Week 4:
Cybercrime:
Objective:
- Analyse different forms of computer misuse, critically evaluate the current legal response to these forms of computer
misuse and compare this response to alternative approaches.
- Todays’ topics:
o Cyber security risks & practice
o Hacking
o The legal response to hacking
o Alternative approaches
Computer misuse:
- Umbrella term as under the Computer Misuse Act 1990 includes a range of offences
The internet is for… crime?
- ‘On the internet, no one knows you’re a dog’
o Provides protection from social censure
o May facilitate fraud (use of proxies for identification)
Deep web allows criminals to network
- Broad reach of the internet
o Large market for criminal services they can move freely
o More challenging to police
Internet
Cyber Security Enabled Crime
Risks and Practice:
- Questions that have been asked:
o Iscybercrime
Why cybercrime something different
deserves than regular
separate crime? Should we conceptualise it differently?
attention:
Internet Enabled Crime:
- Why cybercrime deserves separate attention:
Lower risks &
Difficulties for Fewer online No face-to-face
high rewards for
enforcement barriers interaction
criminals
Intelligence
Massive
Personal, financial agencies and
potential for Right to privacy
& national security illegal access to
disruption
digtial info
-
o We’ve bred a new type of criminal
o Disruption:
National security impacting society as a whole
Cyber Security Is…
- A socio-technical systems problem
- Security problems almost always stem from a mix of technical, human and organisational causes
- Techniques of threat and attack analysis and mitigation
- Protection and recovery technologies, processes and procedures for individuals, business and government
- Policies, laws and regulation relevant to the use of computers and the Internet
Threats:
- Almost one in five small business owners say their company has had a loss of data in the past year. Small business
owners are particularly hurt by cyberattacks. According to recent data 63 percent of small business owners view data as
their new currency, and that a single data hack could have associated costs ranging from $82,200 to $256,000.
o Norman Guadango, Carbonite
- Cyberattacks now cost companies $200,000 on average, putting many out of business
- Risks:
o Data Loss
o Ransomware and Extortion
o Industrial IoT attacks industrial technology being attacked
o Internal Threats
o Physical Security Risks
, Threats
Unauthorized access Internal Data theft, corporate
and access control attacks Hacking espionage, identity theft
Attack Virus, Spear Phishing,
Social
Malware, Phishing, traditional
Vectors Botnet
Engineering
SE
Cloud
Extortion Ransomware attacks Dropbox, iCloud,
& OneDrive, Etc
breaches
-
Cyber-attack:
- Definition:
o A malicious attempt, using digital technologies, to cause personal or property loss or damage, and/or steal or
alter confidential personal or organisational data.
- Insider Attacks:
o Attacks to an organisation carried out by someone who is inside that organisation.
o Difficult to counter using technical methods as the insider may have valid credentials to access the system.
- External Attacks:
o Attacks to an organisation carried out by an external agent.
o Requires either valid credentials or the exploitation of some vulnerability to gain access to the systems.
Insider attacks:
- Very common- nearly 75% are insider attacks
Cyberattacks by states:
- Massive political implications
Cyberattacks by terrorist groups:
- ISIS hacking the US
Malware:
- Software that has some malicious intent and which is installed on a user’s computer without that user’s consent.
- Key loggers
o Software installed on a computer that captures keystrokes and sends these to a remote system
o Used to try and get personal information to gain access to sites such as banks
- Ransomware
o Software that runs on a user’s computer and demands that the user pays some other organisation. If they don’t,
the information on their computer will be destroyed.
- Malware can usually spread itself from one computer to another either as a virus or as a worm
- Computer malware can cause destruction at a physical level
o Nuclear plants
Used by the US and Israel against Iran to stop them developing nuclear weapons
o Hospitals
Encrypted the data of hospitals, marking it hard for the hospital to access data
o Public transport
o Smart cities
- Worms
Smurfware:
- GCHQs SMURT ARMY can hack smartphones
o They go far in trying to detect crimes
Malware:
- Crypto-checking
Hacking:
Defining Hacking:
- Origins of the word ‘hacker’ = a ‘quick fix’
- Difficult to find consensus as to a definition:
o “gain unauthorized access (to data in a computer)” (OED [Oxford Dictionary])
o “unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or
network” (Digital Guards Database) [implies a level of connectivity]
- Common elements/activities?
o Theft of information
o Malware
o Changing websites
Forms of computer misuse:
- Mail-bombing
- Spam
Cybercrime:
Objective:
- Analyse different forms of computer misuse, critically evaluate the current legal response to these forms of computer
misuse and compare this response to alternative approaches.
