dacs.doc electric

 

Computer Fraud

By Lee Schwab

 

I TOOK ADVANTAGE of the opportunity to attend the Southwest Regional User Group meeting in San Diego on July 9-11, 1999. One of the best presentations I attended was by Terry Rankhorn, Special Agent, Cybercrimes Unit, FBI, San Diego. Terry's presentation was fascinating and scary. Below is some of the information he presented.

The FBI has developed a hacker profile based on their experience. The following description of a hacker lists the most common attributes first. The hacker is usually a student who uses the Internet every day, especially IRC. If the hacker has a job, it usually involves computers. He is usually quite knowledgeable of Unix. As a matter of fact, you will usually find several books on Unix in a hacker's room. The typical hacker is an adolescent white male.

Many things motivate the hacker. His curiosity pushes him to learn how to get around the Internet, firewalls, and whatever else he happens to encounter. Hackers gain prestige and bragging rights when they are able to break through a firewall or other obstacle. There is even a Website where they can post their accomplishments and gain a following. Some hackers are motivated by revenge for some perceived injustice, which they feel they have experienced. They may get the IP of the person causing the injustice and knock them off the Internet every time they get on. Because of their age, hackers are usually not motivated by politics or profit.

One of the most common targets of hackers is Internet Service Providers (ISPs) because they are easy to hack and have numerous user accounts. A hacker will break into an ISP and get one or more accounts and passwords. He may sell or trade the account information to other hackers. Unless the subscriber of the account reports a problem with the account, the hacker usually does not get caught. Most ISPs assign a different IP addresses every time you sign on, which allows anonymity for the hacker. Therefore, it is unlikely the Internet will ever be truly secure.

Other popular targets for hackers are universities, because many have powerful number-crunching computers like the Cray. This number-crunching capability helps the hacker more quickly find the key that they are looking for. The university setting provides a perfect opportunity for the hacker. Many times (especially in smaller schools) the security is lax and there are numerous user accounts.

Government and military sites are also popular targets among hackers because of the challenge, prestige, and publicity. If a hacker breaks into one of these sites, he gets big bragging rights and will probably post his accomplishment at attrition.org. Recently, it was reported that a hacker broke into the Pentagon. Terry said that what actually happened is that security was alerted that someone was trying to break through the firewall. When the hacker tried a different approach, security decided to take the system down. No breech of security was made.

If a person is denied service or experiences a perceived injustice, he may want to hack for revenge. This may require a low skill level and use of pre-made, downloaded tools. This type of hack could be called "Internet Road Rage". With wiretapping (sniffer) type hacks, a hacker uses a password sniffer to collect passwords and personal information. There are internal intrusions where the biggest threat is from within. These are different from classic external intrusions, where a remote intruder breaks into the computer.

All of the frauds that work through the mail work just as well, or perhaps even better, when using a computer. This is partly because of the feeling of anonymity on the part of the person committing the fraud and partly because people are sometimes embarrassed to admit that they were ripped off (especially at X-rated sites). Terry told a story about a man who advertised a projector for sale at one of the Internet auctions. Several people bid on the projector, and the auction site gave the seller the contact information for the top bidders. The seller then contacted each of the prospective buyers and told them that the person above them had dropped out of the bidding and that they had won the bid. The seller received checks from several people, but none of the buyers received a projector. Was there ever a projector for sale? Who knows? The good news is that the seller was caught.

Pyramid schemes are a popular type of fraud on the Internet. You put your name at the bottom of a list and send each person on the list above you $5. There is almost no chance that you will recover your money. Plus, you may have provided your e-mail information to a hacker. The same threat holds true for advance fee schemes. For example, you send $19.95 to have your credit history repaired. You do not need to pay a fee to repair your credit and you may have given a hacker access to your e-mail.

Hackers can be prosecuted for mail fraud (Title 18, Section 1341) or wire fraud (Title 18, Section 1343). Wherever hackers or anyone else goes on the Internet, they leave a trail that can be followed by a savvy investigator. However, the investigator has to be alerted that there is a crime to investigate.

If you use a cable modem or are connected to the Internet all the time, be aware of who is accessing your computer. Terry gave an example of a friend who networked two computers in his home and uses a file server. Terry was easily able to look at the files on his friend's computer and could have caused major damage. Instead, he sent a message that appeared on his friend's monitor. What a scary wake-up call!

This only scratches the surface of what Terry covered during his presentation. The bottom line is, Use good common sense when using the Internet. If you feel you are at risk, you can download a shareware firewall from nukenabber.com. Happy surfing!


Published in the August 1999 issue of the dVINE Blues Napa Valley PC User's Group. This article is brought to you courtesy of DACS membership in the Association of Personal Computer User Groups belongs. Lee Schwab has been an active member of the Napa Valley PC User's Group for many years and was an officer for ten years. She served as Editor of the dVINE Blues newsletter (7.5 years), President, Vice President, Publicity, Public Relations, Evaluations Coordinator, and Program Chair. PCs play an integral part of Lee's busy life outside the NVPCUG. She is the President and Chairwoman of the Board for the CyberMill, a nonprofit 501(c)(3) organization where people (especially at-risk youth) learn to use technology. She uses her PC to evaluate and track her extended family's investments and make stock trades. Lee feels very fortunate to work in areas that she likes (computing, investing, and volunteering) and will always be challenged and in learning mode.

BackHomeNext