Cybercrime and Countermeasures
Encyclopedia
Cyber crime, or computer crime, refers to any crime that involves a computer
and a network
. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet
. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking
, copyright infringement
, identity theft
, child pornography
, and child grooming
. There are also problems of privacy
when confidential information is lost or intercepted, lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage
, and other cross-border attacks sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court
among the few addressing this threat.
A cyber countermeasure
is defined as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber attack against a computer, server, network or associated device.
A number of countermeasures exist that can be effectively implemented in order to combat cyber-crime and increase security.
it includes computer viruses, worms
, Trojan horses
, keyloggers, BOTs
, Rootkits, and any software security exploits
.
Malicious code also includes spyware
, which are deceptive programs, installed without authorization, “that monitor a consumer’s activities without their consent.” Spyware can be used to send users unwanted popup ads, to usurp the control of a user’s Internet browser, or to monitor a user’s online habits. However, spyware is usually installed along with something that the user actually wishes to install. The user consents to the installation, but does not consent to the monitoring tactics of the spyware. The consent for spyware is normally found in the end-user license agreement.
, packet sniffing, TCP SYN Flood
, ICMP Flood, IP spoofing, and even simple web defacement.
is one of the most common forms of network abuse, where an individual will email list of users usually with unsolicited advertisements or phishing
attacks attempting to use social engineering to acquire sensitive information such any information useful in identity theft
, usernames, passwords, and so on by posing as a trustworthy individual. Pharming
is also another form of network abuse where a website’s traffic is redirected to a bogus website, usually by exploiting vulnerabilities in Domain Name System(DNS)
servers.
is the act of manipulating
people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. This method of deception is commonly used by individuals attempting to break into computer systems, by posing as an authoritative or trusted party and capturing access information from the naive target. Email Phishing is a common example of social engineering's application, but it is not limited to this single type of attack.
, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.
Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs, and patches
to keep computers on a network secure.
Cryptography
techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP)
and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN)
, Secure Sockets Layer (SSL), Transport Layer Security (TLS)
, Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP)
, or Internet Protocol Security (IPSec)to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard
(DES), Triple Data Encryption Algorithm (3DES), or Advanced Encryption Standard (AES)
to ensure security of information in storage.
Additionally, network vulnerability testing
performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness. Furthermore network monitoring
tools can be used to detect intrusions or suspicious traffic on both large and small networks.
Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer's BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine ..
data, and terrorists’ activity patterns are compiled from databases of past terrorist threats. Unlike other proposed methods, CT-SNAIR constantly interacts with the user, who uses the system both to investigate and to refine hypotheses.
Multimedia data, such as voice, text, and network session data, is compiled and processed. Through this compilation and processing, names, entities, relationships, and individual events are extracted from the multimedia data. This information is then used to perform a social network analysis on the criminal network, through which the user can detect and track threats in the network. The social network analysis directly influences and is influenced by the intent recognition process, in which the user can recognize and detect threats. In the CT-SNAIR process, data and transactions from prior attacks, or forensic scenarios, is compiled to form a sequential list of transactions for a given terrorism scenario.
The CT-SNAIR process also includes generating data from hypothetical scenarios. Since they are imagined and computer-generated, hypothetical scenarios do not have any transaction data representing terrorism scenarios. Different types of transactions combine to represent the types of relationships between individuals.
The final product, or target social network, is a weighted multiplex graph in which the types of edges (links) are defined by the types of transactions within the social network. The weights within these graphs are determined by the content-extraction algorithm, in which each type of link is thought of as a separate graph and “is fed into social network algorithms in part or as a whole.” Links between two individuals can be determined by the existence of (or lack of) the two people being mentioned within the same sentence in the compiled multimedia data or in relation to the same group or event.
