650 likes | 679 Views
OG6/g]6 lgodg / ljB'lto sf /f] af / ; DalGw ck/ fw. Cyber Crime ??. Why I am here?. My three hobbies. 1. Amateur Radio 2. PIC and Arduino Programming 3. CNC and 3D printing. Internet Governance ?. cGt//fli6|o ?kdf OG6/g]6nfO{ s;n] lgodg u5{ < Internationally who governs internet?.
E N D
OG6/g]6 lgodg / ljB'ltosf/f]af/ ;DalGwck/fw Cyber Crime ??
My three hobbies • 1. Amateur Radio • 2. PIC and Arduino Programming • 3. CNC and 3D printing
Internet Governance ? • cGt//fli6|o ?kdf OG6/g]6nfO{ s;n] lgodg u5{ < • Internationally who governs internet?
b"/;~rf/ ;DaGwL ljifonfO{ cGt//fli6|o ?kdf lgodg ug{ cGt/fli6|o b"/;~rf/ ;+u7g -International Telecommunication Union_ 5. • +977 Nepal +91 India +1 USA +44 UK • xjfO{ oftfoftnfO{ cGt/fli6|o ?kdf lgodg ug{ cGt//fli6|o gfu/Ls p8\8og ;+u7g -International Civil Aviation Organization_ 5. • 9N Nepal, 9M Malaysia VT India, K/W US
who governs internet? • /fli6|o ?kdf /fli6|o lgodg lgsfon] O06/g]6nfO{ lgodg ug]{ k|oTg u/]sf] 5g . • t/ cGt/fli6|o ?kdf O06/g]6nfO{ b'/;~rf/ ;]jfsf] ?kdf O06/g]6nfO{ dflgPsf] 5}g / cem ;Dd ljleGg lglhIf]q / u}/ ;/sf/L ;+:yfx?n] O06/g]6nfO{ lgodg u/L cfPsf 5g . • ;/nefiffdf o;nfO{ ax'klIfo lgodg -Multi stakeholder Governance _ eGg] u/LG5 .
Transmission Control Protocol / Internet Protocol was developed by US Dep. Of Defense’s Advance Research Project Agency (DAPRA) • It grew during 1970-80under the aegis of the National Science Foundation (NSF), driven largely by the desire of scientists and other researchers to communicate via electronic mail.
In 1988 In 1988, the NSF collaborated for the first time with a consortium of private-sector organizations to complete a long-distance wide-area network.
in 1993 the NSF concluded that the Internet was growing too fast for the NSF to continue managing it, and decided to delegate the management of the Internet backbone to private, commercial operators. Around this time, the prohibition on the exchange of commercial activity on the Internet was lifted,
Internet Corporation for Assigned Names and Numbers • Internet Corporation for Assigned Names and Numbers (ICANN)—ICANN was created in 1998 through a Memorandum of Understanding with the US Department of Commerceand NSF
ICANN is a private, not-for-profit organization based in Marina Del Ray, California , which manages and oversees the critical technical underpinnings of the Internet such as the domain name system (DNS) and IP addressing
ICANN implements and enforces many of its policies and rules through contracts with registries (companies and organizations who operate and administer the master database of all domain names registered in each top level domain, such as .com and .org) and accredited registrars. • Internet Assigned Numbers Authority (IANA) is a department of ICANN
Internet standards organizations • engineers, researchers, users, and other interested parties have coalesced to develop technical standards and protocols necessary to enable the Internet to function smoothly. • Internet Engineering Task Force (IETF) • Internet Architecture Board (IAB), • Internet Society (ISOC), • World Wide Web Consortium (W3C)
Governmental Advisory Committee (GAC) • Membership in the GAC is open to all national governments who wish to participate. • Currently, there are 117 nations represented as members. In addition to membership there are 36 Observers. • Nepal is also a member of GAC. • Has only advisory role related to internet issues mostly related to DNS
GAF allows members • The opportunity to provide advice direct to the ICANN Board on public policy aspects of the operation of the Internet domain name system. • Contributing at an early stage of ICANN's policy development processes to ensure consistency with laws and public interest. • Access to face to face meetings and online discussion with other GAC members and observers, including national governments and inter-governmental organisations, which inform development of GAC advice. • Access to relevant subject matter experts within the GAC and across ICANN, enabling GAC members to remain informed about technical innovation in the domain name system and its future evolution.
