360 likes | 452 Views
Pains & Prizes Pride & Prejudice of Collaboration. @God’s Own Country in the year 2014. C0c0n 2014 23 August 2014 Dinesh O Bareja. Enhancing collaboration to counter cybercrime in the world of virtual realities and Social media. Disclaimer.
E N D
Pains & Prizes Pride & Prejudice of Collaboration @God’s Own Country in the year 2014 C0c0n 2014 23 August 2014 Dinesh O Bareja
Enhancing collaboration to counter cybercrime in the world of virtual realities and Social media
Disclaimer.. Problems, issues, solutions are indicative and not finite The reason is that if one gets down to brass tacks, the list can go on and on…
Internet Clichés The world is a global village Level playing field (was said about business but also applies to criminals and cops) Non-existent Borders or Jurisdiction Anonymity
A little more of general stuff…. There’s more to cybercrime under the hood
Unfortunate Truisms of Kal-YugAaj-Yug Cybercrime is BIG business and is highly profitable Whether it is ethical or unethical EYE OPENERS The Bottomline, Topline, Middle line Or … any line… is..
Yes… cybercrime can beEthical or Unethical If it is ethical it (may) mean it is legal then how can we call it a crime
Legal Crimes The IT Act requires a body corporate to have “reasonable security” in place By law an ISO certification will suffice which I buy in the open market Government or private organizations do not disclose the extent of damage in event of a cybercrime – collusion ? Abetment ? Shame ?
Legal Crimes Complaints are dropped once an informal investigation is done – usually the complainant does not want to proceed Will we let go of a person who has attacked another with a gun or knife
Legal Crimes Body corporate has to have “reasonable” security in place! ISO Certification is available for sale off the shelf Organizations authorize hackers to exploit their systems. Will someone ‘authorize’ a bomb explosion too
Legal Crimes Companies and Government bodies do not disclose when they have been hacked – can they desist if money has been stolen thus hiding a crime LEA usually drops investigation on the request of the complainant!
Yes It is a different worldIt has changed It is still changing (exponentially) Are we keeping pace?No!!
Cybercrime is not a cause for concern because it is growing exponentially But… because it can be the cause of frustration, anger and other stress disorders in the LEA EYE OPENERS
Excluded from this talk And we do not want to talk about capacity, capability and such challenges as this is not within the scope of this talk / topic / panel
What is needed Breakaway from conventional thinking Move at speed Empower team members Accept reality / need of transparency…
& How can we do this… Adopt the open source philosophy to give unconditionally – your goodwill will always come around to you COLLABORATE SHARE Make your expertise, information, intelligence, resources, tools available across the country and taste Glory! BENEFIT & SUCCEED Reap the benefit of the information and expertise received through the sharing mechanism
Enhancing collaboration to counter cybercrime in the world of virtual realities and Social media
Inability to continue investigation due to non-availability of cross-border information Lack of knowledge of modus operandi for a crime which may have happened elsewhereMLAT works at the speed of carrier pigeons Pain
Global Pain Too many stakeholders The process is convoluted, long and frustrating Trained manpower, access to technology, budget constraintsTone-at-the-top
The normal lifecycle of a cybercrime investigation • Crime Perpetrated • Starts Investigation • Discovers IP Address • Obtains Evidence • Stop Investigation • There’s hope • File Papers • Go Home • Identifies Modus Operandi • Report Lodged Domestic International This is illustrative and does not purport to be the actual / complete lifecycle
Collaborative Relationships Directory of primary ‘intermediary’ organizations Relationships with International LEA, CERT, Intelligence, Home, Judiciary A central agency which will act as a clearing house (e.g. CyberDome) Sharing…. - Advisories - Crime Information - Cybercriminal Profiles - Modus Operandi - Technology advances Partnership Framework
International Anti-Cybercrime Exchange Information is provided back to the national agency which will update the domestic system and investigation can come to close Also facilitate collaborative investigations, arrests or actions A central agency which will act as a clearing house and contribute information and intelligence to the Exchange
Single window communicationCredibility established at both endsJudicial acceptabilityQuick resolutionno more Pain! PRIZE
The Collaboration Case Charity begins at home Cyber Dome can bring all states on one platform and establish an international example Central Information Request Agency at national level for communication
Why should I share my information or techniqueThis is my idea or innovationThe medal is mineThis was to have been my moment of glory PRIDE & PREJUDICE
At Present.. Who is working in the domain of international anti-cybercrime At the forefront… Microsoft, Facebook, Google and other technology majors
The problem Cross Border Crimes Non availability of information No proactive policing (pre-cog) Differing protocols and laws Multiple LEAs Corporate challenges of ISP EYE OPENERS
The Dangers Ahead Internet of Things Mobile technology Dis-satisfied young geeks Easy availability of mal-tools Easy availability of targets Continued practice of LEA transfers Keeping your head in the sand My daddy strongest attitude
A sucker will keep being born every minute & fools will continue to be easily parted with their money Both add to the burden of LEA through their participation in scams and crimes as primary victims! A final EYE OPENER
Dinesh O Bareja Lving Information Security • Contact Information: • E: dinesh@opensecurityalliance.org • T: +91.9769890505 • T: @bizsprite • F: dineshobareja • L: http://in.linkedin.com/in/dineshbareja