The final component in the CT-SNAIR process is Intent Recognition (IR). The goal of this component is to indicate to an analyst the threats that a transaction stream might contain. Intent Recognition breaks down into three subcategories: detection of “known or hypothetical target scenarios,” prioritization of these target scenarios, and interpretation “of the resulting detection.”
become sources of cyber-security market failure
when private returns to security are less than the social returns. Therefore the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber-crime with increased investment in cyber-security.
passed in 1986 is one of the broadest statutes in the US used to combat cyber-crime. It has been amended a number of times, most recently by the US Patriot Act of 2002 and the Identity theft enforcement and Restitution Act of 2008. Within it is the definition of a “protected computer” used throughout the US legal system to further define computer espionage, computer trespassing, and taking of government, financial, or commerce information, trespassing in a government computer, committing fraud with a protected computer, damaging a protected computer, trafficking in passwords, threatening to damage a protected computer, conspiracy to commit a cyber-crime, and the penalties for violation. The 2002 update on the Computer Fraud and Abuse Act
expands the act to include the protection of “information from any protected computer if the conduct involved an interstate or foreign communication.”
passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices, or services intended circumvent Digital Rights Management
(DRM), and circumvention of access control.
of 1986 extends the government restrictions on wiretaps from telephones. This law is generally thought in the perspective of what law enforcement may do to intercept communications, but it also pertains to how an organization may draft their acceptable use policies and monitor communications.
passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage. This law was drafted with the purpose of protecting the privacy of e-mails and other electronic communications.
was declared unlawful by the federal Identity Theft and Assumption Deterrence Act of 1998 (ITADA). Criminals knowingly transferring or using, without lawful authority, “a means of identification of another person with the intent to commit, or to aid abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable State or local law.” Penalties of the ITADA include up to 15 years in prison and a maximum fine of $250,000 and directly reflect the amount of damage caused by the criminal’s actions and their amount of planning and intent.
(GLBA) requires that financial institutions and credit agencies increase the security of systems that contain their customers’ personal information. It mandates that all financial institutions “design, implement, and maintain safeguards to protect customer information.”
(I-SPY) prohibits the implementation and use of spyware
and adware
. I-SPY also includes a sentence for “intentionally accessing a computer with the intent to install unwanted software.”
(FTC) to enforce its provisions.
statute outlined in 18 U.S.C. § 1343 applies to crimes committed over different types of electronic medium such as telephone and network communications.
California, Virginia, and Ohio have implemented services for victims of identity theft, though not well publicized. California has a registry for victims with a confirmed identity theft. Once registered, people can request law enforcement officers call a number staffed 24 hours, year round, to "verify they are telling the truth about their innocence.” In Virginia and Ohio, victims of identity theft are issued a special passport to prove their innocence. However, these passports run the same risk as every other form of identification in that they can eventually be duplicated.
Financial agencies such as banks
and credit bureaus are starting to require verification of data that identity thieves cannot easily obtain. This data includes users’ past addresses and income tax information. In the near future, it will also include the data located through use of biometrics
. Biometrics is the use “of automated methods for uniquely recognizing humans based upon … intrinsic physical or behavioral traits.” These methods include iris scans, voice identification, and fingerprint authentication
. The First Financial Credit Union has already implemented biometrics in the form of fingerprint authentication in their automated teller machines to combat identity theft. With a similar purpose, Great Britain has announced plans to incorporate computer chips with biometric data into their passports. However, the greatest problem with the implementation of biometrics is the possibility of privacy invasion.
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
and a network
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
, copyright infringement
Copyright infringement
Copyright infringement is the unauthorized or prohibited use of works under copyright, infringing the copyright holder's exclusive rights, such as the right to reproduce or perform the copyrighted work, or to make derivative works.- "Piracy" :...
, identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
, child pornography
Child pornography
Child pornography refers to images or films and, in some cases, writings depicting sexually explicit activities involving a child...
, and child grooming
Child grooming
Child grooming refers to actions deliberately undertaken with the aim of befriending and establishing an emotional connection with a child, in order to lower the child's inhibitions in preparation for sexual activity with the child, or exploitation .Child grooming may be used to lure minors into...
. There are also problems of privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
when confidential information is lost or intercepted, lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage
Espionage
Espionage or spying involves an individual obtaining information that is considered secret or confidential without the permission of the holder of the information. Espionage is inherently clandestine, lest the legitimate holder of the information change plans or take other countermeasures once it...
