Computer Forensics and Cyber Crime PDF
Document Details
Uploaded by IndebtedOwl
null
2013
Marjie T. Britz
Tags
Summary
This presentation discusses computer crime and the laws and efforts made by governments and law enforcement to address it. It details various legal statutes and international efforts, including the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Act of 1996. The presentation also touches upon data mining techniques and law enforcement tools.
Full Transcript
Computer Forensics and Cyber Crime CHAPTER 7 Avenues for Prosecution and...
Computer Forensics and Cyber Crime CHAPTER 7 Avenues for Prosecution and Government Efforts Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Learning Objectives Have knowledge of traditional statutes that also apply to current problems with computer crime. Discover recent federal government legislation on online behavior. Gain knowledge of investigative tools used by the government to reduce the risk of modern technology. Develop an awareness of data mining and the programs imbedded in it. Have an idea of the international attempt to solve the problem of computer crime. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Introduction Law enforcement administrators have faced traditional challenges, such as: Smaller agencies lacking resources available, leading to greater reliance on state and federal agencies, which results in overburdening of those agencies Historically, apathy towards nonviolent crime Glacially slow pace of legislative action Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Traditional Statutes The primary federal law enforcement provisions, relating to cybercrime exist under Title 18, for crimes such as: Fraud and Embezzlement Terrorism or Espionage Child Seduction & Exploitation Stalking Kidnapping (The Hobbs Act) Forgery and Counterfeiting Extortion RICO Access Device Fraud Illegal Wiretapping Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Traditional Statutes Supplemental federal criminal law relating to cybercrime includes: Title 15: Credit card Fraud and Software Piracy Title 17: Copyright Infringement Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Computer Fraud and Abuse Act of 1986 (CFAA) Prior version, the Counterfeit Access Device & computer Fraud & Abuse Act of 1986 – 18 U.S.C. §1030 (also called the Hacking Statute) focused narrowly on unauthorized access to a computer. Considered ineffective: Too vague, overemphasized access to financial information and government computers Only one successful prosecution under original act Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Computer Fraud and Abuse Act of 1986 (CFAA) Later expansion applied the Act to computers used in commerce & communication; applied to all financial records Tailored it to apply to intentional, not inadvertent, intrusions Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Subsequent successful prosecutions included: Kevin Mitnick (perhaps most famous; theft of programs valued at more than $1 million from Digital Equipment corporation & the illegal manipulation of MCI service codes) Shadowhawk (breaking and entering into U.S. Missile Command) Robert Morris (inventor of the Morris Worm, and son of the former chief scientist at the National Computer Security Center) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes National Information Infrastructure Act of 1996 (NIIPA) Focused on loopholes, areas unaddressed by CFAA: Instances of accidental intrusion Offenses committed via computer Offenses committed with computer technology When computer data is not the primary target All computers not involved in commerce but attached to the Internet Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved The Evolution of Computer-Specific Statutes Expanded to include: Transmitting classified government information Obtaining information from financial institutions, private sector computers, and the U.S. government Affecting the government's use of a U.S. department or agency nonpublic computer Fraud related to any of the previous activities Hacking & malicious programming, including any unintentional damages Trafficking in passwords Extortion related to any of the above activities Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes Efforts at banning child pornography have included piecemeal legislation, like the Protection of Children against Sexual Exploitation Act (1977), and Supreme Court rulings. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes New York v. Ferber (1982): Child pornography not protected by the First Amendment's free speech provisions Subsequent Congressional action: Child Protection Act (1984) was supplanted by Child Protection & Obscenity Act (1988); but limited to obscene material Child Pornography Protection Act (CPPA) (1996) applied to virtual images of children, which would include altered images and cartoons, but this law was struck down by the U. S. Supreme Court in Ashcroft v. Free Speech Coalition (2002) as overbroad, covering images that were protected free speech, since virtual images would be made without having to victimize children. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes Response: The PROTECT (Prosecutorial Remedies and Other Tools to End the Exploitation of children Today) Act, which provided for: Mandatory life penalty for repeat child sex offenders Criminal history/background checks for volunteer organizations Electronic eavesdropping for cases of child abuse or kidnapping Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes Forbidding pretrial release for persons charged with violation of this Act Ended statutes of limitation on child abduction, abuse Appointment of National AMBER Alert Coordinator No more waiting periods in missing persons cases for 18-21-year-olds Prohibition against computer-generated child pornography (which seems contradicted by Ashcroft, but has not yet been reviewed by the Court) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Evolving Child Pornography Statutes Application of the Miller standard of obscenity to drawings, sculptures, and pictures depicting minors in obscene situations or engaged in sexual activity Sentencing enhancement for possession and distribution of child pornography Authorization of fines and imprisonment of up to 30 years for U.S. citizens or residents engaging in illicit sexual conduct abroad Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Identity Theft and Assumption Deterrence Act of 1998 (ITADA) Now a crime to possess another’s personal (public or nonpublic) identifying information Also, now unlawful to "Knowingly transfer or use, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law" Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Identity Theft and Assumption Deterrence Act of 1998 (ITADA) Identifying information includes: Name Social Security number Date of birth Official state or government issued driver’s license or identification number Alien registration number Passport number Employer or taxpayer identification number Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation Unique electronic identification number, address, or routing code Telecommunication identifying information or access device Also provided for restitution, attorney's fees, lost time from work, and denial of credit Designated the Federal Trade Commission (FTC) as the repository for consumer complaints and agents of dissemination Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes The Financial Modernization Act of 1999 Contains the Financial Privacy Rule, which states that financial institutions must disclose privacy practices and provide for "opt-out" of disclosure of some personal information Contains the Safeguards Rule, which states that those businesses have to devise security ban to protect such information Addresses pretexting, regarding