Presentation on theme: "Crime and Cyber-crime Pieter Hartel. Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape,"— Presentation transcript:
Cyber-crime Science 2 Crime Acts or missions forbidden by law that can be punished […], against: »persons (e.g. rape, assault, murder, suicide) »property (e.g. fraud, arson, theft, vandalism) »the state (e.g. riot, treason, sabotage, terrorism) »morality (e.g. gambling, drugs, obscenity) Disorder is broader than crime, e.g. »Littering, graffiti, loitering, etc. [Wil98] J. Q. Wilson and R. J. Herrnstein. Crime & Human Nature: The Definitive Study of the Causes of Crime. Free Press, Jan 1998.
Cyber-crime Science 4 Cyber-crime Crime where computers are used as a tool, target or place: »Computer assisted crime (e.g. Advance fee fraud) »Computer integrity crime (e.g. DDoS attack) »Computer content crime (e.g. Software piracy) [New09] G. R. Newman. Cybercrime. In M. D. Krohn, et al, editors, Handbook on Crime and Deviance. Springer, Nov 2009. http://dx.doi.org/10.1007/978-1-4419-0245-0_25http://dx.doi.org/10.1007/978-1-4419-0245-0_25
Technology and crime Cyber-crime Science 5 Which of these are “virtual”? Which of these promote anonymity? TechnologyProblemSolutionWhen Sailing shipsPrivateeringTreaties1856 Paper moneyCounterfeitingLaws, Technology 17th 20th RevolverGenocide?? CarsTheftLocks20th PhoneNuisance callsCaller-ID20th InternetFraud, Theft??
Cyber space vs “meat” space “virtual” but that’s nothing new (why?) More easily automated (why?) Harder to police (why?) Cyber-crime Science 6
Cyber-crime Science 8 Computer assisted crime Murder »13-year old US girl bullied into suicide in 2006 »3-month old Korean child dies from neglect in 2010 Extortion »Virginia DHP ransom demand 10 M $ in 2009 »BetCris hacker sentenced to 8 years in 2006 »(New business http://www.prolexic.com/ )http://www.prolexic.com/
Cyber-crime Science 9 Computer integrity crime Distributed denial of service (DDoS) »Estonian Cyber war in 2007 »Operation Payback end 2010 – mid 2011 Hacking »Comcast hackers sentenced to 18 months in 2008 »Sarah Palin email hacker sentenced to 1 year in 2010
Cyber-crime Science 10 Computer content crime Piracy »Pirate Bay four sentenced to 1 year in 2009 »US Software pirate sentenced to 2 years in 2011 Data base theft »Sony Play station network hack in 2011 exposed 77M accounts, cost 171M$ »Sonypictures.com exposed 1M passwords »TJX Hacker sentenced to 20 years in 2011
Cyber-crime Science 11 Certificate Signed binding of a public key and an identity
Cyber-crime Science 12 How does a certificate work? Server 1.Generates key pair and keeps private key secret 2.Sends public key to CA 7.Encrypt message with private key CA 3. CA signs & publishes public key User 4. Obtain certificate 5. Check CA signature 6. Check revocation list 8. Decrypt message with public key 9. User “knows” that it is talking to the server. Operation Black Tulip http://www.youtube.com/watch?v=wZsWoSxxwVYhttp://www.youtube.com/watch?v=wZsWoSxxwVY
Cyber-crime Science 13 Certificate fraud 2001 Verisign »Offender claimed to be from Microsoft »2 rogue certificates »Discovered by Verisign 2011 DigiNotar »Offender(s) hacked the server, No anti virus and weak passwords »Hundreds of rogue certificates »Discovered by Iranian Gmail user 2011 Comodo
Cyber-crime Science 14 Additional problems DigiNotar had been hacked before (2009) Microsoft delayed patches for NL by week to prevent blackout No backup certificates There are hundreds of companies like Diginotar False certificates still accepted by older browsers that have not been patched...
Cyber-crime Science 15 Differences Old Crime »Serial »Labour intensive »Local »Geographical place Cyber-crime » Can be Simultaneous » Can be automated » Global » Effort? » Requires conversion to meat space
Cyber-crime Science 16 Similarities Most Cyber-crime a variant of old crime »Advance fee fraud via email vs letters »Click fraud vs Replying to junk mail with bricks Technology used for new crime before »Printing press for counterfeiting »Telegraph for books by Charles Dickens
Social cost cyber crime Estimate (B$)Year Anti-virus3.42012 Patching12010 ISP clean-up0.042010 User clean-up102012 Defence firms102010 Law enforcement0.42010 Cyber-crime Science 17 [And12] R. Anderson, C. Barton, R. Böhme, R. Clayton, M. J. G. van Eeten, M. Levi, T. Moore, and S. Savage. Measuring the cost of cybercrime. In 11th Workshop on the Economics of Information Security (WEIS), Berlin, Germany, Jun 2012. http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf
Cyber-crime Science 18 Cyber-crime triangle A motivated offender “attacks” a suitable target in the absence of a capable guardian: »Attacks via vulnerabilities of the users »Attacks via vulnerabilities of the systems »Propagating attacks »Exploiting attacks
Cyber-crime Science 19 Attack vulnerable user Social engineer a user »2001 SPAM with AnnaKournikova.jpg.vbs »Phishing (More later) Hacking into server »Password cracker »Intelligence from OSN as in the Palin email hack
Cyber-crime Science 20 Attack vulnerable system Exploit known vulnerability and install malware on a client »Trojan like Zeus for key logging »Physical access via USB sticks and autorun Find & exploit vulnerable system »Vulnerability scanner like Acunetix »SQL injection
Cyber-crime Science 21 Propagating attacks Change the web site on the server »Create a drive by download to infect a client Create a botnet out of infected clients to: »Send spam »Perpetrate a DDoS attack »Evade detection
Cyber-crime Science 23 Cloud service comparison Bredolab »From Aug 2009 to Nov 2010 »Armenian botnet herder arrested »143 command and control servers run by Leaseweb »Estimated 30 million zombies »Estimated earnings 1.6M$ (5 c/server) Amazon EC2 in 2009 »Estimated 40,000 »Estimated earnings 220M$ (5500 $/server)
Cyber-crime Science 24 Conclusions Increasing specialisation of offenders Increasing sophistication of the tools Key crime opportunities: social engineering, vulnerable systems, and software issues Motive is now mostly money How to prevent all this?