290 likes | 575 Views
Computer Forensics BACS 371. Applicable Laws and Statutes . Outline. Basics of Computer Crime Relevant Laws & Statutes Pen/Trap Statue Federal Wiretap Act Electronic Communications Privacy Act (ECPA) Privacy Protection Act Foreign Intelligence Surveillance Act (FISA)
E N D
Computer ForensicsBACS 371 Applicable Laws and Statutes
Outline • Basics of Computer Crime • Relevant Laws & Statutes • Pen/Trap Statue • Federal Wiretap Act • Electronic Communications Privacy Act (ECPA) • Privacy Protection Act • Foreign Intelligence Surveillance Act (FISA) • Computer Fraud & Abuse Act (CFAA) • U.S. Patriot Act
Categories of Computer Crime1 • A computer can be the object of a crime • A computer can be the subject of a crime • The computer can be used as the tool for conducting or planning a crime • Includes… compromising a computer and using that computer as a source for further attacks • The symbol of the computer itself can be used to intimidate or deceive • The most significant omission, according to Casey, is computers as sources of digital evidence 1from Donn Parker as described in Eoghan Casey, Digital Evidence and Computer Crime
USDOJ Categories1 • Hardware as Contraband or Fruits of a Crime • Hardware as an Instrumentality • Hardware as Evidence • Information as Contraband or Fruits of a Crime • Information as an Instrumentality • Information as Evidence 1 US Dept of Justice, Search and Seizure Guidelines Document
Categories of Computer Crime • Computers as targets • Computers as storage devices • Computers as communication tools Same ole stuff, but computers are involved!!
Computers as Targets • Viruses and worms • Trojan Horses • Theft of Data • Software Piracy • Trafficking in stolen goods • Defacing Corporate web sites
Computers as Means • Embezzlement • Stalking • Gambling • Pornography • Counterfeiting • Forgery • Theft • Identity theft • Phishing • Pyramid schemes • Chain letters
Computers as Storage • Drug trafficking • Book making • Burglary • Homicide • Child pornography
Web Related Crime • Cyber-squatting • Internet gambling • Cyber stalking and harassment • Child pornography • Drug dealing • Cyber terrorism • Cyberplanning
Laws and Statutes • As criminals devise new ways to use computers for crime, the justice system attempts to keep up by making new laws. • These laws generally lag behind the innovations of the criminals. • The following are the major laws and statutes used to fight cyber crime.
Pen/Trap Statute • Governs the collection of non-content traffic data, such as numbers dialed by a particular phone. • Section 216 updates the statute in three ways: • Law enforcement may use pen/trap orders to trace communications on the Internet and other networks • Pen/trap orders issued by federal courts have nationwide effect • Law enforcement must file special report when they use a pen/trap order to install their own monitoring device on computers belonging to a public provider
Title III of the Omnibus Crime Control and Safe Streets Act of 1968 • AKA “Federal Wiretap Act” 18 USC § § 2510-2522 • Covers illegal interception of voice and e-communications in real-time as they traverse networks. • Protects against unauthorized interception of communication • Delineates specific requirements for wiretapping: • Requires probable cause • Requires court approval • Requires that alternative avenues be exhausted • “Innocent” conversations must be excluded • Requires disclosure of surveillance upon conclusion of investigation
Electronic Communications Privacy Act of 1986 The ECPA (18 USC §§ 2701 – 2712)deals primarily with stored computer files that have been transmitted over a network. 3 main categories are covered: • Communications (e-mail, voicemail, other files) • Transactional data (logs of who called who) • Subscriber/session information • Basically, it amended Title III of the Wiretap Act to extend to different types of electronic communications (including e-mail).
