1 / 15

Cyber Crime & Cyber Terrorism

Cyber Crime & Cyber Terrorism. Dr Richard Overill Department of Informatics King’s College London richard.overill@kcl.ac.uk www.inf.kcl.ac.uk/staff/richard/. Terminology. Cyber prefix – involving the Internet or other wide area digital networks and networked systems.

kateb
Download Presentation

Cyber Crime & Cyber Terrorism

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Crime & Cyber Terrorism Dr Richard Overill Department of Informatics King’s College London richard.overill@kcl.ac.uk www.inf.kcl.ac.uk/staff/richard/

  2. Terminology Cyber prefix – involving the Internet or other wide area digital networks and networked systems. Cyber Crime – aims to make money, often using conventional scams transferred to cyber domain (e.g. financial fraud, extortion) Cyber Terrorism – aims to create public panic, usually in conjunction with conventional terrorism (e.g. a bomb blast, in conjunction with CCTV & mobile phone network outages)

  3. Characteristics of Cyber Crime • Technologically driven: • digital economy is critically dependent on databases, websites and networks • e-commerce; e-business; e-banking; • critical national infrastructure (CNI) • Cost: • estimated at £2.2bn − £27bn pa in the UK • estimated at £1.8bn − £21bn pa to UK business • estimated at £33bn − £643bn pa worldwide • ‘guesstimates’ since around 85% goes unreported • Frequency: • businesses are being targeted by cyber malware attacks once every three minutes on average

  4. “The Perfect Crime”? • Crime Scene Investigators (CSIs) gather physical or biological evidence at the crime scene • This relies on Locard’s principle (1910): • “every contact leaves a trace”, because it leads to a physical exchange of material • But in the case of a computer attached to the Internet, what bounds the crime scene? And what if any digital traces will be recoverable? Digital forensics (MPS DEFS, FSA DEU)

  5. FSA Digital Evidence Unit • Six sentenced for insider dealing (27 Jul.12) • “The defendants were convicted of making a combined profit of £732,044.59 on trading between 1 May 2006 and 31 May 2008.  It was a sophisticated and complex attempt to deal on inside information over a long period” • The investigation took the team 3 years’ work • http://www.fsa.gov.uk/library/communication/pr/2012/080.shtml

  6. Occupations & Motivations • unemployed individual: technical challenge / information discovery (e.g. Gary Mckinnon); • commercial / financial organisation: financial gain via commercial espionage / IP exfiltration (e.g. PLA 61398 based in Shanghai) or financial fraud (e.g. a ‘planted’ / ’turned’ / greedy employee) • ‘for hire’ (cyber-mercenary): money laundering for Serious & Transnational Organised Crime; • ‘political’ (cyber-terrorist): supporting a sub-state group’s terrorist aims; • ‘hacktivist’ (e.g. Anonymous, LulzSec, TeaMP0isoN) for the ‘lulz’ or in support of a movement)

  7. Types of Cyber Crime • Forgery (‘making a false instrument’) • Fraud (‘criminal deception’) • Embezzlement (financial) • Commercial espionage (intellectual property loss) • Digital Rights piracy (peer-to-peer networks) • Blackmail / Extortion • Theft (only of laptops, tablets, PDAs, mobiles, etc.) • Misuse / Abuse (incl. sabotage, subversion & DoS)

  8. Computer & Network Attacks Four basic ‘external’ types: • active penetration by hackers or ‘malware’ (viruses, worms, Trojan horses, etc.) • cognitive hacking using deception scams (‘spear-phishing’, ‘drive-by’ downloads, misdirection attacks, etc.) • passive eavesdropping by means of specialized listening equipment (TEMPEST, van Eck, etc.) • flooding attacks which overwhelm the system (Electronic Siege / Denial of Service, DDoS)

  9. Characterising Cyber Crime • A log-log plot of frequency vs value of all US reported cyber crimes produces a straight line with a discontinuity (‘kink’) at $2.8M: Overill & Silomon, J.Inf.War.10(3) 29-36 (2011) • This is interpreted to indicate that there are two modes of operation for cyber criminals: • Lower value cyber crime for individuals and small groups • Higher value cyber crime for serious organised (transnational) cyber criminals with a business model and an organisational infrastructure

  10. Two Cybercrime Modes

  11. Modern Malware • 403 million distinct malware variants by 2012-Q1 • 160,000 new malware variants every day • Stuxnet • July 2010: targeted Iran’s nuclear reprocessing ultracentrifuge controllers • Duqu • September 2011: gathers commercial / industrial intelligence; shares code with Stuxnet • Flame / Flamer / sKyWIper • May 2012: 20MB; digital reconnaissance tool

  12. UK Computer Misuse Act 1990 • Basic Hacking Offence (BHO) • unauthorised access (attempted; mensrea) • penalty: 6 months and/or £2,000 fine • Ulterior Intent Offence (UIO) • intent to commit a further serious offence • penalty: 5 years and/or unlimited fine

  13. UK CMA (cont’d) &PJA • Unauthorised Modification Offence (UMO) • unauthorised modification of computer contents (trans-border; mensrea) • penalty: 5 years and/or unlimited fine • UK Police and Justice Act (PJA), 2006 • covers DoS & DDoS ‘flood’ attacks • penalty: 5 years and/or unlimited fine

  14. What you can do... • Timely software patch deployment • Timely anti-malware update deployment • Strictly enforce your BYOD policy • Enforce ‘clean’ / ‘dirty’ zones • Enforce full disk encryption • Fully vet all personnel on appointment • Regularly (annually) re-vet all personnel

  15. The Myth of Total Security “The only truly secure computer system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards ~ and even then I have my doubts!” Prof Gene Spafford (CERIAS, Purdue University) - analyst of the first Internet worm (1988)

More Related