CYBER CRIME

<< String Manipulations:

Social Implications of Computing >>

Introduction to Computing CS101

LESSON 39

CYBER CRIME

Focus of the last Lesson was on Database SW

In our final Lesson on productivity SW, we continued our discussion on data management

We found out about relational databases

We also implemented a simple relational database

Relational Databases

Databases consisting of two or more related tables are called relational databases

Each column of those tables can contain only a single type of data (contrast this with spreadsheet

columns!)

Table rows are called records; row elements are called fields

A relational database stores all its data inside tables, and nowhere else

All operations on data are done on those tables or those that are generated by table operations

Tables, tables, and nothing but tables!

RDBMS

Relational DBMS software

Examples:

Access

FileMaker Pro

SQL Server

Oracle

Classification of DBMS w.r.t. Size

Personal/Desktop/Single-user (MB-GB)

Server-based/Multi-user/Enterprise (GB-TB)

Seriously-huge databases (TB-PB-XB)

The Trouble with Relational DBs

Much of current SW development is done using the object-oriented methodology

When we want to store the object-oriented data into an RDBMS, it needs to be translated into

a form suitable for RDBMS

Then when we need to read the data back from the RDBMS, the data needs to be translated back

into an object-oriented form before use

These two processing delays, the associated processing, and time spent in writing and maintaining

the translation code are the key disadvantages of the current RDBMSes

Some Terminology

Primary Key is a field that uniquely identifies each record stored in a table

Queries are used to view, change, and analyze data. They can be used to:

Combine data from different tables, efficiently

Extract the exact data that is desired

Forms can be used for entering, editing, or viewing data, one record at a time

Reports are an effective, user-friendly way of presenting data. All DBMSes provide tools for

producing custom reports

264

Introduction to Computing CS101

Desktop RDBMS Demo

We will create a new relational database

It will consist of two tables

We will populate those tables

We will generate a report after combining the data from the two tables

Today's Lecture:

Cyber Crime

To find out about several types of crimes that occur over cyber space (i.e. the Internet)

To familiarize ourselves with with several methods that can be used to minimize the ill effects of

those crimes

39.1 07 February 2000

Users trying to get on to the Web sites of Yahoo, couldn't!

Reason: Their servers were extremely busy!

They were experiencing a huge number of hits

The hit-rate was superior to the case when a grave incident (e.g. 9/11) occurs, and people are trying

to get info about what has happened

The only problem was that nothing of note had taken place!

What was going on?

A coordinated, distributed DoS (Denial of Service) attack was taking place

Traffic reached 1 GB/s; many times of normal!

In the weeks leading to the attack, there was a noticeable rise in the number of scans that Internet

servers were receiving

Many of these scans appeared to originate from IP addresses that traced back to Korea, Indonesia,

Taiwan, Australia

Three Phases of the DoS

1.Search

2.Arm

3.Attack

1. Search for Drones

The attackers set about acquiring the control over the computers to be used in the attack ...

by scanning using e.g. Sscan SW a large numbers of computers attached to the Internet

Once a computer with a weak security scheme is identified, the attackers try a break-in

Once conquered, that computer called a drone will be used to scan others

2. Arming the Drones

After several drones have been conquered, the DoS SW is loaded on to them

Examples: Tribal Flood Network, Trinoo, TFN2K

Like a time-bomb, that SW can be set to bring itself into action at a specified time

Alternatively, it can wait for a commencement command from the attacker

265

Introduction to Computing CS101

3. The Actual Attack

At the pre-specified time or on command, the SW implanted on all of the drones wakes-up and

starts sending a huge number of messages to the targeted servers

Responding to those messages overburdens the targeted servers and they become unable to perform

their normal functions

Neutralizing the Attack

The engineers responsible for monitoring the traffic on the Yahoo Web sites quickly identified the

key characteristics of the packets originating from those drones

Then they setup filters that blocked all those packets

It took them around 3 hours to identify and block most of the hostile packets

BTW, the sender's IP address can be spoofed, making it impossible to block the attack just by

blocking the IP addresses

The Aftermath

None of the Yahoo computers got broken-into; The attackers never intended to do that

None of the user data (eMail, credit card numbers, etc.) was compromised

Ill-effects:

Yahoo lost a few million's worth of business

Millions of her customers got annoyed as they could not access their eMail and other info from the

Yahoo Web sites

Who Done It?

The DoS SW is not custom SW, and can be downloaded from the Internet. Therefore, it is difficult

to track the person who launched the attack by analyzing that SW

After installing the DoS SW on the drones, setting the target computer and time, the attackers

carefully wipe away any info on the drone that can be used to track them down

End result: Almost impossible to track and punish clever attackers

How to stop DoS attacks from taking place?

Design SW that monitors incoming packets, and on noticing a sudden increase in the number of

similar packets, blocks them

Convince system administrators all over the world to secure their servers in such a way that they

cannot be used as drones

BTW, the same type of attack brought down the CNN, Buy, eBay, Amazon Web sites the very next

day of the Yahoo attack

39.2 DoS Attack: A Cyber Crime

DoS is a crime, but of a new type - made possible by the existence of the Internet

A new type of policing and legal system is required to tackle such crimes and their perpetrators

Internet does not know any geographical boundaries, therefore jurisdiction is a key issue when

prosecuting the cyber-criminal

Cyber crime can be used to ...

