...committed and what are the crime trends? Who commits them and why do people commit them? How much money is at stake, lost and recovered? How can such crime be reduced – by prevention or punishment? Online and desk-based reviews of books, reports and articles Legislative and case-law analysis, including sentencing research Consultations with business, government and the community Surveys of households, businesses, offenders and victims Analysis of media reporting of crime Research methods Dissemination of findings • Reports, books, articles, conference papers, roundtables, online, media Cyber crime concepts Organised Crime e.g. OMCGs Identity Crime Cyber Crime e.g. off-line crimes e.g. ID theft Internet Crime e.g. Offensive Content Phishing Financial Crime e.g. Home renovation scams A chronology of cyber crime Cloud computing risks 2009 Wireless vulnerabilities 2007 M-commerce attacks 2006 Phishing 2002 Cyberstalking 1998 Cyberterrorism attacks 1997 Spam 1995 Identity crime 1995 Online piracy 1995 Botnets 1993 Child exploitation1990 ATM fraud 1985 Funds transfer fraud 1985 Extortion 1980 Denial of service 1980 Creeper virus 1971 Computer hacking 1970 Telemarketing scams 1965 Phreaking 1961 Organised...
Words: 1301 - Pages: 6
...The purpose of this paper is to identify three information security threats, potential risks, and the related vulnerabilities to an organization. We will go in depth to identify these harmful threats and describe each potential risk an organization may have to endure. We will also discuss three major information security threats dealing with SunTrust Bank. SunTrust bank headquartered in Atlanta, Ga operates 1,497 branches and over 2, 200 ATMs in the South and some in the North. SunTrust bank has over $175 billion in assets in the US and the money is increasing even more. The major assets that SunTrust has invested needs to be fully protected against potential information security threats from people trying to steal money or do harm to the organization. One of the major threats that SunTrust bank and other banks have to be cautious of is distributed-denial-of-service attacks or DDoS. A DDoS attack is designed for an attack on a single target by a group of compromised system infecting the target with a Trojan. There are two types of attacks associated with DDoS attacks, which are network-centric and application layer attack. There are two types of DDos attacks a network centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls (Rouse, 2013). The most well known DDoS attack was committed by the Izz ad-Din al-Zassan Cyber fighters in 2012. These attacks were distributed in two phases:...
Words: 1269 - Pages: 6
...al., (2012) observed that there has been a tremendous rise in the threats of malicious attacks globally—a appreciable increase of 71% between 2008 and 2009 was noted. A specie and very popular scam is Phishing and Identity Theft (IDT). This type of online crime is a fraudulent scheme whereby attackers invade the victims’ privacy and obtain their personally identifying information (PII) such as credit card numbers, CVV numbers, credit card reports, social security numbers, drivers license numbers (usually used in gaining short-term driving jobs), telephone calling cards, ATM card details, Mortgage details, date of birth details, passwords, PIN numbers, etc. (Hedayati, 2012). These details are used by online criminals to perpetrate larceny against their victims who may have compromised their PIIs through social engineering—a preliminary attack technique used by the attackers to trick victims into compromising such details to the criminals (Hedayati, 2012). Over the past decade, a well over 500 million of PIIs belonging to the United States residents kept and stored in various corporate or government and other institutional databases have been found to be stolen or lost to these criminals through privacy breaches (Douglas, 2013). According to Gartner Group, losses associated with phishing and ID theft suffered by US banks...
Words: 1209 - Pages: 5
...is a disturbing fact considering that the estimated fraud loses for business of all sizes was nearly $2.9 trillion in 2009. Fraud occurs so frequently in small business for a couple of reasons. A common reason is that small companies typically have small or even single-person accounting staffs and limited internal controls; lack of separation of duty. It is typical to have the accountant also be the office manager and receiving clerk. Problems can arise if for no other reason than on one double checks the work. Besides being more susceptible to errors and fraud, small businesses also are less likely to discover them because financial audits are almost never performed. It seems, as though a new scam comes to light every day, with electronic-media inspired frauds such as phishing and spoofing, joining old, low-tech fraud themes. The Association of Certified Fraud Examiners (ACFE) periodically publishes Report to the Nation on Occupational Fraud and Abuse. The article attempts to define emerging fraud techniques as well as identify the economic impact these crimes have on our economy. Frauds perpetrated against small businesses continue to cost more on average than those against larger...
