Unformatted text preview: tronic Communications Interception and
Interception of Oral Communications
• 18 USC 2701 et seq.: Stored Wire and Electronic Communications and
Transactional Records Access
• The Digital Millennium Copyright Act
• The Cyber Security Enhancement Act of 2002
NOTE You do not need to know these laws for the CISSP exam; they are
just examples. Complexities in Cybercrime
Since we have a bunch of laws to get the digital bad guys, this means we have this whole
cybercrime thing under control, right?
Alas, hacking, cracking, and attacking have only increased over the years and will
not stop anytime soon. Several issues deal with why these activities have not been properly stopped or even curbed. These include proper identification of the attackers, the
necessary level of protection for networks, and successful prosecution once an attacker
Most attackers are never caught because they spoof their addresses and identities
and use methods to cover their footsteps. Many attackers break into networks, take
whatever resources they were after, and clean the logs that tracked their movements and
activities. Because of this, many companies do not even know they have been violated.
Even if an attacker’s activities trigger an intrusion detection system (IDS) alert, it does
not usually find the true identity of the individual, though it does alert the company
that a specific vulnerability was exploited.
Attackers commonly hop through several systems before attacking their victim so
that tracking them down will be more difficult. Many of these criminals use innocent
people’s computers to carry out the crimes for them. The attacker will install malicious
software on a computer using many types of methods: e-mail attachments, a user downloading a Trojan horse from a web site, exploiting a vulnerability, and so on. Once the
software is loaded, it stays dormant until the attacker tells it what systems to attack and ch10.indd
ch10.indd 849 12/4/2009 11:39:05 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 CISSP All-in-One Exam Guide 850
when. These compromised systems are called zombies, the software installed o...
View Full Document
- Fall '12