Presentation is loading. Please wait.

Presentation is loading. Please wait.

32nd Canadian Congress on Criminal Justice The face(s) of cybercrime in 2009 James Whiting: Oct. 30, 2009 CCJA 32nd Congress.

Similar presentations


Presentation on theme: "32nd Canadian Congress on Criminal Justice The face(s) of cybercrime in 2009 James Whiting: Oct. 30, 2009 CCJA 32nd Congress."— Presentation transcript:

1 32nd Canadian Congress on Criminal Justice The face(s) of cybercrime in 2009 James Whiting: Oct. 30, 2009 CCJA 32nd Congress

2 The views expressed are those of the presenter and do not represent the position of the Public Prosecution Service of Canada or that of any other organization James Whiting: Oct. 30, 2009 CCJA 32nd Congress

3 OVERVIEW i) What is cyber-crime in 2009? ii) cyber-criminals: from fame to fortune iii) State responses iv) Developing Issues James Whiting: Oct. 30, 2009 CCJA 32nd Congress

4 What is cyber-crime in 2009? Cyber-crime is one of the fastest growing areas of crime, as more and more criminals exploit the speed, convenience and anonymity that modern technologies offer in order to commit a diverse range of crimes. Interpol Fact Sheet, accessed 11/01/09 In view of the highly adaptive strategies of organized crime groups, the possibility of expanding cybercrime could be great, since this is the most important and emerging area of opportunity in the 21st century. RCMP “The Changing Structure of Organized Crime Groups” 2005 James Whiting: Oct. 30, 2009 CCJA 32nd Congress

5 What is cyber-crime in 2009? uwhat is a ‘computer’ and what is ‘cyber- crime?’ uThe 3 roles played by a computer u New crimes vs. old crimes committed in a new way James Whiting: Oct. 30, 2009 CCJA 32nd Congress

6 What is cyber-crime in 2009? Examples of traditional crimes often committed as cyber- crimes: -Fraud -Uttering threats -Extortion -Theft -Unauthorized use of credit card data -Money laundering -Possession of child pornography -Copyright infringement (quasi-criminal) James Whiting: Oct. 30, 2009 CCJA 32nd Congress

7 What is cyber-crime in 2009? Examples of ‘new’ cyber-crimes: -Accessing child pornography: CC s. 163.1(4.1) -Internet luring of a child: CC s. 172.1 -Mischief to data: CC s. 430(1.1) -Unauthorized use of a computer: CC s. 342.1 -Possession of a device to obtain computer service: CC s. 342.2 James Whiting: Oct. 30, 2009 CCJA 32nd Congress

8 What is cyber-crime in 2009? ‘virtual crimes:’ avatar identity theft at Habbo.com James Whiting: Oct. 30, 2009 CCJA 32nd Congress

9 What is cyber-crime in 2009? Tools commonly used by criminals to facilitate or commit cyber-crimes (often in combination): -Virus -Worm -Trojan -Keylogger -Phishing/pharming/spoofing web sites -drive-by downloads from web sites -botnets -Distributed denial of service attacks -Social engineering James Whiting: Oct. 30, 2009 CCJA 32nd Congress

10 Phishing sample James Whiting: Oct. 30, 2009 CCJA 32nd Congress

11 Phishing sample James Whiting: Oct. 30, 2009 CCJA 32nd Congress

12 What is cyber-crime in 2009? Tools commonly used by criminals to avoid detection or slow down investigations:  remailing and disposable emails  encryption  secure/hidden vaults  on-line/remote memory  self-destructing memory  digital currencies and internet banks  Internet access through identity theft and weakly enforced/multiple jurisdictions James Whiting: Oct. 30, 2009 CCJA 32nd Congress

13 What is cyber-crime in 2009? What is the extent of cyber-crime? -the ‘dark figure’ of crime applies “….more than two out of three organizations victimized by serious cyber attacks did not report them to law enforcement” FBI, “Just Say No…To Cyber Extortion,” 23/01/04 -poor availability of statistics -many ‘cyber-crimes’ fall under traditional crime categories (e.g. uttering threats and fraud) James Whiting: Oct. 30, 2009 CCJA 32nd Congress

14 What is cyber-crime in 2009?  PSEPC: in 2003, the worldwide annual costs of hacking, internet fraud, DoS attacks and viruses was over $1 trillion USD uMcAfee: in 2005, the worldwide annual costs of fraud, identity theft, money laundering and extortion over the internet was $400 billion USD uIBM: in 2006, 60% of companies across a variety of sectors reported cyber-crime costing them more than traditional crime James Whiting: Oct. 30, 2009 CCJA 32nd Congress

