Cyber-crime: The Law and You Group F: ! Authors: Stephen Burrett, Murray Colpman, Thomas Dubosc, Dorota Filipczuk, Toby Finch, Sandeep Vyas Tutor: Dr Enrico Gerding Us! From left to right: Sandeep, Dorota, Thomas, Toby, Murray, Stephen Objectives To analyse the cost and the impacts cyber-crime can have on firms, organisations and individuals. To highlight the forms of cyber-crime which occur today. To explore the range of legislation enacted to target cyber-criminals. Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions What is Cyber-Crime? Picture source: http://dngraham.files.wordpress.com/2012/04/cyber-crime.jpg Cyber-crime is any illegal act which is committed using modern communication networks such as the internet. (Moore, 2005) Picture source: http://pyramidcyber.com/pyramid/wp-content/uploads/2012/11/Cyber-Crime1.jpg [Accessed 19 April 2013]. Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions How Big is the Impact? 93% of large corporations fell victim of cyber-crime in 2012. A cyber attack could cost a corporation up to £250,000 Picture source: http://secureworldpost.secureworldexpo.com/wpcontent/uploads/2012/04/cybercrime-freakingnewscom-1.jpg Examples Iranian oil facilities were taken offline when their computer systems were targeted by a malware attack. (BBC) Spyware can be put into QR codes. When people scan the code with their smartphones their information can be put at risk. Picture source: www.wikipedia.org Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions Data collection by mobile devices Source: http://sparkwiz.com/category/mobile/android/ “This data reveals a lot about your regular locations, habits and routines. Once such data is captured, acquaintances, friends or authorities might coerce you to disclose it. Perhaps worse, it could be collected or reused without your knowledge or permission.” (Shilton, 2009) Malware = malicious software such as viruses, Trojans, worms, adware and spyware Passwords stored in cookies Source: http://www.eliminarviruspc.com Phishing Roseth, B. (February 2013), How to avoid “phishing” scams .Retrieved from: http://www.washington.edu/news/2013/02/08/how-to-avoid-phishing-scams/ [Accessed 19 April 2013]. Social Engineering Source: https://www.avg.com.au/news/avg_smb_social_engineering_deceiving_people_not_machines/ Information is easy to find! Social network profiles Fake phone call, e. g. survey Hadnagy (2011:21) Source: http://www.securestate.com [Accessed 19 April 2013]. Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions A Brief History… In the mid-80s, British Telecom ran a service called Prestel Information such as news and an email service was sent to computer terminals In 1984 Robert Schifreen saw a Prestel engineer use a master password at a trade show He and Stephen Gold used this to browse the service, including the mailbox of Prince Philip Police charged the pair under Forgery and Counterfeiting Act 1981 They were found guilty and fined £750 and £600 respectively Things get interesting… Despite the low fines, they appealed, arguing the Forgery and Counterfeiting act had been misused They won the appeal! The Prosecution appealed to the Law Lords, who said: “We have accordingly come to the conclusion that the language of the Act was not intended to apply to the situation which was shown to exist in this case…. The appellants' conduct amounted in essence, as already stated, to dishonestly gaining access to the relevant Prestel data bank by a trick. That is not a criminal offence.” Computer Misuse Act 1990 Drafted in response to the Law Lords' ruling Contains 3 sections: 1. unauthorised access to computer material 2. unauthorised access with intent to commit or facilitate commission of further offences 3. unauthorised modification of computer material As computer is not defined, has very broad reach, from smartphones to smart toasters Maximum sentences: £5000 fine for section 1, 6 months’ imprisonment for 2 and 3. Computer Misuse Act 1990 Quoted from the act, section 1: A person is guilty of an offence if— a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured; b) the access he intends to secure, or to enable to be secured, is unauthorised; and c) he knows at the time when he causes the computer to perform the function that that is the case. The further 2 sections have other conditions, such as intent to cause damage etc. Other Laws and Organisations European Convention on Cybercrime: the first international treaty to deal with crimes including copyright infringement, fraud and network security violations Privacy and Electronic Communications (EC Directive) Regulations 2003: deals with spam by requiring prior consent before messages can be sent to an individual The Serious Organised Crime Agency (SOCA) investigates serious organised crimes online This year the UK government opened a cyber crime unit dedicated to catching cybercriminals Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions Golden rules 1. Passwords : Create complex but memorable passwords! Use more than one password. The recommended password length is 8 characters. Change the passwords on regular basis! Retrieved from: http://wulty.com, Thomas Dubosc 2. On your Mobile : Adjust your mobile phone or tablet settings so that it did NOT collect your location, passwords and browser history! If you are not using the WiFi or the bluetooth, turn it off! It is also a good idea to have an Antivirus software on your phone. Retrieved from: http://wulty.com, Thomas Dubosc 3. When browsing from any platform : Adjust your browser’s settings. Make sure it does NOT store your passwords in cookies! Cookies can store password and over personal information. Retrieved from: http://wulty.com, Thomas Dubosc 4. Against Phishing : To prevent Phishing you should pay attention to the nature of the messages. Search online on the official website if the email is not fraudulous. Limit the amount of data you share on the Internet. Do not enable others to gather sensitive information about yourself! Retrieved from: http://wulty.com, Thomas Dubosc Outline 1. Introduction - what is a cyber-crime? 2. How big is the impact? 3. How is it done? 4. The law 5. Protect yourself! 6. Conclusions Cyber-security has a huge impact on your business expenses and personal privacy. Social engineering techniques such as phishing are examples of cyber-crimes. A range of registration exists to protect and provide redress for individuals and organisations against cyber-crime and breaches of cyber-security. But all in all, it is your responsibility to take care of your personal data! Slides at upload.wulty.com/cybercrimepresentation.pptx References The internet References Brodies LLP, The Computer Misuse Act – a beginners guide http://techblog.brodies.com/2012/03/20/the-computer-misuse-act-a-beginners-guide/ [Accessed 19 April 2013]. Hadnagy, C. (2011:21) Social Engineering: The Art of Human Hacking. Indianapolis, IN: Wiley Publishing, Inc. Moore, R. (2005) Cyber crime: Investigating High-Technology Computer Crime. Cleveland, Mississippi: Anderson Publishing. Moskvitch, K. (April 2012), The world's five biggest cyber threats. BBC News [online]. Retrieved from: http://www.bbc.co.uk/news/technology-17846185 [Accessed 19 April 2013 Shilton, K. (November 2009), Four billion little brothers? Privacy, mobile phones and ubiquitous data collection. Communications of the ACM. New York: ACM. pp. 48-53. Serious Organised Crime Agency (2013), Cyber Crime. Retrieved from: http://www.soca.gov.uk/threats/cyber-crime [Accessed 20 April 2013]. UK Government, Computer Misuse Act 1990 Retrived from: http://www.legislation.gov.uk/ukpga/1990/18 [Accessed 19 April 2013]. UK Government (February 2013), Keeping the UK safe in cyberspace. Retrieved from: https://www.gov.uk/government/policies/keeping-the-uk-safe-in-cyberspace [Accessed 19 April 2013].