Electronic Communications Privacy Act of 1986 • Title I • Statutory procedures for intercepting wire, oral, and electronic communications • Extended to digital communications and non-common carrier communications • Title II – Stored Communications Act • Protects communications not in transmission which have been stored in some way • Title III • Provides for law enforcement monitoring of electronic communications
Requirements Under Title III • Must be authorized by Federal District Court Judge • Must demonstrate probable cause – with specifics • Must identify previous attempts at evidence collection and indicate why unsuccessful • Generally limited to 30 days • Progress reports must be issued every 7-10 days • Surveillance must be terminated when objective is met • Subjects must be notified when surveillance terminated • Service providers must cooperate with authorities possessing a valid court order • Any party to an illegal interception may be charged with a Federal offense punishable by 5 years in prison and/or fine
ECPA Information Categories Less difficult to acquire • Basic Subscriber Information • Name, address, telephone connection records, length of service, subscriber identity, means and sources of payment • Records Pertaining to a Subscriber • Account logs, cell site data, e-mail addresses, … • Contents • Actual files stored in the account • “Electronic Storage” contents for ECS providers • Contents stored by RCS providers • Contents held by neither More difficult to acquire
ECPA Mechanisms for Government Entity to Compel Disclosure • Subpoena • Basic Subscriber information • Subpoena with Prior Notice • Opened e-mail • Court Order • Account logs and transactional records • Court Order with Prior Notice • Everything in an account except for unopened e-mail • Search Warrant • Full contents of account • No notice to subscriber required Less difficult to acquire More difficult to acquire
Privacy Protection Act of 1980 • PPA (42 USC § 2000) • Unlawful for local, state, or Federal law enforcement authorities to search or seize those materials which may be publishable • Expand the 1968 Wiretap Act to include electronic bulletin boards • Protects • “work product” including impressions, conclusions, opinions, or theories • “documentary materials” including mechanically, magnetically, or electronically recorded cards, tapes or discs
Privacy Protection Act of 1980 • Matters when search may result in seizure of 1st Amendment materials (publishing, …) • “Congress probably intended the PPA to apply only when law enforcement intentionally targeted First Amendment material that related to a crime.” • Incidental seizure of PPA-protected material commingled on a suspect’s computer with evidence of a crime does not give rise to PPA liability. • However, subsequent search of such material was mostly forbidden
Foreign Intelligence Surveillance Act (FISA) of 1978 • Regulates wiretaps in national security cases • Broader than Title III • Allows more invasive searches • Lower probable-cause threshold • Differences • No requirement to disclose content or existence of surveillance • No protection for non-US citizens • For citizens, probable cause that criminal activity engagement is required • For others, suspicion of criminal activity is not required
Computer Fraud and Abuse Act • Computer Fraud and Abuse Act (CFAA) • First law to address computer crime in which the computer is the subject of the crime • First law that does not have an analog to traditional crime • CFAA has been used to prosecute virus creators, hackers, information and identity thieves, and people who use computers to commit fraud
Computer Fraud and Abuse Act of 1986 • Originally, very narrow in scope and not very effective • Makes it… • A felony to knowingly access a computer without authorization, or in excess of authorization, in order to obtain classified United States defense or foreign relations information. • A misdemeanor to knowingly access a computer without authorization, in excess of authorization, in order to obtain information contained in a financial record of a financial institution or in a consumer file of a consumer reporting agency. • A misdemeanor to knowingly access a computer without authorization, or in excess of authorization, in order to use, modify, destroy, or disclose information in, or prevent authorized use of, a computer operated on behalf of the United States if such conduct would affect the government’s use of the computer. • The Act also made it a crime to attempt to or conspire to commit any of the three acts defined above.
Computer Fraud and Abuse Act of 1986 - Revised Original Act was modified to include: • Federal Interest Computer – expanded to include any computer which is used in interstate or foreign commerce or communications • Expanded criminal intent from “knowingly” to “intentionally” • Made it a misdemeanor to gain unauthorized access to • financial information from any financial institution or credit reporting agency, • any information in the possession of the government, • any private information where the defendants conduct involved interstate or foreign commerce • A felony if the activity involved an expectation of gain or if the offense was in the furtherance of another crime • Current Act protects computers involved in Interstate commerce or communication, Federal Interest, Government computers • Illegal actions included theft, destruction, or corruption of sensitive information
Computer Fraud and Abuse Act of 1986 – Further Amendments • 1988 • Protections expanded to include all FDIC-insured institutions • 1990 • Expanding protections to foreign banks • 1994 • Developed three levels of intent • Intentional – did it on purpose • Reckless – should have known better • Negligent – you were careless, but didn’t mean to • Incorporated provisions for Denial of Service (DoS) attacks and potential harm to systems or components
USA PATRIOT Act1Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Greatly broadened FBI’s authority to gather electronic evidence • Allows: • Intercept voice communications in computer hacking cases • Trace communications on the Internet • Subpoena for cable company records • Intercept communications of computer trespassers • ISPs can disclose content and non-content information in emergency situations • Nationwide search warrants for e-mail • “Sneak & Peek” – Permits investigator to delay notification of “search” • Establishment of Regional Computer Forensic laboratories 1http://www.usdoj.gov/criminal/cybercrime/PatriotAct.htm