, and other cross-border attacks sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court
International Criminal Court
The International Criminal Court is a permanent tribunal to prosecute individuals for genocide, crimes against humanity, war crimes, and the crime of aggression .It came into being on 1 July 2002—the date its founding treaty, the Rome Statute of the...
among the few addressing this threat.
A cyber countermeasure
Countermeasure
A countermeasure is a measure or action taken to counter or offset another one. As a general concept it implies precision, and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process...
is defined as an action, process, technology, device, or system that serves to prevent or mitigate the effects of a cyber attack against a computer, server, network or associated device.
A number of countermeasures exist that can be effectively implemented in order to combat cyber-crime and increase security.
Malicious Code
Malicious code is a broad category that encompasses a number of threats to cyber-security. In essence it is any “hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose.” Commonly referred to as malwareMalware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
it includes computer viruses, worms
Computer worm
A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...
, Trojan horses
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
, keyloggers, BOTs
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
, Rootkits, and any software security exploits
Vulnerability (computing)
In computer security, a vulnerability is a weakness which allows an attacker to reduce a system's information assurance.Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw...
.
Malicious code also includes spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, which are deceptive programs, installed without authorization, “that monitor a consumer’s activities without their consent.” Spyware can be used to send users unwanted popup ads, to usurp the control of a user’s Internet browser, or to monitor a user’s online habits. However, spyware is usually installed along with something that the user actually wishes to install. The user consents to the installation, but does not consent to the monitoring tactics of the spyware. The consent for spyware is normally found in the end-user license agreement.
Network Attacks
A network attack is considered to be any action taken to disrupt, deny, degrade, or destroy information residing on a computer and computer networks. An attack can take four forms: fabrication, interception, interruption, and modification. A fabrication is the “creation of some deception in order to deceive some unsuspecting user”; an interception is the “process of intruding into some transmission and redirecting it for some unauthorized use”; an interruption is the “break in a communication channel, which inhibits the transmission of data”; and a modification is “the alteration of the data contained in the transmissions.” Attacks can be classified as either being active or passive. Active attacks involve modification of the transmission or attempts to gain unauthorized access to a system, while passive attacks involve monitoring transmissions. Either form can be used to obtain information about a user, which can later be used to steal that user’s identity. Common forms of network attacks include Denial of Service (Dos) and Distributed Denial of Service(DDoS), Man-in-the-middle attackMan-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
, packet sniffing, TCP SYN Flood
SYN flood
A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.-Technical details:...
, ICMP Flood, IP spoofing, and even simple web defacement.
Network abuse
Network abuses are generally considered fraudulent activity that is committed with the aid of a computer. SPAME-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
is one of the most common forms of network abuse, where an individual will email list of users usually with unsolicited advertisements or phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
attacks attempting to use social engineering to acquire sensitive information such any information useful in identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
, usernames, passwords, and so on by posing as a trustworthy individual. Pharming
Pharming
Pharming is a hacker's attack aiming to redirect a website's traffic to another, bogus website. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving...
is also another form of network abuse where a website’s traffic is redirected to a bogus website, usually by exploiting vulnerabilities in Domain Name System(DNS)
Domain name system
The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
servers.
Social Engineering
Social engineeringSocial engineering
Social engineering may refer to:* Social engineering , efforts to influence society on a large scale* Social engineering , the practice of obtaining confidential information by manipulating and/or deceiving people....
is the act of manipulating
Psychological manipulation
Psychological manipulation is a type of social influence that aims to change the perception or behavior of others through underhanded, deceptive, or even abusive tactics. By advancing the interests of the manipulator, often at the other's expense, such methods could be considered exploitative,...
people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques. This method of deception is commonly used by individuals attempting to break into computer systems, by posing as an authoritative or trusted party and capturing access information from the naive target. Email Phishing is a common example of social engineering's application, but it is not limited to this single type of attack.
Technical
There are a variety of different technical countermeasures that can be deployed to thwart cybercriminals and harden systems against attack. FirewallsFirewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point.
Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hotfixes, service packs, and patches
Patch (computing)
A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance...
to keep computers on a network secure.
Cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP)
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN)
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
, Secure Sockets Layer (SSL), Transport Layer Security (TLS)
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
, Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP)
Point-to-point tunneling protocol
The Point-to-Point Tunneling Protocol is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets....
, or Internet Protocol Security (IPSec)to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
(DES), Triple Data Encryption Algorithm (3DES), or Advanced Encryption Standard (AES)
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
to ensure security of information in storage.
Additionally, network vulnerability testing
Penetration test
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness. Furthermore network monitoring
Network monitoring
The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages...
tools can be used to detect intrusions or suspicious traffic on both large and small networks.
Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer's BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine ..
Counter-Terror Social Network Analysis and Intent Recognition
The Counter-Terror Social Network Analysis and Intent Recognition (CT-SNAIR) project uses the Terrorist Action Description Language (TADL) to model and simulate terrorist networks and attacks. It also models links identified in communication patterns compiled from multimediaMultimedia
Multimedia is media and content that uses a combination of different content forms. The term can be used as a noun or as an adjective describing a medium as having multiple content forms. The term is used in contrast to media which use only rudimentary computer display such as text-only, or...
data, and terrorists’ activity patterns are compiled from databases of past terrorist threats. Unlike other proposed methods, CT-SNAIR constantly interacts with the user, who uses the system both to investigate and to refine hypotheses.
Multimedia data, such as voice, text, and network session data, is compiled and processed. Through this compilation and processing, names, entities, relationships, and individual events are extracted from the multimedia data. This information is then used to perform a social network analysis on the criminal network, through which the user can detect and track threats in the network. The social network analysis directly influences and is influenced by the intent recognition process, in which the user can recognize and detect threats. In the CT-SNAIR process, data and transactions from prior attacks, or forensic scenarios, is compiled to form a sequential list of transactions for a given terrorism scenario.
The CT-SNAIR process also includes generating data from hypothetical scenarios. Since they are imagined and computer-generated, hypothetical scenarios do not have any transaction data representing terrorism scenarios. Different types of transactions combine to represent the types of relationships between individuals.
The final product, or target social network, is a weighted multiplex graph in which the types of edges (links) are defined by the types of transactions within the social network. The weights within these graphs are determined by the content-extraction algorithm, in which each type of link is thought of as a separate graph and “is fed into social network algorithms in part or as a whole.” Links between two individuals can be determined by the existence of (or lack of) the two people being mentioned within the same sentence in the compiled multimedia data or in relation to the same group or event.
The final component in the CT-SNAIR process is Intent Recognition (IR). The goal of this component is to indicate to an analyst the threats that a transaction stream might contain. Intent Recognition breaks down into three subcategories: detection of “known or hypothetical target scenarios,” prioritization of these target scenarios, and interpretation “of the resulting detection.”
Economic
The optimal level of cyber-security depends largely on the incentives facing providers and the incentives facing perpetrators. Providers make their decision based on the economic payoff and cost of increased security whereas perpetrators decisions are based on the economic gain and cost of cyber-crime. Potential prisoner’s dilemma, public goods, and negative externalitiesExternality
In economics, an externality is a cost or benefit, not transmitted through prices, incurred by a party who did not agree to the action causing the cost or benefit...
become sources of cyber-security market failure
Market failure
Market failure is a concept within economic theory wherein the allocation of goods and services by a free market is not efficient. That is, there exists another conceivable outcome where a market participant may be made better-off without making someone else worse-off...
when private returns to security are less than the social returns. Therefore the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber-crime with increased investment in cyber-security.
