International laws and standards controlling information security. Latest developments in hardware and software security
Upcoming SlideShare
Loading in...5

International laws and standards controlling information security. Latest developments in hardware and software security






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

International laws and standards controlling information security. Latest developments in hardware and software security International laws and standards controlling information security. Latest developments in hardware and software security Presentation Transcript

  • Lessons learned in fighting cybercrime and cyber terrorism Albena Spasova International Cyber Investigation Training Academy
  • Evolution of cybercrime Web 1.0 Web 2.0 Web 3.0 What’s the future?
  • The dark side of Web 1.0 Traditional crime moved online
  • Web 1.0 - hacking
  • Web 1.0 - viruses
  • The dark side of Web 2.0 Traditional and dynamic phishing Botnets New tools for organized crime groups New tactics for terrorist groups
  • Cyber tactic 1. Espionage 2. Propaganda 3. Denial of Service (DoS) 4. Data interference 5. Infrastructure manipulation
  • Organized crime?“Old crimes, new tools andnew crimes, new tools”
  • Botnets – What are they? Traditionally controlled through Internet Relay Chat (IRC)
  • Botnets – What are they?
  • Botnets – Chasing New Exploits Constantly looking for new exploits New infections before patch released
  • Botnets – Security Bulletin – 08/08/2006
  • Botnets – DHS Warning – 08/09/2006
  • Botnets – Bot in the Wild by Weekend
  • Botnets – How are they used?Sending SpamDenial of Service AttacksID TheftSpyware Delivery
  • Botnets – How are they used? ID Theft DDoS / SPAM attracted attention – botnets were shut down  ISPs and Victims would monitor attacks to find bots Badguys discovered that they could make $$$$ instead
  • Botnets – How are they used? Spyware Spyware / Adware used for advertisement delivery  Popups Affiliate programs pay per install Bot Herders will install the spyware on their bots in order to get paid
  • Botnets – How are they used? Spyware
  • Botnets and eCommerce Specificuses of botnets targeted at abusing eCommerce users ID theft combined with proxy Dynamic Phishing Sites
  • Cases Simple case: mule receives money to a bank account and moves the money to an other bank account Complex case: mule receives money via online payment system, transfers the money via bank to an other account to an other mule; next mule transfers the money through online payment system to a different mule – all actions happen in different states
  • Example of Fraudulent Scheme •Fraud groups from set up spoof sites all over the world •They convince victims to send money/goods to Spain, Italy, France, Belgium and more recently the UK • Runners or Arrows collect the money/goods from around the world and send it back to Fraudster Money flows
  • Investigation – challenges for law enforcement Where did the crime happen? Is the crime a crime in the jurisdictions involved? Who will investigate it? Who is behind it? Tracing back…
  • Tracing……… While its happening - where is the illegal activity taking place – who are the parties involved? Using information provided by ISPs and other communications providers – different legal requirements Encrypted communications
  • Tracing… Preservation of data Information kept must be sufficient to allow tracing Fast sharing of information
  • Tracing scheme…
  • Sharing electronic evidence internationally How long does it take to share information between two countries? What other challenges we have in the process?
  • Challenges Legislation and jurisdiction Sufficient resources and personnel Localizing and identifying the “bad guys” Collect and share evidence internationally
  • Legal Instruments CoE Cybercrime Convention - 2001 Council Framework Decision 2005/222/JHA on attacks against information systems; Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography.
  • Legal Challenges Definition Jurisdiction Investigation International Cooperation Public-private Partnerships Prevention
  • 1. Definition of cyber-crime Technology is rapidly evolving Definition – open, flexible, vague Balance between open legal requirements and national constitutional prohibitions Technology neutral language
  • Definition CoE Convention – technology neutral language - Art 1  Computer system  Computer data  Service provider
  • Definition No universally accepted definition Crimes related to cyberspace: no longer computer and internet crime “Information systems” – any device or a group of interconnected or related devices “Data” E.g. Personal digital assistant, modern car, mobile phone
  • Chapter II, Measures to be taken at the national level - Substantive criminal law Title I – Offences against the confidentiality, integrity and availability of data – illegal access, illegal interception, data interference, system interference, misuse of devices Title II – Computer-related offences – forgery, fraud; Title III - Content-related offences - child pornography/ Protocol – hate speech Title IV – Offences related to the infringements of copyright and related rights – copyright and related rights
