Cybercrime and data sharing


Published on

Presented at the Fifth Annual European Geospatial Intelligence conference in London on 22 Jan 2009

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Cybercrime and data sharing

    1. 1. Cyber crime and data sharing Dr Ian Brown, Senior Research Fellow, Oxford Internet Institute
    2. 3. Outline <ul><li>Definitions and the scale of the threat </li></ul><ul><ul><li>Graffiti, fraud, terror and war </li></ul></ul><ul><ul><li>Value at risk </li></ul></ul><ul><li>Developing an effective strategy and working with other organisations </li></ul>
    3. 4. Cyber graffiti <ul><li>Defacement of Web sites with inadequate security </li></ul><ul><li>Mainly for propaganda and bragging </li></ul><ul><li>Increasingly used to distribute “drive-by” malware </li></ul>
    4. 5. Cyber fraud <ul><li>Highly efficient criminal economy has sprung up (bot herders, coders, mules, phishermen) </li></ul><ul><li>Phishing (Symantec observed 207,547 unique phishing messages 2H 2007) – with increased targeting </li></ul><ul><li>Denial of Service extortion (Symantec observed 5,060,187 bots 2H 2007) </li></ul>Anti-Phishing Working Group Q2 2008 report
    5. 6. Scale of fraud Internet Crime Complaint Center 2007 Annual Report p.3 Symantec Report on the Underground Economy 2008 p.49
    6. 7. Insider fraud “ What price privacy?”, Information Commissioner, May 2006
    7. 8. Cyber terror <ul><li>“ Terrorists get better returns from much simpler methods such as car bombs. Cyberterror is too low key: not enough dead bodies result, and attacks are too complex to plan and execute.” (Bird 2006) </li></ul><ul><li>Reality is use for communications, research (CBNR info poor - Stenersen 2007), propaganda, recruitment and belonging (Labi 2006 and Shahar 2007), tactical intel (US Army 2005) </li></ul>
    8. 9. Cyberwar? <ul><li>Attacks on Estonian finance, media and govt websites by Russian nationalist groups after statue moved </li></ul><ul><li>“ Complexity and coordination was new… series of attacks with careful timing using different techniques and specific targets” (NATO) </li></ul><ul><li>Arbor Networks monitored 128 distinct attacks, with 10 lasting over 10 hours and reaching 90Mbps </li></ul>
    9. 10. Digital Pearl Harbor <ul><li>Exercise conducted by US Naval War College & Gartner July 2002 </li></ul><ul><li>3-day simulated attack on Critical National Infrastructure with attackers given $200m, 5 years planning, access to state-level intelligence </li></ul><ul><li>Local, temporary attacks could be successful; sustained, national attacks would not </li></ul>
    10. 11. China TITAN RAIN <ul><li>Incursions into DoD, German chancellory, Whitehall, NASA, Lockheed Martin… </li></ul><ul><li>“ Chinese attackers are using custom Trojan horse software targeted at specific government offices, and it is just walking through standard defences. Many government offices don’t even know yet that they are leaking information. 99% of cases are probably still not known.” (NATO) </li></ul><ul><li>“ Intrusion detection systems react to obvious signatures such as lots of traffic from one IP address – so onion routing and botnets are used to disguise the origin of intrusions.” (Sommer) </li></ul>
    11. 12. Governmental responses <ul><li>Protecting govt infrastructure – $294m requested by DHS for 2009; $6bn requested for NSA initiative </li></ul><ul><li>Critical infrastructure programmes – e.g. CPNI, InfraGard </li></ul><ul><li>Law enforcement response – e.g. PCeU; FBI has 800+ full-time agents, received 320,000 complaints in 2007 </li></ul><ul><li>Updating legislation – Council of Europe Cybercrime Convention </li></ul>
    12. 13. Industry responses <ul><li>Software patches and anti-virus tools – arms races </li></ul><ul><li>Anti-Phishing Working Group </li></ul><ul><li>CERTs/CSIRTs </li></ul><ul><li>Security Development Lifecycle programmes </li></ul>
    13. 14. Issues for geospatial intelligence <ul><li>Intelligence and military agencies generally have high standards of computer security BUT </li></ul><ul><ul><li>they are increasingly interacting with other governmental and private organisations with much weaker controls </li></ul></ul><ul><ul><li>general-purpose software is ridden with vulnerabilities </li></ul></ul><ul><ul><li>proliferation of data makes it harder to control </li></ul></ul><ul><li>Is your key goal availability and integrity of data? </li></ul><ul><li>Where confidentiality is important, how far can you trust data sharing partners’ systems? </li></ul><ul><li>Where personal data is involved, can you manage data protection requirements and risks? </li></ul>
    14. 15. Planning your response <ul><li>What are your key information assets – and how far will they be shared with (less) trusted partners? </li></ul><ul><li>What are your key threats? Graffiti artists? Fraudsters? Sub-state actors? Nation states? Insiders? </li></ul><ul><li>How well are your systems designed, operated and policed to manage your information risk? </li></ul><ul><li>Are you partnering appropriately with other agencies and industry? </li></ul>
    15. 16. References <ul><li>Juliette Bird (2006) Terrorist Use of the Internet, The Second International Scientific Conference on Security and Countering Terrorism Issues , Moscow State University Institute for Information Security Issues, October 2006 </li></ul><ul><li>Nadya Labi (2006) Jihad 2.0, Atlantic Monthly pp.102—107, Jul/Aug 2006 </li></ul><ul><li>Yael Shahar (2007) The Internet as a Tool for Counter-Terrorism, Patrolling and Controlling Cyberspace , Garmisch, April 2007 </li></ul><ul><li>Anne Stenersen (2007) Chem-bio cyber-class – Assessing jihadist chemical and biological weapons, Jane’s Intelligence Review , Sep 2007 </li></ul><ul><li>US Army (2005) Army Regulation 530–1, Operations Security (OPSEC) , Apr 2007 </li></ul>