Cybercrime investigations
Learning Outcomes: At the end of the assignment, students should be able:
• To understand the type and nature of cybercrimes committed in world.
• To understand how these crimes will be investigated under different laws where they are committed.
Crime 1: Ashley Madison Hacking Incident
On July 12, 2015, Ashley Madison employees logged on to their computers only to find a message informing them that the site had been hacked. The hackers, who called themselves the Impact Team, claimed that they would release customer data unless Ashley Madison and Established Men were shut down. A week later the Impact Team posted the warning on Pastebin, and the next day Ashley Madison announced that it had been the victim of a hacking incident.
Ashley Madison had a choice to make. It could bow to hackers' demands to shut down, or it could refuse and take the chance that the hackers would release customer data to the public through the Internet. Unsurprisingly, Ashley Madison refused to capitulate to hackers' demands. Instead, it increased its security controls and worked with law enforcement to locate the hackers. According to Biderman, law enforcement was hot on the trail of the hacking culprits. However, the hackers already had information on millions of Ashley Madison users. On July 22 data from two Ashley Madison users were leaked. The Impact Team gave Ashley Madison 30 days to give in to their demands. On August 18 the message TIME'S UP was posted on Pastebin, and the Impact Team released 10-gigabytes of information pertaining to user emails.
The data was found to be legitimate after some of the Ashley Madison users whose data were leaked confirmed that they were customers. On August 20 the Impact Team dumped mostly internal data including emails by Noel Biderman. On August 23 the Impact Team made a third data dump. In all information from 32 million users was posted on the Internet. This included transaction details that spanned from seven years before the incident. While many users used fake email addresses and pseudonyms on the site, credit card details that were posted gave clues as to identify the person. Included among the dump emails were government issued emails.
The biggest motive the hackers gave for their actions is that Ashley Madison builds its business on the pain of others and should not be condoned. It accused Established Men, which allowed older men to look for beautiful young women to date, of encouraging prostitution and human trafficking. Comments from the hackers also suggest they were angry about Ashley Madison's claims to be a secure site. The hackers allege that it was incredibly easy for them to hack into the site and that any claims of security were false.
Ashley Madison and law enforcement heavily criticized the criminal actions of the hackers. Ashley Madison announced a $500,000 ($377,000 USD) reward for anyone with information on the hackers. It reassured users that no credit-card numbers were posted. Despite this fact, a class- action lawsuit was filed against Ashley Madison.
The Ethics of Asley Madison:
It is clear that many people view Ashley Madison as a moral outrage. Conservative television host Sean Hannity blasted Noel Biderman on his show for founding a "pimping" service. The hackers themselves called those that use Ashley Madison "cheating dirtbags."
On the other hand, cheating on one's spouse or partner is not illegal, and others believe that Ashley Madison has the right to promote a service that does not violate laws, despite the ethics involved. Certainly the wide-scale growth of Ashley Madison membership and use of its services demonstrate consumers' willingness and acceptance to use the site. Biderman continues to maintain that his site does not create infidelity, using an analogy of how a divorce lawyer does not cause people to divorce. There is also no question that consumers are often fascinated by "taboo" subjects such as adultery. After the Noel Biderman interview featured on Sean Hannity's show, Ashley Madison claims that 42,000 people signed up in one day.
The ethicalness of the hackers' actions are also called into question. Although the hackers committed the act based on moral grounds, what they did was clearly illegal and constitutes theft. Law enforcement is actively investigating the hack to try to track down those involved. Many of those who dislike Ashley Madison might find it hard to sympathize with an illegal act done to ruin a company when those actions cause pain to the families involved.
In terms of the information that hackers were able to access, Ashley Madison had taken some precautions. For instance, it did not store entire credit numbers in its database. It also hashed user passwords rather than storing them as plain text, making it somewhat harder for hackers to decipher them. However, the company did store personally identifiable information that hackers were able to obtain, including IP addresses. These IP addresses would later reveal email addresses that were connected to members of Congress, law enforcement agencies, and other government officials. This failure to exercise additional security has prompted a class-action lawsuit against the firm.
Answer the following Questions related to above discussed cybercrime case:
Q1. Did Ashely Madison Commit a Fraud?
Q2. If yes write down the reasons and give suitable justifications for it?
Q3. Should Ashley Madison be held accountable for the hacking incident? If so, for what should it be held accountable?
Q4. Do you believe people are more likely to condone the hacking behind the scandal due to Ashley Madison's reputation? Why or why not?
Crime 2: Stuxnet Worm Attacks Iran, Who is Behind It?
The Stuxnet worm has already infected 30,000 IP addresses in Iran and is still mutating, according to Monday press reports. "The attack is still ongoing and new versions of this virus are spreading," Hamid Alipour, deputy head of Iran's Information Technology Company, was quoted as saying by IRNA, Iran's official news agency, AFP reported.
Stuxnet, a joint U.S.-Israel project, is known for reportedly destroying roughly a fifth of Iran's nuclear centrifuges by causing them to spin out of control. Stuxnet was created for Siemens supervisory control and data acquisition (SCADA) systems, which control water supplies, oil rigs, power plants, and other industrial facilities. Iranian authorities have denied that the country's Bushehr nuclear plant was targeted, AFP said, though Computerworld reported that while some computers at the facility were infected, none were in control of crucial control systems.
Stuxnet appears to be more than just another malware attack or another targeted attack. Many believe that it is a government-sponsored attack against Iran's nuclear facilities. Stuxnet first came to our attention as the first attack using Microsoft Windows Shortcut 'LNK/PIF' vulnerability. German security firm Langner called it the "hack of the century." Roel Schouwenberg of Kaspersky also said it was groundbreaking.
Answer the following Questions related to above discussed cybercrime case:
Q1. Explain the type and nature of crime committed above? Explain about Stuxnet worm and its working and how it damages the assets?
Q2. Write down the reasons why this crime was committed and who committed it?
Q3. Write down the steps involved after applying a systematic approach to investigate this crime and also what were the main causes and intentions behind this crime?
Individual Deliverables
1. Investigate crime 1 and answer all questions given?
2. Investigate crime 2 and answer all questions given?
3. Explain the whole Forensics process applied to both cybercrimes to justify that they were committed and they damaged the victims?
• Your report(s) must combine all the deliverables in one coherent document.