Names and Numbers. Computer & Internet Forensic #2 อ.รว ท ต ภ หลำ

Computer & Internet Forensic #2 Names and Numbers อ.รว ท ต ภ หลำ SIGMA Research Laboratory & Department of Computing Faculty of Science, Silpakorn University rawitat@cp.su.ac.th

Contents Computer & Internet Forensics Addresses on the Internet IP address, Domain names, Tools Scam, Spam, Phishing, etc. 7 Laws of Identity

Computer Forensics

Definitions Forensics: Application of scientific methods in criminal investigations. Unique field of study. Draws from all areas of science. From entomology to genetics, from geology to mathematics. With a single goal of solving a mystery.

Definitions Computer Forensics: How computers are involved in the commission of crimes. Ranging from accounting fraud, blackmail, identity theft, to child pornography. The content of hard drive can contain critical evidence of crime. The analysis of disks and tracking of emails have become commonplace tools for law enforcement.

Definitions Internet Forensics: Shifts computer forensic focus from individual machine to the Internet. With a single massive network that spans the globe, the challenge of identifying criminal activity and people behind it becomes immense.

Problems Viruses Spam Scam Fraud Phishing

Problems

Problems Underlying internet protocols were not designed to address all those problems. Difficult, often impossible, to verify the source of a message or the operator of a web site. Minor details become important.

Problems

Had become

Fingerprint

What About?

The Seamy Underbelly of the Internet

History Any situation involves people & money will quickly attract crime. Certainly the case with internet. Online crime is at an all-time high. Show no signs of slowing down, despite the best effort of computer industry.

The Scams

The Scams Many forms of criminal activity use the internet as a means of communication using e-mail instead of phone calls publishing offensive material on a web site instead of hard copy Internet has allowed some types of crime to evolve in new ways so as to exploit the new opportunities that it provides.

Spams Most widespread. Unsolicited email on burden of millions of servers every day. Companies spend huge amounts of money on software and staff to keep control. Save employees from dealing with it. Incur even higher cost: lower productivity

Spams Computer savvy tend to overlook the content of those message: URLs of web site that promise: Cheap Viagra, cheap mortgages, chance to meet lonely singles in the neighborhoods. Other People Do Click Them!

Spams Most traditional scams have goal to get you hand over your credit card number. Being able to reach millions of potential victims through power of spam is what makes it so attractive.

Phishing Fake web sites that look like those of banks or credit card companies. Like spamming, but appearing to come from well-known, legitimate businesses. You click the URL, see a web site that look exactly like the real thing. You enter your information. Game over.

Viruses & Worms Comparable to graffiti tag spray painting. Damage range from negligible to minor. Real impact lay in the effort it took to deal with infected computers and in preventing future attacks. Today, viruses will actively disrupt the function of antivirus software and prevent such tools from being installed a system.

The Numbers

Spam = 73% of emails

94% in July

Viruses 6%

250,000 Phishing, 6 months

4,500,000 Phishing, Year-End

Getting Worse?

Seemingly Unstoppable

Seemingly Unstoppable Several factors

Seemingly Unstoppable Several factors Scams don t cost much to set up

Seemingly Unstoppable Several factors Scams don t cost much to set up Potential audience is huge

Seemingly Unstoppable Several factors Scams don t cost much to set up Potential audience is huge Chance of getting caught is low

Seemingly Unstoppable Several factors Scams don t cost much to set up Potential audience is huge Chance of getting caught is low Chance of getting prosecuted is minimal

Seemingly Unstoppable Several factors Scams don t cost much to set up Potential audience is huge Chance of getting caught is low Chance of getting prosecuted is minimal People are making money doing it

Cost of Setting Phishing Cost: Web server Little programming experience Some way to send a lot of email messages A few hundred $ at most One credit card = profit.

Larger Operation A pool of email servers. using commercial servers still cheap. But... using someone else s computer is cheaper viruses install email relay servers on infected hosts.

Reach Out I ll Be There Automating the generation and distribution of email messages. Writing script is easy enough. Little programming or none at all.

Crime Scene Investigation

Crime Scene Investigation Internet crime scene takes the form of web site, server, email message. We are unlikely to uncover the name and address of the culprit, but we will be able to build up a practice of their operation. That can contain a surprising amount of detail.

Tools & Threats Computer viruses & spyware are everyday threats. Actively seeking out and examining dubious web sites, we may exposing our systems to higher than normal risk. UNIX-based systems (GNU/Linux or Mac OS X) is preferred platform which to investigate dubious web sites and email messages.

