1 / 47

Internet Vulnerabilities & Criminal Activity

Understand the methodologies and types of profiling in cyber crime investigations. Explore twelve distinct cyber criminal profiles and the legal aspects of search and seizure.

harnold
Download Presentation

Internet Vulnerabilities & Criminal Activity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Vulnerabilities & Criminal Activity Investigation & Prosecution 12.2 December 5, 2011

  2. Profiling “Differentiate behavior patterns in order to narrow the range of suspects in a given crime.”

  3. Three Basic Components of a Crime • Motive - What made the offender act • Opportunity - Why did the offender chose a particular victim • Means - What are the details of how the crime was committed

  4. Profiling Aim • Identify personal & behavioral characteristics of unknown perpetrator • Examine actions taken before, during, and after crime • Isolate identifiable behaviors of actions of how a physical or psychological need is fulfilled

  5. Two Types of Profiling • Inductive • Current perpetrator share characteristics with those who have previously committed same type of crime • Deductive • Explicit conclusions drawn from actual evidence

  6. Five Stages of Cyber Criminal Profiling • Evidence gathering • Collection of forensic evidence • Behavioral analysis • Derive a meaningful set of characteristic behaviors from facts of the crime • Victimology • Victim profile tell a lot about type of perpetrator • Well-known signatures associated with different types of crimes

  7. Five Stages of Cyber Criminal Profiling cont. • Crime pattern analysis • “what and how” • Working hypothesis about the execution of the crime • Profile development • Deductive reasoning from facts of crime • Generalized inductive typologies

  8. Twelve Cyber Criminal Profiles • Kiddies • Technologically inept • Intent to trespass • Motivation - ego • Maybe any age, but are outsiders • New to crime • Cyberpunk hackers • Counterculture member • Ego-driven, motivated by exposure • Crimes: trespass, invasion • Theft & sabotage against legitimate targets • Responsible for viruses & DOS attacks • Young, technologically proficient, outsider

  9. Twelve Cyber Criminal Profiles cont. • Old-time hackers • Most technologically proficient • Improve art by trespassing • Web site defacement • Middle aged or older, long history • Code warriors • Driven by monetary gain • Theft or sabotage • Crime built around code exploits • Technologically superior, long hacking history • 30 - 50 age range, degree in technology, unemployed • Socially inept, show signs of social deviance

  10. Twelve Cyber Criminal Profiles cont. • Cyberthieves • Motivated by monetary gain • Surreptitious network attacks, sniffing, spoofing • Use simple tools rather than targeted code • Social engineers, running classic con games • Younger than code warriors • Organizational insiders, maybe outsiders • Cyberhucksters • Spammers, malware purveyors • Motivation monetary gain • Social engineers, older business types • Known to local law enforcement

  11. Twelve Cyber Criminal Profiles cont. • Unhappy Insiders • Most dangerous profile • Motivated by revenge, monetary gain • Uses extortion, exposure of secrets, theft, sabotage • Logic bombs, malicious acts • Any age or employment level • Unhappy with organization • Ex-Insiders • Motivation extortion, revenge, sabotage, disinformation • Make use of insider information to harm company from the outside • Any age or employment level

  12. Twelve Cyber Criminal Profiles cont. • Cyberstalker • Motivation - ego & deviance • Invasion of privacy to learn something to satisfy personal need • Use key loggers & sniffers • Invasion driven by psychological needs • Identification of need like a fingerprint • Con Man • Motivation - monetary gain • Theft, illicit commercialization • Con games, phishing, Nigerian 419’s • Attacks untargeted & anonymous

  13. Twelve Cyber Criminal Profiles cont. • Mafia soldier • Organized crime member • Purposeful, highly organized • Motivation - monetary gain • Theft, extortion, blackmail • Always work in highly organized group • Warfighter • Not a criminal when on your side • Motivated by Infowar • Help friends, harm enemy • Technologically superior, dangerous • Any age, highly organized, best & brightest

  14. Search & Seizure Legal procedure whereby police or other authorities and their agents, who suspect that a crime has been committed, do a search of a person's property and confiscate any relevant evidence to the crime.

  15. The Fourth Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized

  16. Parts of the Fourth Amendment • Three protections/limitations • Substantial justification to search • Search cannot extend beyond justification • No blanket warrants • First clause - “reasonableness clause” • Unreasonable searches and seizures are forbidden • Second clause - “warrant clause” • Limits on search & arrest warrants • Probable cause • Define location of search • Define who or what is to be seized

  17. Reasonable Expectation of Privacy • No violation to the Fourth Amendment if: • Government’s conduct does not violate a person’s “reasonable expectation of privacy” • Established exception to the warrant requirement

  18. Warrant Exceptions Search that violates reasonable privacy may be conducted if they fall within established exceptions • Consent • Exigent circumstances • Plain view • Incident to a lawful arrest • Inventory searches • Border searches • Workplace searches

  19. No Reasonable Expectation of Privacy • Items that appear on the screen/obtained through shoulder surfing • Contents has been made openly available • P2P • E-mail • Stolen computer • Control of computer relinquished to a 3rd party • Electronic storage - statutory coverage

  20. Probable Cause • Must reasonably establish: • A crime has been committed • Evidence of the crime exists • Evidence presently exists in place to be searched • Location to be searched must be described • Evidence of specific crime must be named

