SlideShare uma empresa Scribd logo

20120329 Cybercrime threats on e-world

Luc Beirens
Luc Beirens

General description of cybercrime threats, victims and criminals. How to act and who to contact. The Belgian approach.

Tecnologia
1 de 45
Baixar para ler offline
Cybercrime threats on e-world « What is the cybercriminal up to and how to survive cybercrime ?» Belgian Federal Judicial Police Federal Computer Crime Unit © Luc Beirens
AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
e-Architecture Externally hosted website Internet VPN Internal network Firewall DMZ own Backup server webserver Cloud service center SCADA End user Roaming user Process control © Luc Beirens
General trends today  Evolution towards e-society  Replace persons by e-applications  Social networks (for private / professional – commercial use)  Very high mobility (Notebooks, smartphones, tablets, ...)  Interconnecting all systems (admin, industrial, control)  IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces  Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy  Enduser is not yet educated to act properly © Luc Beirens
What do “criminals” want ?  Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed  Destabilaze (e-)society by causing troubles  For both goals they can / will focus on :  Your data  Your system © Luc Beirens
AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
Why would they choose you as their victim ?  They don’t especially target you …but  you’re connected to and visible on the Internet or the telephone network or with your WIFI  they want to use any ICT system :  to store and exchange illegal stuff … (child porn, warez,…)  as an intermedian system for illegal activity (spamming, hacking, phishing, …)  to obtain international connections … for which you pay  they just want a new computer and you have one © Luc Beirens
Why would they choose you as their victim ?  They target you because :  of their interest in the data you store on your system  Personal identity information  Financial information (income, credit cards, …)  Business information (Customer/prospect DB, R&D info, …)  they don’t like you and want to cause damage or take you out of business  Social / economical / civil / political organisations  Terrorist organisation © Luc Beirens
The internal risk  Fired system administator in courier company  Hard working IT in financial institution  Dancing cursor in security firm  Theft of PCs in R&D department of company  Social conflict DDOS attacks on e-commerce
Recent cyber crime targetting firms  Spyware / trojan horses / remote admin  Botnet attacks  Espionage  Identity fraud (phishing – spear phishing) getting your customers identity information : CO2  Fraudulent business proposals via Internet  Buying your goods with forged cheques  False escrow payment services (thrusted third parties)  Nigerian waste recycling => your old pc’s & harddisks
Mededeling per e-mail
Phishing and money mules Victim John DOE 2 Password userid Phishing site 3 Transfert order Bank site Bank John Doe 1 Contract as “Financial manager” 4 Bank Money Mule 6 5 Money Jefke Mule
Webserver Capacity of a server is limited by : -bandwidth connection line from the Internet to the server -transaction capacity server : number of request per minute Normal functioning of a webserver © Luc Beirens
Webserver / node Computer Crash Hacker Internet Info Access line Cmd blocked My IP is x.y.z.z Command and Control Server Botnet attack on a webserver / node
How do I get infected ?  The hacker sending a Trojan Horse (= container program) to the victim PC via  E-mail (spam, ...)  Peer2peer (Kazaa, bitorrent,...)  Chat (IRC, MSN, ...)  Auto infection of the victim PC by visiting websites containing infecting scripts abusing OS vulnerabilities  Auto propagation of the malware from zombies towards neighbouring PCs in network abusing OS vulnerabilities  The infection procedure often connects to update server to download new versions to the zombie
Botnets attack capacity  Botnet that control from 2000 to more than 100.000 zombies  Each zombie sends several requests per second  Attack capacity in known cases  Sustained dataflow  10 Gbps  during days  Peak dataflow  about 40 Gbps  during hours © Luc Beirens
Why ? Making money !  Sometimes still for fun (scriptkiddies)  Spam distribution via Zombie  Click generation on banner publicity  Dialer installation on zombie to make premium rate calls  Spyware installation  Espionage => banking details / passwords / keylogging  Ransom bot => encrypts files => money for password  Capacity for distributed denial of service attacks DDOS => disturb functioning of internet device (server/router)
