Investigating Cybercrime in the UK
•Download as PPT, PDF•
1 like•707 views
Presentation by Eamonn Keane at The Cyber Academy
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Similar to Investigating Cybercrime in the UK
Similar to Investigating Cybercrime in the UK (20)
More from Napier University
More from Napier University (20)
Recently uploaded
Recently uploaded (20)
Investigating Cybercrime in the UK
- 1. Investigating Cybercrime in the UK Sex, Lies & Cybercrime- A pragmatic perspective. DI Eamonn Keane. Cybercrime Specialist Crime Division
- 2. Agenda Scottish , UK & Global Perspective! The current threat landscape! Incident Planning & Response!. Prevention. Scotland’s future. Signposting.
- 3. Key questions that all CEOs and CISOs should be asking this week? • "Are we vulnerable to SQL injection, ransomware or DDoS based attacks?“ • "What assurance activity have we done to confirm that we are not vulnerable?“ • "If we were compromised, would an attacker be able to gain access to unencrypted sensitive data?“ • "What assurance activity have we done to confirm this position?" • “What is our company posture on security?”
- 7. Cyber Regional Organised Crime Units
- 8. Cybercrime!
- 9. Stalking Bullying Cyber Fraud SOCG Sexual Offenders Indecent images of children Cyber dependent crimes e.g. hacking, malware, DDoS Anti-socialbehaviour CyberTerrorism
- 11. Your Title Here 1980’s Policing
- 12. “I can do more damage on my laptop in my pyjamas, before my first cup of Earl Grey, than you can do in a year in the field.” Q - Skyfall
- 14. Cyber Attacks are on the rise
- 18. Ransomware - Glasgow Hairdressers
- 20. ORGANISED CRIME
- 21. The skillsets
- 26. Five key cyber crime threats • Malware targeting businesses & individual users for fraud. APT’s, RATS, • Network intrusion ('hacking') DDoS, XSS. Spear-phishing. • Enablers of cyber dependent crime (e.g. money laundering / digital currencies / anonymisation). • Cyber crime 'as a service‘ • Targeted disruption of access to UK networked systems and services (e.g. DDOS / Ransomware)
- 27. Old bugs come home to roost… SHELLSHOCK – HEARTBLEED – DRIDEX – CRYPTOWALL - POODLE… LOCKY
- 29. 5 Stages of Crypto-Ransomware
- 33. Darknet
- 34. Insider Threat
- 35. Cyber Resilience is thorough Preparation Overarching Cyber Security Strategy! Pre-planned Exercise. Incident Management & Response Plan. Communications Strategy. Investigative Strategy. Incident Manager & Team Gold, Silver, Bronze. Mitigation & Recovery Strategy. Logistics - Contingency
- 37. Reporting of Cyber Incidents • Incident evaluation and early reporting. • Police Scotland 101 – Incident No. & Action Fraud. • Business continuity and impact our prime consideration. • ICT response and mitigation. Scene preservation? • Where possible preserve original copies of emails, attachments, device images and logs. • Is there a mandatory obligation to report? • Report to Cert UK / GovCert UK . • Report to Scottish Government if appropriate. • Identify point of contact for law enforcement to facilitate enquiries and evidence gathering. • Submit attack details to CISP platform if appropriate share.cisp.org.uk (can assist with mitigation and fix)
- 39. Cyber Essentials & Cyber Essential Plus Cyber Essentials concentrates on five key controls. These are: 1. Boundary firewalls and internet gateways 2. Secure configuration 3. Access control 4. Malware protection 5. Patch management
- 40. Cyber Essentials is not a silver bullet. However, it will prevent 80% of cyber attacks. • Having effective anti-malware means using more than “signature based” detection. The news reports all state this ransomware variant was too new for AV signatures. This means that they were not using heuristics…. • Most, if not all, ransomware relies on systems missing critical patches. • In a nutshell, Cyber Essentials would have saved the Council here. The worst that ransomware should do is a few hours downtime for one user while you restore from backups. Everything else means you’ve made major mistakes.
- 43. Scotland’s Response • Cyber Policing Structure – NCCU - Regional Hubs • Police Scotland Cybercrime Strategy • European & Global Co-operation EC3 • Safer Virtual Communities • Education – The Cyber Academy - DFET – SQA National Progression Awards – SBRC – Supporting SMEs.
- 45. Example – Tovar: Protect • International operation targeting GameOverZeus and Cryptolocker malware variants. • These malware variants are estimated to have cost the UK £500 million in losses. • Coordinated activity across 10 countries led to the botnet behind the malware being taken offline for two weeks, allowing the public to take steps to protect themselves (e.g. update anti-virus). • Combined with extensive global media coverage • 32% drop in GameOverZeus infections, estimated £100 million in losses prevented
- 46. Example – Dermic: Pursue & Prevent • UK investigation targeting the users of Blackshades, a Remote Access Tool able to access users’ webcams. • FBI intel - over 1100 UK-based purchases on Blackshades. • NCCU coordinated a week of arrests, involving ROCUs, MPS & Police Scotland, targeting 50+ individuals for Pursue action. • 20 arrests across 10 Regions. • Remaining individuals subject to Prevent activity – cease & desist letters, visits by ROCU & NCA officers, media coverage • Linked to a global day of action with over 100 arrests in the US, Australia, Asia & Europe. • An important test of coordination of UK law enforcement.
