SlideShare a Scribd company logo

ILG CERT Presentation Final

Download as PPT, PDF
Jon Praed
Jon Praed

This document discusses strategies for using civil litigation to combat cybercrime by targeting the enablers of cybercriminal activities. It argues that cybercrime resembles an online riot and recommends applying proven riot control strategies such as establishing rules, monitoring events, intimidating enablers en masse through legal notices, targeting leaders through lawsuits and asset seizures, and dispersing smaller actors. The goal is to consolidate criminal activities around "black hat" enablers to simplify enforcement efforts or disperse them to leverage corporate resources against enablers. Early targets would receive light enforcement while surviving leaders face heavier legal actions.

1 of 35
Using Civil Litigation to Fight Cyber Threats: How Corporate America Can Stop Enabling Cyber Crime May 2, 2008 Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com
2 What ILG Does • Target major Internet fraudsters attacking multiple corporate victims • Capture “fingerprints” tied to Internet fraud • Aggregate “fingerprints” • Use investigative and legal process to identity fraudsters, their assets & their enablers • Formulate strategic solutions against fraudsters • Leverage information across client base • Current lawsuit focusing on pharmacy spam
3 The Real Scope of Cyber Crime • Illegal Business (willing buyer and seller) – Counterfeit and pirated goods – CP & obscenity – Fake IDs, passports & identity papers – $ almost always changes hands • Fraudulent Business (regretful buyer/seller) – Scams, phishing, malware injection – $ usually changes hands (eventually) • Traditional Economic Crimes (unwilling single party) – Extortion, blackmail (HD encryption & physical threats) – $ typically changes hands • Terrorism & Acts of War (unwilling multiple parties) – Estonia DDoS – $ rarely changes hands
4 Cyber Crime Looks Like Normal Business • Communications • Movement of hard goods • Movement of money
5 Defining the Strategy Against Cyber Crime • DHS Secretary Chertoff, RSA Conf. April 2008 • “Large-scale cyber attack might result in consequences comparable to the Sept. 11, 2001, attack on the World Trade Center buildings in New York” • Calls for Cyber “Manhattan Project” • US Gov’t to reduce Internet access points from 4,000 to 50
6 Cyber Manhattan Project = Wrong Analogy • Manhattan Project’s Objective – Build a small number of working nuclear bombs to be deployed offensively – “Silver Bullet” to force Japan’s surrender • Today’s Cyber Crime Objective? – Defensive, not offensive – No unitary enemy to surrender to us – “Silver bullet” solutions seem unlikely
7 Characteristics of Cyber Crime Problem • Massive initial data set • Most individual acts are trivial standing alone • Architecture inherently insecure • Bad actors cover spectrum of dedication/sophistication – Most actors are juveniles, newbies, part-timers – But most harm caused by sophisticated, full-time experts • “Innocents” populate the battle space • Government LE resources overwhelmed • Private sector resources inefficiently directed • Victims feel powerless and prefer to free ride
8 If Cyber Crime = Online Riot, Then Shouldn’t Our Strategy Look Like... Riot Control
9 Five Proven Strategies To Fight Physical Riots* 1. Establish the ground rules in advance 2. Monitor events 3. Intimidate en masse 4. Stop the leaders 5. Disperse the crowd *http://people.howstuffworks.com/riot-control.htm
10 Even Simple Monitoring Shows: It’s a Small World – in Cyberspace paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Phish
11 It’s a Small World – in Cyberspace 200soft.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Phish Pirated Software
12 It’s a Small World – in Cyberspace 200soft.com elitezmed.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Pirated Software Phish Counterfeit Drugs
13 It’s a Small World – in Cyberspace 200soft.com elitezmed.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Over 600 Domains in 1Q 2007
14 Deeper Monitoring Shows Real Aggregation around Enablers: Illegal Online Pharmacies Case Study • 30,000+ domain names over 18 months – 90% tied to <200 OLP “Brands” – All have credit card merchant accounts – Most tied to just a few credit card acquiring banks (Russia & St. Kitts) – All have consumer credit cards/bank accounts – All have access to call centers (many toll free) – Most have access to known drug manufacturers in Asia – Must are using handful of Chinese Registrars to acquire domains – Limited number of emails in WhoIs registrations and email hosts – Spam-sending IP’s in 7 figures; BUT harvesting IP’s only ~20,000 • ~12 Gangs responsible for >80% of activity • Highly diversified into phish, pirated software, other cyber crimes • Identity of gangs is contained in collective filing cabinet of Corporate America
15 Bad Guys Seek Enablers "The Capitalists will sell us the rope with which we will hang them." – Vladimir Lenin
16 Bad Guys Reward Enablers "The Capitalists will sell us the rope with which we will hang them." – Vladimir Lenin “The last Capitalist we hang shall be the one who sold us the rope.” – Karl Marx
17 Why Cyber Criminals Seek Enablers… • Essential Services – Financial services – Shipping – Communications • False or no identity • Poor reputation systems • Slow Discovery (hidden behind strong, unitary privacy policies) • Dispersed “fingerprints”
18 The Enabler in the Mirror • We nearly all sell rope to bad guys • We are nearly all victims too • Stages of Enablement – Innocent – Negligent – Reckless – Knowing – Intentional
