Lessons learned in fighting  cybercrime and cyber        terrorism          Albena Spasova International Cyber Investigati...
Evolution of cybercrime          Web 1.0          Web 2.0          Web 3.0      What’s the future?
The dark side of Web 1.0   Traditional crime moved online
Web 1.0 - hacking
Web 1.0 - viruses
The dark side of Web 2.0 Traditional and dynamic phishing Botnets New tools for organized crime groups New tactics for...
Cyber tactic 1. Espionage 2. Propaganda 3. Denial of Service (DoS) 4. Data interference 5. Infrastructure manipulation
Organized crime?“Old crimes, new    tools andnew crimes, new      tools”
Botnets – What are they?   Traditionally controlled through Internet    Relay Chat (IRC)
Botnets – What are they?
Botnets – Chasing New Exploits Constantly   looking for new exploits New infections before patch released
Botnets – Security Bulletin –        08/08/2006
Botnets – DHS Warning –       08/09/2006
Botnets – Bot in the Wild by         Weekend
Botnets – How are they used?Sending  SpamDenial of Service AttacksID TheftSpyware Delivery
Botnets – How are they used?               ID Theft   DDoS / SPAM attracted attention –    botnets were shut down     IS...
Botnets – How are they used?           Spyware Spyware  / Adware used for  advertisement delivery   Popups Affiliate   ...
Botnets – How are they used?          Spyware
Botnets and eCommerce Specificuses of botnets targeted at abusing eCommerce users ID   theft combined with proxy Dynami...
Cases   Simple case: mule receives money to a    bank account and moves the money to an    other bank account   Complex ...
Example of Fraudulent Scheme                             •Fraud groups from set up                             spoof sites...
Investigation – challenges for law               enforcement Where did the crime happen? Is the crime a crime in the jur...
Tracing……… While its happening - where is the illegal  activity taking place – who are the parties  involved? Using info...
Tracing…   Preservation of data   Information kept must be sufficient to allow    tracing   Fast sharing of information
Tracing scheme…
Sharing electronic evidence             internationally   How long does it take to share information    between two count...
Challenges Legislation and jurisdiction Sufficient resources and personnel Localizing and identifying the “bad guys” C...
Legal Instruments   CoE Cybercrime Convention - 2001   Council Framework Decision    2005/222/JHA on attacks against    ...
Legal Challenges Definition Jurisdiction Investigation International Cooperation Public-private Partnerships Prevent...
1. Definition of cyber-crime Technology is rapidly evolving Definition – open, flexible, vague Balance between open leg...
Definition   CoE Convention – technology neutral    language - Art 1     Computer system     Computer data     Service...
Definition No universally accepted definition Crimes related to cyberspace: no longer  computer and internet crime “Inf...
Chapter II, Measures to be taken at  the national level - Substantive            criminal law   Title I – Offences agains...
Council Framework Decision 2005/222/JHA  on attacks against information systems   Approximation of criminal law systems: ...
Example – cyber terrorism case   Large scale attack against information    systems – E.g. terrorist would attack informat...
Example  Criminal Hate speech: Drafted in one place, transmitted  Through other and uploaded on a server in a third,  view...
2. Determining Jurisdiction   CoE Cybercrime Convention:       Territoriality principle       Personality principle    ...
Problems   Dual criminality   Dual illegality   Legal harmonization – for extraterritorial or    universal jurisdiction
Toben Case – dual          criminality/illegality                                          Site was viewed byIn 1999 Austr...
Counter example Advertisement of beer in GermanyCan be accessed in Islamic countries
Counter example       German Internet Blog critical of a dictatorship                     In the Far East            Blog ...
3. Investigation:       CoE Cybercrime Convention provisions   Title 2 – Expedited preservation of stored    computer dat...
Observations   Crimes committed “without right”
Problems   The use of remote forensic software to carry    out remote search procedures, record VOIP    communications, l...
4. International Cooperation “Loopholes of jurisdiction” Cooperation is necessary:     Extradition – serious crime offe...
4. International Cooperation – CoE             Convention   Cooperation:     Art. 24 Extradition     Art. 25 Mutual Leg...
Solutions: Adopt adequate legislation Assure sufficient law enforcement  personnel with adequate training and  resources...
Crime in a virtual world?   Should we be concerned? Do worlds    collide?
Virtual worlds   In worlds populations:   Second Life (with over 16 million)   Warcraft (12 million paid subscribers) ...
Life in a virtual world:  What can you do?
Life in a virtual world:
Interesting stats   567 mil. $ user to user transactions in 2009   65% jump from 2008   770.000 unique users made repea...
Virtual money   Money launderers can now move illicit cash    through the growing number of virtual reality    role-playi...
Scenario           LD$
Imagine this scenarioAll account with counterfeit identification
Policing the virtual world: Real             Police
In conclusion… EU Regulations are coming Take a step at a time Thank you!
Conclusions   Prevention: Increase Internet culture   Protection: people and infrastructures   Cooperation: law enforce...
Albena SpasovaPresident of the Management Board,International Cyber Investigation Training AcademySofia, BulgariaAssociate...
International laws and standards controlling information security. Latest developments in hardware and software security
International laws and standards controlling information security. Latest developments in hardware and software security
International laws and standards controlling information security. Latest developments in hardware and software security
International laws and standards controlling information security. Latest developments in hardware and software security
International laws and standards controlling information security. Latest developments in hardware and software security
Upcoming SlideShare
Loading in...5
×

