Cyber Crime in Government


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber Crime in Government

  2. 2. INTRODUCTION  Cyber crime in the private sector Stringent security measures  Route of least resistance Government has a big bank account too!  DSO investigations  Types of cyber crime in Government Identity theft Interception of data Spy/malware Fraud/theft by means of computers Hacking
  3. 3. DANGER OF ORGANISED CRIME “The scale of the challenge should not be underestimated. Over the long term the growth of criminal networks in the region may have the capacity to undermine both democratic governance and economic prosperity. The threat is diffuse and its boundaries difficult to identify, but the impact of such activities will be detrimental to all Southern Africa’s citizens. Now is a critical time to act”. Regional Integration In Southern Africa: Comparative International Perspectives “Organised Crime and State Responses in Southern Africa” p 115 at p 120 Mark Shaw
  4. 4. IDENTITY THEFT Identity theft has been described as the fastest growing financial crime in the U.S. and the “crime of the new millennium”. (See HK Towle, “Identity Theft: Myths, Methods and new Law”, Rutgers Computer and Technology Law Journal, Rutgers University School of Law- Newark , p 237 at p 238.)
  5. 5. A VEHICLE FOR CRIME Corporate identities are often stolen or forged, to create for the criminal, a vehicle for crime that appears to provide an air of authority or legitimacy. In the same way as in non-networked fraud, where a letter on headed notepaper can be more effective in fooling a victim, the corporate online forgery provides a similar vehicle. These false, stolen or facsimile corporate identities can also be used to play a role in further identity theft, by a means commonly known as phishing….. These corporate names may have established branding and other positive attributes that may be useful in the conduct of some other further crime, such as the sale of forged products or some elaborate fraud or scam”. (SEE: A Marshall and Tompsett, “Identity theft in an online world” Computer Law & Security Report (2005) 21, p128 at 131.
  6. 6. NEW APPROACH TO COMBATING SYNDICATES NECESSARY Fighting the scourge of organised crime cannot be based solely on the traditional enforcement approach. Only the use of a targeted and coordinated twin-track strategy based on repressive and preventive measures will reach the goal considering the potential of prevention techniques to impact on the proliferation of organised crime, especially on its infiltration in legal society and economy. António Vitorino Commissioner for Justice and Home Affairs Strategies of the EU
  7. 7. COOL FROG CYBER PROJECT Project authorised September 2001 Statistics and accomplishments Threat analysis Mandate: Target, destroy, 1. Arrest of various suspects. disrupt activities of international crime syndicates, who hijack 2. Money laundering convictions the identities of commercial banks, . corporations and individuals 3. Development of innovative methods in furtherance of their of prosecution e.g Hurkes case. criminal objectives. 4. Coordinated law enforcement and private sector in a united front. 5. Turnaround time reduced by 75%. Profile crime areas & Targets 6. Various spoofed websites closed • 4 Linked syndicates. on behalf of banking industry. • Banking Industry. • Corruption in banks. 13. DSO first to identify the problem • Money Laundering. of identIty hijacking and to declare special project. . 14. Phishing – Sophisticated onslaught • Racketeering. on banking industry. • Crimes perpetrated from Europe & N America.
  8. 8. BACKGROUND TO PROJECT PC  Authorised in terms of section 28(1)  Identifying, determining any linkages and ultimately disrupting and prosecuting identified syndicates and other role-players including entities and members of the public committing crimes within the Government Cyber/Computer Systems. The focus is on, but not limited to the following crimes:  Fraud.  Theft.  Forgery and Uttering.  Contraventions of the Corruption Act, Act 12 of 2004.  Contraventions of the POCA Act, Act 121 of 1998.  Contraventions of the Electronic Commu- nications and Transactions Act, Act 25 of 2002.