19 Putting a Stop to Enablement • We must use carrots & sticks against those who sell rope to bad guys • Key to Success: Intelligent Cost Shifting – Shift micro costs first, then macro costs • Purpose of cost-shifting is to clear middle of the room of innocents (& reduce risk of collateral damage)
20 Carrots • Data sharing • Cooperative enforcement actions • Reduced costs arising from security & trust • Identify castle walls and make life better inside the walls than outside the walls
21 Sticks • Challenge others – to act on their own data – to share their own data – to identify and seek missing data • Impose obligation to act via legal notices • Pursue legal liability for failure to seek, share and act on data – Contractual liability (direct and third party beneficiary) – Regulations (e.g., Bank Secrecy Act) – Common law tort liability • Focus first on co-conspirators • Focus second on cheapest cost avoiders • Watch for decision in Tiffany v. eBay (SDNY, #04-4607)
22 The “Death Spiral” • Cost-shifting is a tactic, NOT a strategy • Non-strategic plaintiffs lawyers – Do not monitor anonymous problems – Do monitor deep pockets, waiting to pounce – seek low-lying fruit • Non-strategic actions hurt – merely shift costs between victims – deprive us of resources for strategic actions – Lead to Death Spiral
23 Avoiding the Death Spiral • Anticipate legal notices and lawsuit threats • Data mine inbound notices & subpoenas that seek information from you • Share data with co-victims voluntarily • Seek missing data proactively • Challenge other enablers to act • Ensure your privacy policy distinguishes between abusive and valued customers • Surcharge for abusive practices of customers • If you profit from steady state abuse, raise your prices and isolate your acts of enablement until abuse falls
24 Value of Strategic Civil Actions • Private sector already has all the information • Self-defense is an intuitive right (legal “safe harbors” are everywhere) • Seamless information gathering across borders • Joint prosecution agreements enable voluntary data sharing • Strong legal privileges protect cooperating parties – Attorney work product privilege – Attorney-client communications privilege • Subpoena power compels reluctant enablers to share data • Unlike LE, victims can receive immediate feedback from civil discovery • Empowers self-help and technical improvements (what borders do you see?) • Average costs per action are lower than criminal actions • Encourages development of best practices among enabler communities • Establishes and preserves evidence of intentional enablement • No right to court appointed defense counsel - costs of defense are significant and immediate • Fifth Amendment rights are limited and are penalized in civil arena • Civil laws permit discovery under seal, John Doe discovery, pre-judgment seizure of assets, repatriation based on citizenship • Participants are inoculated against Death Spiral • Judiciary and LE retain control over conflicting civil and criminal actions • Leverage LE resources
25 Applying Riot Control Strategy through Civil Litigation Riot Control
26 Cyber Crime = Online Riot* 1. Establish the ground rules in advance 2. Monitor events 3. Intimidate en masse 4. Stop the leaders 5. Disperse the crowd *http://people.howstuffworks.com/riot-control.htm
27 Cyber Crime = Riot 1) Establish the ground rules in advance - Internet acceptable use policies - State and federal laws - International law / cooperation
28 Cyber Crime = Riot 2) Monitor events - Collect samples - Capture Internet fingerprints - Systematically identify “Hot Spots” - Obtain feedback from “Hot Spots” - Penetrate financial systems through undercover buys - Share information within enforcement community
29 Cyber Crime = Riot 3) Intimidate en masse – Legal Notices to “Hot Spots” Providing Material Support • Preserve Information • Investigate • Enforce AUP • Report on Outcome of Investigation & Identity – Subpoena Non-Cooperative “Hot Spots” via strategic John Doe civil lawsuits
30 Cyber Crime = Riot 4) Stop the leaders – Target the top offenders for investigative focus – Civil lawsuits/asset seizures – Criminal referrals – Extra-legal actions – Technical responses
31 Cyber Crime = Riot 5) Disperse the crowd – Encourage marginal actors to exit the business – Force committed criminals to: • consolidate around “black hat” enablers, or • disperse across “white hat” enablers
32 Consolidation or Dispersion: Do We Care? • Consolidation around black hats – Simplifies cost-shifting – Enables blunt enforcement tools – Creates borders • Dispersion around white hats – Leverages our resources – Increases reporting opportunities – Enables immediate enforcement actions
33 Cyber Crime = Riot Numerous Early-Stage Actors Receive Light Touches Top Surviving Targets Receive Heavy Touches
34 Opportunities For Progress? • Online pharmacies – Huge profits from counterfeiting fund illegal enterprises – Patent protections at risk (yet another Death Spiral) • Money laundering mechanisms – Highly regulated and jurisdictionally divided – Bad guys already consolidated around a few enablers • Registrars (.flag) – Must get beyond privacy v. security debate – Privacy rights should be subject to forfeiture and financial penalties in cases of abuse – Technology must distinguish between registrars & .flags • Botnets – Focus on botnet customers/lessees • Telco call centers • Other areas where technology & law can create & defend borders?
Using Civil Litigation to Fight Cyber Threats: How Corporate America Can Stop Enabling Cyber Crime May 2, 2008 Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com