Large firm hacking using internal botnet Internet Hacker Company network © Luc Beirens
Threats  Attacks on e-commerce (e-gov) websites  => website out of order  Attacks on network nodes  => ALL USERS (firms) out of order  Increased risk if combination with day-zero virus infections  => NO security against infections  => bigger armies of Zombies © Luc Beirens
Latest malware developments  Stuxnet : very complex and elaborated trojan  Several replication vectors : networks / USB keys  Connects to C&C botnet server  Focused on industrial process control system  Searches for systems with this control system  Collects information on Siemens PLC systems  Changes process logic on infected machines  Duqu : spying © Luc Beirens
You should take extra care if …  Your business / production processes depend completely or to a great extend on your ICT system => growing vulnerability => bigger impact of ICT crime => More and more services over the Internet …  Your business activity provides vital or crucial services :  Energy / Water / Telecommunications / Transportation  Financial institutions / Health institutions  If your industrial process control systems are directly or indirectly connected to the internet  Your employees / suppliers have external access to your internal network (0800 lines/Internet) © Luc Beirens
Damage to consider ...  A house search at your home or company (early in the morning)  Your firm cut off from Internet by your ISP (because of spam distribution by a hacker using your server)  Your telecom invoice next month 200.000 € higher  Result of 5 year hightech R&D code and documentation in the hands of your competitor  Your firm out of action for some days – cost for diagnose & restarting – economical losses  Your system administrator arrested for using your server to distribute childporn  Your personal documents / pictures / e-mails distributed to anyone on the Internet © Luc Beirens
And perhaps - as a victim – you could be held liable for …  the illegal activity on your ICT system  the damage caused to other ICT systems / your customers  not complying with the Privacy act : obligation to secure personal data efficiently  not being able to provide authorities with traffic data as a telecom service provider © Luc Beirens
Victims of ICT crime  From multi-nationals over MSE to individuals  No assessment of value of data on ICT system => no backups  No or bad ICT security (role of management)  Bad control of the employees in key functions  Absolute lack of awareness individual users  ICT-crime mostly at night or in weekend  No or late discovery : often complaints from outside  Installation of adapted versions of operating systems on hacked computers © Luc Beirens
AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
Who is threating us ?  Script kiddies  Insider ICT guy in your company  Loosely organized criminals  Firmly organized criminal groups  Terrorists / hacktivists  Nation warfare troups  Undergroud economy platform for selling & buying criminal services and products
Firmly organized criminals  We see more and more organization in the criminal activity on the internet  Focussed on financial intent  Cooperation with moneylaunderers  Different specialisations recruting persons – ICT development – handling money  Infiltration in or taking over legal businesses (development firms, operators, ...)
Terrorist / hacktivists  No financial intent  Political / social objectives  Attack and create chaos and disaster  Destabilize economy and society  Might take their time to prepare ...  Or set up actions very quickly (social networks)
AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
Who investigates ICT crime ?  Prosecutors / Examining Judges  Specialised police forces (nat’l & Internat’l)  Legal expert witnesses  Specialised forensic units of consulting firms  Associations defending commercial interests  Security firms => vulnerabilities  Activist groups => publish info on « truth » © Luc Beirens
E-Police organisation and tasks Integrated police Federal 1 Federal Computer Crime Unit Police 24 / 7 (inter)national contact National Policy Operations : Intelligence Level Internet & ePayment fraude Training Forensic ICT analysis Cybercrime 35 persons Equipment ICT Crime combating www.ecops.be hotline FCCU Network Internat internet ID requests Federal Police 25 Regionale Computer Crime Units (1 – 2 Arrondissementen) Regional level Assistance for housesearches, Investigations of ICT crime case 170 persons forensic analysis of ICT, taking (assisted by FCCU) statements, internet investigations Local Level First line police Federal Police “Freezing” the situation until the arrival of CCU or FCCU Local Police Selecting and safeguarding of digital evidence © 2012 - Luc Beirens - FCCU - Belgian Federal Police