Internet Governance Forum (IGF) • IGF was established in 2006 by the United Nation’s World Summit on the Information Society (WSIS). • The purpose of the IGF is to provide a multistakeholder forum which provides an open discussion (in yearly meetings) on public policies related to the Internet. Open to all stakeholders and interested parties (governments, industry, academia, civil society)
CCTLD and TLD Stories • TLD (Top Level Domain) • .com • .biz • .edu • .per • .gov • ccTLD • Pakistan .PK …. com.pk • Tuvalu .TV …. edu.tv • Nepal .NP …… gov.np
Issue of Jurisdiction • State of origin, • State of termination • State of offender • State of Victim • Citibank case
Cyber Crime • ;fOa/ zJbsf] l;h{gf Cybernetics ljifoaf6 ePsf] xf] . ;xh cy{dfcfw'lgs ;dodf lj1fgsf] Tof] zfvfxf] h;n] sDKo'6/ / cGoofGqLs xf8{j]o/nfO{ ;dfof]hLt ?kdfk|of]u u5{ . • Robotics klgCyberneticsljifosf] Pp6f pkzfvfxf]
William Gibson gfds lj1fg ;flxTosf ;h{sn] cfkmgf] a}1flgs syfx?df sDKo''6/ ;+hfnnfO{ Cyberspace gfdf+s/0f u/]k5L of] zJb OG6/g]6 nufotsf] sDKo'6/ ;+hfnsf] kof{ojfrLx'gk'Uof] . o;}sf] cfwf/df sDKo'6/sf] dfWodaf6 x'g] b'/;~rf/, O06/g]6 / To;sf] k|of]uaf6 x'g] ck/fwnfO{ Cybercrime eGgyflnPsf] xf] .
Internet governance • Telecommunication Governance Vs. Internet Governance • Telecommunication Territory Vs. Internet Territory • Concept of Cloud Computing
Extent • Out of 3.8 Million incident of fraud 51 % were cyber related (UK 2016) • During 2072/73 in total 830 complaint were formally registered in Kathmandu police. In 2073/74 the number was grown to more than 1200. • 2010 UN General Assembly resolution on cybersecurity addresses cybercrime as one major challenge. • The US Internet Complaint Center reports a 22.3 per cent increase in complaints submitted relating to cybercrime compared with 2008. • German Crime Statistics indicate that the overall number of Internet-related crimes increased in 2009 by 23.6 per cent compared with 2008.
Hackers from Russia and Ukrain are regard ed as skilful innovators. For example, the cyber crime hub in the small town of RâmnicuVâlcea in Romania is one of a number of such hubs widely reported in Eastern Europe • There is also increasing concern about cyber crime in China . The source and extent of malware attacks (whether of domestic or foreign origin) and the scale of malware-botnet activity remain unclear, but a substantial proportion of Chinese computers are compromised and it is likely that local crime groups play a crucial role . • Study of spam and phishing sources found that these originated from a small number of ISPs (20 of 42,201 observed), which the author dubbed ‘Internet bad neighbourhoods.’ One in particular, Spectranet (Nigeria), was host to 62% of IP addresses that were spam related. • Phishing hosts were mostly located in the United States, while spam originated from ISPs located in India, Brazil and Vietnam (Moura, 2013).
Nepal • Internet Users number by various means exceeded 1.5 Crore. • Android devices including cellular mobiles are most common internet accessing devices now a days. • Lack of awareness and education about cyber security is prevalent.
Hacking hobby / profession • Reputation of Nepali hackers and crackers • Google and Face-book ranking Within 20, 2 are from Nepal. • Once reached upto no. 4 • Hackers are great cyber security consultants. • Almost all commercial banks are having hackers service to check vulnerability to cyber attack.
