Transcript Cyber-crime: the law and you

Cyber-crime: The Law
and You
Group F: !
Authors: Stephen Burrett, Murray Colpman, Thomas
Dubosc, Dorota Filipczuk, Toby Finch, Sandeep Vyas
Tutor: Dr Enrico Gerding
Us!
From left to right:
Sandeep, Dorota, Thomas, Toby, Murray, Stephen
Objectives
To analyse the cost and the impacts cyber-crime can have on firms,
organisations and individuals.
 To highlight the forms of cyber-crime which occur today.
 To explore the range of legislation enacted to target cyber-criminals.
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
What is Cyber-Crime?
Picture source: http://dngraham.files.wordpress.com/2012/04/cyber-crime.jpg
Cyber-crime is any illegal act which is committed using modern communication
networks such as the internet. (Moore, 2005)
Picture source: http://pyramidcyber.com/pyramid/wp-content/uploads/2012/11/Cyber-Crime1.jpg [Accessed 19 April 2013].
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
How Big is the Impact?
93% of large corporations fell victim of cyber-crime in 2012.
A cyber attack could cost a corporation up to £250,000
Picture source: http://secureworldpost.secureworldexpo.com/wpcontent/uploads/2012/04/cybercrime-freakingnewscom-1.jpg
Examples
Iranian oil facilities were taken offline when their computer systems were targeted by
a malware attack. (BBC)
Spyware can be put into QR codes. When people scan the code with their
smartphones their information can be put at risk.
Picture source: www.wikipedia.org
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
Data collection by
mobile devices
Source: http://sparkwiz.com/category/mobile/android/
“This data reveals a lot about your regular locations, habits and routines. Once such data is captured,
acquaintances, friends or authorities might coerce you to disclose it. Perhaps worse, it could be collected or
reused without your knowledge or permission.” (Shilton, 2009)
Malware = malicious software such as viruses, Trojans, worms,
adware and spyware
Passwords stored in cookies
Source: http://www.eliminarviruspc.com
Phishing
Roseth, B. (February 2013), How to avoid “phishing” scams .Retrieved from: http://www.washington.edu/news/2013/02/08/how-to-avoid-phishing-scams/ [Accessed 19 April 2013].
Social Engineering
Source: https://www.avg.com.au/news/avg_smb_social_engineering_deceiving_people_not_machines/
Information is easy to find!
Social network profiles
Fake phone call, e. g. survey
Hadnagy (2011:21)
Source: http://www.securestate.com [Accessed 19 April 2013].
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
A Brief History…
In the mid-80s, British Telecom ran a service called Prestel
Information such as news and an email service was sent to computer terminals
In 1984 Robert Schifreen saw a Prestel engineer use a master password at a trade
show
He and Stephen Gold used this to browse the service, including the mailbox of Prince
Philip
Police charged the pair under Forgery and Counterfeiting Act 1981
They were found guilty and fined £750 and £600 respectively
Things get interesting…
Despite the low fines, they appealed, arguing the Forgery and Counterfeiting act had
been misused
They won the appeal!
The Prosecution appealed to the Law Lords, who said:
“We have accordingly come to the conclusion that the language of the Act was not
intended to apply to the situation which was shown to exist in this case…. The
appellants' conduct amounted in essence, as already stated, to dishonestly gaining
access to the relevant Prestel data bank by a trick. That is not a criminal offence.”
Computer Misuse Act 1990
Drafted in response to the Law Lords' ruling
Contains 3 sections:
1. unauthorised access to computer material
2. unauthorised access with intent to commit or facilitate commission of further offences
3. unauthorised modification of computer material
As computer is not defined, has very broad reach, from smartphones to smart toasters
Maximum sentences: £5000 fine for section 1, 6 months’ imprisonment for 2 and 3.
Computer Misuse Act 1990
Quoted from the act, section 1:
A person is guilty of an offence if—
a) he causes a computer to perform any function with intent to secure access to any
program or data held in any computer, or to enable any such access to be secured;
b) the access he intends to secure, or to enable to be secured, is unauthorised; and
c) he knows at the time when he causes the computer to perform the function that
that is the case.
The further 2 sections have other conditions, such as intent to cause damage etc.
Other Laws and Organisations
European Convention on Cybercrime: the first international treaty to deal with crimes
including copyright infringement, fraud and network security violations
Privacy and Electronic Communications (EC Directive) Regulations 2003: deals with
spam by requiring prior consent before messages can be sent to an individual
The Serious Organised Crime Agency (SOCA) investigates serious organised crimes
online
This year the UK government opened a cyber crime unit dedicated to catching cybercriminals
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
Golden rules
1. Passwords :
Create complex but memorable passwords!
Use more than one password.
The recommended password length is 8
characters.
Change the passwords on regular basis!
Retrieved from: http://wulty.com, Thomas Dubosc
2. On your Mobile :
Adjust your mobile phone or tablet settings so that it did
NOT collect your location, passwords and browser history!
If you are not using the WiFi or the bluetooth, turn it off!
It is also a good idea to have an Antivirus software on your
phone.
Retrieved from: http://wulty.com,
Thomas Dubosc
3. When browsing from any platform :
Adjust your browser’s settings. Make sure it does NOT
store your passwords in cookies!
Cookies can store password and over personal
information.
Retrieved from: http://wulty.com,
Thomas Dubosc
4. Against Phishing :
To prevent Phishing you should pay attention to the
nature of the messages.
Search online on the official website if the email is not
fraudulous.
Limit the amount of data you share on the Internet.
Do not enable others to gather sensitive information
about yourself!
Retrieved from: http://wulty.com,
Thomas Dubosc
Outline
1. Introduction - what is a cyber-crime?
2. How big is the impact?
3. How is it done?
4. The law
5. Protect yourself!
6. Conclusions
Cyber-security has a huge impact on your business expenses
and personal privacy.
Social engineering techniques such as phishing are examples
of cyber-crimes.
A range of registration exists to protect and provide redress for
individuals and organisations against cyber-crime and breaches
of cyber-security.
But all in all, it is your responsibility to take care of your
personal data!
Slides at upload.wulty.com/cybercrimepresentation.pptx
References
The internet
References
Brodies LLP, The Computer Misuse Act – a beginners guide
http://techblog.brodies.com/2012/03/20/the-computer-misuse-act-a-beginners-guide/ [Accessed
19 April 2013].
Hadnagy, C. (2011:21) Social Engineering: The Art of Human Hacking. Indianapolis, IN: Wiley
Publishing, Inc.
Moore, R. (2005) Cyber crime: Investigating High-Technology Computer Crime. Cleveland,
Mississippi: Anderson Publishing.
Moskvitch, K. (April 2012), The world's five biggest cyber threats. BBC News [online]. Retrieved
from: http://www.bbc.co.uk/news/technology-17846185 [Accessed 19 April 2013
Shilton, K. (November 2009), Four billion little brothers? Privacy, mobile phones and ubiquitous data
collection. Communications of the ACM. New York: ACM. pp. 48-53.
Serious Organised Crime Agency (2013), Cyber Crime. Retrieved from:
http://www.soca.gov.uk/threats/cyber-crime [Accessed 20 April 2013].
UK Government, Computer Misuse Act 1990 Retrived from:
http://www.legislation.gov.uk/ukpga/1990/18 [Accessed 19 April 2013].
UK Government (February 2013), Keeping the UK safe in cyberspace. Retrieved from:
https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace [Accessed 19 April
2013].