- 51. Operation Mouse - Police Scotland Website
- 53. Our priorities
- 55. WE NEED YOU
- 56. Thank you for listening Any Questions? Eamonn.keane2@scotland.pnn.police.uk
Editor's Notes
- An introduction to the 4th space, Revolutionised and transformed the way we communicate, the way we organise our social lives and conduct business. According to the Office of national statistics in the year 2012, 42 million people in the UK, that is 85% of our adult population used the internet, Of this total 33 million adults accessed the Internet every day which is more than double its use in 2006
- Is this the reality of where we are and there has ben a subtle migration of crime into areas we just don’t have the visibility of due to our “life on Mars” policing tactics?
- Police Scotland now have 14 divisions and national response to crime. I can well remember the difficulties we had trying to work collaboratively cross border between Scottish Forces. This was a challenge under different masters. However, how do we deal with crime when the borders are truly international and crime is being committed in cyber space? Keen to explore some of the challenges today.
- The Internet of things – a recent picture of common household items that are now internet controlled and as a consequence exploitable by cybercriminals, we have investigated fridges sending spam attacks. Personally I draw the line at an internet toilet…I think some things are better left analogue!
- Policing as I joined and how we tackled OCG’s as we knew it: The Krays, Godfathers and our versions of the Richardsons’, Daniels’ etc. Our response has become more sophisticated but still predicated upon the same model of organised crime.
- Excellent quote from Q in James Bond, truly reflects the impact that one person can have.
- Slide gives you a global picture of the extent of cyber attacks
- Organised crime as we knew it, local influence and impact. Position of strength reinforced by local control.
- Organised Crime Groups recruiting these skillsets Individuals often working internationally with different groups – skills for hire International law enforcement working together to identify core nominals Their share of the profit dependent on their skill and contribution UK strategy to break the chain by removing core parts - example
- Refer to slide
- Caliphate Cyber Army – worldwide Announced merger of capability April 2016 Ongoing online war with Anonymous Group Extensive use of social media to recruit from overseas 20,000 recruited from overseas last year - according to a US expert Massive change in methods used by AlQueda Imagine the online threat…ripple effect again
- Anonymous declared their fight with ISIS after the Charlie Hebdo attacks in Paris Offshoot known as ”Ghost Security Group” reportedly in league with the US Govt to provide ISIS related information for cash – criticised by the main group as this is a step towards the invasion of online privacy they hold dear.
- Most common reference to this is Bitcoin 1 Bitcoin = £300 Extensively used by criminals online to pay for goods and services Peer-2-peer network system used to move payments Online public transaction record but only identifies source and destination wallets Lose the digital wallet, lose the Bitcoins!
- Refer to slide
- Refer to slide
- Who are you employing – do we really know everyone Security vetting? Do you operate strict network security policies? Use of USB devices on networks.. Is there a way for your people to report any suspicious activity? Remote system access policy? Highly relevant in today’s world of increased terrorist threat
- An introduction to the 4th space, Revolutionised and transformed the way we communicate, the way we organise our social lives and conduct business. According to the Office of national statistics in the year 2012, 42 million people in the UK, that is 85% of our adult population used the internet, Of this total 33 million adults accessed the Internet every day which is more than double its use in 2006
- Refer to slide
- Over 100 companies/organisations registered in Scotland, including majority of local authorities and Police Scotland Re-invigoration of the Scottish node – will be championed by RBS and re-launched in July 2015
- ECHR and Privacy – Edward Snowden National legislation of cyberspace in individual countries – some more lenient than others Legal barriers in some countries to access user data – some countries won’t co-operate with LE outside their own countries and this can lead to a breeding ground fro criminality – can sometimes depend on the political relations between the UK and other countries. Some large online organisations can also be less than helpful with the provision of LE data. ILOR’s and time delays frequent – what activity happens between now and then? Are we too late? Effective use of Europol / Eurojust to streamline European requests
- Can anyone tell me where the place on the left is – Isle of Yell in Shetland – most remote place in British Isles. Male on right is Jake Davies, known as “Topiary” as part of hacking group known as Lulzsec. He attacked and took down websites operated by SOCA and the FBI while he stole hundreds of thousands of personal details online to finance activity. He was arrested at his croft in Yell – I believe this is the clearest example of the borderless nature of Cybercrime - it can come from anywhere and impact on anywhere.
- Partnerships – International and local (Interpol, Europol, UK Govt, Scottish Govt, academia, finance sector etc) Develop Capacity & Capability – need to develop our understanding of the threats and develop our infrastructure and people to prevent and detect Detect & Prosecute Offenders – develop intelligence capability nationally and internationally across all threat areas – work hand-in-hand with other law enforcement agencies to enhance reach and bring offenders to justice Education & Awareness – huge piece of work underpinned by SG Cyber Resilience Strategy and our own Police Scotland Cybercrime Strategy. Education of people of all ages but particularly children and the elderly – businesses and importantly, our own staff.
- UK Government announced £1.9 billion investment Active Defence Programme – working with Internet Service Providers within the UK to prevent access to restricted sites and content New National Cyber Centre at GCHQ Scotland in discussions about creating our own multi-agency Cyber Centre to offer advice and support ? The pace of change online is so fast that it is difficult to predict the future.
- Direct recruitment? Cyber specialist volunteers (already being done by MoD) Competing sectors – everyone looking to have the best people Retention of skills / cost of training Vetting essential