Recommended

An Internet of Governments
An Internet of GovernmentsAn Internet of Governments
An Internet of GovernmentsRobbie Mitchell
 
Cybercrime an international-crisis
Cybercrime an international-crisisCybercrime an international-crisis
Cybercrime an international-crisistamiuthomas
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesAdam Thierer
 
Pls 780 week 9
Pls 780 week 9Pls 780 week 9
Pls 780 week 9Michael Germano
 
Thierer Internet Privacy Regulation
Thierer Internet Privacy RegulationThierer Internet Privacy Regulation
Thierer Internet Privacy RegulationMercatus Center
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 
Chapter 16
Chapter 16Chapter 16
Chapter 16glickauf
 
Pls780 week 2
Pls780 week 2Pls780 week 2
Pls780 week 2Michael Germano
 

Recommended

An Internet of Governments
An Internet of GovernmentsAn Internet of Governments
An Internet of GovernmentsRobbie Mitchell
 
Cybercrime an international-crisis
Cybercrime an international-crisisCybercrime an international-crisis
Cybercrime an international-crisistamiuthomas
 
Privacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesPrivacy & the Internet: An Overview of Key Issues
Privacy & the Internet: An Overview of Key IssuesAdam Thierer
 
Pls 780 week 9
Pls 780 week 9Pls 780 week 9
Pls 780 week 9Michael Germano
 
Thierer Internet Privacy Regulation
Thierer Internet Privacy RegulationThierer Internet Privacy Regulation
Thierer Internet Privacy RegulationMercatus Center
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 
Chapter 16
Chapter 16Chapter 16
Chapter 16glickauf
 
Pls780 week 2
Pls780 week 2Pls780 week 2
Pls780 week 2Michael Germano
 
Integrating technology1
Integrating technology1Integrating technology1
Integrating technology1mjsmith2505
 
Cyber Dangers
Cyber DangersCyber Dangers
Cyber DangersNikki Sorrell
 
[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent it[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent itHeitor Vital
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPTAnshuman Tripathi
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 
Cyber crime Introduction
Cyber crime Introduction Cyber crime Introduction
Cyber crime Introduction Vinil Patel
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 
Chapter14
Chapter14Chapter14
Chapter14SUNY Ulster
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobstInfinIT - Innovationsnetværket for it
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Investments Network marcus evans
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Hacking
HackingHacking
HackingFarkhanda Kiran
 
Hacking
Hacking Hacking
Hacking Farkhanda Kiran
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityHelen Dixon
 
Crime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspectiveCrime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspectiveBenjamin Ang
 
Chapter5.ppt
Chapter5.pptChapter5.ppt
Chapter5.pptAaishAiman
 
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...Christopher Allen
 

More Related Content

Viewers also liked

Integrating technology1
Integrating technology1Integrating technology1
Integrating technology1mjsmith2505
 