  9. 9. INVESTIGATIVE PROCESS The man of virtue makes the difficulty to overcome his first business, and success only a subsequent consideration. Confucius (551BC – 479 BC)
  10. 10. ROLE PLAYERS SAPS AFU Aligning our strategies Joint prosecution AND Shared information/database SCCU SIU Government Departments Resources Shared investigations SITA Resources Searches FORENSIC BANKS AUDITORS
  11. 11. WORKING RELATIONSHIP WITH ROLE PLAYERS Joint prosecution of syndicate in KZN, that operates across borders and across Government Departments Need for stronger cooperation in other provinces Linked databases Sharing of information
  12. 12. INVESTIGATIVE METHODOLOGY Re-active Methods  Surprise searches, sting operations. Pro-active Methods Extensive use of money laundering provisions. Close cooperation with government departments. Extensive use of POCA offences.  Continuous information exchange with stakeholders.  Disruptive operations via sec 252A.  127 operations, surveillance, monitoring.  Arrests, searches, bail & asset forfeiture applications.
  13. 13. SEARCHES Government Departments searched Ulundi Department of Education (PMB and DBN) Department of Works (PMB and DBN) Premier’s Office (PMB) Department of Social Development (PMB and DBN) Searches in other provinces  Computers searched  Infected computers
  14. 14. OPERATIONAL CHECKLIST Development of checklist Rationale behind development Application of checklist MD5/checksum Partial v Full mirroring (privilege) The Law and the Investigators
  15. 15. WEAPON OF CHOICE Use of hardware key loggers Use of spy software Win-spy Software 9.1 Pro
  16. 16. DSO ARRESTS Several arrests made on the various investigative legs. Value of section 204 witnesses. Going after the big fish. Always keeping the game plan in mind: Racketeering prosecutions Think big – look at the things that you do not see.
  17. 17. DSO ARRESTS (cont.) Ulundi CAS 282/05/2006 Three suspects arrested on 25 May 2006 on charges of Fraud and Contraventions of the Electronic Communications and Transactions Act 25 of 2002. Arrests were the direct result of information received from an informer. The IT Specialist arrested pleaded guilty to Contraventions of sections 86(1), 86(3) and 86(4) and indicated that he is willing to give evidence against syndicate. First conviction in RSA on spy software “Beginning of bigger things.”
  18. 18. PROSECUTION STRATEGY “When the going gets tough, the tough get going…”
  19. 19. GETTING TO GRIPS  Putting the puzzle together Data analysis (CAD, Forensic Auditors) Covert information  One central repository for information  Trust, trust, trust …
  20. 20. RACKETEERING PROSECUTION  Identify transactions that show the money-trial from top of syndicate through to where money was laundered through accounts. Show relevance and importance of computer evidence. Show cross-pollination between Government Departments.
  21. 21. CHAPTER XIII: ECT ACT DEFINITION 'access' includes the actions of a person who, after taking note of any data, becomes aware of the fact that he or she is not authorised to access that data and still continues to access that data.
  22. 22. CHAPTER XIII: ECT ACT 86 Unauthorised access to, interception of or interference with data (1) Subject to the Interception and Monitoring Prohibition Act, 1992, (Act 129 of 1992) a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence. (2) A person who intentionally and without authority to do so, interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence.
  23. 23. CHAPTER XIII: ECT ACT (3)A person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence.
  24. 24. CHAPTER XIII:ECT ACT (4)A person who utilises any device or computer program mentioned in subsection (3) in order to unlawfully overcome security measures designed to protect such data or access thereto, is guilty of an offence. (5) A person who commits any act described in this section with the intent to interfere with access to an information system so as to constitute a denial, including a partial denial, of service to legitimate users is guilty of an offence.
  25. 25. CHAPTER XIII: ECT ACT 87 Computer-related extortion, fraud and forgery (1)A person who performs or threatens to perform any of the acts described in section 86, for the purpose of obtaining any unlawful proprietary advantage by undertaking to cease or desist from such action, or by undertaking to restore any damage caused as a result of those actions, is guilty of an offence. (2) A person who performs any of the acts described in section 86 for the purpose of obtaining any unlawful advantage by causing fake data to be produced with the intent that it be considered or acted upon as if it were authentic, is guilty of an offence.
  26. 26. NATIONAL IMPORTANCE Joint co-operation with stakeholders. Evidence gathering and establishment of database. Crime prevention. Training and transfer of skills. Image of law enforcement agencies in South Africa.
  27. 27. RECOMMENDATIONS The human factor Vetting Security measures on systems Biometrics
  28. 28. THANK YOU Success is not the result of spontaneous combustion. You must set yourself on fire. Reggie Leach