Our services  Help to take a complaint  Descend on the scene of crime  Make drawing of architecture of hacked system  Image backup of hacked system (if possible)  Internet investigations (Identification, location)  House searches  Taking statements of concerned parties  Forensic analysis of seized machines  Compile conclusive police report © Luc Beirens
Investigative problems - tracking  Victims : Unfamiliar and fear for “Corporate image” => belated complaints – trashed / no more traces  Rather “unknown” world for police & justice => Delay before involvement specialised units Limited ICT investigation capacity (technical & police skills)  Multiplication and integration of services / providers / protocols / devices  Lack of harmonised international legislation & instruments  Anonymous / hacked connections – subscriptions - WIFI  Intermediate systems often cut track to purpetrator © Luc Beirens
Investigative problems – evidence gathering  Delocalisation of evidence : the cloud ?  Exponential growth of storage capacity => time consuming :  backups & verification processes  Analysis  New legislation / jurisprudence imposes more rigorous procedures for evidence gathering in cyber space  Bad ICT-security : give proof of the source and the integrity of evidence © Luc Beirens
Brussels, we have a problem ...  Complainer  Politie  Hello, can you help ?  OK  We are a Belgian hosting firm  A few questions to start our file …  We have a problem  Who, where, what,  Our webservers are hacked when …  & several websites of our Belgian customers have been defaced © Luc Beirens
Who is where ? © Luc Beirens
Who / where / what  In the USA  In Belgium  Hacked webserver  Hosting firm :  Defaced website nothing in Belgium  In the Netherlands  Customer :  Hacked server nothing in Belgium  In the UK  Hacked firm :  Hacker ? nothing in Belgium  In the Luxemburg  Hacker ? © Luc Beirens
Conclusions ...  Competence Belgian Justice authorities ? Discussion  viewpoint Public Prosecutor General : not competent  viewpoint lawyer victim : competent  viewpoint suspect’s defence : ????  If choice was made for storage in foreign country  Why ? Cost ? Evade regulations & obligations ?  No (?) protection of Belgian Law  No (?) intervention of Law Enforcement in Belgium  Protection by law & LE in country where server is © Luc Beirens
AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
Preventive Recommendations  Draw up a general ICT usage directive (normal usage)  Awareness program for management & users ICT security policy is part of the global security policy  Appoint an ICT security responsible => control on application of ICT usage & security policy  Keep critical systems separate from the Internet if possible !  Use software from a trusted source  Install recent Anti-virus and Firewall programms (laptops)  Synchronize the system clocks regularly  Activate and monitor log files on firewall, proxy, access  Make & test backups & keep them safe (generations) ! © Luc Beirens
Recommendations for victims of ICT crime  Disconnect from the outside world  Take note of last internet activities & exact date and time  Evaluate : damage more important than restart ?  Restart most important : make full backup before restore  Damage more important : don’t touch anything  Safeguard all messages, log files in original state  Inform ASAP the Federal District Police Services and ask for assistance of the Federal or Regional CCU  Change all passwords and change all usernames  Reestablish the connection only if ALL failures found and patched © Luc Beirens
Where to make a complaint ?  Within a police force …  Local Police service => not specialised => not the right place for ICT-crime (hacking/sabotage/espionage) => place to make complaints on Internet fraud   Federal District Police Service (FGP) => better but … Regional CCU => The right place to be for ICT crime  Federal Computer Crime Unit => 24/7 contact Risks on vital or crucial ICT systems => call urgently  Illegal content (childporn, racism, …) => www.ecops.be  … or immediately report to a magistrate ?  Local prosecutor (Procureur) => will send it to police => can decide not to prosecute  Examining Judge => complaint with deposit of a bail => obligation to investigate the case © Luc Beirens
Contact information Belgian Federal Judicial Police Direction for economical and financial crime Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium Tel office : +32 2 743 74 74 Fax : +32 2 743 74 19 Head of Unit : luc.beirens@fccu.be Central Internet Contact Point : www.ecops.be