International laws and standards controlling information security. Latest developments in hardware and software security

696

Published on

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
696
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
45
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

International laws and standards controlling information security. Latest developments in hardware and software security

  1. 1. Lessons learned in fighting cybercrime and cyber terrorism Albena Spasova International Cyber Investigation Training Academy
  2. 2. Evolution of cybercrime Web 1.0 Web 2.0 Web 3.0 What’s the future?
  3. 3. The dark side of Web 1.0 Traditional crime moved online
  4. 4. Web 1.0 - hacking
  5. 5. Web 1.0 - viruses
  6. 6. The dark side of Web 2.0 Traditional and dynamic phishing Botnets New tools for organized crime groups New tactics for terrorist groups
  7. 7. Cyber tactic 1. Espionage 2. Propaganda 3. Denial of Service (DoS) 4. Data interference 5. Infrastructure manipulation
  8. 8. Organized crime?“Old crimes, new tools andnew crimes, new tools”
  9. 9. Botnets – What are they? Traditionally controlled through Internet Relay Chat (IRC)
  10. 10. Botnets – What are they?
  11. 11. Botnets – Chasing New Exploits Constantly looking for new exploits New infections before patch released
  12. 12. Botnets – Security Bulletin – 08/08/2006
  13. 13. Botnets – DHS Warning – 08/09/2006
  14. 14. Botnets – Bot in the Wild by Weekend
  15. 15. Botnets – How are they used?Sending SpamDenial of Service AttacksID TheftSpyware Delivery
  16. 16. Botnets – How are they used? ID Theft DDoS / SPAM attracted attention – botnets were shut down  ISPs and Victims would monitor attacks to find bots Badguys discovered that they could make $$$$ instead
  17. 17. Botnets – How are they used? Spyware Spyware / Adware used for advertisement delivery  Popups Affiliate programs pay per install Bot Herders will install the spyware on their bots in order to get paid
  18. 18. Botnets – How are they used? Spyware
  19. 19. Botnets and eCommerce Specificuses of botnets targeted at abusing eCommerce users ID theft combined with proxy Dynamic Phishing Sites
  20. 20. Cases Simple case: mule receives money to a bank account and moves the money to an other bank account Complex case: mule receives money via online payment system, transfers the money via bank to an other account to an other mule; next mule transfers the money through online payment system to a different mule – all actions happen in different states
  21. 21. Example of Fraudulent Scheme •Fraud groups from set up spoof sites all over the world •They convince victims to send money/goods to Spain, Italy, France, Belgium and more recently the UK • Runners or Arrows collect the money/goods from around the world and send it back to Fraudster Money flows
  22. 22. Investigation – challenges for law enforcement Where did the crime happen? Is the crime a crime in the jurisdictions involved? Who will investigate it? Who is behind it? Tracing back…
  23. 23. Tracing……… While its happening - where is the illegal activity taking place – who are the parties involved? Using information provided by ISPs and other communications providers – different legal requirements Encrypted communications
  24. 24. Tracing… Preservation of data Information kept must be sufficient to allow tracing Fast sharing of information
  25. 25. Tracing scheme…
  26. 26. Sharing electronic evidence internationally How long does it take to share information between two countries? What other challenges we have in the process?
  27. 27. Challenges Legislation and jurisdiction Sufficient resources and personnel Localizing and identifying the “bad guys” Collect and share evidence internationally
  28. 28. Legal Instruments CoE Cybercrime Convention - 2001 Council Framework Decision 2005/222/JHA on attacks against information systems; Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography.
  29. 29. Legal Challenges Definition Jurisdiction Investigation International Cooperation Public-private Partnerships Prevention
  30. 30. 1. Definition of cyber-crime Technology is rapidly evolving Definition – open, flexible, vague Balance between open legal requirements and national constitutional prohibitions Technology neutral language
  31. 31. Definition CoE Convention – technology neutral language - Art 1  Computer system  Computer data  Service provider
  32. 32. Definition No universally accepted definition Crimes related to cyberspace: no longer computer and internet crime “Information systems” – any device or a group of interconnected or related devices “Data” E.g. Personal digital assistant, modern car, mobile phone
  33. 33. Chapter II, Measures to be taken at the national level - Substantive criminal law Title I – Offences against the confidentiality, integrity and availability of data – illegal access, illegal interception, data interference, system interference, misuse of devices Title II – Computer-related offences – forgery, fraud; Title III - Content-related offences - child pornography/ Protocol – hate speech Title IV – Offences related to the infringements of copyright and related rights – copyright and related rights
  34. 34. Council Framework Decision 2005/222/JHA on attacks against information systems Approximation of criminal law systems:  Illegal access to information systems  Illegal system interference  Illegal data interference
