4Ed_CCH_Forensic_Investigative_Accounting_Ch15

4Ed_CCH_Forensic_Investigative_Accounting_Ch15 - Forensic...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Forensic and Investigative Accounting Forensic Chapter 15 Cybercrime Management: Legal Issues © 2009 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085 1 800 248 3248 www.CCHGroup.com Introduction to Cybercrime Most common complaints: Virus attacks ............................................... 50% Insider abuse of net access ......................... 44% Laptop/mobile theft .................................... 42% Unauthorized access to information ........... 29% Unauthorized Denial of service ......................................... 21% System penetration ...................................... 13% Abuse of wireless network…....................... 14% Financial Fraud …….....................................12% Chapter 15 Forensic and Investigative Accounting 2 Net Frauds Net frauds ensnare unsuspecting Internet users into giving up their resources to an online criminal. online Chapter 15 Forensic and Investigative Accounting 3 Unauthorized Access to Unauthorized Network Assets Network Unauthorized access to steal proprietary Unauthorized information can be considered a distinct crime from fraud. from Chapter 15 Forensic and Investigative Accounting 4 Types of Unauthorized Access Access using wardialers in modem attacks. Access via buggy software. Access via trusted server. Backdoor entry. Access via social engineering. Chapter 15 Forensic and Investigative Accounting 5 Intangible Assets Information on the Internet and in computer Information databases represents intangible assets composed of bits and bytes. composed The destruction of electronic representations The or the erasure of data without physically damaging a tangible computer asset may not be considered a crime. be (continued on next slide) Chapter 15 Forensic and Investigative Accounting 6 Intangible Assets If data is accessed but not used for any If purpose, then no crime may have been committed. committed. Statutes may not provide for the recognition Statutes of criminal trespass, a property crime, based on a virtual presence (and no physical presence). presence). Chapter 15 Forensic and Investigative Accounting 7 1986 OECD Time Capsule Recommendations 1. 2. The input, alteration, erasure and/or The suppression of computer data and/or computer programmes made willfully with the intent to commit an illegal transfer of funds or of another thing of value; another The input, alteration, erasure and/or The suppression of computer data and/or computer programmes made willfully with the intent to commit a forgery; commit (continued on next slide) Chapter 15 Forensic and Investigative Accounting 8 1986 OECD Time Capsule Recommendations 1. 2. The input, alteration, erasure and/or The suppression of computer data and/or computer programmes, or other interference with computer systems, made willfully with the intent to hinder the functioning of a computer and/or telecommunication system; and/or The infringement of the exclusive right of the The owner of a protected computer programme with the intent to exploit commercially the programme and put it on the market; programme (continued on next slide) Chapter 15 Forensic and Investigative Accounting 9 1986 OECD Time Capsule Recommendations 1. The access to or the interception of a The computer and/or telecommunication system made knowingly and without the authorization of the person responsible for the system, either (i) by infringement of security measures or (ii) for other dishonest or harmful intentions. or Chapter 15 Forensic and Investigative Accounting 10 Cybercrime or Not? Spoofing. Use of bots. Chaffing. Steganography. Chapter 15 Forensic and Investigative Accounting 11 International Law Although approximately 240 countries have Although IP domain registrations, the countries with cybercrime statutes are fewer. cybercrime Some countries have broad provisions for Some computer crimes, some have limited provisions, and still some have no provisions at all. at (continued on next slide) Chapter 15 Forensic and Investigative Accounting 12 International Law In 2001, the Council of Europe Convention In on Cybercrime issued a model law for its member states including transactional cooperation recommendations. The Council’s model law has 48 sections for incorporation into national laws on cybercrime. into Chapter 15 Forensic and Investigative Accounting 13 Federal Statutes Related to Federal Cybercrimes Cybercrimes 18 U.S.C. 1029 Fraud and Related Activity in Fraud Connection with Access Devices Connection 18 U.S.C. 1030 Fraud and Related Activity in Fraud Connection with Computers Connection 18 U.S.C. 2701 Unlawful Access to Stored Unlawful Communications Communications Chapter 15 Forensic and Investigative Accounting 14 USA Patriot Act of 2001 The USA Patriot Act has strengthened U.S. The cyber laws and expanded cybercrime definitions. Under the Act, an activity covered by the law Under is considered a crime if it causes a loss exceeding $5,000, impairment of medical records, harm to a person, or threat to public safety. safety. (continued on next slide) Chapter 15 Forensic and Investigative Accounting 15 USA Patriot Act of 2001 Amendments made by the Act make it Amendments easier for an Internet service provider (ISP) to make disclosures about unlawful customer actions without the threat of civil liability to the ISP. liability Another revision made by the Act provides Another that victims of hackers can request law enforcement help in monitoring trespassers on their computer systems. on Chapter 15 Forensic and Investigative Accounting 16 Draft Legislation: Cybersecurity Act of 2009 Act Gives the President power to shut down the Gives Internet in case of an national emergency Internet Sets national standards for cybersecurity Sets and qualifications for cybersecurity professionals professionals The legislation is still pending. Chapter 15 Forensic and Investigative Accounting 17 State Legislation Many of the states have separately enacted Many money laundering, identity theft, online gambling, cyberstalking and other Internet statutes in their codes. Many statutes do not refer to “cybercrimes” as Many they were originally enacted when there was no Internet. Thus, legislative oversight in the acts tends to focus on “computer crimes,” “unlawful access,” or “property crimes.” “unlawful Chapter 15 Forensic and Investigative Accounting 18 Fighting Cybercrime The following list describes the skill set needed The to fight cybercrime: to – Ability to build an Internet audit trail. – Skills needed to collect “usable” courtroom Skills electronic evidence. electronic – Ability to trace an unauthorized system user. (continued on next slide) Chapter 15 Forensic and Investigative Accounting 19 Fighting Cybercrime – Knowledge base to use in recommending or Knowledge reviewing security policies. reviewing – Knowledge of the most recent computer fraud Knowledge techniques. techniques. – Basic understanding of the information that can Basic be collected from various computer logs. be – Ability to place a valuation on incurred losses Ability from attacks. from (continued on next slide) Chapter 15 Forensic and Investigative Accounting 20 Fighting Cybercrime – Technical familiarity with the Internet, web Technical servers, firewalls, attack methodologies, security procedures, and penetration testing. security – Understanding of organizational and legal Understanding protocols in incident handling to prevent employee rights violations. employee – An established relationship with law An enforcement agencies. enforcement Chapter 15 Forensic and Investigative Accounting 21 Filing Reports of Cybercrimes An investigator should know where, besides An law enforcement, such crimes can be reported. There are a number of websites that collect information about events that may be cybercrimes. cybercrimes. Chapter 15 Forensic and Investigative Accounting 22 ...
View Full Document

Ask a homework question - tutors are online