Recomendados

20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
Don zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuDon zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuwebwinkelvakdag
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?Luc Beirens
 
Jon ppoint
Jon ppointJon ppoint
Jon ppointCheryl White
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social mediaLuc Beirens
 
Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Crew
 
Cyber crime
Cyber crimeCyber crime
Cyber crimesamuelrajueda
 

Recomendados

20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threatLuc Beirens
 
Don zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuDon zaal a 11.15 11.45 fccu
Don zaal a 11.15 11.45 fccuwebwinkelvakdag
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?Luc Beirens
 
Jon ppoint
Jon ppointJon ppoint
Jon ppointCheryl White
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social media20140314 Belgian Senate Judicial action of police on social media
20140314 Belgian Senate Judicial action of police on social mediaLuc Beirens
 
Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Factory: Database Security: Oxymoron?
Risk Factory: Database Security: Oxymoron? Risk Crew
 
Cyber crime
Cyber crimeCyber crime
Cyber crimesamuelrajueda
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidanceHai Nguyen
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Management Insights LLC
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimesijfcstjournal
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your businessManagement Insights LLC
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetProf. (Dr.) Tabrez Ahmad
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsth3prodevelopper
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeKumar Sujit Shaw
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
English in written
English in writtenEnglish in written
English in writtenazhar manap
 
CIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to ComputersCIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to ComputersPatty Ramsey
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Gol D Roger
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaDr. Arun Verma
 
20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shopsLuc Beirens
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 

Mais conteúdo relacionado

Mais procurados

Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidanceHai Nguyen
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Management Insights LLC
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimesijfcstjournal
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & ForensicsHarshita Ved
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securitydefquon
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsth3prodevelopper
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrTushar Rajput
 
English in written
English in writtenEnglish in written
English in writtenazhar manap
 
CIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to ComputersCIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to ComputersPatty Ramsey
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd Iaetsd
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Gol D Roger
 
E0334035040
E0334035040E0334035040
E0334035040theijes
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaDr. Arun Verma
 

Mais procurados (20)

Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
 
Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2Protect against id fraud workshop 2 of 2
Protect against id fraud workshop 2 of 2
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
An introduction to digital crimes
An introduction to digital crimesAn introduction to digital crimes
An introduction to digital crimes
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
One of 2 protect your business
One of 2 protect your businessOne of 2 protect your business
One of 2 protect your business
 
Cybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. InternetCybertort Imp Slides For Pub. Internet
Cybertort Imp Slides For Pub. Internet
 
Ce hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional securityCe hv6 module 14 denial of service TH3 professional security
Ce hv6 module 14 denial of service TH3 professional security
 
TH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accountsTH3 Professional Developper CEH hacking email accounts
TH3 Professional Developper CEH hacking email accounts
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Unit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hrUnit 3 Cyber Crimes and Torts 8 hr
Unit 3 Cyber Crimes and Torts 8 hr
 
English in written
English in writtenEnglish in written
English in written
 
CIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to ComputersCIS 110 Chapter 1 Intro to Computers
CIS 110 Chapter 1 Intro to Computers
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02Cybercrimeandforensic 120828021931-phpapp02
Cybercrimeandforensic 120828021931-phpapp02
 
E0334035040
E0334035040E0334035040
E0334035040
 
Statutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in indiaStatutory laws pertaining to cybercrimes in india
Statutory laws pertaining to cybercrimes in india
 

Semelhante a 20120329 Cybercrime threats on e-world

20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shopsLuc Beirens
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Mohammad Ahmed
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptPraveen362297
 
CYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourCYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourssuser24dae7
 
CYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesCYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesVivekanandaGN1
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptJatinRajput67
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKeshab Nath
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Name parul
Name parulName parul
Name parulParul231
 
Name parul
Name parulName parul
Name parulParul231
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarDaniel Versola
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfLucaMartins7
 

Semelhante a 20120329 Cybercrime threats on e-world (20)

20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
 
Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)Cyber crimes (By Mohammad Ahmed)
Cyber crimes (By Mohammad Ahmed)
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
cyber crime
cyber crimecyber crime
cyber crime
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.ppt
 
CYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourCYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester four
 
CYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesCYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examples
 
presentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.pptpresentation_cybercrime_1486105587_257582.ppt
presentation_cybercrime_1486105587_257582.ppt
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Name parul
Name parulName parul
Name parul
 
Name parul
Name parulName parul
Name parul
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
 

Último

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 

Último (20)

Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 

20120329 Cybercrime threats on e-world

  • 1. Cybercrime threats on e-world « What is the cybercriminal up to and how to survive cybercrime ?» Belgian Federal Judicial Police Federal Computer Crime Unit © Luc Beirens
  • 2. AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
  • 3. e-Architecture Externally hosted website Internet VPN Internal network Firewall DMZ own Backup server webserver Cloud service center SCADA End user Roaming user Process control © Luc Beirens
  • 4. General trends today  Evolution towards e-society  Replace persons by e-applications  Social networks (for private / professional – commercial use)  Very high mobility (Notebooks, smartphones, tablets, ...)  Interconnecting all systems (admin, industrial, control)  IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces  Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy  Enduser is not yet educated to act properly © Luc Beirens
  • 5. What do “criminals” want ?  Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed  Destabilaze (e-)society by causing troubles  For both goals they can / will focus on :  Your data  Your system © Luc Beirens
  • 6. AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
  • 7. Why would they choose you as their victim ?  They don’t especially target you …but  you’re connected to and visible on the Internet or the telephone network or with your WIFI  they want to use any ICT system :  to store and exchange illegal stuff … (child porn, warez,…)  as an intermedian system for illegal activity (spamming, hacking, phishing, …)  to obtain international connections … for which you pay  they just want a new computer and you have one © Luc Beirens
  • 8. Why would they choose you as their victim ?  They target you because :  of their interest in the data you store on your system  Personal identity information  Financial information (income, credit cards, …)  Business information (Customer/prospect DB, R&D info, …)  they don’t like you and want to cause damage or take you out of business  Social / economical / civil / political organisations  Terrorist organisation © Luc Beirens
  • 9. The internal risk  Fired system administator in courier company  Hard working IT in financial institution  Dancing cursor in security firm  Theft of PCs in R&D department of company  Social conflict DDOS attacks on e-commerce
  • 10.
  • 11. Recent cyber crime targetting firms  Spyware / trojan horses / remote admin  Botnet attacks  Espionage  Identity fraud (phishing – spear phishing) getting your customers identity information : CO2  Fraudulent business proposals via Internet  Buying your goods with forged cheques  False escrow payment services (thrusted third parties)  Nigerian waste recycling => your old pc’s & harddisks
  • 13.
  • 14. Phishing and money mules Victim John DOE 2 Password userid Phishing site 3 Transfert order Bank site Bank John Doe 1 Contract as “Financial manager” 4 Bank Money Mule 6 5 Money Jefke Mule
  • 15. Webserver Capacity of a server is limited by : -bandwidth connection line from the Internet to the server -transaction capacity server : number of request per minute Normal functioning of a webserver © Luc Beirens
  • 16. Webserver / node Computer Crash Hacker Internet Info Access line Cmd blocked My IP is x.y.z.z Command and Control Server Botnet attack on a webserver / node
  • 17. How do I get infected ?  The hacker sending a Trojan Horse (= container program) to the victim PC via  E-mail (spam, ...)  Peer2peer (Kazaa, bitorrent,...)  Chat (IRC, MSN, ...)  Auto infection of the victim PC by visiting websites containing infecting scripts abusing OS vulnerabilities  Auto propagation of the malware from zombies towards neighbouring PCs in network abusing OS vulnerabilities  The infection procedure often connects to update server to download new versions to the zombie
  • 18. Botnets attack capacity  Botnet that control from 2000 to more than 100.000 zombies  Each zombie sends several requests per second  Attack capacity in known cases  Sustained dataflow  10 Gbps  during days  Peak dataflow  about 40 Gbps  during hours © Luc Beirens
  • 19. Why ? Making money !  Sometimes still for fun (scriptkiddies)  Spam distribution via Zombie  Click generation on banner publicity  Dialer installation on zombie to make premium rate calls  Spyware installation  Espionage => banking details / passwords / keylogging  Ransom bot => encrypts files => money for password  Capacity for distributed denial of service attacks DDOS => disturb functioning of internet device (server/router)
  • 20. Large firm hacking using internal botnet Internet Hacker Company network © Luc Beirens
