Welcome

ISE 414
INVESTIGATION OF
COMPUTER CRIME

Tuncay TERZİOĞLU

October 14, 2024

Computer Forensics and Cyber
Computer Forensics & Cyber Crime
Crime

Chapter 3

Traditional Computer Crime: Early

Hackers and Theft of Components
 Learning objectives

• Identify traditional problems associated

with the recognition and prosecution of
computer crime.

• Explore a history of computer crimes.

• Explore traditional definitions for

phreakers and hackers.
 Learning objectives

• Explore the evolution of hacking.

• Learn the value of computers as

marketable commodities.

• Explore the current state of computer

crimes in the United States and abroad.
 Introduction
• Computer criminals will possess varying
degrees of technical sophistication.
▪ Hence, the metaphor of a continuum of
offenses in terms of seriousness.

• However, degrees of computer crimes may

also be reflected by the degrees of technical
expertise of agencies investigating such
crimes.
 Traditional Problems
Traditional problems with any crime may
constitute more complicated issues for
computer crime investigation and
prosecution, such as:

• Questions of vicinage (crime area):

The jurisdiction of most crimes is based on
the location of the crime. However,
computer-based crime may be subject to
laws where criminal and the victim live.
 Traditional Problems

• Lack of international cooperation:

Collaboration among nations to investigate
and prosecute may suffer in the absence
of prior agreements to deal with this kind
of crime.
▪ Perhaps due to judicial inconsistency,
administrative apathy, cultural skepticism
 Traditional Problems
• Encryption & steganography: Encoding
(cryptography) or hiding information
(steganography) makes it harder for
prosecution.
▪ Delay in detection can mean increased chance
of escaping prosecution.
• Perception of anonymity: Since some may
have a way to hide their identity, anonymity
may encourage them to commit crimes.
Recognizing and Defining Computer
Crime
Difficulties in recognizing and defining
computer crimes may depend upon the 3
categories:
• Targets
▪ Are victims individuals, organizations,
countries?
▪ What are the fruits of the illegal activity?

• Means:
▪ To what degree does technology matter?
▪ Hacking requires a lot of technology, where
fraud may involve only an e-mail, as with
phishing.
 Recognizing and Defining
Computer Crime
• Incidentals
▪ Is computer technology incidental to the
commission of the crime? If so, to what extent?
▪ Online gambling versus filing a false insurance
claim
 Recognizing and Defining
Computer Crime
• History
▪ Early forms of computer crime could include the
theft of the physical technology (like an abacus) or
sabotage, such as the destruction of Jacquard’s
automated textile machine in the early 19th century
CE.
Three Incidents
• MILNET: Via independent data
carrier (Tymnet), a KGB-employed
hacker seemed to have easily
entered MILNET. It was discovered
by chance in 1986 by a programmer
at UC Berkeley.
• Morris Worm: In 1988, Cornell
student Robert Morris released the
worm (self-replicating computer
program), which quickly spread to
over 6000 computers, causing
millions in damages.
▪ Convicted for violating Computer
Fraud and Abuse Act
 Three Incidents

• AT&T crash: The crash occurred due to a

software failure, demonstrating the vulnerability
of telephone system. It was the result of self-
named Legion of Doom, which may or may not
have been a hacking menace.
 Hacker Typologies
▪ White hat hackers : individuals who identify system
vulnerabilities in the interest of promoting heightened
security
▪ Black hat hackers or crackers : individuals who
identify and exploit system vulnerabilities for nefarious
purposes, including, but not limited to destruction and
theft.
▪ Gray hat hackers : individuals who wear both of the
preceding hats. Gray hat hackers may identify network
weaknesses for system administrators but may also
provide them to black hat hackers for profit.
 Hacking Timeline (1)

▪ 1960s : • The term “hacking” is introduced at MIT.

▪ 1970s : • Phreakers emerge, costing AT&T a fortune in
uncollected long-distance charges.
▪ 1980s : • Phreakers graduate to computer hacking.
• 2600, the first hacking magazine, is published.
• Hacker bulletin boards are created.
• Computer Fraud and Abuse Act of 1986 is passed
by Congress.
• Robert Morris’ worm is released on the Internet,
and he is prosecuted under the newly passed legislation.
 Hacking Timeline (2)

▪ 1990s :
• Kevin Poulsen exploits the telecom system to “win”
a Porsche.
• Hacking Web sites emerge.
• Kevin Mitnick is arrested and prosecuted.
• Windows 98 is released.
• Commercially available security products are
introduced.
• Trojans, back doors, and virus kits become
commercially available providing amateurs easy access.
 Hacking Timeline (3)