- Todays’ topics:
o Cyber security risks & practice
o Hacking
o The legal response to hacking
o Alternative approaches
Computer misuse:
- Umbrella term as under the Computer Misuse Act 1990 includes a range of offences
The internet is for… crime?
- ‘On the internet, no one knows you’re a dog’
o Provides protection from social censure
o May facilitate fraud (use of proxies for identification)
Deep web allows criminals to network
- Broad reach of the internet
o Large market for criminal services they can move freely
o More challenging to police
Internet
Cyber Security Enabled Crime
Risks and Practice:
- Questions that have been asked:
o Iscybercrime
Why cybercrime something different
deserves than regular
separate crime? Should we conceptualise it differently?
attention:
Internet Enabled Crime:
- Why cybercrime deserves separate attention:
Lower risks &
Difficulties for Fewer online No face-to-face
high rewards for
enforcement barriers interaction
criminals
Intelligence
Massive
Personal, financial agencies and
potential for Right to privacy
& national security illegal access to
disruption
digtial info
-
o We’ve bred a new type of criminal
o Disruption:
National security impacting society as a whole
Cyber Security Is…
- A socio-technical systems problem
- Security problems almost always stem from a mix of technical, human and organisational causes
- Techniques of threat and attack analysis and mitigation
- Protection and recovery technologies, processes and procedures for individuals, business and government
- Policies, laws and regulation relevant to the use of computers and the Internet
Threats:
- Almost one in five small business owners say their company has had a loss of data in the past year. Small business
owners are particularly hurt by cyberattacks. According to recent data 63 percent of small business owners view data as
their new currency, and that a single data hack could have associated costs ranging from $82,200 to $256,000.
o Norman Guadango, Carbonite
- Cyberattacks now cost companies $200,000 on average, putting many out of business
- Risks:
o Data Loss
o Ransomware and Extortion
o Industrial IoT attacks industrial technology being attacked
o Internal Threats
o Physical Security Risks
, Threats
Unauthorized access Internal Data theft, corporate
and access control attacks Hacking espionage, identity theft
Attack Virus, Spear Phishing,
Social
Malware, Phishing, traditional
Vectors Botnet
Engineering
SE
Cloud
Extortion Ransomware attacks Dropbox, iCloud,
& OneDrive, Etc
breaches
-
Cyber-attack:
- Definition:
o A malicious attempt, using digital technologies, to cause personal or property loss or damage, and/or steal or
alter confidential personal or organisational data.
- Insider Attacks:
o Attacks to an organisation carried out by someone who is inside that organisation.
o Difficult to counter using technical methods as the insider may have valid credentials to access the system.
- External Attacks:
o Attacks to an organisation carried out by an external agent.
o Requires either valid credentials or the exploitation of some vulnerability to gain access to the systems.
Insider attacks:
- Very common- nearly 75% are insider attacks
Cyberattacks by states:
- Massive political implications
Cyberattacks by terrorist groups:
- ISIS hacking the US
Malware:
- Software that has some malicious intent and which is installed on a user’s computer without that user’s consent.
- Key loggers
o Software installed on a computer that captures keystrokes and sends these to a remote system
o Used to try and get personal information to gain access to sites such as banks
- Ransomware
o Software that runs on a user’s computer and demands that the user pays some other organisation. If they don’t,
the information on their computer will be destroyed.
- Malware can usually spread itself from one computer to another either as a virus or as a worm
- Computer malware can cause destruction at a physical level
o Nuclear plants
Used by the US and Israel against Iran to stop them developing nuclear weapons
o Hospitals
Encrypted the data of hospitals, marking it hard for the hospital to access data
o Public transport
o Smart cities
- Worms
Smurfware:
- GCHQs SMURT ARMY can hack smartphones
o They go far in trying to detect crimes
Malware:
- Crypto-checking
Hacking:
Defining Hacking:
- Origins of the word ‘hacker’ = a ‘quick fix’
- Difficult to find consensus as to a definition:
o “gain unauthorized access (to data in a computer)” (OED [Oxford Dictionary])
o “unauthorized use, or attempts to circumvent or bypass the security mechanisms of an information system or
network” (Digital Guards Database) [implies a level of connectivity]
- Common elements/activities?
o Theft of information
o Malware
o Changing websites
Forms of computer misuse:
- Mail-bombing
- Spam
