FCM 740 Syllabus
Course overview The course will begin with a brief survey of the cyber crime landscape. This should take the first few weeks. Students then will select an area of cyber crime to investigate and will report on their findings each week. They should bring to the attention of the class any significant papers or information they come across so we can benefit from each others’ investigations. Throughout the semester the instructor will provide materials and lecture on technical areas, especially those that involve knowledge discovery tools. Since we are a small group, the class will be conducted for the most part as a research seminar rather than a regular lecture course.
Student Research Project Each student will examine and report in-detail on a particular category of cyber crime or a system exploit that makes a particular type of cyber crime possible. Students will be aware of the current capabilities available to detect, deter and investigate that type of crime. In addition, each student should suggest changes to systems, infrastructure architectures, security policies and mechanisms that will help deter the criminal activity. Where appropriate, they also should suggest new legislation or changes to existing legislation. The deliverable is a report due at the end of the semester that provides an up-to-date summary of the criminal activity or exploit. The report should outline the most promising approaches for countering that activity or exploit.
Course Topics After several weeks of reviewing the cyber crime landscape, each student has agreed to investigate one of the following topics. Lists of relevant papers and web sites for each topic appear under the Resources Link on the course home page. These lists will be updated throughout the course. Here is a brief description of each topic.
I. The Cybercrime Landscape (The Big Picture) What is cyber crime? What risks does it pose? What makes it possible? This paper attempts to answer these questions. In addition, it explores the migration of traditional crime e.g., fraud, extortion and theft, to cyber space. It also examines how cyber criminal activity has changed from an individual activity motivated largely by proof-of-concept to a highly organized criminal activity motivated by profit. In addition, the section examines the maturing nature of cyber crime, .e.g., the growth of a cyber crime service industry that makes available a range of fee-based services such as custom hacking, e-commerce sites to launder money, and computational/communication facilities for large scale cyber criminal activity that includes spamming and phishing. The paper also explores the differences between real world and cyber crime.
II. Phishing and Spoofing The paper will explore how deceptive e-mails and web site spoofing are used to commit fraud. It will describe in detail the communication infrastructures employed in these activities. It also will examine methods and tools to detect and investigate phishing and spoofing as well as security and organizational polices to deter them.
III. SPAM, Adware and Spyware This paper examines the use of e-mail for commercial solicitation that is unlawful under the CAN-SPAM of 2003 (U.S. Code Title 18, Section 1037) and the Computer Fraud and Abuse Act (U.S. Code Title 18, Section 1030). It also examines aggressive solicitation that imposes exceptional costs on computer users or has as its aim the compromise of systems and privacy.
IV. Privacy, Identity Theft and Identity fraud This paper examines the current state of identity fraud and identity theft. The section pays particular attention to the rise of the data aggregation industry and its impact on personal data security. The section looks at key enabling technologies that are employed for data collection, sharing and analysis. It also attempts to characterize identity theft victims and criminals. Finally, the paper will explore both government and private efforts to address identity fraud.
V. Cybercrime Infrastructures and Exploits This paper examines the main mechanisms for distributing crimeware, a form of malware (e.g., a virus, worm or Trojan) that is used for the commission of a crime. It also will examine key computational capabilities available to cyber criminals, e.g. BotNets, and the technologies that underlie these capabilities. The paper also will explore how anonymity and lack of accountability in the Internet allow criminals to conceal the source of nefarious activity. Finally, the section will explore solutions to deter cyber criminal activity and examine how solutions impact system usage, system cost and privacy.
VI. Privitization of Cybercrime Detection and Enforcement This paper looks at a rapidly growing industry that offers consumers, businesses and government organizations information on and protection from cyber criminal activities. For example, it reviews some of the services offered and techniques employed by security and forensic companies to detect and analyze system break-ins. It examines financial service companies that monitor fraud within the credit industry through the use of high performance computing and data mining. In addition, it discusses the increasing dependence by law enforcement on the private sector for information, analysis and the wide range of technical solutions needed to address cyber criminal activity.