1 / 38

ITU-EC HIPSSA Project

This workshop aims to support the harmonization of ICT policies in Sub-Sahara Africa by focusing on the transposition of SADC Model Laws on Cybersecurity in Namibia. The workshop will cover topics such as cybercrime training, assessment of cybersecurity policies, legislation drafting, and capacity building.

farish
Download Presentation

ITU-EC HIPSSA Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU-EC HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa Workshop on Namibia National Transposition of SADC Model Laws on Cybersecurity, Lusaka, 20 August 2013 Cybercrime Training (Needs and Topics) Presenter: Prof Dr Marco Gercke

  2. TRAINING IN THE CONTEXT OF A COMPREHENSIVE APPROACH TO FIGHT CYBERCRIME Cybercrime

  3. INTERDEPENDENCE Assessment Nat. ICT Strategy Assessment Cybercrime Policy Somebody doing the work Asm. Institutional Capacities Assessment of Cybercrime Assessment Assessment of Legislation Asm. Cybersecurity Strategy Stakeholder Consultations Somebody doing the work Champion Consultation Coordinator with authority Media / Education Civil Liberty Groups Ministries / Government Inst. General Public Drafting PPP Strategy Drafting Policy Anti-Cybercrime Policy Drafing Legislation Drafting Int. Coop. Strategy Champion Drafting Crime Prevention S. Developing Monitoring S. Building Institutional Capacities Drafting Training for Jud./Pros./Law. Explanatory Notes Complain Center Equipment Police/Customs Material for Press Supplying Free Tools Curriculum for Schools Media Campaigns Implement. Cybercrime

  4. COMPONENT 1: TECHNOLOGY Cybercrime

  5. TECHNOLOGY • Training should include training on technology • Level of detail of the training on technology is depending on the target audience. While judges and prosecutors might only need an overview Cybercrime investigators will need in depth training Cybercrime

  6. NETWORK CONCEPT 124.222.121.1 Access Provider 85.1.3.44 User Provides an IP Addressthatisrequiredto communicate. Allowsuploadanddownloadofdata Hosting Provider Wantstodownload Fromwww.xxx.com Stores datafor a contentprovider Domain Name Server Translatesdomainnames (likewww.xxx.cominto an IP Address xxx.com = 85.1.3.44 211.1.3.88 Content Provider Routers Anybodywhoproducesdata Forward therequesttotherightserver Cybercrime

  7. PHENOMENA Cybercrime

  8. PHENOMENA • Training should include training on phenomena of Cybercrime • Area with great dynamics • Such training could also be interesting for the press and the general public in order for them to understand how such crime is committed • The following slides contain some examples (excerpts) Cybercrime

  9. DATA ESPIONAGE Picture removed in print version Bild zur Druckoptimierung entfernt • Valuable and secret information are often stored without adequate protection • Lack of self-protection especially with regard to small businesses and private computer users • Development of protection-plans are often inadequate (eg. change of hard-drive without deleting sensible information in advance) KEYLOGGER Cybercrime

  10. INTRODUCTION Iran Oil Terminal Duqu Stuxnet Flame 09 10 11 12 Cyberwarfare

  11. GROOMING Picture removed in print version Bild zur Druckoptimierung entfernt • The ultimate aim of the offender is often to meet and sexually abuse the child – which requires the presence of the offender at the location of the child ADULT: CHILD: ADULT: CHILD: ADULT: CHILD: ‘Shortly described you have THREE options to earn money through us: 1-Images (you can earn between 50-200 for each series, i.e. 16 images) 2-Web shows [...] it sounds ok, but I think I start with the images... send a couple of images of yourself so I can get a better understanding of how you look ...because then we can start with the fun: namely to discuss prices ;) [Child sending over images] more .. any in full figure? more? [Child sending over images] GROOMING CHAT Cybercrime

  12. DEVELOPMENT Cybercrime

  13. PHENOMENA • Training should include training the development of Cybercrime • Computer crime and Cybercrime is known for more than 50 years • A lot of important things can be learned by studying the past developments Cybercrime

  14. 196oth Picture removed in print version Bild zur Druckoptimierung entfernt • Introduction of transistor based computer systems lead to an increasing use of computers • Offences at this time were focusing on the physical damage of computer systems and data • Example: Student riot cause a fire that destroyed computer systems at a university in Canada Source: Wikipedia with ref. to US Gov. Cybercrime

  15. COMPUTER ATTACK / BOTNET Hacking attack against airport control system Attacks against computer systems in Georgia during armed conflict Growing number of users of the Internet goes along with a growing number of hacking attacks Attacks against computer systems in Estonia during political conflicts Largest botnets: 100.000 bots Largest botnets: 12.000.000 bots 97 00 03 98 99 01 02 06 04 05 07 08 09 10 11 Legal Response Phenomena Cybercrime

  16. EXTENT OF CRIME Cybercrime

  17. UNCERTAINTY REGARDING EXTENT Picture removed in print version Bild zur Druckoptimierung entfernt • Lack of reporting leads to uncertainty with regard to the extent of crime • This is especially relevant with regard to the involvement of organized crime • Available information from the crime statistics therefore not necessary reflect the real extent of crime The United States Federal Bureau of Investigation has requested companies not to keep quiet about phishing attacks and attacks on company IT systems, but to inform authorities, so that they can be better informed about criminal activities on the Internet. "It is a problem for us that some companies are clearly more worried about bad publicity than they are about the consequences of a successful hacker attack," explained Mark Mershon, acting head of the FBI's New York office. HEIISE NEWS 27.10.2007 Cybercrime