Legal
In the United States a number of legal statutes define and detail the conditions for prosecution of a cyber-crime and are used not only as a legal counter-measure, but also functions as a behavioral check against the commission of a cyber-crime. Many of the provisions outlined in these acts overlap with each.The Computer Fraud and Abuse Act
The Computer Fraud and Abuse ActComputer Fraud and Abuse Act
The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1986, intended to reduce cracking of computer systems and to address federal computer-related offenses...
passed in 1986 is one of the broadest statutes in the US used to combat cyber-crime. It has been amended a number of times, most recently by the US Patriot Act of 2002 and the Identity theft enforcement and Restitution Act of 2008. Within it is the definition of a “protected computer” used throughout the US legal system to further define computer espionage, computer trespassing, and taking of government, financial, or commerce information, trespassing in a government computer, committing fraud with a protected computer, damaging a protected computer, trafficking in passwords, threatening to damage a protected computer, conspiracy to commit a cyber-crime, and the penalties for violation. The 2002 update on the Computer Fraud and Abuse Act
Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act is a law passed by the United States Congress in 1986, intended to reduce cracking of computer systems and to address federal computer-related offenses...
expands the act to include the protection of “information from any protected computer if the conduct involved an interstate or foreign communication.”
The Digital Millennium Copyright Act
The Digital Millennium Copyright ActDigital Millennium Copyright Act
The Digital Millennium Copyright Act is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization . It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to...
passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices, or services intended circumvent Digital Rights Management
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
(DRM), and circumvention of access control.
The Electronic Communications Privacy Act
The Electronic Communications Privacy ActElectronic Communications Privacy Act
The Electronic Communications Privacy Act is a United States law.- Overview :The “electronic communication” means any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or...
of 1986 extends the government restrictions on wiretaps from telephones. This law is generally thought in the perspective of what law enforcement may do to intercept communications, but it also pertains to how an organization may draft their acceptable use policies and monitor communications.
The Stored Communications Act
The Stored Communications ActStored Communications Act
The Stored Communications Act is a law that was enacted by the United States Congress in 1986. It is not a stand-alone law but forms part of the Electronic Communications Privacy Act; it is codified as 18 U.S.C. §§ 2701 to 2712...
passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage. This law was drafted with the purpose of protecting the privacy of e-mails and other electronic communications.
Identity Theft and Aggravated Identity Theft
The Identity Theft and Aggravated Identity Theft statute is a subsection of the Identification and Authentication Fraud statute. It defines the conditions under which an individual has violated identity theft laws.Identity Theft and Assumption Deterrence Act
Identity theftIdentity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
was declared unlawful by the federal Identity Theft and Assumption Deterrence Act of 1998 (ITADA). Criminals knowingly transferring or using, without lawful authority, “a means of identification of another person with the intent to commit, or to aid abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable State or local law.” Penalties of the ITADA include up to 15 years in prison and a maximum fine of $250,000 and directly reflect the amount of damage caused by the criminal’s actions and their amount of planning and intent.
Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley ActGramm-Leach-Bliley Act
The Gramm–Leach–Bliley Act , also known as the Financial Services Modernization Act of 1999, is an act of the 106th United States Congress...
(GLBA) requires that financial institutions and credit agencies increase the security of systems that contain their customers’ personal information. It mandates that all financial institutions “design, implement, and maintain safeguards to protect customer information.”
Internet Spyware Prevention Act
The Internet Spyware Prevention ActInternet Spyware Prevention Act
The Internet Spyware Prevention Act, also known as I-SPY, is an act by the United States Congress to impose penalties and punishments on creators of computer spyware. The act was first introduced in the House of Representatives in 2004 and passed in 2005...
(I-SPY) prohibits the implementation and use of spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
and adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
. I-SPY also includes a sentence for “intentionally accessing a computer with the intent to install unwanted software.”
Access Device Fraud Statutes
18 U.S.C. § 1029 outlines 10 different offenses under which an offender could violate concerning device fraud. These offenses include:- Knowingly trafficking in a counterfeit access device
- Trafficking the counterfeit access device with the intention to committing fraud
- Possessing more than 15 devices with the purpose to defraud
- Production/possession/trafficking in equipment to create access devices if the intent is to defraud
- Receiving payment from an individual in excess of $1,000 in a one year period who was found using illegal access devices
- Solicitation of another individual with offers to sell illegal access devices
- Distributing or possessing an altered telecommunication device for the purpose of obtaining unauthorized telecommunication services
- Production, possession, or trafficking in a scanning receiver
- Using or possessing a telecommunication device that has been knowingly altered to provide unauthorized access to a telecommunication service
- Using a credit card which was illegally obtained and used to purchase goods and services
CAN-SPAM Act
The CAN-SPAM Act of 2003 establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade CommissionFederal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
(FTC) to enforce its provisions.
