Cybercrime has evolved from traditional crimes moving online through Web 1.0 to new tools enabling organized crime and terrorists through Web 2.0. Botnets are now commonly used to send spam, launch denial of service attacks, enable identity theft, and deliver spyware. Investigating cybercrime faces challenges due to issues determining jurisdiction, collecting and sharing evidence internationally, and limited resources. Effectively addressing cybercrime requires adopting adequate legislation, training law enforcement, partnerships with industry, public awareness, and international cooperation on investigations and prosecution.
19. Botnets – How are they used?
Sending Spam
Denial of Service Attacks
ID Theft
Spyware Delivery
20. Botnets – How are they used?
ID Theft
DDoS / SPAM attracted attention –
botnets were shut down
ISPs and Victims would monitor attacks
to find bots
Badguys discovered that they could make
$$$$ instead
21. Botnets – How are they used?
Spyware
Spyware / Adware used for
advertisement delivery
Popups
Affiliate programs pay per install
Bot Herders will install the spyware
on their bots in order to get paid
23. Botnets and eCommerce
Specificuses of botnets targeted
at abusing eCommerce users
ID theft combined with proxy
Dynamic Phishing Sites
24. Cases
Simple case: mule receives money to a
bank account and moves the money to an
other bank account
Complex case: mule receives money via
online payment system, transfers the
money via bank to an other account to an
other mule; next mule transfers the money
through online payment system to a
different mule – all actions happen in
different states
25. Example of Fraudulent Scheme
•Fraud groups from set up
spoof sites all over the
world
•They convince victims to
send money/goods to
Spain, Italy, France,
Belgium and more
recently the UK
• Runners or Arrows
collect the money/goods
from around the world
and send it back to
Fraudster
Money flows
26. Investigation – challenges for law
enforcement
Where did the crime happen?
Is the crime a crime in the jurisdictions
involved?
Who will investigate it?
Who is behind it?
Tracing back…
27. Tracing………
While its happening - where is the illegal
activity taking place – who are the parties
involved?
Using information provided by ISPs and
other communications providers – different
legal requirements
Encrypted communications
28. Tracing…
Preservation of data
Information kept must be sufficient to allow
tracing
Fast sharing of information
30. Sharing electronic evidence
internationally
How long does it take to share information
between two countries?
What other challenges we have in the
process?
31. Challenges
Legislation and jurisdiction
Sufficient resources and personnel
Localizing and identifying the “bad guys”
Collect and share evidence internationally
32. Legal Instruments
CoE Cybercrime Convention - 2001
Council Framework Decision
2005/222/JHA on attacks against
information systems;
Council Framework Decision 2004/68/JHA
on combating the sexual exploitation of
children and child pornography.
34. 1. Definition of cyber-crime
Technology is rapidly evolving
Definition – open, flexible, vague
Balance between open legal requirements
and national constitutional prohibitions
Technology neutral language
35. Definition
CoE Convention – technology neutral
language - Art 1
Computer system
Computer data
Service provider
36. Definition
No universally accepted definition
Crimes related to cyberspace: no longer
computer and internet crime
“Information systems” – any device or a
group of interconnected or related devices
“Data”
E.g. Personal digital assistant, modern
car, mobile phone
37. Chapter II, Measures to be taken at
the national level - Substantive
criminal law
Title I – Offences against the confidentiality,
integrity and availability of data – illegal
access, illegal interception, data interference,
system interference, misuse of devices
Title II – Computer-related offences – forgery,
fraud;
Title III - Content-related offences - child
pornography/ Protocol – hate speech
Title IV – Offences related to the
infringements of copyright and related rights
– copyright and related rights
38. Council Framework Decision 2005/222/JHA
on attacks against information systems
Approximation of criminal law systems:
Illegal access to information systems
Illegal system interference
Illegal data interference
39. Example – cyber terrorism case
Large scale attack against information
systems – E.g. terrorist would attack information
systems essential for international capital
markets and break them down
A computer-related offence – E.g. terrorist