Words: 1750 - Pages: 7
...1.0 Incident: A Police Department in Cockrell Hill, a smaller town just west of Dallas, Texas recently fell victim to a phishing attack and had to decide between losing several years’ worth of evidence or paying a ransom to cybercriminals. 2.0 Analysis: Phishing is a form of fraud in which attackers attempt to gain access to and or learn information such as login credentials, other account information, and etc. by masquerading as reputable entities mostly through emails or instant messaging. Typically what happens is, victims will receive a message that appears to be from a known contact or reputable organization. Then when opened, the message will contain either some form of attachment or link(s) containing malware. In this case, the Cockrell Hill Police Department was victim to just that. Someone from inside the department clicked on an email from what appeared as a legitimate department-issued email address. The message subsequently introduced a virus to the departments computer system. The virus corrupted all their files on the server and produced a computer-generated ransom message, demanding approximately $4,000 worth of Bitcoins. According...
Words: 498 - Pages: 2
...it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries can and do cover computer-related crimes or electronically perpetrated crimes. Offences against the computer are relatively new as they arise from and in relation to the digital age, which threatens the functionality of the computer as an asset of a borderless information society. New laws are required in order to nurture and protect an orderly and vibrant digital environment. Offences...
Words: 24175 - Pages: 97
...it is another mode of commercial and personal transaction and one that is heavily dependent on interaction through computers and automatic agents rather than face-to-face meetings, which increases distance and allows anonymity, it is another avenue for crimes to perpetuate. “Computer Crime” encompasses crimes committed against the computer, the materials contained therein such as software and data, and its uses as a processing tool. These include hacking, denial of service attacks, unauthorized use of services and cyber vandalism. “Cyber Crime” describes criminal activities committed through the use of electronic communications media. One of the greatest concerns is with regard to cyber-fraud and identity theft through such methods as phishing, pharming, spoofing and through the abuse of online surveillance technology. There are also many other forms of criminal behaviour perpetrated through the use of information technology such as harassment, defamation, pornography, cyber terrorism, industrial espionage and some regulatory offences. The existing criminal laws in most countries can and do cover computer-related crimes or electronically perpetrated crimes. Offences against the computer are relatively new as they arise from and in relation to the digital age, which threatens the functionality of the computer as an asset of a borderless information society. New laws are required in order to nurture and protect an orderly and vibrant digital environment. Offences...
Words: 24175 - Pages: 97
...How to Protect Your Network From Cyber Attacks There are three measures network administrators can take to avoid the types of network attacks that plagued U.S. and South Korean websites including www.whitehouse.gov, NASDAQ, NYSE, Yahoo!'s financial page and the Washington Post. The three areas to focus on are network based mitigation, host based mitigation and proactive measures. Network based mitigation * Install IDS/IPS with the ability to track floods (such as SYN, ICMP, etc.) * Install a firewall that has the ability to drop packets rather than have them reach the internal server. The nature of a web server is such that you will allow HTTP to the server from the Internet. You will need to monitor your server to know where to block traffic. * Have contact numbers for your ISP's emergency management team (or response team, or the team that is able to respond to such an event). You will need to contact them in order to prevent the attack from reaching your network's perimeter in the first place. Host based mitigation * Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will want to reduce this number. * Ensure that TCP also time out at a reasonable time. * Install a host-based firewall to prevent HTTP threads from spawning for attack packets Proactive measures For those with the know-how, it would be possible to "fight back" with programs that can neutralize the threat. This method is used mostly by networks...
Words: 2314 - Pages: 10
...Caleb Olumuyiwa N/T 2580 Introduction To Information Security Week 2 A ssigment Define Key Terms. Adware | A software program that collects infor- mation about Internet usage and uses it to present targeted advertisements to users. Asset | Any item that has value to an organization or a person. Attack | An attempt to exploit a vulnerability of a computer or network component Backdoor | An undocumented and often unauthor- ized access method to a computer resource that bypasses normal access controls. Black-hat hacker | A computer attacker who tries to break IT security for the challenge and to prove technical prowess. Cookie | A text file sent from a Web site to a Web browser to store for later use. Cookies contain details gleaned from visits to a Web site Cracker | A computer attacker who has hostile intent, possesses sophisticated skills, and may be interested in financial gain. Dictionary attack | An attack method that takes all the words from a dictionary file and attempts to log on by entering each dictionary entry as a password. Disclosure | 1. Any instance of an unauthorized user accessing protected information. 2. Refers, under HIPAA, to how a covered entity shares PHI with other organizations. Ethical hacker | An information security or network professional who uses various penetration test tools to uncover or fix vulnerabilities. Also called a white-hat hacker. Firewall | A program or dedicated hardware device that inspects network traffic passing through...
