity, which includes regular risk crimes requires a sustained and vigilant assessments, the implementation of effort, as the stakes continue to rise in an robust security measures, and the increasingly interconnected and digitally- continuous development of cybersecurity dependent world. skills and knowledge, is essential for mitigating the impact of computer crimes. History of Computer Crimes The period between 1980 and 2001 saw sharp growth in reported incidents of computer attacks. Two factors have contributed to this phenomenal growth: the growth of the Internet the massive news coverage of virus incidents. History of Computer Crimes: mid1980s 414-Club (San Francisco) The 414-Club was the first national news-making hacker group. The group named their group 414 after the area code of San Francisco they were in. They started a series of computer intrusion attacks via a Stanford University computer which they used to spread the attack across the country. From that small but history-making attack, other headline-making attacks from Australia, Germany, Argentina, and the USA followed. History of Computer Crimes: 1984-1987 1984: I2600: The Hacker Quarterly, a hacker magazine, was launched, 1985: the electronic hacking magazine Phrack was founded. 1986: the US Congress passed the Computer Fraud and Abuse Act. Hacker activities that had only been in the USA started to spread worldwide. 1987: the Italian hacker community launched Decoder magazine, similar to the US 2600: Hacker Quarterly History of Computer Crimes: 1988 A Cornell university graduate student created a computer virus that crashed 6,000 computers and effectively shut down the Internet for 2 days History of Computer Crimes: 1991 The 1990s saw heightened hacking activities and serious computer network near meltdowns. The 1991 expectation of the “Michelangelo” virus which was expected to crash computers on March 6, 1992, the artist’s 517th birthday, but which passed without incident.. History of Computer Crimes 1999-2001 1999: President Bill Clinton announced a $1.46 billion initiative to improve government computer security. 2000: The costliest and most powerful computer network attacks. It included “Mel-lisa,”“Love Bug,”“Killer Resume,” and a number of devastating distributed denial of service attacks. 2001: the elusive “Code Red” virus was released. TERMINOLOGY: A computer crime investigator Investigates a number of crimes that range from recovering file systems on computers that have been hacked or damaged, to investigating crimes against children. Recover data from computers that can be used in prosecuting crimes. Places to look for digital evidence on a computer system: Deleted Files Hidden Files Slack Space Bad Blocks Steganography Utilities Compressed and Coded Files Encrypted Files Password Protected Files Deleted Files Files on a computer that have been deleted can often be recovered manually This is most possible with Windows based systems In Windows, when a document or file is deleted, it is actually still on the computer’s hard drive – it’s just listed as a document that should not be displayed to the user This means that it still exists, and can be found and relocated to somewhere where it can be viewed Hidden Files One of the most difficult types of files to try and find Special software exists that can hide files from a computer’s own operating system! It is very difficult to identify if there are hidden files of this type on a computer, and if so, where they may be Operating systems are also designed to hide files and file names from the users, who often don’t have the necessary computer knowledge to manage those files properly on their own For this type of hidden file, there is usually a simple method of exposing all operating system files to the user Slack Space An allocated, but unused space on a computer disc In Windows systems, all files are allotted a certain amount of space, even if the file is smaller than that space This creates ‘slack space’, which can be used to hide other files However, there is software that can be used to analyze slack space and what it contains Bad Blocks A bad track is an area of a hard disk that is considered not reliable for data storage For this reason, bad tracks are not visible to users A skilled computer technologist can also designate areas of a disk as a bad track, whether or not the section of the disk is actually usable or not It would be possible to designate a working track as bad, and then use it store files that can’t easily be seen Steganography Utilities The art of hiding information in ways that prevent its detection It’s an ancient craft that has existed in some form or another since the 15th century Examples have included hidden messages in artwork, invisible ink used in documents, cyphers, Morse Code, etc. In today’s day and age it is used as the premise for hiding digital messages Compressed & Coded Files Data/files can be hidden by compressing or coding them Coding involves substituting characters for other characters based on a chosen system Compressing data is a way of reducing the size of a document or file, so that the properties of the file appear differently then the actual content Documents that have been coded or compressed, can be decoded or decompressed if a user can decipher the method used to do so Encrypted & PROTECTED Files Encrypted Files Files or data can be encrypted, so that the information can be found, but not readable in its original form However, encrypted files can be decrypted as well, using software and other decryption techniques/codes Password Protected Files All data and files can be password protected Password can be guessed WHY IS IT IMPORTANT TO LOOK FOR, AND FIND, DIGITAL EVIDENCE OF A COMPUTER CRIME? Once digital evidence has been found, and it has been proven to be authentic, it can be used in a court of law to show that someone has committed a computer crime! Terminology: DIGITAL FORENSICS Digital forensics examiners investigate an intrusion, gather evidence of a crime and uncover fraud by analyzing computer storage devices, network servers and other types of digital media to track down hackers. Digital forensics investigation is the process of identifying, extracting, preserving, and documenting computer evidence through digital tools to produce evidence used in the court of law. Part Two Social and Ethical Consequences 1. Psychological Effects. These depend on the attack motive and may result in long psychological effects such as hate. Psychological effects may lead to individual reclusion and increasing isolation. Such trends may lead to dangerous and costly repercussions on the individual, corporations, and the society as a whole. 2. Moral Decay. There is a moral imperative in all our actions. When human actions, whether bad or good, become so frequent, they create a level of familiarity that leads to acceptance as normal. This type of acceptance of actions formerly viewed as immoral and bad by society is moral decay. There are numerous e-attacks that can cause moral decay. In fact, because of the recent spree of DDoS and e-mail attacks, one wonders whether people performing these acts seriously consider them as immoral and illegal anymore! 3. Loss of Privacy. After headline-making e-attacks that wreaked havoc on global computers systems, there is a resurgence in the need for quick solutions to the problem that seems to have hit home. Many businesses are responding with patches, filters, intrusion detection (ID) tools, and a whole list of other solutions. 4. Trust. Along with privacy lost, trust is lost. Individuals once attacked lose trust in a person, group, company, or anything else believed to be the source of the attack or believed to be unable to stop the attack. E-attacks, together with draconian solutions, cause us to lose trust in individuals and businesses, especially businesses hit either by e-attacks or trying to forcibly stop attacks. Such customer loss of trust in a business is disastrous for that business. Most importantly, it is a loss of the society’s innocence. PART THREE Artificial Intelligence Week 9: Required Readings Textbook: Kizza, J. M. (2017). Ethical and social issues in the information age. 6th Edition. ISBN 978-3-319-70712-9 Chapter 10 Kizza, References IMAGES https://pixabay.com/ https://www.freepik.com/ wikipedia.com psychologytoday.com REFERENCES PPT adapted from: Kizza, Chapter 10 https://en.wikipedia.org/wiki/Ashley_Madison_data_breach https://www.csoonline.com/article/2130877/the-biggest-data-breaches-of-the-21st-century.html