  21. Evidence Issues & Internet Crime • Right to search a computer • Proving venue • Criminal intent

  22. Rules of Evidence • Purpose • To secure a defendant’s constitutional right to a fair trial • Evolved from decisional law • Decisions codified • Federal Rules of Evidence • Most influential codification • Criminal & civil

  23. Search Warrant Problems • Computers - file cabinet / repository • Innocent, personal materials • Evidence of crime • Must protect privacy while seeking evidence • Must describe that which is sought • Scope should not be overly broad

  24. Exceeding Scope • Can only search for evidence of crime described in warrant • If evidence of another crime is discovered, another warrant is needed • Child pornography found during a search for credit card fraud crime

  25. Plain View • Lawful position to view object • Objects incriminating character is immediately apparent • Lawful right to access the object

  26. Third Person Consent • Agree to a search without a warrant • Two criteria for third party consent to be effective • Third party must have authority to consent • Third party’s consent must be voluntary

  27. Evidence Establishing Venue • Crime must be committed in venue of the court • How to determine where a network crime was committed • Venue may be where agent connected to Internet & viewed defendant’s behavior • Multidistrict offenses “may be ... prosecuted in any district in which such offense was begun, continued, or completed.” • http://www.cybercrime.gov/ccmanual/ccmanual.pdf

  28. Proving Criminal Intent • Must prove defendant had criminal intent - mensrea • Four categories of mensrea • Intentionally • Knowingly • Recklessness / willful blindness • Criminal negligence

  29. Federal Statutes Assist law enforcement in obtaining & seizing evidence of a digital crime

  30. Federal Statutes • Do not necessarily deal just with digital crime • Pen/Trap Statute 18 U.S.C. §3121-27 • Wiretap Statute (Title III) 18 U.S.C. §2510-22 • Electronic Communications Privacy Act (ECPA) 18 U.S.C. §2701-11 • USA Patriot Act

  31. Pen/Trap Statute 18 U.S.C. §3121-27 • Regulates collection of address information from wire communications • Pen Register • Records outgoing phone numbers • Trap & Trace • Records incoming phone numbers • Includes computer network communications (IP numbers)

  32. Pen/Trap Statute 18 U.S.C. §3121-27 • To obtain a court order • Identify self • Identify agency conducting the investigation • Certify belief information to be obtained is relevant to investigation • Authorization for 60 days • May request extension for additional 60 day period

  33. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • Regulates collection of communication content • Real-time electronic communications • Third party cannot intercept private communications unless statutory exception applies

  34. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • Interception pursuant to a Title II court order • May intercept communication with a court order • Interception for up to 30 days • More stringent requirement than for search warrant

  35. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • The consent exception • Law enforcement obtains prior consent from one party • Some states require both parties’ consent

  36. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • The provider exception • Employees/agents of communication provider may intercept communication to protect providers’ rights/property • Network administrator can monitor hacker’s activity • Privilege to provider alone

  37. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • Computer trespasser exception • Victim of attack may authorize law enforcement to intercept communications of trespasser • Interceptor must be investigated trespass • Must believe the intercepted communication will aid investigation • Applies only to trespasser’s communications

  38. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • The extension telephone exception • Monitoring of call from an extension phone • Originally, monitoring employee-customer call • Includes calls to and from police stations

  39. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • The inadvertently obtained criminal evidence exception • Provider unintentionally overhears something related to a crime • Information can be released to law enforcement

  40. Wiretap Statute (Title III) 18 U.S.C. §2510-22 • The accessible to the public exception • Interception of unscrambled/encrypted information broadcast over public frequency • Public computer forums/chat rooms • Not a violation of wiretap statute

  41. Electronic Communications Privacy Act • Regulates how government can obtained stored electronic communications from a service provider • Creates statutory privacy rights for customers for stored communications • Affirms higher level of protection for communications in transit

  42. Electronic Communications Privacy Act • Protects wire, oral, and electronic communications while in transit • Sets down requirements for search warrants • Protects communication held in electronic storage • Prohibits the use of pen register and/or trap and trace in the process of transmitting wire or electronic communications without a search warrant

  43. Electronic Communications Privacy Act • Three categories of information - each requires greater showing of cause • Basic subscriber information • Name • Address • Local & long distance phone billing records • Telephone/other ID numbers • Length & type of service

  44. Electronic Communications Privacy Act • Records or logs pertaining to subscriber • Contents of relative log files • All basic subscriber info • Cell site data for call made • Destination of outgoing e-mails • Any other non-content records • Contents of communications

  45. Electronic Communications Privacy Act • Five instruments may be required to obtain information • Subpoena • Basic subscriber information • Subpoena with notice • Opened e-mail stored over 180 days • Court order • Log files • All other relevant records of communications, but not the contents

  46. Electronic Communications Privacy Act • Court Order with notice • All unopened e-mail or voicemail stored for 180 days or less • Search Warrant • All information in an account • No required notice to customer • Nonpublic providers not bound by ECPA

  47. US Patriot Act • Seize of voicemail messages over 180 days old with order • Seize voicemail messages less than 180 days old with search warrant • Expands basic subscriber information • Emergency disclosure of providers to protect life & limb or regarding terrorism • Delay of required notice of search warrant if notice may have adverse results • Makes warrants & pen/trace orders national

More Related