▪ 2000—present :
• DoS attacks are launched against various Web sites,
including Yahoo!, eBay, and Microsoft.
• Organizations of cybercriminals emerge.
• Identity theft emerges as an issue for consumers.
• Information becomes the leading commodity for
criminals.
• Explosion of DDoS attacks.
• Dramatic increase in hacktivism.
 Early Hackers (Kevin Mitnick)
▪ Kevin Mitnick (perhaps the most famous)
- began his career with small exploits and phone
phreaking
- arrested by the FBI in February 1995
- owns a computer security firm
 Early Hackers (cOmrade)
▪ cOmrade (first teen to be incarcerated for hacking)
- Jonathan James committed his intrusions under
the alias cOmrade
- held responsible for the 1999 intrusion into
computer systems of the U.S. Department of Defense
- did all of this at only 15 years old and
was sentenced to 6 months in juvenile
detention
- committed suicide in 2008
 Early Hackers (Terminus)
▪ Terminus (Unix programmer & AT&T minicomputer
expert)
- Leonard Rose is an American hacker
- pirated AT&T proprietary software and stole
electronic messages stored on their systems
 Early Hackers (Shadowhawk)
▪ Shadowhawk (breaking and entering into U.S. Missile
Command)

- Herbert D. Zinn Jr, 18-year-old computer hacker

- received a sentence of nine months and a fine of
$10,000
 Early Hackers (Kyrie)
▪ Kyrie (one of the few female hackers)

- was a 36-year-old Canadian woman

- convicted and jailed for telecommunications fraud
in Canada
- arrested in Chicago in May 1989
- sent Kyrie to jail for 27 months, for computer and
telecommunications fraud
Phreakers: Yesterday’s Hackers

• Phreaking: Manipulation of
telecommunications carriers to gain
knowledge of telecommunications, and/or
theft of applicable services
▪ Illegal use, manipulation of access codes,
access tones, PBXs, or switches
Phreakers: Yesterday’s Hackers
• Methods
▪ Social engineering, like shoulder surfing,
stealing codes while people are dialing
▪ Use of blue boxes, devices that deceived
switching system to put through a call for free
▪ Some approaches became dated due to
changes in phone equipment. New strategies
were constantly developed, such as with the
theft and sale of stolen access codes ("call-
sell" operations).
 Evolution in the Hacking
Community
• In the 1960s, “hacking” by MIT students was
more kind or gentle. Hackers would look for
computer shortcuts, engage in clever tricks;
would "hack" a way at a problem until
solution was found.
▪ Those with criminal intentions were initially called
"crackers."
▪ “Hacking” now refers to both safe and criminal
activities.
 Evolution in the Hacking
Community
Initially:
▪ Hacking was conducted via role-playing games, by
young, socially unsuitable individuals fascinated
with computer technology.
▪ Some advocated anti-establishment ideology, but
others were motivated to hack telephone
exchanges because of the costs associated with
downloading.
 Contemporary Hacking
Communities
• Most of the original ideology is gone.
• Contemporary motivation includes:
▪ Informational voyeurism (what's there
to see?)
▪ Intellectual challenge (hacking as a
way to mine for knowledge)
▪ Revenge (for example, by insiders
such as unhappy, dissatisfied
employees)
▪ Sexual satisfaction (stalking,
harassment)
▪ Profit, economic goals (like theft)
 Contemporary Hacking
Communities
(Continued)
▪ Political goals (the aims of terrorists
and spies)
▪ Relief from boredom
▪ Personal notoriety

▪ Insiders are individuals who have

authorized or legitimate access to a
computer system, but who exceed
that authorization.
Hierarchy of Contemporary Cyber-
Criminals
• Script kiddies
▪ Inexperienced hackers who use
others' programs (like scripts)
to exploit vulnerabilities and
compromise computer systems,
but they don't understand
these programs
▪ Also known as skidiots, skiddie,
or Victor Skill Deficiency (VSD)
▪ Motivations : simple tricks,
criminal profit
 Hacking
• Cyberpunks
▪ Name used by law enforcement for
those who wreak havoc on the
Internet
▪ Not its original, more benign meaning
• Hackers/Crackers
▪ Sophisticated computer criminals
▪ Hackers identify and exploit system
vulnerabilities but who lack
economic motivation
• Cyber-criminal organizations
▪ Greater threat
 Social Engineering

• Social engineering takes advantage of

people who use technology.
▪ Insiders may be the most dangerous,
whether by accident or intentionally
▪ Can reduce risks through security
awareness training
 Computers as Commodities
• Whereas the black market involves criminal
organization, the gray market involves legitimate
businesses engaging in questionable activities.

• In addition to the ability to be stolen, software could

also have problems with counterfeiting.

• Data piracy can include the sale of credit

card numbers, for example.
 Theft of Intellectual Property
• IP can include patents, trademarks
and copyright.
• Software is copyright-protected.
• Film and television piracy can be
conducted via bitstream.
• Can include illegal copies of DVDs,
CDs, videocassettes
▪ Sometimes identifiable because of
absence of authentication information,
like a security hologram
 Theft of Intellectual Property

• Internet piracy can include broadcast

piracy and signal theft.

• Technology piracy can include the

counterfeiting of computer chips.
 ISE 414

Thank you.

Questions / Comments ?