  • 21. Threats  Attacks on e-commerce (e-gov) websites  => website out of order  Attacks on network nodes  => ALL USERS (firms) out of order  Increased risk if combination with day-zero virus infections  => NO security against infections  => bigger armies of Zombies © Luc Beirens
  • 22. Latest malware developments  Stuxnet : very complex and elaborated trojan  Several replication vectors : networks / USB keys  Connects to C&C botnet server  Focused on industrial process control system  Searches for systems with this control system  Collects information on Siemens PLC systems  Changes process logic on infected machines  Duqu : spying © Luc Beirens
  • 23. You should take extra care if …  Your business / production processes depend completely or to a great extend on your ICT system => growing vulnerability => bigger impact of ICT crime => More and more services over the Internet …  Your business activity provides vital or crucial services :  Energy / Water / Telecommunications / Transportation  Financial institutions / Health institutions  If your industrial process control systems are directly or indirectly connected to the internet  Your employees / suppliers have external access to your internal network (0800 lines/Internet) © Luc Beirens
  • 24. Damage to consider ...  A house search at your home or company (early in the morning)  Your firm cut off from Internet by your ISP (because of spam distribution by a hacker using your server)  Your telecom invoice next month 200.000 € higher  Result of 5 year hightech R&D code and documentation in the hands of your competitor  Your firm out of action for some days – cost for diagnose & restarting – economical losses  Your system administrator arrested for using your server to distribute childporn  Your personal documents / pictures / e-mails distributed to anyone on the Internet © Luc Beirens
  • 25. And perhaps - as a victim – you could be held liable for …  the illegal activity on your ICT system  the damage caused to other ICT systems / your customers  not complying with the Privacy act : obligation to secure personal data efficiently  not being able to provide authorities with traffic data as a telecom service provider © Luc Beirens
  • 26. Victims of ICT crime  From multi-nationals over MSE to individuals  No assessment of value of data on ICT system => no backups  No or bad ICT security (role of management)  Bad control of the employees in key functions  Absolute lack of awareness individual users  ICT-crime mostly at night or in weekend  No or late discovery : often complaints from outside  Installation of adapted versions of operating systems on hacked computers © Luc Beirens
  • 27. AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
  • 28. Who is threating us ?  Script kiddies  Insider ICT guy in your company  Loosely organized criminals  Firmly organized criminal groups  Terrorists / hacktivists  Nation warfare troups  Undergroud economy platform for selling & buying criminal services and products
  • 29. Firmly organized criminals  We see more and more organization in the criminal activity on the internet  Focussed on financial intent  Cooperation with moneylaunderers  Different specialisations recruting persons – ICT development – handling money  Infiltration in or taking over legal businesses (development firms, operators, ...)
  • 30. Terrorist / hacktivists  No financial intent  Political / social objectives  Attack and create chaos and disaster  Destabilize economy and society  Might take their time to prepare ...  Or set up actions very quickly (social networks)
  • 31. AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
  • 32. Who investigates ICT crime ?  Prosecutors / Examining Judges  Specialised police forces (nat’l & Internat’l)  Legal expert witnesses  Specialised forensic units of consulting firms  Associations defending commercial interests  Security firms => vulnerabilities  Activist groups => publish info on « truth » © Luc Beirens
  • 33. E-Police organisation and tasks Integrated police Federal 1 Federal Computer Crime Unit Police 24 / 7 (inter)national contact National Policy Operations : Intelligence Level Internet & ePayment fraude Training Forensic ICT analysis Cybercrime 35 persons Equipment ICT Crime combating www.ecops.be hotline FCCU Network Internat internet ID requests Federal Police 25 Regionale Computer Crime Units (1 – 2 Arrondissementen) Regional level Assistance for housesearches, Investigations of ICT crime case 170 persons forensic analysis of ICT, taking (assisted by FCCU) statements, internet investigations Local Level First line police Federal Police “Freezing” the situation until the arrival of CCU or FCCU Local Police Selecting and safeguarding of digital evidence © 2012 - Luc Beirens - FCCU - Belgian Federal Police
  • 34. Our services  Help to take a complaint  Descend on the scene of crime  Make drawing of architecture of hacked system  Image backup of hacked system (if possible)  Internet investigations (Identification, location)  House searches  Taking statements of concerned parties  Forensic analysis of seized machines  Compile conclusive police report © Luc Beirens
  • 35. Investigative problems - tracking  Victims : Unfamiliar and fear for “Corporate image” => belated complaints – trashed / no more traces  Rather “unknown” world for police & justice => Delay before involvement specialised units Limited ICT investigation capacity (technical & police skills)  Multiplication and integration of services / providers / protocols / devices  Lack of harmonised international legislation & instruments  Anonymous / hacked connections – subscriptions - WIFI  Intermediate systems often cut track to purpetrator © Luc Beirens
  • 36. Investigative problems – evidence gathering  Delocalisation of evidence : the cloud ?  Exponential growth of storage capacity => time consuming :  backups & verification processes  Analysis  New legislation / jurisprudence imposes more rigorous procedures for evidence gathering in cyber space  Bad ICT-security : give proof of the source and the integrity of evidence © Luc Beirens
  • 37. Brussels, we have a problem ...  Complainer  Politie  Hello, can you help ?  OK  We are a Belgian hosting firm  A few questions to start our file …  We have a problem  Who, where, what,  Our webservers are hacked when …  & several websites of our Belgian customers have been defaced © Luc Beirens
  • 38. Who is where ? © Luc Beirens
  • 39. Who / where / what  In the USA  In Belgium  Hacked webserver  Hosting firm :  Defaced website nothing in Belgium  In the Netherlands  Customer :  Hacked server nothing in Belgium  In the UK  Hacked firm :  Hacker ? nothing in Belgium  In the Luxemburg  Hacker ? © Luc Beirens
  • 40. Conclusions ...  Competence Belgian Justice authorities ? Discussion  viewpoint Public Prosecutor General : not competent  viewpoint lawyer victim : competent  viewpoint suspect’s defence : ????  If choice was made for storage in foreign country  Why ? Cost ? Evade regulations & obligations ?  No (?) protection of Belgian Law  No (?) intervention of Law Enforcement in Belgium  Protection by law & LE in country where server is © Luc Beirens
  • 41. AGENDA  General trends  Victims and their problems  Who should you be afraid of ?  Investigators and their problems  Recommendations for potential ICT crime victims  Contact data © Luc Beirens
  • 42. Preventive Recommendations  Draw up a general ICT usage directive (normal usage)  Awareness program for management & users ICT security policy is part of the global security policy  Appoint an ICT security responsible => control on application of ICT usage & security policy  Keep critical systems separate from the Internet if possible !  Use software from a trusted source  Install recent Anti-virus and Firewall programms (laptops)  Synchronize the system clocks regularly  Activate and monitor log files on firewall, proxy, access  Make & test backups & keep them safe (generations) ! © Luc Beirens
  • 43. Recommendations for victims of ICT crime  Disconnect from the outside world  Take note of last internet activities & exact date and time  Evaluate : damage more important than restart ?  Restart most important : make full backup before restore  Damage more important : don’t touch anything  Safeguard all messages, log files in original state  Inform ASAP the Federal District Police Services and ask for assistance of the Federal or Regional CCU  Change all passwords and change all usernames  Reestablish the connection only if ALL failures found and patched © Luc Beirens
  • 44. Where to make a complaint ?  Within a police force …  Local Police service => not specialised => not the right place for ICT-crime (hacking/sabotage/espionage) => place to make complaints on Internet fraud   Federal District Police Service (FGP) => better but … Regional CCU => The right place to be for ICT crime  Federal Computer Crime Unit => 24/7 contact Risks on vital or crucial ICT systems => call urgently  Illegal content (childporn, racism, …) => www.ecops.be  … or immediately report to a magistrate ?  Local prosecutor (Procureur) => will send it to police => can decide not to prosecute  Examining Judge => complaint with deposit of a bail => obligation to investigate the case © Luc Beirens
  • 45. Contact information Belgian Federal Judicial Police Direction for economical and financial crime Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium Tel office : +32 2 743 74 74 Fax : +32 2 743 74 19 Head of Unit : luc.beirens@fccu.be Central Internet Contact Point : www.ecops.be