financial information used to obtain personal information under false pretenses Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Fair and Accurate Credit Transactions Act of 2003 (FACTA) Major provisions include: Free credit report Fraud and active duty alerts Truncation of credit/debit account numbers (to address dumpster-diving) Truncation of Social Security numbers One-call fraud alerts and enhanced victims' resolution process Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Mandate card issuers to investigate change of address requests and requests for new, additional cards Blocking or elimination of fraudulent information Fraud alert requirements for consumer reporting agencies Requirement of consumer reporting agencies to divulge consumer credit scores Limits the comingling of medical and financial information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Debt collectors now obliged to tell third-party employers that debt may be result of identity theft, provide info on how to resolve disputes, and provide all info about debt; also, cannot put debt, result of identity theft, into collection Civil action available when violations occur Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Identity Theft Penalty Enhancement Act of 2004 Criminal penalties for aggravated identity theft, including mandatory sentences Identity Theft Enforcement and Restitution Act of 2008 Expanded consequences for identity theft Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Identity Theft and Financial Privacy Statutes Additional Efforts to Protect Personal Information Drivers Privacy Protection Act: Prohibits use of Social Security numbers and other personal information from a motor vehicle record in any situation not expressly permitted by law Health Insurance Portability & Accountability Act: Restricts health care organizations from disclosing Social Security numbers and health information Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Federally Funded Initiatives and Collaborations The President’s Working Group on Unlawful Conduct on the Internet brought together the business community, government entities, and civil liberty/nonprofit advocacy organizations to evaluate: Sufficiency of existing federal laws Whether new technologies legal authorities needed to investigate and/or prosecute Internet crime Whether education and “empowerment tools” can minimize the risks associated with this behavior Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Federally Funded Initiatives and Collaborations Resulting approaches: Regulation of Internet criminal activity, in same way as with traditional criminal law Recognition of array of special needs, challenges to investigate, prosecute via tool development, enhanced training and interagency (and international) cooperation Development of curricula re cyber ethics, other support for private sector leaders to use Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Federally Funded Initiatives and Collaborations Presidential Decision Directive 63 (PDD 63) (1998) led to creation of National Infrastructure Protection Center's (NIPC) Infragard, intended to bring local leaders, corporate executives, and law enforcement together to discuss potential threats. The Innocent Images initiative was designed investigate adults' interstate travel to meet minors for illicit purposes. Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Packet Sniffers and Key Loggers Dragonware software suite (made up of Carnivore, Packeteer, Coolminer) intended to reconstruct the Web-surfing trail of someone under investigation. This was packet-sniffing software, where communication on the Internet broken down into packets, transmitted, then reassembled at the destination. Cyber Knight project used the Magic Lantern key logger to record keystrokes and mouse clicks for unscrambling encrypted files Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Data Mining Uses statistical models, algorithms, and/or artificial intelligence to analyze large data sets, with analysis parameters looking at: Association of connected events Sequence of path analysis, of events Classification of new patterns Clustering of groups of previously unknown facts Forecasting future activities Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Examples of data mining used to identify potential terrorists: Terrorism information Awareness Program (TIA) and Secure Flight Computer-Assisted Passenger Prescreening System (CAPPS II) Multi-State Anti-Terrorism Information Exchange Pilot Project (MATRIX) Automated Targeting System (ATS) Terrorist Surveillance Program Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Law Enforcement Operations and Tools in the United States Collaborations and Professional Associations Creation of federal, state, or local interagency task forces Cyber Science Laboratory: Collaboration between New York Electronic Crimes Task Force and National Institute of Justice's Office of Science and Technology, for sharing forensic knowledge High Tech Computer Investigators Association (HTCIA): Nonprofit organization that involves training and information dissemination Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts OECD and the Select Committee of Experts on Computer-Related Crime of the Council of Europe The first comprehensive effort (1983-1985) to harmonize criminal law to deal with computer- related economic crime Generated two lists of suggestions: Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts Recommended behaviors that needed to be made illegal: The alteration of computer data or computer programs The practice of computer espionage The unauthorized use of a computer The unauthorized use of a protected computer program Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts Mandatory offenses for all countries to have: Computer fraud Computer forgery Damage to computer data or computer programs Computer sabotage Unauthorized access Unauthorized interception Unauthorized reproduction of a protected computer program Unauthorized reproduction of a topography (which relates to semiconductor design) Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts Council of Europe’s (CoE) Cybercrime Conventions (1996) created four categories of computer-related criminal offenses: Financial Action Task Force, created at G-7 Summit (1989), from concern how money laundering used to support terrorist financing Recommendations focused on law enforcement systems and prosecution of offenses, regulations and financial systems, and international cooperation. Interpol & emphasis of aiding law enforcement agencies Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts Virtual Global Task Force (VGT) (2003), a collaboration of the Australian High Tech Centre, the UK’s Child Exploitation and Online Protection Centre, the RCMP, the U.S. Department of Homeland Security, and Interpol Aim to deliver low-cost, high-impact initiatives that deter pedophiles and prevent the online exploitation of children Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved International Efforts United Nations’ Convention against Transnational Organized Crime (UNCATOC) (2000). Association of Southeast Asian Nations' (ASEAN) shared interest in training, criminal legislation and international collaboration Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved Conclusions Recognition of problems has increased exponentially, with still much work needed Continue to use traditional statutes, pending enactment of technology specific legislation, due to encouragement of policymakers and administrators While international cooperation has increased, competitive issues about sovereignty hinders the continuing efforts Computer Forensics and Cyber Crime, 3rd ed. Copyright © 2013 by Pearson Education, Inc. Marjie T. Britz All Rights Reserved