[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent it[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent itHeitor Vital
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityDipesh Waghela
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 
Cyber security
Cyber securityCyber security
Cyber securitySiblu28
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime pptMOE515253
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security pptLipsita Behera
 

Viewers also liked (10)

Integrating technology1
Integrating technology1Integrating technology1
Integrating technology1
 
Cyber Dangers
Cyber DangersCyber Dangers
Cyber Dangers
 
[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent it[UniInfo 2014] Cost of cyber crime and how to prevent it
[UniInfo 2014] Cost of cyber crime and how to prevent it
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Similar to ILG CERT Presentation Final

Cyber crime Introduction
Cyber crime Introduction Cyber crime Introduction
Cyber crime Introduction Vinil Patel
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Investments Network marcus evans
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasUISGCON
 
Crime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspectiveCrime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspectiveBenjamin Ang
 
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...Christopher Allen
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Attorney Ray Richards White collar Theory Trial Lawyer Application
Attorney Ray Richards White collar Theory Trial Lawyer ApplicationAttorney Ray Richards White collar Theory Trial Lawyer Application
Attorney Ray Richards White collar Theory Trial Lawyer ApplicationAttorney Ray Richards
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageMarin Ivezic
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterJose L. Quiñones-Borrero
 

Similar to ILG CERT Presentation Final (20)

Cyber crime Introduction
Cyber crime Introduction Cyber crime Introduction
Cyber crime Introduction
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015
 
Chapter14
Chapter14Chapter14
Chapter14
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobst
 
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
Security and Crypto-currency: Forecasting the Future of Privacy for Private I...
 
Ajeet Singh - The FBI Overseas
Ajeet Singh - The FBI OverseasAjeet Singh - The FBI Overseas
Ajeet Singh - The FBI Overseas
 
Hacking
HackingHacking
Hacking
 
Hacking
Hacking Hacking
Hacking
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Crime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspectiveCrime sensing with big data - Singapore perspective
Crime sensing with big data - Singapore perspective
 
Chapter5.ppt
Chapter5.pptChapter5.ppt
Chapter5.ppt
 
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
Forging Self-Sovereign Identity in the Age of the Blockchain - Christopher Al...
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
 
Money Laundering Presentation
Money Laundering PresentationMoney Laundering Presentation
Money Laundering Presentation
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Attorney Ray Richards White collar Theory Trial Lawyer Application
Attorney Ray Richards White collar Theory Trial Lawyer ApplicationAttorney Ray Richards White collar Theory Trial Lawyer Application
Attorney Ray Richards White collar Theory Trial Lawyer Application
 
Social Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionageSocial Engineering - Human aspects of industrial and economic espionage
Social Engineering - Human aspects of industrial and economic espionage
 
E commerce
E commerce E commerce
E commerce
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 