  18. LATEST TRENDS Cybercrime

  19. LATEST TRENDS • The training should include training in relation to latest trends • A regular update on the latest developments will not only be important for investigators but also the general public • Example: Liberty Reserve (Money Laundering), AP Twitter Account Hack and stock market manipulation Cybercrime

  20. TRAINING FOR JUDGES Cybercrime

  21. TRAINING FOR JUDGES • Training for judges may include an overview about technology and investigation techniques • The focus will most likely be on substantive criminal law • Training may also include components on electronic evidence Cybercrime

  22. DEFAMATION AND LIBEL Picture removed in print version Bild zur Druckoptimierung entfernt • Internet enables possibilities to anonymously post information on websites • This enables the offender to publish defamatory content and make it much more difficult for investigators to identify the offender 365 Criminal defamation (1) Any person who, without lawful excuse, publishes matter defamatory of another living person (the relevant person)— (a) knowing the matter to be false or without having regard to whether the matter is true or false; and (b) intending to cause serious harm to the relevant person or any other person or without having regard to whether serious harm to the relevant person or any other person is caused; commits a misdemeanour. Maximum penalty—3 years imprisonment. SEC 265 CC OF QUEENSLAND CYBERCRIME

  23. ELECTRONIC EVIDENCE • Emerging relevance of digital evidence influences the procedures in court • Influence is not limited to the fact that courts need to deal with digital evidence • Even the design of courtrooms is influenced Cybercrime

  24. TRAINING FOR CYBERCRIME INVESTIGATORS Cybercrime

  25. TRAINING FOR INVESTIGATORS • Cybercrime investigators may require a very intensive training due to the complexity of the subject matter • This especially includes technology and investigation techniques • Training should include practical elements and simulations Cybercrime

  26. IMPORTANCE OF UPDATES Picture removed in print version Bild zur Druckoptimierung entfernt • Constant training is necessary as technology is changing • Experts working in this field need to be aware about the consequences of the latest technical trends for investigations • Example: Advice to unplug cord from computer can lead to an encryption of the hard drive if the suspect activated whole disc encryption US FIRST RESPONDER GUIDE 3RD ED. Cybercrime

  27. IMPORTANCE OF UPDATES Picture removed in print version Bild zur Druckoptimierung entfernt • If the suspect is using encryption technology disconnecting the computer system from electricity could hinder access to evidence • Live forensics may be required • In addition to technical capacities to undertake live forensics (e.g. software, hardware) there might be a need for a solid legal foundation as live forensics might interfere with the integrity of evidence US FIRST RESPONDER GUIDE 3RD ED. Cybercrime

  28. TRAINING FOR POLICE Cybercrime

  29. GENERNAL TRAINING FOR POLICE • In addition to the special training for Cybercrime investigators a general training for the police should be organized • Background: Electronic evidence is becoming more and more relevant not only in Cybercrime cases but also when it comes to traditional crimes (such as murder cases) Cybercrime

  30. TRAINING FOR LEGAL DRAFTERS Cybercrime

  31. LEGAL DRAFTERS • In order to finalize the draft Bills and implement them into the national legislation legal drafters might require additional training • This will especially help them to understand differences between the SADC model law and some international standards • Some differences are a result of correcting mistakes in older international standards (see next slide) Cybercrime

  32. EXAMPLE: CHILD PORNOGRAPHY Picture removed in print version Bild zur Druckoptimierung entfernt Picture removed in print version Bild zur Druckoptimierung entfernt • As cooperation requires legislation gaps can have significant impact • In the early discussion about legal response to an online distribution of child pornography the drafter of regulations focused on digital images • Today not only images and videos but also audio recordings of the sexual abuse of children are distributed online • Older approaches often use language (such as “visually” or “image”) that excludes such material 2. For the purpose of paragraph 1 above, the term “child pornography” shall include pornographic material that visually depicts: a. a minor engaged in sexually explicit conduct; b. a person appearing to be a minor engaged in sexually explicit conduct; c. realistic images representing a minor engaged in sexually explicit conduct. Convention on Cybercrime EU Directive Child Pornography 2011 (c) ‘child pornography’ means: (i) any material that visually depicts a child engaged in real or simulated sexually explicit conduct; Cybercrime

  33. EXAMPLE: CHILD PORNOGRAPHY Picture removed in printversion Bild zur Druckoptimierung entfernt Picture removed in printversion Bild zur Druckoptimierung entfernt • As cooperation requires legislation gaps can have significant impact • In the early discussion about legal response to an online distribution of child pornography the drafter of regulations focused on digital images • Today not only images and videos but also audio recordings of the sexual abuse of children are distributed online • Older approaches often use language (such as “visually” or “image”) that excludes such material IOL News 2011 US Training Manual Cybercrime

  34. EXAMPLE: CHILD PORNOGRAPHY Picture removed in print version Bild zur Druckoptimierung entfernt • SADC Model Law consequently avoids the term “visually” • In addition the definition of the model legislative text contains a clarification that audio material is included (8) Child pornography means pornographic material that depicts presents or represents: (a)  a child engaged in sexually explicit conduct; (b)  a person appearing to be a child engaged in sexually explicit conduct; or (c)  images representing a child engaged in sexually explicit conduct; this includes, but is not limited to, any audio, visual or text pornographic material. SADC MODEL LAW Cybercrime

  35. GENERAL PUBLIC Cybercrime

  36. GENERAL PUBLIC • As part of a crime prevention strategy general training could be organized for the general public • Such training could include an overview about how crimes are committed and how to prevent becoming victim of such crime • This may include a special training for schools and universities Cybercrime

  37. Understanding CybercrimeITU Cybercrime

  38. Thank you for your attention!INTERNATIONAL TELECOMMUNICATION UNION

More Related