Hacking • Cell Phone • Cost of equipment is reducing day by day • Information and software are accessible • For new generation will take some time • G2 are easiest / • Wifi - Haschat, Jens 'Atom' Steube, Cain and Abel • PC hacking • Sub-seven, Qstudio (Legal)
g]kfndfCybercrime ;DaGwLJoj:yf • g]kfndfoyfy{dfCybercrimesf] lgoGq0f / b08sf] nflus'g} 5'6\6} ljz]if sfg"gsf] Joj:yf u/]sf] 5}g . ljB'lto b:tvt - Digital Signature_ sf] k|rng / ljZj;lgotfsf] nflulgdf{0f u/LPsf] ljB'ltosf/f]af/ P]g, @)^# sf] lgdf{0f ubf{ ;f]xL P]gsf] kl/R5]b ( df sDKo'6/ / O06/g]6 ;DaGwL s]xL ck/fw / ltgsfnflucfjZos b08fTds Joj:yf /fvLPsf] x'g . pQm P]gsf] d"npb]Zoeg] ljB'lto b:tvtsf] Joj:yfkg / lgodg g} xf] .
Nepal Certifying Company • Started issuing digi-signatures
g]kfndfCybercrime sf] Oltxf; nfdf] 5}g . • l;l6 a}s • k|x/L k|wfgsfof{no • j]:6g{ o'lgog
rn]sf s]xL d'2fx? • lzIfsljBfly{ • k'j{ k|]dL k|]ldsf • kqsf/ / ;xsld{ • km]; a's / o' 6o'jsf] k|of]u -g]kfd'eLh_ • 6\ofS;L 8|fOe/ • gSsnLqm]8L6 sf8{ • u8 PGhn . eQmdfg /fO{ • k|x/L ;xfoslgl/Ifs Pj+ lghsL k|]dLsf • cg';GwfgePsf #) s/f]8 eGbf a9L ut @ aif{df
ck/fw ;+lxtfsf] k|efj • clwsf+z ;+lxtfsf] efu # kl/R5]b ! / @ sf] ck/fwdf k5{g . @(#=csf{sf] s'/f ;'GgjfWjgLcÍgug{ gx'g]M -!_ s;}n] b'O{ jfb'O{eGbf a9L JolQmx?SflardfePsfs'g} s'/f clwsf/ k|fKtclwsf/Lsf] cg'dltn] jf To;/L s'/f ug]{ JolQmx?sf] d~h'/Lljgfs'g} oflGqspks/0fsf] k|of]u u/]/ ;'GgjfTo:tf] s'/fsf]WjgLcÍgug{ x'Fb}g. -@_ pkbkmf -!_ adf]lhdsf]s;"/ ug]{ jf u/fpg] JolQmnfO{ b'O{ jif{;Dd s}b jfaL; xhf/ ?k}ofF;Dd hl/afgfjfb'j} ;hfox'g]5 t/ ;fj{hlgs ?kdful/Psf] efif0f jfjQmJosf] xsdf of] bkmfnfu" x'g]5}g .
@(%cg'dltljgfs'g} JolQmsf] t:jL/ lvRgjf t:jL/sf] :j?klaufg{ gx'g] -!_ s;}n] s'g} JolQmsf] cg'dltljgflghsf] t:jL/ lvRgjflghsf] t:jL/;Fu c? s;}sf] t:jL/ /fvLcsf]{ t:jL/ agfpgx'Fb}g . t/ s;}n] s'g} ;fj{hlgsyfgsf] t:jL/ lvRbfTo:tf] :yfgdf /x]sf] s'g} JolQm ;d]tsf] t:jL/ lvlrguPsf] /x]5 eg] o; bkmfadf]lhd s;"/ u/]sf] dflgg] 5}g . -@_ pkbkmf -!_ adf]lhdsf] s;"/ ug]{ jf u/fpg] JolQmnfO{ Ps jif{;Dd s}b jfbzxhf/ ?k}ofFF;Dd hl/afgfjfb'j} ;hfox'g]5 . -#_ s;}n] Pssf] t:jL/sf] s]xLefucsf]{JolQmsf] csf]{ efu;Fu /fvLjfcGos'g} lsl;dn] ljs[t ?ksf] t:jL/ agfpgjfk|sfzgug{ x'Fb}g . -$_ pkbkmf -#_ adf]lhdsf] s;"/ ug]{ jf u/fpg] JolQmnfO{ b'O{ jif{;Dd s}b jfaL; xhf/ ?k}ofFF;Dd hl/afgfjfb'j} ;hfox'g]5 .
@(*=ljB'tLodfWodåf/f uf]kgLotfeËug{ gx'g] -!_ s;}n] ljB'tLodfWoddf /x]sf]jfk|jfxx'g] ;"rgf, hfgsf/L, kqfrf/ cglws[t ?kdfk|fKtug{ To;sf] uf]k gLotfeËug{ jfcglws[t ?kdf s;}nfO{ x:tfGt/0f ug{ jfu/fpgx'Fb}g. -@_ pkbkmf -!_ adf]lhdsf] s;"/ ug]{ jf u/fpg] JolQmnfO{ b'O{ jif{;Dd s}b jfaL; xhf/ ?k}ofF;Dd hl/afgfjfb'j} ;hfox'g]5 .
#)&= a]OHhtL u/]dfx'g] ;hfo M !_ s;}n] s;}sf] a]OHhtLu/] jf u/fPdflghnfO{ b'O{ jif{;Dd s}b jfaL; xhf/ ?k}ofFF;Dd hl/afgfjfb'j} ;hfox'g]5 . t/ ljB'tLojfcGocfd ;~rf/sf dfWodaf6 a]OHhtLu/] jf u/fPdfTo:tf];hfodfyk Ps jif{ ;Dd s}b / bzxhf/ ?k}ofFF;Dd hl/afgfx'g]5 . -@_s;}n] s;}nfO{ a]OHhtL u/] jf u/fPsf]] 7xl/Pdf a]OHhtLul/Psf] JolQmnfO{ s;"/sf] uDeL/tf, To:tf] JolQmsf] k|lti7fdf kg{ uPsf] c;/ tyfljB'tLojfcGocfd;~rf/sf dfWodaf6 a]]OHhtL u/]sf] ePdfTo:tf]] s'/f ;d]tnfO{ ljrf/ u/L s;"/bf/af6 dgfl;aIfltk"lt{ / To:tf] JolQmnfO{ s;"/bf/af6 d'2fdf nfu]sf] vr{ ;d]t e/fpg' kg]{5 . -#_dl/;s]sf] s'g} JolQmnfO{ o; kl/R5]b adf]lhd a]OHhtL u/]sf] 7xl/Pdf s;"/bf/af6 To:tf] a]OHhtLaf6 efjgfdfrf]6 nfu]sf] lghsf] glhssf] xsjfnfnfO{ To:tf] Ifltk"lt{ / d'2fdf nfu]sf] vr{sf] /sd e/fO{ lbg' kg]{5 .
sDKo'6/ >f]t ;+s]tsf] rf]/L -bkmf $$_ • l6Kkl0f æsDKo'6/ ;|f]t ;Í]tÆ -sDKo'6/ ;f];{ sf]8_ eGgfn] sDKo'6/ sfo{qmdx?sf] ;"rLs/0f, sDKo'6/ lgb{]zg -sdfG8_, sDKo'6/ l8hfOg / sDKo'6/ n]cfp6 tyf sDKo'6/ ;Dkbfsf] h'g;'s} :j?kdf /x]sf] sfo{qmdljZn]if0f -k|f]u|fdPgflnl;;_ nfO{ ;Demg' k5{ . • In computer science, source code is text written in a computer programming language. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source code, which can then be automatically translated to binary machine code that the computer can directly read and execute. An interpreter translates to machine code and executes it on the fly, while a compiler only translates to machine code that it stores as executable files; these can then be executed as a separate step.