ILG CERT Presentation Final

  • 1. Using Civil Litigation to Fight Cyber Threats: How Corporate America Can Stop Enabling Cyber Crime May 2, 2008 Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com
  • 2. 2 What ILG Does • Target major Internet fraudsters attacking multiple corporate victims • Capture “fingerprints” tied to Internet fraud • Aggregate “fingerprints” • Use investigative and legal process to identity fraudsters, their assets & their enablers • Formulate strategic solutions against fraudsters • Leverage information across client base • Current lawsuit focusing on pharmacy spam
  • 3. 3 The Real Scope of Cyber Crime • Illegal Business (willing buyer and seller) – Counterfeit and pirated goods – CP & obscenity – Fake IDs, passports & identity papers – $ almost always changes hands • Fraudulent Business (regretful buyer/seller) – Scams, phishing, malware injection – $ usually changes hands (eventually) • Traditional Economic Crimes (unwilling single party) – Extortion, blackmail (HD encryption & physical threats) – $ typically changes hands • Terrorism & Acts of War (unwilling multiple parties) – Estonia DDoS – $ rarely changes hands
  • 4. 4 Cyber Crime Looks Like Normal Business • Communications • Movement of hard goods • Movement of money
  • 5. 5 Defining the Strategy Against Cyber Crime • DHS Secretary Chertoff, RSA Conf. April 2008 • “Large-scale cyber attack might result in consequences comparable to the Sept. 11, 2001, attack on the World Trade Center buildings in New York” • Calls for Cyber “Manhattan Project” • US Gov’t to reduce Internet access points from 4,000 to 50
  • 6. 6 Cyber Manhattan Project = Wrong Analogy • Manhattan Project’s Objective – Build a small number of working nuclear bombs to be deployed offensively – “Silver Bullet” to force Japan’s surrender • Today’s Cyber Crime Objective? – Defensive, not offensive – No unitary enemy to surrender to us – “Silver bullet” solutions seem unlikely
  • 7. 7 Characteristics of Cyber Crime Problem • Massive initial data set • Most individual acts are trivial standing alone • Architecture inherently insecure • Bad actors cover spectrum of dedication/sophistication – Most actors are juveniles, newbies, part-timers – But most harm caused by sophisticated, full-time experts • “Innocents” populate the battle space • Government LE resources overwhelmed • Private sector resources inefficiently directed • Victims feel powerless and prefer to free ride
  • 8. 8 If Cyber Crime = Online Riot, Then Shouldn’t Our Strategy Look Like... Riot Control
  • 9. 9 Five Proven Strategies To Fight Physical Riots* 1. Establish the ground rules in advance 2. Monitor events 3. Intimidate en masse 4. Stop the leaders 5. Disperse the crowd *http://people.howstuffworks.com/riot-control.htm
  • 10. 10 Even Simple Monitoring Shows: It’s a Small World – in Cyberspace paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Phish
  • 11. 11 It’s a Small World – in Cyberspace 200soft.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Phish Pirated Software
  • 12. 12 It’s a Small World – in Cyberspace 200soft.com elitezmed.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Pirated Software Phish Counterfeit Drugs
  • 13. 13 It’s a Small World – in Cyberspace 200soft.com elitezmed.com paypal-security.com WhoIs Registrant Fingerprint: xiaowen, No.12 chang'an road, 100001 Over 600 Domains in 1Q 2007
  • 14. 14 Deeper Monitoring Shows Real Aggregation around Enablers: Illegal Online Pharmacies Case Study • 30,000+ domain names over 18 months – 90% tied to <200 OLP “Brands” – All have credit card merchant accounts – Most tied to just a few credit card acquiring banks (Russia & St. Kitts) – All have consumer credit cards/bank accounts – All have access to call centers (many toll free) – Most have access to known drug manufacturers in Asia – Must are using handful of Chinese Registrars to acquire domains – Limited number of emails in WhoIs registrations and email hosts – Spam-sending IP’s in 7 figures; BUT harvesting IP’s only ~20,000 • ~12 Gangs responsible for >80% of activity • Highly diversified into phish, pirated software, other cyber crimes • Identity of gangs is contained in collective filing cabinet of Corporate America
  • 15. 15 Bad Guys Seek Enablers "The Capitalists will sell us the rope with which we will hang them." – Vladimir Lenin
  • 16. 16 Bad Guys Reward Enablers "The Capitalists will sell us the rope with which we will hang them." – Vladimir Lenin “The last Capitalist we hang shall be the one who sold us the rope.” – Karl Marx
  • 17. 17 Why Cyber Criminals Seek Enablers… • Essential Services – Financial services – Shipping – Communications • False or no identity • Poor reputation systems • Slow Discovery (hidden behind strong, unitary privacy policies) • Dispersed “fingerprints”
  • 18. 18 The Enabler in the Mirror • We nearly all sell rope to bad guys • We are nearly all victims too • Stages of Enablement – Innocent – Negligent – Reckless – Knowing – Intentional
  • 19. 19 Putting a Stop to Enablement • We must use carrots & sticks against those who sell rope to bad guys • Key to Success: Intelligent Cost Shifting – Shift micro costs first, then macro costs • Purpose of cost-shifting is to clear middle of the room of innocents (& reduce risk of collateral damage)
  • 20. 20 Carrots • Data sharing • Cooperative enforcement actions • Reduced costs arising from security & trust • Identify castle walls and make life better inside the walls than outside the walls
