390 likes | 780 Views
Internet Vulnerabilities & Criminal Activity. Criminology Theories & Cyber Crime 11.1 4/19/10. Classifications of Cyber Crimes. Cyber trespass Crossing boundaries into other people’s property &/or cause damage Hacking, defacement, malware Cyber deceptions & thefts
E N D
Internet Vulnerabilities & Criminal Activity Criminology Theories & Cyber Crime 11.1 4/19/10
Classifications of Cyber Crimes • Cyber trespass • Crossing boundaries into other people’s property &/or cause damage • Hacking, defacement, malware • Cyber deceptions & thefts • Stealing money or resources • Credit card fraud, IP violations • Cyber pornography • Breach laws of obscenity • Cyber violence • Psychological or physical harm to others • Hate speech, stalking
Cyber Criminals • Broad range of persons • Students, terrorists, amateurs, organized crime groups • More likely to have affluent socioeconomic backgrounds • Has knowledge of computers & the Internet which enables him/her to commit crime of choice • Any technically oriented person has potential to become cyber criminal • Cyber criminal has changed since the ‘80’s and 90’s when cyber crime was infiltration by hacking
FBI’s Definitions of Cyber Criminals • Crackers • Young offenders seeking intellectual stimulation • Criminals • Adult subgroups • Commit fraud, damage systems undertake espionage • Vandals • Not pursuing intellectual stimulation • Motivated by revenge
Typology for Cyber Criminals • White-collar criminals • Vengeful criminals • Disgruntled employees • Patient criminals • Desire more than what they have • Negative state of mind not immediately obvious • Desperate criminals • Facing financial crisis • Easiest to catch
Typology for Cyber Criminals cont. • Hackers • Old School Hackers • Computer experts • Used technology in new, innovative ways • Internals • Disgruntled or ex-employees • Cyber punks • Antisocial, socially inept, angst toward the world • Direct anger into cyberspace • Professional criminals & cyber terrorists • Guns for hire • Good at espionage, leave no trace • Newbies & Script Kiddies • Want recognition but lack skills • Usually teenagers looking for recoognition
Typology for Cyber Criminals cont. • Crackers • Obtain & use data illegally, IP violators • Password crackers • Concerned with cryptography & encoding • Will use any means to discover passwords • Executable program crackers • Programs should obey humans • Reverse engineer programs so changes can be made • Have years of experience programming • Can easily discover program weaknesses • Hobbyists • Cross between above 2 groups • Cracks code for knowledge • May release cracked code to the public
Typology for Cyber Criminals cont. • Con artists • Great actors • Motivations • Financial stress - need money • Power - control over victims, smarter, better than victims • Challenge - enjoy what they do, mastered the skill • Punish the victim - victim deserves what they get • Techniques used • Familiarization - flatter victim, gain victims trust • Risk free investments - con man will refund all victim’s money if the plan fails • Avoiding questions - talk a lot, vague answers, spout useless jargon • Pressurizing tactics - once in a lifetime chance, will regret it if not done
Typology for Cyber Criminals cont. • Psycho-criminals • Mentally ill - need no external conditions to commit crimes • Pedophiles • Abnormal sexual attraction to children • Larger pool of victims online • Cyberstalkers • Torment victims at a distance • Usually have sexual motivations, power & control • Serial Killers • Internet used as tool to track down victims • Disorganized - low IQ, social outcast, bad at covering tracks • Organized - high IQ, Know what he/she wants & how too get away with it. Most dangerous of all cyber criminals.
Crimes in Physical Space vs Crimes in Cyber Space • Transnational nature and jurisdictional issues • Attacks can take place anywhere from anywhere • Multiple boundaries may be crossed • Physical constraints • Do not exist in cyber space • Crime can happen in milliseconds • Proximity • No physical proximity required
Crimes in Physical Space vs Crimes in Cyber Space cont. • Scale & multiple victimization • Automated process • Multiple simultaneous victims for the same effort • Conduct at issue may not be illegal • Conduct may not be criminalized in country where it originates • Cannot extradite criminal unless law of his/her country is broken
Crimes in Physical Space vs Crimes in Cyber Space • Perfect anonymity • Can disguise identity in ways impossible in the physical world • Can achieve perfect pseudonymity • Velocity • Criminal activity can happen very rapidly • Slammer took down large part of the Internet in 15 minutes
Space Transition Theory • Persons with repressed criminal behavior (in the physical space) have a propensity to commit crime in cyberspace, which otherwise they would not commit in physical space, due to their status and position. • Concern for status in physical space does not transition to cyber space. • Behavior repressed in physical space are not in cyber space.
Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. • Disinhibiting effect allows individuals: • Open honesty about personal issues • To act out on unpleasant needs • Deinidividualization - inner restraints are lost when individuals not seen as individuals • Leads to behavior that is • Less altruistic • More selfish • More aggressive
Space Transition Theory 2) Identity flexibility, dissociative anonymity, and lack of deterrence factor in the cyberspace provides the offenders the choice to commit cyber crime. • Deterrence factor changes • Attacks can be made from a remote location • Crime reslts not immediately apparent
Space Transition Theory 3) Criminal behavior of offenders in cyberspace is likely to be imported to physical space which, in physical space maybe exported to cyberspace as well. • Cyber crime has moved from the single individual acting for fame to professional criminals • Huge financial gain with little risk • Growth of e-commerce attracts criminals to the net
Space Transition Theory 4) Intermittent venture of offenders in to the cyberspace and the dynamic spatiotemporal nature of cyberspace provide the chance to escape • Cyber space is transient • Cyber space is dynamic • Cyber crimes have do not have spatial - temporal restrictions of traditional crimes
Space Transition Theory 5) (a)Strangers are likely too unite together in cyberspace to commit crime in the physical space; (b) Associates of physical space are likely to unite to commit crime in cyberspace. • Cyberspace allows for recruitment and dissemination • Cyberspace is: • Unmoderated • Easy to access • Cyberspace can pose an insider threat • Spy / mole • Disgruntled employee
Space Transition Theory 6) Persons from closed society are more likely to commit crimes in cyberspace than persons from open society. • Open society allows individuals to voice opinions & vent feelings. • Cyberspace allows individuals from closed societies to express anger & frustrations through hate messages, web page vandalism, up to cyber terrorism attacks
Space Transition Theory 7) The conflict of norms and values of physical space with the norms and values of cyberspace may lead to cyber crimes. • Cyberspace is international • Societal differences between individuals may lead to cyber crime • Conflicts between nations carry over into cyberspace
Routine Activity Theory • Routine activities in conventional societies provide opportunities for perpetrator to commit crime • Three things must be present for crime to occur: • Suitable target is available • Motivated offender is present • Lack of a suitable guardian to prevent crime from occurring • Assessment of situation determines whether or not a crime takes place.
Routine Activity Theory • A suitable target can be: • A person • An object • A place • Target comes to the attention of a person searching for a criminal opportunity • Targets behavior may place target in contact with perpetrator • No significant deterring mechanism is present
Routine Activity Theory • Motivated Perpetrator • Predatory crime is a method for the perpetrator to secure basic needs of desires • Actions of perpetrator are intentional and illegal
Routine Activity Theory • A capable guardian • Police patrol, Security guards • Neighbors, neighborhood watch, dogs • Locks, fences, CCTV systems • Passwords, tokens, biometric measures • Guardians can be formal or informal • Guardians can be human or machine • Guardians MUST be capable of acting as a deterrent
Opportunity Theory • Opportunity to commit a crime is a root cause of crime • No crime can occur without the physical opportunity • Opportunity plays a role in all crimes, not just those involving physical property • Reducing opportunity reduces crime
Displacement Theory • Reductions in opportunity will not reduce crime because crime will be displaced to another location • Opportunity is so compelling that removing perpetrators will not reduce crime because other perpetrators will step in • Research on displacement theory has shown crime is not always displaced
Routine Activity Theory & the Internet • Opportunity to commit crime is multiplied • Target and perpetrator are much more likely to come in contact with each other • Victim has to keep returning to scene of the crime • Deterrence comes shifting either events or circumstances • Neither are easily altered
Routine Activity Theory & the Internet • Cybercrime has more to do with the effectiveness of indirect guardianship • Internet is open & unmoderated • Mechanisms of the Internet designed to transfer data, not to examine the data • Internet guardianships are all mechanical • Reactive, respond to some action - IDS • Cannot respond to new, previously untried activity
Hacker Neutralization Techniques • Allows for temporary neutralization of values, beliefs, and attitudes so illegal behaviors can be performed. • Justification of an act requires the need to assert its positive values • Used by different types of deviants
Hacker Neutralization Techniques • Denial of Injury • No harm or insignificant harm done to victim • No physical information stolen, information in an electronic form • Belief that downloading is copying not stealing • As long as no one knows their information is being perused, no harm is done
Hacker Neutralization Techniques • Denial of Victim • Victim is deserving of punishment • Four categories of victims • Close enemies who have harmed offender directly • People who do not conform to normative social roles • Groups with tribal stigmas • Remote enemies who hold positions perceived as questionable or corrupt • Offender may assume role of “avenger” or “crusader for justice” • May justify actions as revenge
Hacker Neutralization Techniques • Condemnation of the Condemners • Divert attention from offenders actions to the motives and behaviors of those condemning offender’s actions • Mistrust of authority • Promote decentralization • Price charged by software companies too high and unfair • Victim failed to protect their computer system
Hacker Neutralization Techniques • Appeal to higher loyalties • Offender doesn’t deny damage, act was done to protect higher loyalties • Loyalty to group • Responsibility to family or spouse • Employer (Corporate crimes) • Claim actions were done to acquire knowledge
Hacker Neutralization Techniques • Self-fulfillment • Illegal activity done for • Fun • Excitement or thrill • Computer virtuosity • Offender achieves feelings of superiority & control • Voyeurism • Demonstration of ability
Hacker Neutralization Techniques • Hackers do not use all neutralization techniques • Denial of responsibility • Sad story • Both external forms of neutralization • Only use techniques based on internal neutralization • Hackers take pride in what they do • Hackers feel in shame or guilt
Computer Hackers & Social Organization • Mutual Association • Clear interpersonal relationship • No strong or deep interpersonal relationships on or off line • Social connections relatively shallow • Multiple identities and multiple forum use may limit ability to form interpersonal connections • Utilize social networks to exchange knowledge and information
Computer Hackers & Social Organization • Mutual Participation • Groups are stratified rather than centrally controlled • Participation in groups did not lead to group attacks • Many do not want an group affiliation
Computer Hackers & Social Organization • Division of labor • Some specialization in group forums does exist • Stratification & division of labor • Small group of moderators • Larger group of users exchanging knowledge & information • Loose set of rules • Give respect, get respect • No flaming • Large population of users enforcing the rules
Computer Hackers & Social Organization • Extended duration • No group with extended history • Relationships appear transitory • Relationships within forums weak & short-lived