Words: 1378 - Pages: 6
...emerging threat vector which combines social engineering and technology. Utilizing Voice over Internet Protocol (VoIP) convenience combined with electronic mail phishing techniques, Vishing has the potential to be a highly successful threat vector. Vishing victims face identity theft and/or financial fraud. An increased awareness about these attacks will provide an effective means for overcoming the security issues. INDEX 1. Introduction 1 2. What is Vishing? 1 3. How Vishing works? 2 4. The Problem of Trust 4 5. Vishing Characteristics 5 5.1. Type of data prone to attack 5 5.2. Data usage by the attacker 6 6. Other Attacks 6 6.1. Dumpster diving 6 6.2. Card Owner Validation 7 6.3. Handset Blackmail 7 6.4. Exploit payloads 7 7. Overcoming Vishing 7 8. Conclusion 8 References 9 1. Introduction: Many of today’s widespread threats rely heavily on social engineering techniques, which are used to manipulate people into performing actions or divulging confidential information to leverage and exploit technology weaknesses. Phishing is the most commonly exploited threat currently plaguing the Internet and its users. At one point, phishing referred exclusively to the use of e-mail to deliver messages whose purpose was to persuade recipients to visit a fake website designed to steal...
Words: 2502 - Pages: 11
...How Identity Theft Affect the Culture of our Society Sections I, II, III and IV Rodrekus Baskin DeVry University How Identity Fraud and Theft Impact the Culture of Our Society Section I Identity theft affects millions of Americans every day. Scam artists and hackers lay in wait for an unsuspecting person to get caught up their scheme through ignorance or naivety so they can take full advantage of their personal information to do as they desire with it. Problem is, it infiltrates and depreciates the integral infrastructure of our society which creates a cultural lapse through the declination of economic and cultural growth and double jeopardizes an already unstable system to the brink of its destruction. To understand how identity theft works or happens, one need to know and understand what identity theft is, the different forms of identity theft, cyber security and the impact on its victims, the methods used by identity thieves to obtain identifying information about their victims, and preventive solutions. How Identity Theft Affect the Culture of Our Society A single mother looking forward to advancing her financial situation comes across what appears to be the opportunity she has been waiting for. A real estate agent has provided her with the fortune of owning her own home and without skepticism of any impending dangers or foul play, even though he displayed what appeared to be proper credentials, she relinquished all of her personal data...
Words: 5785 - Pages: 24
...Structured Analysis of PHISHING By Prasath Manimaran ID: 20038303 Table of Contents Chapter One – Introduction 1. Research Questions and Objectives……………….…………………………………………….5 Chapter Two – Literature Review & Definition of Phishing 2.1. Literature Review…………………………………………………………………………………………..8 2.1.2. Definitions of Phishing……………………………………………………………………..8 2.1.3. Outcomes of this Study…………………………………………………………………….16 2.2. Research Details 2.2.1. Scope of the Research……………………………………………………………………….17 2.2.2. Research Methodology……………………………………………………………………..17 2.2.3Inductive versus Deductive Study……..………………………………………………..20 2.2.4. Qualitative versus Quantative……………………………………………………..20 Chapter Three – Phishing in a Banking Context 3.1. Confidence in Internet Banking……………………………………………………………………22 3.1.1. Security Requirements………………………………………………………………………23 3.2. Threat Models……………………………………………………………………………………………….25 3.2.1. The Internet Threat Model……………………………………………………..25 3.2.2. Thompson Threat Model……………………………………………………….26 3.2.3. Viral Threaet Model………………………………………………………………26 3.3. The Phishing Threat Model…………………………………………………………………………..26 3.3.1. Identification of Internet Banking Components………………………………..27 3.3.2. Identification of Phishing Threats………………………………………………29 Chapter 4 – Analysis of Current Phishing Techniques 4.1. Modus Operandi………………………………………………………………………………………….…36 4.2. Roles of Adversary in Phishing………………………………………………………………………...