sDKo'6/ >f]t ;+s]tsf] rf]/L -bkmf $$_ • k|rlntsfg"gn] sDKo'6/ ;|f]tsf] ;Í]t - ;f];{ sf]8_ nfO{ oyfjt\ /fVg] u/L tTsfnJoj:yf u/]sf] cj:yfdfs'g} JolQmn] s'g} sDKo'6/, sDKo'6/ sfo{qmd, sDKo'6/ k|0ffnL jf sDKo'6/ g]6js{sfnfluk|of]u x'g] sDKo'6/ ;|f]tsf] ;Í]t -;f];{ sf]8_ nfO{ hfgL–hfgLjfablgot /fvLrf]/L u/]df, gi6 u/]df, kl/jt{g u/]dfjfTo:tf] sfdug{ nufPdflghnfO{ tLgjif{;Dd s}b jfb'O{ nfv ?k}ofF;Dd hl/afgfjfb'j} ;hfox'g]5 • ;le{8) dfO08sf] d'2f
sDKo'6/ ;fdflu|dfcglws[t kx'r -bkmf $%_(Unlawful Access to Computer) • s'g} JolQmn] s'g} sDKo'6/df /x]sf] s'g} sfo{qmd, ;"rgfjftYofÍdfkx'Frk|fKtug]{ dg;foaf6 ;f] sDKo'6/sf] wgLjflhDd]jf/ JolQmaf6 s'g} clVtof/L glnO{ ;f] sDKo'6/sf] k|of]u u/]dfjfclVtof/L lnPsf] cj:yfdfklgclVtof/L lbOPsf] eGbfleGgs'g} sfo{qmd, ;"rgfjftYofÍdfkx'Frk|fKtug]{ p2]Zon] s'g} sfo{ u/]dflghnfO{ s;"/sf] uDeL/tf x]/L b'O{ nfv ?k}ofF;Dd hl/afgfjftLgjif{;Dd s}b jfb'j} ;hfox'g]5 .
Computer Intrusions and Disruptions (Unlawful Access) • RATs (Remote Access Trojans), • Remote or Local Data Logging • Extortion by DDoS (distributed denial of service)
REMOTE ACCESS TROJANS (RATs) • HACKER versions – Subseven, Backorifice, Netbus • Sometimes contained in email or programs downloads, i.e. P2P programs like Kazaa • COMMERCIAL PROGRAMS – GotomyPC, PC Anywhere, Laplink • OPERATING SYSTEMS PROGRAMS – Windows7 and newer version, Telnet, ftp, Secure Shell (SSH), rlogin, dream waiver
Trojans and RAT’s Sub-7 v2.2 Gold • Below is a partial list of what Sub7 can do. • Monitor ALL of your online activity (purchases, chat, mail) • Open Web Browser to specified location • Restart Windows • Reverse Mouse buttons • Delete ANY of your files • Put ANY file on your computer • Record your passwords • Record your Keystrokes (on and off-line) • Open/Close your CD-ROM drive • Print Documents • Change screen resolution • Change Windows colors • Change Volume • Change Desktop wallpaper • Play sounds files • Play voice (using a Text to Speech engine) • Turn off the speakers • Change time/date • Update itself with a newer version
Hiring hackers to create distributed denial of service (DDOS) attacks Look for use of P2P instead of IRCds Extortion By DDOS
sDKo'6/ / ;"rgf k|0ffnLdf Iflt k'/ofpg] -bkmf$^_ • s'g} JolQmn] s'g} ;+:yfnfO{ -lsg ;+:yfnfO{ dfq<_ unttl/sfn] xflggf]S;fgLk'¥ofpg] dg;fo /fvLhfgL–hfgL sDKo'6/ ;Dkbfdf /x]sf] s'g} ;"rgfnfO{ s'g} klgJoxf]/faf6 gi6 u/]df, Ifltk'¥ofPdf, d]6fPdf, x]/km]/ u/]df, sfdgnfUg] agfPdfjfTo:tf] ;"rgfsf] d"No / k|of]usf] dxTjnfO{ x|f; u/fPdfjfxflgsf/s k|efjkf/]dfjf s;}nfO{ To:tf] sfdug{ nufPdflghnfO{ b'O{ nfv ?k}ofF;Dd hl/afgfjftLgjif{;Dd s}b jfb'j} ;hfox'g]5 .
sDKo'6/ / ;"rgf k|0ffnLdf Iflt k'/ofpg] sfd • l;w} jfk|ToIf ?kdfklgx'g ;S5 , • ;f]em} ljuf/]df l8ln6 u/]df • Remote Access af6klg x'g ;S5 h:t} • DDOS, Virus, Logic Bomb, Time Bomb,
ljB''tLo :j?kdf u}}/sfg"gLs''/f k||sfzgug]{ -bkmf$&_ -!_sDKo'6/, OG6/g]6 nufotsfljB'tLo ;~rf/ dfWodx?dfk|rlntsfg"gn] k|sfzgtyfk|b{zgug{ gx'g] egL /f]s nufPsf ;fdu|Lx? jf ;fj{hlgs g}ltstf, lzi6frf/ lj?4sf ;fdu|Ljf s;}k|lt 3[0ff jf å]if km}nfpg] jfljleGghfthflt / ;Dk|bfoaLrsf] ;'dw'/ ;DaGwnfO{ vnnkfg]{ lsl;dsf ;fdu|Lx? k|sfzgjfk|bz{g ug]{ jfug{ nufpg] JolQmnfO{ Ps nfv ?k}ofF;Dd hl/afgfjfkfFrjif{;Dd s}b jfb'j} ;hfox'g]5 . -@_ s'g} JolQmn] pkbkmf -!_ adf]lhdsf] s;"/ k6s k6s u/]dfTo:tf] s;"/ jfkt cl3Nnf] k6s ePsf] ;hfosf] 8]9L ;hfox'g]5 . • (* k|ltztbflj o;} bkmfcGt/utsf] kfOPsf] . • cl3Nnf] k6s hl/jfgfdfqePdf bf]>f] k6s s}b x'gg;Sg] <<
b'/ ;~rf/ P]g, @)%# sf] bkmf $& sf] pkbkmf -$_ ;+u t'ngf u/]/ x]g'{ kg]{, -$_ s'g} JolQmn] b'/;~rf/ ;]jfsf] dfWodaf6 ufnLunf}h ug]{, wDSofpg] jfcgfjZosb'Mvlbg] u/]dfTo:tf] JolQmnfO{ k|flws/0fn] kRrL; xhf/ ?k}of;Dd hl/jfgf u/L To:tf] ;]jfaGb u/fpg ;Sg]5.
uf]kgLotfeËug]{ - bkmf$* _ • of] P]g jf o; P]g cGtu{t ag]sflgodx? jfk|rlntsfg"gdfcGoyfJoj:yfePsf]dfafx]s of] P]g jf o; P]g cGtu{t ag]sflgodx? cGtu{t k|bfgul/Psf] s'g} clwsf/ adf]lhds'g} ljB'tLoclen]v, lstfa, /lhi6/, kqJojxf/, ;"rgf, sfuhftjfcGo ;fdu|Lx?dfkx'Frk|fKt u/]sf] s'g} JolQmn] s'g} cglws[t JolQmnfO{ To:tf] clen]v, lstfa, /lhi6/, kqJojxf/, ;"rgf, sfuhftjf ;fdu|Lsf] uf]kgLotfeË u/]dfjfeËug{ nufPdflghnfO{ s;"/sf] dfqf x]/L Ps nfv ?k}ofF;Dd hl/afgfjfb'O{ jif{;Dd s}b jfb'j} ;hfox'g]5 . • lgoGqs, sd{rf/L • k|df0fLs/0f lgsfo , sd{rf/L • g]6js{ k|bfos, sd{rf/Lx?sf] bfloTjxf] .