LMTV | Cyber Crime: What You Don't Know Can Hurt You (by Tim O'Neill)


Published on

This Google hangout video was produced by Man'ority Report (http://manority.com).

"You can do anything if you put your mind to it." True for a 15-year old immigrant boy who didn't speak English but ended up being an university professor and a successful entrepreneur. That's the American dream. Unfortunately it is also true for a bunch of religious fanatics who hijacked civilian transports and turned them into flying molotov cocktails. That's the American nightmare. It wouldn't take much to start cyber terrorism. Similarly, as parents, our worse nightmare is when we say goodnight to our kids and they go into their private bedrooms and turn on their computers. +Tim O'Neill did a fantastic job today giving us an overview of cyber crime. You can run. You can hide. But what you don't know can and will hurt you.

#Man16 #LMTV +Denny K Miu

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

LMTV | Cyber Crime: What You Don't Know Can Hurt You (by Tim O'Neill)

  1. 1. Identity Thief – Bullying – Stalking – Money (The BIG Motivator- Fraud) – Government Fraud – Crimes against Children – Espionage – Social Protest – Web Defacement – Sabotage - Telecommunications Fraud – Thief of Services – Power by Control – Warfare – Fraud of many Kinds - Thief of Intellectual property..etc Part 1
  2. 2. Cyber Crimes• As the title implies these are Criminal acts – – Crimes against state, federal and international laws – Does NOT include acts not specifically included in ratified Treaties! – Seldom joint prosecution • Very Few specific Cyber Laws and Case Law – – Most prosecution is based on existing physical criminal laws – States and Fed’s adding to specific Cyber law base • Need more case law and better definitions of crimes!!!• Another area is Civil action for Cyber Violations – Ediscovery for Corporations • Cell phones, tablets, laptops misusage in or out of premises. – Policies MUST include Misusage and Proper usage – Civil litigation as in suicide cases from Cyber Bulling • Does not preclude Criminal Actions
  3. 3. Access Law and Main Agency in US• Main access law - CALEA the 2007 mandated access law • Communications Assistance for Law Enforcement Act – Simply – Lawful Access to Data in Networks and Internet – Still requires a warrant – state and federal • Access Requirements to Public Providers of Internet Services – Interpretations allow for some private/corporate network access – To allow access for capture and monitoring of Data – Including Real Time VoIP, VVoIP, Skype…etc » Many issues on licensing and who owns what – Connections, content..etc • Confusion on access methods and transport to final collection methods – Chain of evidence issues – Still IPv4• FBI Internet Crime Complaint Center – IC3 – Computer Crime and Intellectual Property Department CCIPS – Main prosecuted for DOJ – DIST - Data Intercept Team
  4. 4. Examples of Cyber Crimes• Identity Thief - #1 cyber crime effects almost 10 million Americans a year!• Bullying• Terroristic Threats• Social Media Violations – Personal information Misuse, Defacement and Thief • Issue - Just being stupid about what you share!!!• Crimes against Children – Bullying, Sexting, Predators, pornography….etc – Avatar sites – Virtual worlds can become real world – Text messages, E-mails, Snail Mail, phone calls and messaging• Cyber Stalking• Computer or Cell phone Hijacking – PC, Audio, Video – Shared access media in public , schools, airplanes…and even home cable networks..etc• Intellectual property thief – Patent, copyright…etc thief – Music #1 type of Crime in this category• Fraud – Identity thief is part of this but it is #1! – Purchases and other Financial transactions – Online gambling…and more
  5. 5. U.S. Punishment for Cyber Crimes• Longest sentence for Cyber Crime has been Albert Gonzales – 20 years + $1.65M • Charges still pending in over 6 countries not including the U.S. and Canada . Estimated he stole over $40M.• Most sentences are probated and/or under 5 years imprisonment – – Restitution varies with crime but most do not match the actual value of the crimes – difficult to prove• 80+% are never caught! – This does not include the ever increasing number of crimes committed by minors. • The worst punishments for minors have been civil with some probations till 18 years old. • Paid by the parents • Limited or mostly no jail time!• Espionage can lead to the death penalty – not as of yet!
  6. 6. Why the criminals are hard to find?• Internet too broad/confusing • To easy to hide or obfuscate origin or victims – Spoofing, misdirection – Criminal enterprises work together – They have to cross over to the physical world to get caught – NO International and state to state collaboration – Needs to be very big to get DOJ, SS…Federal attention• Many in Law Enforcement (LE) do not want Cyber Forensics! • It is like when DNA testing started in the 70’s• No Acquisition Standards – International, Federal or State • Varies with tools and the type and state of evidence gathered • Varies from low level previews to full physical (bit-bit) acquisition • Many tools come from hackers• No Lab standards for Processes/Procedures/Certifications/Funding • Including methodologies or verification procedures• Training is too ad hoc • Very Expensive – Time and Money • Training is just the beginning it takes dedication, constant training and a never quit attitude to be a successful investigator
  7. 7. Types of Cyber Criminals• 1 – Hackers - for profit• 2 – Scammers + Phishers– for profit and/or control• 3 – Political or Religious – A Message!• 4 – Governmental – Cyber Warfare/Protection• 5 – Personal Avengers – personal attacks, defacement• 6 – Advanced Persistent Threat (APT) Agents • Insiders – Espionage – Long Term Threats• 7 – Wantabe’s – The immature and stupid • Still can get sued and prosecuted
  8. 8. New and Persistent Threats• The latest attempts have been focused on taking control of our SCADA (supervisory control and data acquisition) and ICS (Industrial Control System) systems controlling almost all of our nuclear plants, oil production and distribution, water and sewage plants, power grid, railroads..etc• Attempts to invade our military and related control systems• Regular attempts to invade our intelligence resources
  9. 9. Where is the Evidence?• Computers • External disks, including solid state devices • Hidden WiFi access • Encryption and compression • Steganography – Hidden in plain site • Tablets, nooks, car computers and all sizes and types• Cell Phones• GPS• Network/Internet • Servers, NMS, Deep capture devices…etc• Anything that can store data – Analog or Digital
  10. 10. Data versus Digital• Digital refers to only binary states of one (on)and zero (off). Not everything today is binary! ASCII Words from Binary digital codes of picture below• Data refers to the collection of digital codes resulting in something that a human can use. – pictures, words, messages…etc• Data is safer to use in court as Digital can be challenged.
  11. 11. Sample of easy to miss data devices 11
  12. 12. Cyber Crime Statistics for mid 2012 • Largest Motive is money $$ ~ 70%! • #2 – ~20% - Hacking for the fun or control! • #3 - ~ 6% - Cyber Warfare • #4 - ~ 4% - Espionage • Attack Techniques -Stats from Hackgeddon.com and IC3.org
  13. 13. Targets Distribution – mid 2012• Targets – Mainly our Industry –our Economy! Stats from Hackgeddon.com and IC3.org
  14. 14. End of Part 1• Next Time – Acquisition of basic Crime Scene evidence <<<<Author Comments>>>>• Cyber Crimes are scary - as we can be violated and not know it!• Cyber crimes can invade every part of our Family lives!• The chance of Cyber Criminal being prosecuted is low!• We need more laws that punish the really bad guys!***Let your State and Federal politicians know you want better laws!
  15. 15. Too much to discuss – too little time!! Thank you for your time!!• Questions