Damage a home computer

Bring down a business

Weaken the telecom, financial, or even defense-related systems of a country

266

Introduction to Computing CS101

Cyberwar!

In 1997, blackouts hit New York City, Los Angeles

The 911 (emergency help) service of Chicago was shut down

A US Navy warship came under the control of a group of hackers

What was happening? A cyber attack!

All of the above did not happen in reality, but in a realistic simulation

The US National Security Agency hired 35 hackers to attack the DoD's 40,000 computer networks

By the end of the exercise, the hackers had gained root-level (the highest-level!) access to at least 3

dozen among those networks

Cyberwarfare:

A clear and present threat as well opportunity for all of the world's armed force!

39.3 More cybercrimes ...

Mail Bombing

Similar in some ways to a DoS attack

A stream of large-sized eMails are sent to an address, overloading the destination account

This can potentially shut-down a poorly-designed eMail system or tie up the telecom channel for

long periods

Defense: eMail filtering

Break-Ins

Hackers are always trying to break-in into Internet-connected computers to steal info or plant

malicious programs

Defense: Intrusion detectors

Credit Card Fraud

A thief somehow breaks into an eCommerce server and gets hold of credit numbers and related

info

The thief then uses that info to order stuff on the Internet

Alternatively, the thief may auction the credit card info on certain Web sites setup just for that

purpose

Defense: Use single-use credit card numbers for your Internet transactions

Software Piracy

Using a piece of SW without the author's permission or employing it for uses not allowed by the

author is SW piracy

For whatever reason, many computer users do not consider it to be a serious crime, but it is!

Only the large rings of illegal SW distributors are ever caught and brought to justice

Defense: Various authentication schemes. They, however, are seldom used as they generally

annoy the genuine users

Industrial Espionage

Spies of one business monitoring the network traffic of their competitors

267

Introduction to Computing CS101

They are generally looking for info on future products, marketing strategies, and even financial

info

Defense: Private networks, encryption, network sniffers

Web Store Spoofing

A fake Web store (e.g. an online bookstore) is built

Customers somehow find that Web site and place their orders, giving away their credit card info in

the process

The collected credit card info is either auctioned on the Web or used to buy goods and services on

the Web

39.4 Viruses

Self-replicating SW that eludes detection and is designed to attach itself to other files

Infects files on a computers through:

Floppy disks, CD-ROMs, or other storage media

The Internet or other networks

Viruses cause tens of billions of dollars of damage each year

One such incident in 2001 the LoveBug virus had an estimated cleanup/lost productivity cost of

US$8.75 billion

The first virus that spread world-wide was the Brain virus, and was allegedly designed by someone

in Lahore

One Way of Classifying Viruses

Malicious

The type that grabs most headlines

May destroy or broadcast private data

May clog-up the communication channels

May tie-up the uP to stop it from doing useful work

Neutral

May display an annoying, but harmless message

Helpful

May hop from one computer to another while searching for and destroying malicious viruses

Anatomy of a Virus

A virus consists of 2 parts:

Transmission mechanism

Payload

Transmission Mechanism

Viruses attach themselves to other computer programs or data files (termed as hosts)

They move from one computer to another with the hosts and spring into action when the host is

executed or opened

Payload

The part of the virus that generally consists of malicious computer instructions

The part generally has two further components:

268

Introduction to Computing CS101

Infection propagation component:

This component transfers the virus to other files residing on the computer

Actual destructive component:

This component destroys data or performs or other harmful operations

Commonsense Guidelines

Download SW from trusted sites only

Do not open attachments of unsolicited eMails

Use floppy disks and CDROMs that have been used in trusted computers only

When transferring files from your computer to another, use the write-protection notches

Stay away from pirated SW

Regularly back your data up

Install Antivirus SW; keep it and its virus definitions updated

Antivirus SW

Designed for detecting viruses & inoculating

Continuously monitors a computer for known viruses and for other tell-tale signs like:

Most but, unfortunately not all viruses increase the size of the file they infect

Hard disk reformatting commands

Rewriting of the boot sector of a hard disk

The moment it detects an infected file, it can automatically inoculate it, or failing that, erase it

39.5 Other Virus-Like Programs

There are other computer programs that are similar to viruses in some ways but different in some

others

Three types:

Trojan horses

Logic- or time-bombs

Worms

Trojan Horses

Unlike viruses, they are stand-alone programs

The look like what they are not

They appear to be something interesting and harmless (e.g. a game) but when they are executed,

destruction results

Logic- or Time-Bombs

It executes its payload when a predetermined event occurs

Example events:

A particular word or phrase is typed

A particular date or time is reached

Worms

Harmless in the sense that they only make copies of themselves on the infected computer

Harmful in the sense that it can use up available computer resources (i.e. memory, storage,

processing), making it slow or even completely useless

Designing, writing, or propagating malicious code or participating in any of the fore-mentioned

activities can result in criminal prosecution, which in turn, may lead to jail terms and fines!

Today's Lecture:

We found out about several types of computer crimes that occur over cyber space

We familiarized ourselves with with several methods that can be used to minimize the ill effects of

these crimes

269

Introduction to Computing CS101

Next Lecture' Goals

(Social Implications of Computing)

We will explore the impact of computing on:

Business

Work

Living

Health

Education

270

Table of Contents: