380 likes | 394 Views
This workshop aims to support the harmonization of ICT policies in Sub-Sahara Africa by focusing on the transposition of SADC Model Laws on Cybersecurity in Namibia. The workshop will cover topics such as cybercrime training, assessment of cybersecurity policies, legislation drafting, and capacity building.
E N D
ITU-EC HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa Workshop on Namibia National Transposition of SADC Model Laws on Cybersecurity, Lusaka, 20 August 2013 Cybercrime Training (Needs and Topics) Presenter: Prof Dr Marco Gercke
TRAINING IN THE CONTEXT OF A COMPREHENSIVE APPROACH TO FIGHT CYBERCRIME Cybercrime
INTERDEPENDENCE Assessment Nat. ICT Strategy Assessment Cybercrime Policy Somebody doing the work Asm. Institutional Capacities Assessment of Cybercrime Assessment Assessment of Legislation Asm. Cybersecurity Strategy Stakeholder Consultations Somebody doing the work Champion Consultation Coordinator with authority Media / Education Civil Liberty Groups Ministries / Government Inst. General Public Drafting PPP Strategy Drafting Policy Anti-Cybercrime Policy Drafing Legislation Drafting Int. Coop. Strategy Champion Drafting Crime Prevention S. Developing Monitoring S. Building Institutional Capacities Drafting Training for Jud./Pros./Law. Explanatory Notes Complain Center Equipment Police/Customs Material for Press Supplying Free Tools Curriculum for Schools Media Campaigns Implement. Cybercrime
COMPONENT 1: TECHNOLOGY Cybercrime
TECHNOLOGY • Training should include training on technology • Level of detail of the training on technology is depending on the target audience. While judges and prosecutors might only need an overview Cybercrime investigators will need in depth training Cybercrime
NETWORK CONCEPT 124.222.121.1 Access Provider 85.1.3.44 User Provides an IP Addressthatisrequiredto communicate. Allowsuploadanddownloadofdata Hosting Provider Wantstodownload Fromwww.xxx.com Stores datafor a contentprovider Domain Name Server Translatesdomainnames (likewww.xxx.cominto an IP Address xxx.com = 85.1.3.44 211.1.3.88 Content Provider Routers Anybodywhoproducesdata Forward therequesttotherightserver Cybercrime
PHENOMENA Cybercrime
PHENOMENA • Training should include training on phenomena of Cybercrime • Area with great dynamics • Such training could also be interesting for the press and the general public in order for them to understand how such crime is committed • The following slides contain some examples (excerpts) Cybercrime
DATA ESPIONAGE Picture removed in print version Bild zur Druckoptimierung entfernt • Valuable and secret information are often stored without adequate protection • Lack of self-protection especially with regard to small businesses and private computer users • Development of protection-plans are often inadequate (eg. change of hard-drive without deleting sensible information in advance) KEYLOGGER Cybercrime
INTRODUCTION Iran Oil Terminal Duqu Stuxnet Flame 09 10 11 12 Cyberwarfare
GROOMING Picture removed in print version Bild zur Druckoptimierung entfernt • The ultimate aim of the offender is often to meet and sexually abuse the child – which requires the presence of the offender at the location of the child ADULT: CHILD: ADULT: CHILD: ADULT: CHILD: ‘Shortly described you have THREE options to earn money through us: 1-Images (you can earn between 50-200 for each series, i.e. 16 images) 2-Web shows [...] it sounds ok, but I think I start with the images... send a couple of images of yourself so I can get a better understanding of how you look ...because then we can start with the fun: namely to discuss prices ;) [Child sending over images] more .. any in full figure? more? [Child sending over images] GROOMING CHAT Cybercrime
DEVELOPMENT Cybercrime
PHENOMENA • Training should include training the development of Cybercrime • Computer crime and Cybercrime is known for more than 50 years • A lot of important things can be learned by studying the past developments Cybercrime
196oth Picture removed in print version Bild zur Druckoptimierung entfernt • Introduction of transistor based computer systems lead to an increasing use of computers • Offences at this time were focusing on the physical damage of computer systems and data • Example: Student riot cause a fire that destroyed computer systems at a university in Canada Source: Wikipedia with ref. to US Gov. Cybercrime
COMPUTER ATTACK / BOTNET Hacking attack against airport control system Attacks against computer systems in Georgia during armed conflict Growing number of users of the Internet goes along with a growing number of hacking attacks Attacks against computer systems in Estonia during political conflicts Largest botnets: 100.000 bots Largest botnets: 12.000.000 bots 97 00 03 98 99 01 02 06 04 05 07 08 09 10 11 Legal Response Phenomena Cybercrime
EXTENT OF CRIME Cybercrime
UNCERTAINTY REGARDING EXTENT Picture removed in print version Bild zur Druckoptimierung entfernt • Lack of reporting leads to uncertainty with regard to the extent of crime • This is especially relevant with regard to the involvement of organized crime • Available information from the crime statistics therefore not necessary reflect the real extent of crime The United States Federal Bureau of Investigation has requested companies not to keep quiet about phishing attacks and attacks on company IT systems, but to inform authorities, so that they can be better informed about criminal activities on the Internet. "It is a problem for us that some companies are clearly more worried about bad publicity than they are about the consequences of a successful hacker attack," explained Mark Mershon, acting head of the FBI's New York office. HEIISE NEWS 27.10.2007 Cybercrime
LATEST TRENDS Cybercrime
LATEST TRENDS • The training should include training in relation to latest trends • A regular update on the latest developments will not only be important for investigators but also the general public • Example: Liberty Reserve (Money Laundering), AP Twitter Account Hack and stock market manipulation Cybercrime
TRAINING FOR JUDGES Cybercrime
TRAINING FOR JUDGES • Training for judges may include an overview about technology and investigation techniques • The focus will most likely be on substantive criminal law • Training may also include components on electronic evidence Cybercrime
DEFAMATION AND LIBEL Picture removed in print version Bild zur Druckoptimierung entfernt • Internet enables possibilities to anonymously post information on websites • This enables the offender to publish defamatory content and make it much more difficult for investigators to identify the offender 365 Criminal defamation (1) Any person who, without lawful excuse, publishes matter defamatory of another living person (the relevant person)— (a) knowing the matter to be false or without having regard to whether the matter is true or false; and (b) intending to cause serious harm to the relevant person or any other person or without having regard to whether serious harm to the relevant person or any other person is caused; commits a misdemeanour. Maximum penalty—3 years imprisonment. SEC 265 CC OF QUEENSLAND CYBERCRIME
ELECTRONIC EVIDENCE • Emerging relevance of digital evidence influences the procedures in court • Influence is not limited to the fact that courts need to deal with digital evidence • Even the design of courtrooms is influenced Cybercrime
TRAINING FOR CYBERCRIME INVESTIGATORS Cybercrime
TRAINING FOR INVESTIGATORS • Cybercrime investigators may require a very intensive training due to the complexity of the subject matter • This especially includes technology and investigation techniques • Training should include practical elements and simulations Cybercrime
IMPORTANCE OF UPDATES Picture removed in print version Bild zur Druckoptimierung entfernt • Constant training is necessary as technology is changing • Experts working in this field need to be aware about the consequences of the latest technical trends for investigations • Example: Advice to unplug cord from computer can lead to an encryption of the hard drive if the suspect activated whole disc encryption US FIRST RESPONDER GUIDE 3RD ED. Cybercrime
IMPORTANCE OF UPDATES Picture removed in print version Bild zur Druckoptimierung entfernt • If the suspect is using encryption technology disconnecting the computer system from electricity could hinder access to evidence • Live forensics may be required • In addition to technical capacities to undertake live forensics (e.g. software, hardware) there might be a need for a solid legal foundation as live forensics might interfere with the integrity of evidence US FIRST RESPONDER GUIDE 3RD ED. Cybercrime
TRAINING FOR POLICE Cybercrime
GENERNAL TRAINING FOR POLICE • In addition to the special training for Cybercrime investigators a general training for the police should be organized • Background: Electronic evidence is becoming more and more relevant not only in Cybercrime cases but also when it comes to traditional crimes (such as murder cases) Cybercrime
TRAINING FOR LEGAL DRAFTERS Cybercrime
LEGAL DRAFTERS • In order to finalize the draft Bills and implement them into the national legislation legal drafters might require additional training • This will especially help them to understand differences between the SADC model law and some international standards • Some differences are a result of correcting mistakes in older international standards (see next slide) Cybercrime
EXAMPLE: CHILD PORNOGRAPHY Picture removed in print version Bild zur Druckoptimierung entfernt Picture removed in print version Bild zur Druckoptimierung entfernt • As cooperation requires legislation gaps can have significant impact • In the early discussion about legal response to an online distribution of child pornography the drafter of regulations focused on digital images • Today not only images and videos but also audio recordings of the sexual abuse of children are distributed online • Older approaches often use language (such as “visually” or “image”) that excludes such material 2. For the purpose of paragraph 1 above, the term “child pornography” shall include pornographic material that visually depicts: a. a minor engaged in sexually explicit conduct; b. a person appearing to be a minor engaged in sexually explicit conduct; c. realistic images representing a minor engaged in sexually explicit conduct. Convention on Cybercrime EU Directive Child Pornography 2011 (c) ‘child pornography’ means: (i) any material that visually depicts a child engaged in real or simulated sexually explicit conduct; Cybercrime
EXAMPLE: CHILD PORNOGRAPHY Picture removed in printversion Bild zur Druckoptimierung entfernt Picture removed in printversion Bild zur Druckoptimierung entfernt • As cooperation requires legislation gaps can have significant impact • In the early discussion about legal response to an online distribution of child pornography the drafter of regulations focused on digital images • Today not only images and videos but also audio recordings of the sexual abuse of children are distributed online • Older approaches often use language (such as “visually” or “image”) that excludes such material IOL News 2011 US Training Manual Cybercrime
EXAMPLE: CHILD PORNOGRAPHY Picture removed in print version Bild zur Druckoptimierung entfernt • SADC Model Law consequently avoids the term “visually” • In addition the definition of the model legislative text contains a clarification that audio material is included (8) Child pornography means pornographic material that depicts presents or represents: (a) a child engaged in sexually explicit conduct; (b) a person appearing to be a child engaged in sexually explicit conduct; or (c) images representing a child engaged in sexually explicit conduct; this includes, but is not limited to, any audio, visual or text pornographic material. SADC MODEL LAW Cybercrime
GENERAL PUBLIC Cybercrime
GENERAL PUBLIC • As part of a crime prevention strategy general training could be organized for the general public • Such training could include an overview about how crimes are committed and how to prevent becoming victim of such crime • This may include a special training for schools and universities Cybercrime
Understanding CybercrimeITU Cybercrime
Thank you for your attention!INTERNATIONAL TELECOMMUNICATION UNION