The Rise of Computer Crime

 < Day Day Up > 



Computer crime is rising sharply. According to the Computer Security Institute (CSI), the threat from computer crime and other information security breaches continues unabated and the financial toll is mounting (see computer crime survey results in Exhibits 1 and 2). In response, the FBI has established the National Infrastructure Protection Center (NIPC) as well as regional Computer Intrusion Squads located throughout the country. The NIPC is a joint partnership among federal agencies and private industry. Its aim is to prevent and respond to cyber attacks on the country's telecommunications, energy, transportation, banking and finance, emergency services, and government operations infrastructures.

Attempts to deal with computer crime are also showing up in the criminal codes, which now specify computer crimes and their corresponding sentences. A decade ago, identity theft and hacking were vague and indefinite acts. Today, they are precisely defined and subject to heavy penalties. And, the long arm of the law does not pick up hackers only in this country (for example, the originator of the Melissa virus); it has also successfully tracked down people in Canada, Indonesia, and the Philippines for computer crimes against U.S. companies. We will now take a look at two computer crime incidents, with particular attention on how the individuals were identified by using the forensics evidence resident on hard drives, which led to their eventual arrest and conviction.

Melissa

The Melissa virus was the first real celebrity cyber attack. When it struck in 1999, computers and the Internet were so much a part of everyday life that just about every media channel reported the Melissa story at length. And what a story it was. Damages from Melissa were estimated at half a billion dollars. This virus was first posted on a sex newsgroup using an AOL e-mail account. An AOL server then fed the virus to unsuspecting members of this newsgroup. They opened a file called list.zip and from that point on helped spread the virus across the United States and beyond. Once a computer was infected, the virus used Outlook to self-replicate. It e-mailed individuals in each computer's address book and incapacitated about 300 corporate networks.

To track down Melissa's creator, investigators relied on a tagging system used by AOL to identify newsgroup postings, as well as serial numbers embedded in various documents. The initial Melissa posting could be traced back to two Web sites. The FBI immediately shut these down. Both sites were linked to Melissa via an electronic fingerprint derived from a serial number found in documents created with various Microsoft Office applications. Forensics success in this case was assisted by a Microsoft document identification technology that assigns a unique serial number to files produced by Word, Excel, and other applications.

Using this data and other leads, the FBI seized a Web server in Orlando, Florida, belonging to an Internet service provider (ISP) and conducted an analysis of its contents. By this time, Melissa's creator was beginning to feel the heat and via e-mail asked a system administrator to delete his account and erase his files. This led the FBI to another ISP in New Jersey. FBI agents in New Jersey obtained a telephone number and arrived at the house of 30-year-old David Smith. Melissa, it turns out was the name of an acquaintance of Smith's — a stripper from Florida. He was jailed for five years, one of the first people ever prosecuted for spreading a virus.

I Love You

Within a few hours of being unleashed, the "I Love You" virus had spread to over 20 countries and was particularly destructive to radio stations, magazines, and advertising agencies as it targeted graphics and music files. One big publishing house, for example, lost its complete photo archives, as JPG and other graphics files were converted to ".vbs" files. The virus also spread throughout various U.S government and corporate sites. Damage estimates, taking into account lost productivity, damaged files, and the cost of updating antivirus programs, came to $10 billion worldwide. The I Love You virus spread in a manner similar to that for Melissa — via an attachment named "I Love You." When the attachment was opened, it then infected systems and spread via e-mail; however, it could replicate in not one but in three ways. In addition to spreading by e-mail attachments, it also could be spread via Internet Relay Chat (IRC) file transfers and shared drives on a network. It buried itself in the Windows directory and the system directory, and from there it modified registry keys so that on the next restart the user was sent to one of four Web pages linked to an executable containing the virus code. Any dial-up connection passwords were mailed to an e-mail address in the Philippines. In addition to creating HTML files on the hard drive to infect IRC members, it also spread to everyone in a computer's e-mail address book and destroyed music and graphics files. Unlike Melissa, which had plenty of time to spread, the FBI moved very quickly on the I Love You virus. A Philippine ISP was made to shut down access to the virus files within a few hours. Manila law enforcement agents traced those files to another Philippine ISP and eventually to a computer programming student.



 < Day Day Up > 



Server Disk Management in a Windows Enviornment
Server Disk Management in a Windows Enviornment
ISBN: N/A
EAN: N/A
Year: 2003
Pages: 197

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net