Presentation is loading. Please wait.

Presentation is loading. Please wait.

T HE C URRENT S TATE OF C YBERCRIME AND I TS L EGAL E NVIRONMENT IN K OREA Hyun-Wook CHUN Ph.D., Researcher

Similar presentations


Presentation on theme: "T HE C URRENT S TATE OF C YBERCRIME AND I TS L EGAL E NVIRONMENT IN K OREA Hyun-Wook CHUN Ph.D., Researcher"— Presentation transcript:

1 T HE C URRENT S TATE OF C YBERCRIME AND I TS L EGAL E NVIRONMENT IN K OREA Hyun-Wook CHUN Ph.D., Researcher

2 C URRENT I SSUES : M OBILE C YBERCRIME S MARTPHONES – Potentially malicious files in Android, 5.6M – Attractive target for cybercriminals – Carry out similar functions as ordinary PC but more vulnerable to security risks C YBERCRIME T ARGETING S MARTPHONES – Malicious mobile codes – “Smishing” (SMS Phising): Type of phishing scam using social engineering techniques C YBERCRIME R ISKS IN Y OUR O WN P OCKET

3 “P OCKET B OTNETS ”

4 M ALICIOUS M OBILE C ODES J AN 52,11243,109 F EB 94,57883,868 M AR 215,23379,651 A PR 42,053 M AY 124,871 J UN 593,848 J UL 10722,189 A UG 2129,591 S EP 15838,427 O CT 71076,789 N OV 6,08948,261 D EC 1,09524,747

5 S MISHING H IGHER VULNERABILITY IN K OREA – Easily avoidable for pre-paid phones – Subscription to long-term plans based on deferred payment system makes Korean smartphone users more vulnerable to smishing I NCREASED AWARENESS – Customer requests to block mobile payment services: 40,000 ( Dec 2012 ) → 160,000 ( Jan 2013 ) R ESPONSE OF TELECOM COMPANIES – Passive response to protect – Profits derived from SMS & mobile payment fees

6 C RIMINAL J USTICE R ESPONSE TO M OBILE C YBERCRIME R EMAINING ISSUES – Investigation and arrest for smishing cases are difficult because servers and hackers used are mostly located overseas – Current laws do not distinguish between smartphones and ordinary PCs Act on the Promotion of Information and Telecommunications Network Utilization Article 71 Item 9 (Penal Provisions) Criminal Act Article (Fraud by Use of Computer) A person who conveys or circulates a malicious program shall be punished by imprisonment with prison labor for not more than five years or by fine not exceeding 50 million won. Any person who acquires any benefits to property […] by making any data processed after inputting a false information or improper order, or inputting or altering the data without any authority into the data processor, such as computer, etc., shall be punished by imprisonment for not more than ten years or a fine not exceeding 20 million won.

7 I SSUES WITH C YBERCRIME – Mostly hidden crime (statistically undetectable) – Statistically aggregated with other criminal acts – Criminal act using same technique categorized as different types of crime C ONVENTION ON C YBERCRIME – No definition of “cybercrime” – Cybercrime is conceptualized through defining peripheral and related terms D OMESTIC L AW OF K OREA – Criminal law and many special laws governing cybercrime C YBERCRIME AND C RIMINAL L AW

8 Penalty Provisions for Cybercrime under Korean Law Criminal Act Special Laws Article 141-1Invalidity of Public Documents and Destruction of Public Goods Article 227-2False Preparation or Alteration of Public Electromagnetic Records Article 229Uttering of Falsified Public Document Article 232-2Falsification or Alteration of Private Electromagnetic Records Article 234Uttering of Falsified Private Document Article 316-2Violation of Secrecy of Private Electromagnetic Records Article 347-2Fraud by Use of Computer Act on the Protection of Information and Communications Infrastructure Act on Promotion of Information and Communications Network Utilization Framework Act on Telecommunications Protection of Communications Secrecy Act Personal Information Protection Act Act on the Protection of Location Information Use and Protection of Credit Information Act Digital Signature Act Copyright Act Act on Special Cases Concerning Punishment of Sexual Crimes Act on Special Cases Concerning Speculative Acts

9 C YBER T ERROR R ESPONSE C ENTER (K OREAN N ATIONAL P OLICE A GENCY ) – Releases official statistics on cybercrime – Categorizes cybercrime into: (a) Cyber terrorism: Includes hacking, virus distribution (b) General cybercrime: Includes privacy infringement, fraud, violence, cyber stalking, transmission of illegal content, copyright infringement C YBERCRIME AND S TATISTICS Reported Arrested Number of Reported Cases and Arrests by Types of Cybercrime

10 Number of Arrests by Types of Cybercrime Total Hacking Virus Internet Fraud Cyber Violence Illegal Websites PiracyOthers ,89014,03728,08112,9055,5058,16710, ,22716,95329,29013,8198,05632,08422, ,06913,15231,81410,93631,10134,57525, ,80914,87435,1048,6388,61117,88518, ,49610,29932,80310,3546,67815,08716, ,9326,37133,09315,1113,5519,05517,751

11 Number of Arrests by Age Group Teens20s30s40sOthers %39.2%26.3%17.7%1.7% %39.0%21.8%11.8%0.8% %34%29.6%16.5%0.5% %39.5%25.4%14.4%1.2% %40.2%27.2%14.7%0.3% %40.92%24.48%12.91%1.75%

12 Number of Hacking Incidents Handled by KrCERT (By Year) No. of Reported Cases 21,73215,94021,23016,29511,69019, AprMayJunJulAugSepOctNovDecJanFebMar No. of Reported Cases 1,4191,5342,1741,9372,1731,2731,6081,5681,4441, Number of Hacking Incidents Handled by KrCERT (By Month) No. of Reported Cases 5,9968,46910,39517,93021,75121,399 Number of Malicious Code Cases Reported to KrCERT

13 D ISTRIBUTED D ENIAL OF S ERVICE (DD O S) (1)7.7 DDoS Attack & 3.3 DDoS Attack July 7, 2009Disruptions to government agency websites March 3, 2011Similar attack on government agency websites OffenderKorean National Intelligence Service accuses North Korea for orchestrating both attacks (2)DDoS Attack on National Election Commission October 26, 2011National Election Commission website is hacked on Seoul’s mayoral election day OffenderFound to be ruling party lawmaker’s assistant VerdictSupreme Court sentences 4-year prison term C ASES

14 Attacker in North Korea (At least 6 computers) PCs and servers in South Korea S/W Distribution Server (Infected PCs) Distribution of Malicious Code and Destruction of Data Processing Devices (March 20, 2013) Financial institutions Media outlets Domestic servers ATMs 48,000 Computers Compromised (1)April 12, 2011 Major South Korean bank server is hacked Laptop of subcontractor’s employee used to spread malicious code Prosecution concludes the attack was launched by North Korea (2)March 20, 2013 Computer networks of major media outlets and financial institutions paralyzed Believed to be an advanced persistent threat (APT) Attack was allegedly launched by North Korea (See diagram) H ACKING

15 P ERSONAL I NFORMATION L EAK (1)February 2008 Personal information of over 18 million people leaked through online shopping mall (2)March 2010 Personal information of over 20 million peopled leaked through 25 websites (3)July 2011 Personal information of over 35 million people leaked after SNS company is attacked Police was unable to locate the suspect SNS company found not guilty for having complied with relevant security regulations

16 T HANK Y OU


Download ppt "T HE C URRENT S TATE OF C YBERCRIME AND I TS L EGAL E NVIRONMENT IN K OREA Hyun-Wook CHUN Ph.D., Researcher"

Similar presentations


Ads by Google