Cybercrime and data sharing

Cyber crime and data sharing Dr Ian Brown, Senior Research Fellow, Oxford Internet Institute

Outline
Definitions and the scale of the threat
Graffiti, fraud, terror and war
Value at risk
Developing an effective strategy and working with other organisations

Cyber graffiti
Defacement of Web sites with inadequate security
Mainly for propaganda and bragging
Increasingly used to distribute “drive-by” malware

Cyber fraud
Highly efficient criminal economy has sprung up (bot herders, coders, mules, phishermen)
Phishing (Symantec observed 207,547 unique phishing messages 2H 2007) – with increased targeting
Denial of Service extortion (Symantec observed 5,060,187 bots 2H 2007)
Anti-Phishing Working Group Q2 2008 report

Scale of fraud Internet Crime Complaint Center 2007 Annual Report p.3 Symantec Report on the Underground Economy 2008 p.49

Insider fraud “ What price privacy?”, Information Commissioner, May 2006

Cyber terror
“ Terrorists get better returns from much simpler methods such as car bombs. Cyberterror is too low key: not enough dead bodies result, and attacks are too complex to plan and execute.” (Bird 2006)
Reality is use for communications, research (CBNR info poor - Stenersen 2007), propaganda, recruitment and belonging (Labi 2006 and Shahar 2007), tactical intel (US Army 2005)

Cyberwar?
Attacks on Estonian ﬁnance, media and govt websites by Russian nationalist groups after statue moved
“ Complexity and coordination was new… series of attacks with careful timing using different techniques and speciﬁc targets” (NATO)
Arbor Networks monitored 128 distinct attacks, with 10 lasting over 10 hours and reaching 90Mbps

Digital Pearl Harbor
Exercise conducted by US Naval War College & Gartner July 2002
3-day simulated attack on Critical National Infrastructure with attackers given $200m, 5 years planning, access to state-level intelligence
Local, temporary attacks could be successful; sustained, national attacks would not

China TITAN RAIN
Incursions into DoD, German chancellory, Whitehall, NASA, Lockheed Martin…
“ Chinese attackers are using custom Trojan horse software targeted at specific government offices, and it is just walking through standard defences. Many government offices don’t even know yet that they are leaking information. 99% of cases are probably still not known.” (NATO)
“ Intrusion detection systems react to obvious signatures such as lots of trafﬁc from one IP address – so onion routing and botnets are used to disguise the origin of intrusions.” (Sommer)

Governmental responses
Protecting govt infrastructure – $294m requested by DHS for 2009; $6bn requested for NSA initiative
Critical infrastructure programmes – e.g. CPNI, InfraGard
Law enforcement response – e.g. PCeU; FBI has 800+ full-time agents, received 320,000 complaints in 2007
Updating legislation – Council of Europe Cybercrime Convention

Industry responses
Software patches and anti-virus tools – arms races
Anti-Phishing Working Group
CERTs/CSIRTs
Security Development Lifecycle programmes

Issues for geospatial intelligence
Intelligence and military agencies generally have high standards of computer security BUT
they are increasingly interacting with other governmental and private organisations with much weaker controls
general-purpose software is ridden with vulnerabilities
proliferation of data makes it harder to control
Is your key goal availability and integrity of data?
Where confidentiality is important, how far can you trust data sharing partners’ systems?
Where personal data is involved, can you manage data protection requirements and risks?

Planning your response
What are your key information assets – and how far will they be shared with (less) trusted partners?
What are your key threats? Graffiti artists? Fraudsters? Sub-state actors? Nation states? Insiders?
How well are your systems designed, operated and policed to manage your information risk?
Are you partnering appropriately with other agencies and industry?

References
Juliette Bird (2006) Terrorist Use of the Internet, The Second International Scientific Conference on Security and Countering Terrorism Issues , Moscow State University Institute for Information Security Issues, October 2006
Nadya Labi (2006) Jihad 2.0, Atlantic Monthly pp.102—107, Jul/Aug 2006
Yael Shahar (2007) The Internet as a Tool for Counter-Terrorism, Patrolling and Controlling Cyberspace , Garmisch, April 2007
Anne Stenersen (2007) Chem-bio cyber-class – Assessing jihadist chemical and biological weapons, Jane’s Intelligence Review , Sep 2007
US Army (2005) Army Regulation 530–1, Operations Security (OPSEC) , Apr 2007

Cybercrime and data sharing

by Ian Brown on Jan 24, 2009

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 3

Statistics

Cybercrime and data sharing — Presentation Transcript