would take over an information system
managing a nuclear facility and trigger a nuclear
meltdown
A content-related offence – E.g. terrorist
disseminate propaganda/blueprints for bombs
40. Example
Criminal Hate speech: Drafted in one place, transmitted
Through other and uploaded on a server in a third,
viewed by
the whole world
State
B
State State
A C
41. 2. Determining Jurisdiction
CoE Cybercrime Convention:
Territoriality principle
Personality principle
Protection principle
Council Framework Decision 2005/222/JHA on attacks against
information systems
Territoriality principle
Nationality principle
When several MS have jurisdiction – decide
Council Framework Decision 2004/68/JHA on combating the sexual
exploitation of children and child pornography
Territoriality principle
Active personality principle
The offence committed for the benefit of a legal person established in
the territory of that MS
42. Problems
Dual criminality
Dual illegality
Legal harmonization – for extraterritorial or
universal jurisdiction
43. Toben Case – dual
criminality/illegality
Site was viewed by
In 1999 Australian national
Neo-Nazis
Created a website in
Australia, in English
Which included a statement
That Shoa never happened
Auschwitz denial is a crime
In Germany
Under territoriality principle
45. Counter example
German Internet Blog critical of a dictatorship
In the Far East
Blog is accessible in these countries
Conclusion: Degree of legal harmonization is necessary for legitimate
Extraterritorial or even universal jurisdiction
46. 3. Investigation:
CoE Cybercrime Convention provisions
Title 2 – Expedited preservation of stored
computer data – “quick freeze”
Title 3 – Production order
Title 4 – Search and Seizure of stored
computer data
Title 5 – Real-time collection of computer
data
48. Problems
The use of remote forensic software to carry
out remote search procedures, record VOIP
communications, log keystrokes and passwords,
identify IP addresses
Data retention/data privacy
Data Retention Directive – telecommunication
service providers - anybodies traffic for up to 6
months
Production order – produce specific data –
passwords, encryption codes
Proportional measures
49. 4. International Cooperation
“Loopholes of jurisdiction”
Cooperation is necessary:
Extradition – serious crime offenses
Mutual legal assistance
Minimum of harmonization on substantive and
procedural laws
Private-public partnerships
50. 4. International Cooperation – CoE
Convention
Cooperation:
Art. 24 Extradition
Art. 25 Mutual Legal Assistance
Art. 26 Spontaneous information
Coordination:
which state should do what – points of
contact
Harmonization:
Substantive
Procedural
51. Solutions:
Adopt adequate legislation
Assure sufficient law enforcement
personnel with adequate training and
resources
Partnerships with industry
Public awareness
52. Crime in a virtual world?
Should we be concerned? Do worlds
collide?
53. Virtual worlds
In worlds populations:
Second Life (with over 16 million)
Warcraft (12 million paid subscribers)
Disney Club Penquin (expected to attract over 30 million
participants)
Together the population of these three virtual worlds
alone exceeds the real- world populations of Canada,
Australia and Ireland combined
57. Interesting stats
567 mil. $ user to user transactions in 2009
65% jump from 2008
770.000 unique users made repeat visits to SL
in December 2009
Residents cashed 55 mil. $ transferring to
PayPal
Land barons make 12 mil. $ untidily per year
Users control IPRs of what they build
Average price per island is 1000 $
58. Virtual money
Money launderers can now move illicit cash
through the growing number of virtual reality
role-playing games, and convert that cash
into real currency before withdrawing it from
ATMs worldwide.
One wonders just how many laundrymen
have tumbled to this cyberlaundering
opportunity.
Compliance officers at financial institutions
please note that their banks may be guilty of
money laundering if it facilitates deposits or
payments in these virtual worlds, for there is
no functional due diligence on players or
recipients.
62. In conclusion…
EU Regulations are coming
Take a step at a time
Thank you!
63. Conclusions
Prevention: Increase Internet culture
Protection: people and infrastructures
Cooperation: law enforcement and judiciary
Responsibility: national, regional, global
Financing…
64. Albena Spasova
President of the Management Board,
International Cyber Investigation Training Academy
Sofia, Bulgaria
Associate Professor,
Technical University, Lille – 1, France
www.cybersafetyblog.eu
аspasova@cybercrimeacademy.org
albaadvisors@gmail.com
Teл. 0887 30 32 89