UNIX The environment is less susceptible to computer viruses. Control mechanisms that make it difficult for rogue executables to be installed simply by downloading them. Not a big target.

Windows Exactly the opposite.

Most important:

Ethics

Computer & Internet Forensic #2 7 Laws of Identity อ.รว ท ต ภ หลำ SIGMA Research Laboratory & Department of Computing Faculty of Science, Silpakorn University rawitat@cp.su.ac.th

Question 1 Your company is designed a new system that will store a user s confidential reviews on a server in your main office. How should this system be designed? Users are required to upload their files to a site, with no explanation of where the files go. They are not informed that other uses may have access to the information They re notified that the information can be accessed only by their supervisors and HR counselors. Users are not required to upload files if they don t want to. Instead of placing their review on a remote server, they may play Solitaire on company time.

Why It is a condition of employment to create and file review. Users can choose whether to do this, but not complying violates company policy. The the same time, they are given concrete information that clearly explains the exact boundaries for their personal information, so they can feel confident that prying eyes will not get to it.

Technical identity systems must only reveal information identifying a user with user s consent.

Question 2 Complete the following message: Thank you for signing up for free daily joke e-mails! In order to begin your description, we need your... Home address E-mail address Cell phone number Social security number and mother s maiden name

Why You only need an e-mail address to send out e-mail. If this is a real service and not just some trick to get your home address. Nothing more should be required. Forms that ask for all sorts of personal information create an atmosphere of distrust.

The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

Question 3 Who is the best party to control the identifying information you ve given to an online bookseller? The bookseller The government A third-party address-book site None of the above

Why People have high levels of trust in the entities they re dealing with directly, and less trust in third-party go-betweens.

Digital identity systems must be designed so the disclosure of identifying information is limited to parties having necessary and justifiable place in a given identity relationship.

Question 4 Which of the following choices is an example of a unidirectional identifier? Your bluetooth adapter signal A web site URL A building-entry swipe card The microchip that was secretly implanted in your arm when you were vaccinated as a child

Why A swipe card only works when you choose to swipe it. In contrast, a Bluetooth adapter announces its existence indiscriminately to all in the vicinity. A URL lets any visitor find their way to your site. We won t even get into what that microchip does.

A universal identity system must support both omnidirectional identifiers for use by public entities and unidirectional for use by private entities. Facilitating discovery while preventing unnecessary release of correlation handles.

Question 5 How many operators should be able to work together with a universal identify system? 1 3 47,559 As many as necessary

Question 5 How many operators should be able to work together with a universal identify system? 1 3 47,559 As many as necessary As many as necessary

Why An identity system is best defined through its underlying protocol and user experience. Providing extensibility for any valid operators who want to plug into the system.

A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

Question 6 Why do crackers target the end user rather than the inprocess communication? The end user can be tricked into opening a fake message from a bank and entering info If the cracker can assume a user s identity, he also gets to keep the comfy office chair, stapler, and travel coffee mug Communications protocols can be effectively secured, and the end user is the weak point on the chain All of the above (except maybe B)

Why The human at the end of the identity system is the path of least resistance into the system. Systems should be designed to minimize confusion and ambiguity for the end user.

The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms, offering protection against identity attacks.

Question 7 Which of the following is not a common contextual identity choice? Browsing (self-asserted identity for exploring the web) Community (public identity for collaborating with others) Citizen (identity issued by a government) Credit Card (identity issued by a financial institution) Klingon (self-asserted identity for visiting a sci-fi conference at the local VFW hall)

Why At least, we hope that s the answer.

The unifying identity metasystem must guarantee its users a simple, consistent experience while enable separation of contexts through multiple operators and technologies.

7 Laws in the Nutshell Technical identity systems must only reveal information identifying a user with user s consent. The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

7 Laws in the Nutshell Digital identity systems must be designed so the disclosure of identifying information is limited to parties having necessary and justifiable place in a given identity relationship.

7 Laws in the Nutshell A universal identity system must support both omnidirectional identifiers for use by public entities and unidirectional for use by private entities. Facilitating discovery while preventing unnecessary release of correlation handles.

7 Laws in the Nutshell A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

7 Laws in the Nutshell The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human/machine communication mechanisms, offering protection against identity attacks.

7 Laws in the Nutshell The unifying identity metasystem must guarantee its users a simple, consistent experience while enable separation of contexts through multiple operators and technologies.