15 What is cyber-crime in 2009? uCorel in 2009 estimated 40% of application software being used in Canada was counterfeit uMicrosoft estimates that 36% of software being used is counterfeit  Business Software Alliance’s 2006 study found that 35% of software on personal computers worldwide was counterfeit uTransnational criminal orgs are active in counterfeiting of intellectual property u1999 Ministry of Fisheries & Oceans issues a warning re counterfeit navigation software James Whiting: Oct. 30, 2009 CCJA 32nd Congress

16 What is cyber-crime in 2009? Research centres and collaborations may develop helpful insights into cyber-crime:  Simon Fraser University announced in 2008 it would host the International Centre for Cyber-crime Research  University of Ontario Institute of Technology announced in 2008 plans for a Centre for Cybercrime Research u Ryerson University’s Privacy and Cyber-crime Institute, U of Ottawa’s Cdn. Internet Policy and Public Interest Clinic, Harvard’s Berkman Center for Internet & Society James Whiting: Oct. 30, 2009 CCJA 32nd Congress

17 Cyber-criminals: from fame to fortune “the visible problem of viruses shutting down whole computer systems simply for the notoriety of the hacker has given way to more sophisticated, but less visible, targeted attacks motivated by financial gain” PSEPC, Reports on Plans and Priorities 2007-2008, Sec. II “…Symantec discussed a significant shift in attackers motivated from fame to fortune….hackers are taking this trend to the next level by making cybercrime their actual profession.” Arthur Wood, Senior V.P. Symantec Security Response and Managed Services “In general, cyber attacks are becoming more sophisticated and profit-driven. Given the complexity of some cyber schemes, potential profits and anonymity, involvement of organized crime in New Brunswick is recognized.” CISNB 2006 Public Report James Whiting: Oct. 30, 2009 CCJA 32nd Congress

18 Cyber-criminals: from fame to fortune Professionalization & commercialization:  recruitment of IT graduates directly into criminal orgs McAfee 2006 Virtual Criminology Report  large-scale conventions (Defcon), on-line gatherings (Hacker’s Quarterly) and introduction of titles such as ‘hacktivists’ and ‘ethical hackers’  Increasingly employing business-like practices Symantec News Release, 2007  Use of secure websites and chatrooms as auction sites for stolen data such as credit and personal information  Availabilty of phishing/hacking tools (e.g. MPAck, Pinch, Hacker’s Toolkit)  Botnets for hire James Whiting: Oct. 30, 2009 CCJA 32nd Congress

19 State responses:  International  Statutory - new criminal offences - procedural and investigative  New state entities and expanded mandates for existing entities  Public/private collaborations  Training and specialization James Whiting: Oct. 30, 2009 CCJA 32nd Congress

20 State responses: International Council of Europe’s Convention on Cybercrime uCouncil of Europe opened for signing on Nov. 23, 2001 (CETS No. 185) uCanada signed as non-member state but as of October 19, 2009, has yet to ratify (23 nations have) uCanada has also signed (but not ratified) the additional Protocol on criminalization of racist and xenophobic acts on the internet (CETS No. 189) James Whiting: Oct. 30, 2009 CCJA 32nd Congress

21 State responses: International Areas of harmonization required under the Convention  Enactment of specific cyber-crimes to avoid offence-free zones uEnactment of effective procedural mechanisms uCommitments to international cooperation and extradition  Commitment to operating a 24/7 point of contact to assist investigations James Whiting: Oct. 30, 2009 CCJA 32nd Congress

22 State responses: International  Interpol  G8 High Tech Crime sub-group  Cyber-storm Joint Exercises James Whiting: Oct. 30, 2009 CCJA 32nd Congress

23 State responses: statutory  new criminal offences - enacted - proposed (e.g. ‘identity theft’)  Procedural and investigative provisions - enacted:Canada Evidence Act provisions for electronic evidence - proposed:i)Modernization of Investigative Techniques Act (Bill C-285) ii) Investigative Powers for the 21st Century Act (Bill C-46) iii) Technical Assistance for Law Enforcement in the 21st Century Act (Bill C-47) James Whiting: Oct. 30, 2009 CCJA 32nd Congress

24 State responses  New state entities and expanded mandates for existing entities - CCIRC - NCECC - CSE - RECOL.ca  Public/private collaborations - associations: HTCIA, POLCYB - programs: Cybertip.ca; Project Cleanfeed  Training and specialization James Whiting: Oct. 30, 2009 CCJA 32nd Congress

25 Developing issues i)search ‘incident to arrest’ ii)‘plain view’ doctrine iii)breach notification laws iv)compelling passwords James Whiting: Oct. 30, 2009 CCJA 32nd Congress


Download ppt "32nd Canadian Congress on Criminal Justice The face(s) of cybercrime in 2009 James Whiting: Oct. 30, 2009 CCJA 32nd Congress."

Similar presentations


Ads by Google