  • Council Framework Decision 2005/222/JHA on attacks against information systems Approximation of criminal law systems:  Illegal access to information systems  Illegal system interference  Illegal data interference
  • Example – cyber terrorism case Large scale attack against information systems – E.g. terrorist would attack information systems essential for international capital markets and break them down A computer-related offence – E.g. terrorist would take over an information system managing a nuclear facility and trigger a nuclear meltdown A content-related offence – E.g. terrorist disseminate propaganda/blueprints for bombs
  • Example Criminal Hate speech: Drafted in one place, transmitted Through other and uploaded on a server in a third, viewed by the whole world State BState State A C
  • 2. Determining Jurisdiction CoE Cybercrime Convention:  Territoriality principle  Personality principle  Protection principle Council Framework Decision 2005/222/JHA on attacks against information systems  Territoriality principle  Nationality principle  When several MS have jurisdiction – decide Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography  Territoriality principle  Active personality principle  The offence committed for the benefit of a legal person established in the territory of that MS
  • Problems Dual criminality Dual illegality Legal harmonization – for extraterritorial or universal jurisdiction
  • Toben Case – dual criminality/illegality Site was viewed byIn 1999 Australian national Neo-Nazis Created a website in Australia, in EnglishWhich included a statementThat Shoa never happened Auschwitz denial is a crime In Germany Under territoriality principle
  • Counter example Advertisement of beer in GermanyCan be accessed in Islamic countries
  • Counter example German Internet Blog critical of a dictatorship In the Far East Blog is accessible in these countriesConclusion: Degree of legal harmonization is necessary for legitimateExtraterritorial or even universal jurisdiction
  • 3. Investigation: CoE Cybercrime Convention provisions Title 2 – Expedited preservation of stored computer data – “quick freeze” Title 3 – Production order Title 4 – Search and Seizure of stored computer data Title 5 – Real-time collection of computer data
  • Observations Crimes committed “without right”
  • Problems The use of remote forensic software to carry out remote search procedures, record VOIP communications, log keystrokes and passwords, identify IP addresses Data retention/data privacy  Data Retention Directive – telecommunication service providers - anybodies traffic for up to 6 months  Production order – produce specific data – passwords, encryption codes Proportional measures
  • 4. International Cooperation “Loopholes of jurisdiction” Cooperation is necessary:  Extradition – serious crime offenses  Mutual legal assistance  Minimum of harmonization on substantive and procedural laws  Private-public partnerships
  • 4. International Cooperation – CoE Convention Cooperation:  Art. 24 Extradition  Art. 25 Mutual Legal Assistance  Art. 26 Spontaneous information Coordination:  which state should do what – points of contact Harmonization:  Substantive  Procedural
  • Solutions: Adopt adequate legislation Assure sufficient law enforcement personnel with adequate training and resources Partnerships with industry Public awareness
  • Crime in a virtual world? Should we be concerned? Do worlds collide?
  • Virtual worlds In worlds populations: Second Life (with over 16 million) Warcraft (12 million paid subscribers) Disney Club Penquin (expected to attract over 30 million participants) Together the population of these three virtual worlds alone exceeds the real- world populations of Canada, Australia and Ireland combined
  • Life in a virtual world: What can you do?
  • Life in a virtual world:
  • Interesting stats 567 mil. $ user to user transactions in 2009 65% jump from 2008 770.000 unique users made repeat visits to SL in December 2009 Residents cashed 55 mil. $ transferring to PayPal Land barons make 12 mil. $ untidily per year Users control IPRs of what they build Average price per island is 1000 $
  • Virtual money Money launderers can now move illicit cash through the growing number of virtual reality role-playing games, and convert that cash into real currency before withdrawing it from ATMs worldwide. One wonders just how many laundrymen have tumbled to this cyberlaundering opportunity. Compliance officers at financial institutions please note that their banks may be guilty of money laundering if it facilitates deposits or payments in these virtual worlds, for there is no functional due diligence on players or recipients.
  • Scenario LD$
  • Imagine this scenarioAll account with counterfeit identification
  • Policing the virtual world: Real Police
  • In conclusion… EU Regulations are coming Take a step at a time Thank you!
  • Conclusions Prevention: Increase Internet culture Protection: people and infrastructures Cooperation: law enforcement and judiciary Responsibility: national, regional, global Financing…
  • Albena SpasovaPresident of the Management Board,International Cyber Investigation Training AcademySofia, BulgariaAssociate Professor,Technical University, Lille – 1, Francewww.cybersafetyblog.euаspasova@cybercrimeacademy.orgalbaadvisors@gmail.comTeл. 0887 30 32 89