  35. 35. Example – cyber terrorism case Large scale attack against information systems – E.g. terrorist would attack information systems essential for international capital markets and break them down A computer-related offence – E.g. terrorist would take over an information system managing a nuclear facility and trigger a nuclear meltdown A content-related offence – E.g. terrorist disseminate propaganda/blueprints for bombs
  36. 36. Example Criminal Hate speech: Drafted in one place, transmitted Through other and uploaded on a server in a third, viewed by the whole world State BState State A C
  37. 37. 2. Determining Jurisdiction CoE Cybercrime Convention:  Territoriality principle  Personality principle  Protection principle Council Framework Decision 2005/222/JHA on attacks against information systems  Territoriality principle  Nationality principle  When several MS have jurisdiction – decide Council Framework Decision 2004/68/JHA on combating the sexual exploitation of children and child pornography  Territoriality principle  Active personality principle  The offence committed for the benefit of a legal person established in the territory of that MS
  38. 38. Problems Dual criminality Dual illegality Legal harmonization – for extraterritorial or universal jurisdiction
  39. 39. Toben Case – dual criminality/illegality Site was viewed byIn 1999 Australian national Neo-Nazis Created a website in Australia, in EnglishWhich included a statementThat Shoa never happened Auschwitz denial is a crime In Germany Under territoriality principle
  40. 40. Counter example Advertisement of beer in GermanyCan be accessed in Islamic countries
  41. 41. Counter example German Internet Blog critical of a dictatorship In the Far East Blog is accessible in these countriesConclusion: Degree of legal harmonization is necessary for legitimateExtraterritorial or even universal jurisdiction
  42. 42. 3. Investigation: CoE Cybercrime Convention provisions Title 2 – Expedited preservation of stored computer data – “quick freeze” Title 3 – Production order Title 4 – Search and Seizure of stored computer data Title 5 – Real-time collection of computer data
  43. 43. Observations Crimes committed “without right”
  44. 44. Problems The use of remote forensic software to carry out remote search procedures, record VOIP communications, log keystrokes and passwords, identify IP addresses Data retention/data privacy  Data Retention Directive – telecommunication service providers - anybodies traffic for up to 6 months  Production order – produce specific data – passwords, encryption codes Proportional measures
  45. 45. 4. International Cooperation “Loopholes of jurisdiction” Cooperation is necessary:  Extradition – serious crime offenses  Mutual legal assistance  Minimum of harmonization on substantive and procedural laws  Private-public partnerships
  46. 46. 4. International Cooperation – CoE Convention Cooperation:  Art. 24 Extradition  Art. 25 Mutual Legal Assistance  Art. 26 Spontaneous information Coordination:  which state should do what – points of contact Harmonization:  Substantive  Procedural
  47. 47. Solutions: Adopt adequate legislation Assure sufficient law enforcement personnel with adequate training and resources Partnerships with industry Public awareness
  48. 48. Crime in a virtual world? Should we be concerned? Do worlds collide?
  49. 49. Virtual worlds In worlds populations: Second Life (with over 16 million) Warcraft (12 million paid subscribers) Disney Club Penquin (expected to attract over 30 million participants) Together the population of these three virtual worlds alone exceeds the real- world populations of Canada, Australia and Ireland combined
  50. 50. Life in a virtual world: What can you do?
  51. 51. Life in a virtual world:
  52. 52. Interesting stats 567 mil. $ user to user transactions in 2009 65% jump from 2008 770.000 unique users made repeat visits to SL in December 2009 Residents cashed 55 mil. $ transferring to PayPal Land barons make 12 mil. $ untidily per year Users control IPRs of what they build Average price per island is 1000 $
  53. 53. Virtual money Money launderers can now move illicit cash through the growing number of virtual reality role-playing games, and convert that cash into real currency before withdrawing it from ATMs worldwide. One wonders just how many laundrymen have tumbled to this cyberlaundering opportunity. Compliance officers at financial institutions please note that their banks may be guilty of money laundering if it facilitates deposits or payments in these virtual worlds, for there is no functional due diligence on players or recipients.
  54. 54. Scenario LD$
  55. 55. Imagine this scenarioAll account with counterfeit identification
  56. 56. Policing the virtual world: Real Police
  57. 57. In conclusion… EU Regulations are coming Take a step at a time Thank you!
  58. 58. Conclusions Prevention: Increase Internet culture Protection: people and infrastructures Cooperation: law enforcement and judiciary Responsibility: national, regional, global Financing…
  59. 59. Albena SpasovaPresident of the Management Board,International Cyber Investigation Training AcademySofia, BulgariaAssociate Professor,Technical University, Lille – 1, Francewww.cybersafetyblog.euаspasova@cybercrimeacademy.orgalbaadvisors@gmail.comTeл. 0887 30 32 89
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×