¿un

Cybercrime AwarenessCybercrime Awareness

Michael De La CruzMichael De La Cruz

Information Security OfficerInformation Security Officer

ObjectivesObjectives

To provide a general awareness of To provide a general awareness of CybercrimeCybercrime

To understand Cybercrime methodsTo understand Cybercrime methods To identify Internet scamsTo identify Internet scams To learn how to keep from being a victimTo learn how to keep from being a victim

What is Cybercrime?What is Cybercrime?

Cybercrime is any illegal act committed by Cybercrime is any illegal act committed by using a computer network.using a computer network.– Cybercrime is a subset of computer crime.Cybercrime is a subset of computer crime.

Examples of CybercrimeExamples of Cybercrime

Web defacementWeb defacement Unauthorized network Unauthorized network

accessaccess Cyber-StalkingCyber-Stalking Internet fraudInternet fraud

Identity theftIdentity theft Child pornographyChild pornography Interception and Interception and

fabrication of emailsfabrication of emails Theft of passwordsTheft of passwords

Who are the perpetrators?Who are the perpetrators?

Not just “hackers.”Not just “hackers.”– Companies seeking competitor’s trade secretsCompanies seeking competitor’s trade secrets– Con-artistsCon-artists– PedophilesPedophiles– Disgruntled employeesDisgruntled employees– ““Accidental” criminalsAccidental” criminals

The Internet should be viewed as another The Internet should be viewed as another medium in which criminals can conduct medium in which criminals can conduct illegal acts.illegal acts.

Who are the cybervictims?Who are the cybervictims?

CompaniesCompanies– No security awarenessNo security awareness– Bottom linersBottom liners

IndividualsIndividuals– The unaware individualsThe unaware individuals– The “don’t care” individualsThe “don’t care” individuals– The “innocent by-stander” individualsThe “innocent by-stander” individuals

SocietySociety

What does the WORLD know What does the WORLD know about YOU?about YOU?

The Stalker’s Home PageThe Stalker’s Home Page– http://www.glr.com/stalk.htmlhttp://www.glr.com/stalk.html– Email searchesEmail searches– Phone number searchesPhone number searches– Address searchesAddress searches

Credit Card FraudCredit Card Fraud

A quick search on GOOGLE yielded this A quick search on GOOGLE yielded this information:information:– Discover Card number range: 601100-601199Discover Card number range: 601100-601199– Visa Card number range: 4000-4999Visa Card number range: 4000-4999

How much more information can we get?How much more information can we get?

Search Engine FunSearch Engine Fun

TRY THISTRY THIS– Conduct an Advanced search on Conduct an Advanced search on

GOOGLE for your first 8 numbers of GOOGLE for your first 8 numbers of your credit card number.your credit card number.

– Now try searching for the first 5 numbers Now try searching for the first 5 numbers of your SSN.of your SSN.

– Try a search on GOOGLE for the letters Try a search on GOOGLE for the letters SSN while filtering for Excel documents.SSN while filtering for Excel documents.

Website FraudWebsite Fraud

Many con-artists go to great measures to Many con-artists go to great measures to create a legitimate looking website in order create a legitimate looking website in order to convince customers to give up their to convince customers to give up their personal information.personal information.

April 11, 2003April 11, 2003– 50 ANZ bank customers in Australia were duped 50 ANZ bank customers in Australia were duped

into revealing their bank username and into revealing their bank username and passwords. The victims’ logged on to what passwords. The victims’ logged on to what appeared to be their bank, but in reality was appeared to be their bank, but in reality was redirecting them to another web site that was redirecting them to another web site that was secretly recording all their data.secretly recording all their data.

SpywareSpyware

Spyware is used by companies to gather the Spyware is used by companies to gather the surfing habits of individuals.surfing habits of individuals.

Pop-up ads are usually a result of spyware Pop-up ads are usually a result of spyware being present on a computer.being present on a computer.

Keyloggers are a form of spyware that Keyloggers are a form of spyware that secretly record keystrokes and have the secretly record keystrokes and have the ability to email them back to the intruder.ability to email them back to the intruder.

Desktop SecurityDesktop Security

Many people become victims of a cyber Many people become victims of a cyber attack by what is referred to as “drive by attack by what is referred to as “drive by hacking.”hacking.”

Tools are freely available on the Internet to Tools are freely available on the Internet to allow for such behavior to occur.allow for such behavior to occur.