  • 21. 21 Sticks • Challenge others – to act on their own data – to share their own data – to identify and seek missing data • Impose obligation to act via legal notices • Pursue legal liability for failure to seek, share and act on data – Contractual liability (direct and third party beneficiary) – Regulations (e.g., Bank Secrecy Act) – Common law tort liability • Focus first on co-conspirators • Focus second on cheapest cost avoiders • Watch for decision in Tiffany v. eBay (SDNY, #04-4607)
  • 22. 22 The “Death Spiral” • Cost-shifting is a tactic, NOT a strategy • Non-strategic plaintiffs lawyers – Do not monitor anonymous problems – Do monitor deep pockets, waiting to pounce – seek low-lying fruit • Non-strategic actions hurt – merely shift costs between victims – deprive us of resources for strategic actions – Lead to Death Spiral
  • 23. 23 Avoiding the Death Spiral • Anticipate legal notices and lawsuit threats • Data mine inbound notices & subpoenas that seek information from you • Share data with co-victims voluntarily • Seek missing data proactively • Challenge other enablers to act • Ensure your privacy policy distinguishes between abusive and valued customers • Surcharge for abusive practices of customers • If you profit from steady state abuse, raise your prices and isolate your acts of enablement until abuse falls
  • 24. 24 Value of Strategic Civil Actions • Private sector already has all the information • Self-defense is an intuitive right (legal “safe harbors” are everywhere) • Seamless information gathering across borders • Joint prosecution agreements enable voluntary data sharing • Strong legal privileges protect cooperating parties – Attorney work product privilege – Attorney-client communications privilege • Subpoena power compels reluctant enablers to share data • Unlike LE, victims can receive immediate feedback from civil discovery • Empowers self-help and technical improvements (what borders do you see?) • Average costs per action are lower than criminal actions • Encourages development of best practices among enabler communities • Establishes and preserves evidence of intentional enablement • No right to court appointed defense counsel - costs of defense are significant and immediate • Fifth Amendment rights are limited and are penalized in civil arena • Civil laws permit discovery under seal, John Doe discovery, pre-judgment seizure of assets, repatriation based on citizenship • Participants are inoculated against Death Spiral • Judiciary and LE retain control over conflicting civil and criminal actions • Leverage LE resources
  • 25. 25 Applying Riot Control Strategy through Civil Litigation Riot Control
  • 26. 26 Cyber Crime = Online Riot* 1. Establish the ground rules in advance 2. Monitor events 3. Intimidate en masse 4. Stop the leaders 5. Disperse the crowd *http://people.howstuffworks.com/riot-control.htm
  • 27. 27 Cyber Crime = Riot 1) Establish the ground rules in advance - Internet acceptable use policies - State and federal laws - International law / cooperation
  • 28. 28 Cyber Crime = Riot 2) Monitor events - Collect samples - Capture Internet fingerprints - Systematically identify “Hot Spots” - Obtain feedback from “Hot Spots” - Penetrate financial systems through undercover buys - Share information within enforcement community
  • 29. 29 Cyber Crime = Riot 3) Intimidate en masse – Legal Notices to “Hot Spots” Providing Material Support • Preserve Information • Investigate • Enforce AUP • Report on Outcome of Investigation & Identity – Subpoena Non-Cooperative “Hot Spots” via strategic John Doe civil lawsuits
  • 30. 30 Cyber Crime = Riot 4) Stop the leaders – Target the top offenders for investigative focus – Civil lawsuits/asset seizures – Criminal referrals – Extra-legal actions – Technical responses
  • 31. 31 Cyber Crime = Riot 5) Disperse the crowd – Encourage marginal actors to exit the business – Force committed criminals to: • consolidate around “black hat” enablers, or • disperse across “white hat” enablers
  • 32. 32 Consolidation or Dispersion: Do We Care? • Consolidation around black hats – Simplifies cost-shifting – Enables blunt enforcement tools – Creates borders • Dispersion around white hats – Leverages our resources – Increases reporting opportunities – Enables immediate enforcement actions
  • 33. 33 Cyber Crime = Riot Numerous Early-Stage Actors Receive Light Touches Top Surviving Targets Receive Heavy Touches
  • 34. 34 Opportunities For Progress? • Online pharmacies – Huge profits from counterfeiting fund illegal enterprises – Patent protections at risk (yet another Death Spiral) • Money laundering mechanisms – Highly regulated and jurisdictionally divided – Bad guys already consolidated around a few enablers • Registrars (.flag) – Must get beyond privacy v. security debate – Privacy rights should be subject to forfeiture and financial penalties in cases of abuse – Technology must distinguish between registrars & .flags • Botnets – Focus on botnet customers/lessees • Telco call centers • Other areas where technology & law can create & defend borders?
  • 35. Using Civil Litigation to Fight Cyber Threats: How Corporate America Can Stop Enabling Cyber Crime May 2, 2008 Jon Praed Internet Law Group jon.praed(at)i-lawgroup.com

Editor's Notes

  1. Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
  2. Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
  3. Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.
  4. Mention online pharmacy domain and candidate statistics. Many of our candidates have Visa merchant accounts.