Wire Fraud Statute
The Wire fraudWire fraud
Mail and wire fraud is a federal crime in the United States. Together, 18 U.S.C. §§ 1341, 1343, and 1346 reach any fraudulent scheme or artifice to intentionally deprive another of property or honest services with a nexus to mail or wire communication....
statute outlined in 18 U.S.C. § 1343 applies to crimes committed over different types of electronic medium such as telephone and network communications.
Communications Interference Statutes
The communications interference statute listed in 18 U.S.C. § 1362 defines a number of acts under which and individual can be charged with a telecommunications related crime including:- Maliciously destroying a property such as cable, system, or other means of communication that is operated or controlled by the United States
- Maliciously destroying a property such as cable, system, or other means of communication that is operated or controlled by the United States Military
- Willfully interfering in the in the working or use of a communications line
- Willfully obstructing or delaying communication transmission over a communications line
- Conspiracy to commit any of the above listed acts
Behavioral
Behavioral countermeasures can also be an effective tool in combating cyber-crime. Public awareness campaigns can educate the public on the various threats of cyber-crime and the many methods used to combat it. It is also here that businesses can also make us of IT policies to help educate and train workers on the importance and practices used to ensure electronic security such as strong password use, the importance of regular patching of security exploits, signs of phishing attacks and malicious code, etc.California, Virginia, and Ohio have implemented services for victims of identity theft, though not well publicized. California has a registry for victims with a confirmed identity theft. Once registered, people can request law enforcement officers call a number staffed 24 hours, year round, to "verify they are telling the truth about their innocence.” In Virginia and Ohio, victims of identity theft are issued a special passport to prove their innocence. However, these passports run the same risk as every other form of identification in that they can eventually be duplicated.
Financial agencies such as banks
Banks
Banks or The Banks may refer to:* Bank, a financial institution- Placenames :Australia* Banks, Australian Capital Territory, a suburb of Canberra...
and credit bureaus are starting to require verification of data that identity thieves cannot easily obtain. This data includes users’ past addresses and income tax information. In the near future, it will also include the data located through use of biometrics
Biometrics
Biometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...
. Biometrics is the use “of automated methods for uniquely recognizing humans based upon … intrinsic physical or behavioral traits.” These methods include iris scans, voice identification, and fingerprint authentication
Fingerprint authentication
fingerprint verification or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify individuals and verify their identity...
. The First Financial Credit Union has already implemented biometrics in the form of fingerprint authentication in their automated teller machines to combat identity theft. With a similar purpose, Great Britain has announced plans to incorporate computer chips with biometric data into their passports. However, the greatest problem with the implementation of biometrics is the possibility of privacy invasion.
Government
- Federal Trade Commission (FTC)Federal Trade CommissionThe Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
- Federal Bureau of Investigation (FBI)Federal Bureau of InvestigationThe Federal Bureau of Investigation is an agency of the United States Department of Justice that serves as both a federal criminal investigative body and an internal intelligence agency . The FBI has investigative jurisdiction over violations of more than 200 categories of federal crime...
- Bureau of Alcohol Tobacco and Firearms (ATF)
- Federal Communications Commission (FCC)Federal Communications CommissionThe Federal Communications Commission is an independent agency of the United States government, created, Congressional statute , and with the majority of its commissioners appointed by the current President. The FCC works towards six goals in the areas of broadband, competition, the spectrum, the...
Private Organizations
- Antivirus/Security Firms
- Internet Service Providers (ISPs)
- Messaging Anti-Abuse Working Group (MAAWG)
- IT Consultants
- Computer Security Incident Response Team (CSIRT)
Public – Private Partnerships
- Computer emergency response team (CERT), Carnegie Mellon UniversityCarnegie Mellon UniversityCarnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....
- United States Computer Emergency Readiness Team (US-CERT)United States Computer Emergency Readiness TeamThe United States Computer Emergency Readiness Team is part of the National Cyber Security Division of the United States' Department of Homeland Security....