The latest Microsoft Security flaw is a good The latest Microsoft Security flaw is a good example of how vulnerable each users example of how vulnerable each users desktop is to such an attack.desktop is to such an attack.

PornographyPornography

Pornography is the first consistently Pornography is the first consistently successful e-commerce product.successful e-commerce product.

Deceptive marketing tactics and mouse Deceptive marketing tactics and mouse trapping technologies encourage trapping technologies encourage customers to access their websites.customers to access their websites.

Many sites are created to gather users Many sites are created to gather users personal information and install personal information and install backdoors (trojans) on their computers.backdoors (trojans) on their computers.

Pornography StatisticsPornography Statistics

30% of SPAM is from pornographers30% of SPAM is from pornographers Accessed unintentionally Accessed unintentionally (whitehouse.com, (whitehouse.com,

coffeebeansupply.com, teenagershideout.com, clothingcatalog.com, coffeebeansupply.com, teenagershideout.com, clothingcatalog.com, watersports.com, boys.com)watersports.com, boys.com)

Child Pornography est. revenue per year is Child Pornography est. revenue per year is $200 million - $1 billion.$200 million - $1 billion.

1 in 2 parents do not use internet filtering 1 in 2 parents do not use internet filtering software.software.

What can I do?What can I do?

Awareness is the first step in protecting yourself Awareness is the first step in protecting yourself and your family.and your family.

Invest in Anti-virus, Firewall, and SPAM blocking Invest in Anti-virus, Firewall, and SPAM blocking software for your home PC.software for your home PC.

Detect secure websites when conducting Detect secure websites when conducting transactions online.transactions online.

Do NOT respond or act on emails sent from Do NOT respond or act on emails sent from unknown sources.unknown sources.

Stay on top of current Cybercrime trendsStay on top of current Cybercrime trends– www.stcc.cc.tx.us/ITSprojects/infosec/infosec.www.stcc.cc.tx.us/ITSprojects/infosec/infosec.htmhtm

Detecting Secure WebsitesDetecting Secure Websites

Yellow Lock at bottom right of website

HTTPS instead of HTTP

EmailsEmails

SPAM emails are becoming easier to detect SPAM emails are becoming easier to detect by the average user. Look for these clues to by the average user. Look for these clues to identify SPAM:identify SPAM:– The receiver’s name is the same as the sender’sThe receiver’s name is the same as the sender’s– The subject is offering money making dealsThe subject is offering money making deals– The user is unknown and there are links to what The user is unknown and there are links to what

appear to be legitimate websites.appear to be legitimate websites.

Email FiltersEmail Filters STCC is currently using a SPAM email filtering STCC is currently using a SPAM email filtering

software to block most unwanted emails.software to block most unwanted emails. This is will not block all emails, since it filters by This is will not block all emails, since it filters by

keywords, but will eliminate the more obvious keywords, but will eliminate the more obvious ones.ones.

Email filters for home use can be purchased to Email filters for home use can be purchased to protect your family from SPAM.protect your family from SPAM.– Bundle packages are available that include pop-up Bundle packages are available that include pop-up

blockers, anti-virus, spy-ware removers, and Internet blockers, anti-virus, spy-ware removers, and Internet filters.filters.

Helpful LinksHelpful Links

Tiny Personal FirewallTiny Personal Firewall– www.tinysoftware.comwww.tinysoftware.com

Antivirus SoftwareAntivirus Software– http://www.thefreesite.com/Free_Software/Anti_virus_freeware/http://www.thefreesite.com/Free_Software/Anti_virus_freeware/

SPAM blockersSPAM blockers– http://netsecurity.about.com/library/blfreepopup.http://netsecurity.about.com/library/blfreepopup.htmhtm

STCC InfoSec pageSTCC InfoSec page– www.www.stccstcc.cc..cc.txtx.us/.us/ITSprojectsITSprojects//infosecinfosec//infosecinfosec..htmhtm

ConclusionConclusion

The key to protecting yourself is being aware.The key to protecting yourself is being aware. Not all cybercriminals are “hackers.”Not all cybercriminals are “hackers.” There is a whole other world that exists in There is a whole other world that exists in

cyberspace…make sure that your information cyberspace…make sure that your information travels safely.travels safely.

QuestionsQuestions

Michael De La CruzMichael De La Cruz

Information Security OfficerInformation Security Officer

delacruzmadelacruzma@stcc.cc.tx.us@stcc.cc.tx.us