Words: 15039 - Pages: 61
...Title A research proposal submitted by Masisi Mulalo Supervisor: Moyo Benson Computer Science University of Venda 2014 ABSTRACT We live in a digital era where communication, information sharing and even business transactions is exchanged on mobile devices such as laptop computers, palmtops, tablet computers, smartphones and cell phones. The new age group of young people have never known a life without a mobile device with internet capabilities. Mobile Devices are an integral part of personal and social lives it is only logical that users should have awareness of security during the use of mobile devices. Individuals and organisations have both been beneficiaries on the rapid expansion of information and communication technologies (ICTs). Inevitably however, these offerings by mobile devices also bring about security vulnerabilities which users in Thohoyandou are not aware of. According to Lookout principal security analyst Marc Rogers, 2013, following simple precautions like sticking to the Google Play Store can ensure the security of a mobile device. This is rather not always the case as hackers and crackers make use of trustful applications to distribute malware. This study intends to outline security vulnerabilities and deliver clear recommendations on essential security technologies and practices to help mobile device users in Thohoyandou. Correct misconceptions or myths in order to bring about changes...
Words: 2908 - Pages: 12
...Measuring the Cost of Cybercrime Ross Anderson 1 Chris Barton 2 Rainer B¨hme 3 o Richard Clayton 4 Michel J.G. van Eeten 5 Michael Levi 6 Tyler Moore 7 Stefan Savage 8 Abstract In this paper we present what we believe to be the first systematic study of the costs of cybercrime. It was prepared in response to a request from the UK Ministry of Defence following scepticism that previous studies had hyped the problem. For each of the main categories of cybercrime we set out what is and is not known of the direct costs, indirect costs and defence costs – both to the UK and to the world as a whole. We distinguish carefully between traditional crimes that are now ‘cyber’ because they are conducted online (such as tax and welfare fraud); transitional crimes whose modus operandi has changed substantially as a result of the move online (such as credit card fraud); new crimes that owe their existence to the Internet; and what we might call platform crimes such as the provision of botnets which facilitate other crimes rather than being used to extract money from victims directly. As far as direct costs are concerned, we find that traditional offences such as tax and welfare fraud cost the typical citizen in the low hundreds of pounds/Euros/dollars a year; transitional frauds cost a few pounds/Euros/dollars; while the new computer crimes cost in the tens of pence/cents. However, the indirect costs and defence costs are much higher for transitional and new crimes. For the former they may be...
Words: 16972 - Pages: 68
...2010 INFORMATION MANAGEMENT PBSA 823 Chicken Run Group Assignment Lecturer: Mr. J. C. Coetzee 9/18/2010 Nestlé struggles with Enterprise Systems CRITERIA FOR MARKING MBA-ASSIGNMENTS 1 | Meeting the objectives of the assignmentThe extent to which: | 60 | | *1.1 | the assignment was understood and answered comprehensively | 10 | | *1.2 | independent (own) thought is reflected | 10 | | 1.3 | insight in the topic was demonstrated | 10 | | 1.4 | logical, systematic thought and reasoning is demonstrated | 10 | | 1.5 | quality research (literature study and / or empirical work) was done | 10 | | 1.6 | conclusions are logic, meaningful and substantiated | 10 | | 2 | Presentation and technical aspectsThe extent to which: | 30 | | 2.1 | the content shows a logical andintegrateddevelopment and forms a balancedholisticwhole | 15 | | 2.2 | the executivesummary reflects the content comprehensively and meaningfully | 5 | | 2.3 | the table of contents, references and list of sources are noted correctly | 5 | | 2.4 | the style and language (grammar) meet the requirements | 5 | | 3 | General quality rating | 10 | | | Evaluator’s general evaluation mark of the assignment’s quality - taking into consideration the above and other factors | | | | TOTAL | 100 | | Assignment Word Count: Chicken Run Group Members “There is nothing more determined than poultry with a plan…” Bezuidenhout, P.J. 1224 6093 Botha...
Words: 4468 - Pages: 18