“The degree of overlap between [organized crime and cybercrime] is likely to increase considerably in the next few years. This is something that needs to be recognized by business and government as an emerging and very serious threat to cyber-security.”
Cybercrime is…? “offenses ranging from criminal activity against data to content and copyright infringement” (Council of Europe’s CC Treaty) United Nations refers to acts of fraud, forgery and unauthorized access “…unlawful acts wherein the computer is either a tool or a target or both.”.
The Internet encourages anonymity and is distributed in nature Many countries have very few laws addressing cybercrime Love Bug Virus VB script that spread via email and corrupted many different file types FBI traced the virus to the Philippines The increasing growth of e-commerce
22.3% increase in # from 2008 211% increase in financial loss Median dollar loss: $575 Crimes with no documented loss or harm are not included Top 5 categories: Non-delivered merchandise: 19.9% Identity Theft: 14.1% Credit Card Fraud: 10.4% Auction Fraud: 10.3% Computer Fraud: 7.9%
UNORGANIZEDORGANIZED Usually the work of an individual Decentralized Smaller resource base Hit and run mentality/opportunistic Centralized group of criminals Many based in “hostile” nation Extensive access to resources/business connections Extended operations
Hackers discover vulnerabilities and sell to the highest bidder Crimeware suites created and sold to less technically inclined users Crimeware-as-a-service mentality Data supplier model Pricing profiles introduced Credits cards = cheap Healthcare info/single logins for organizations = expensive Cybercrime economy mirrors actual economy
Organized crime closely mimics the actual economy Regionally-specific & enterprise-specific campaign Each attack campaign gathered centrally to sell Campaigns managed remotely from these central servers Data and asset management is just as essential as in traditional business
(1) Boss deploys malicious code package (2) Campaign managers retrieve package and customized as needed (3) Malicious network used to inject package into legitimate sites. Commission- based (4) Injected code served to users (5) Toolkit affects individual users (6) Infection data sent back to central location (7) PII flows back to boss
Example of crimeware toolkit that originates from Eastern Europe, primarily Russia and the Ukraine Utilizes three major components and powerful encryption: ZueS trojan ZueS config file Specifcation of dropsite
Config file defines subset of targets ZueS collects session variables during sessions Bypasses auth. Mechanisms and piggybacks session Criminals are able to move money to third parties in real-time ZueS Builder provides binary files for constructing a botnet
How simple is it? Number of new ZeuS binaries in the past month: 18,985 Number of new ZeuS binaries seen in the past week: 4,582 Number of new ZeuS binaries seen in one day: 977
Trend Report Trend Report ZeuS Video ZeuS Video
Consider: Hardware and software keeps getting cheaper Combine the Internet and a global scope, the the potential for attacks is limitless Security will always be breached Even when laws are passed to increase technological safeguards, new technology will always outstrip legislation
I3C Accepts complaints, investigates, and/or redirects to appropriate law enforcement Joint operations with other agencies Publishes cyber-security information IT Act(2000) Attempt to define various electronic specifications: Digital Signatures Use/Retention of electronic records Security Certification Authorities Offenses
http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://us.trendmicro.com/imperia/md/content/us/trendwat ch/researchandanalysis/zeusapersistentcriminalenterprise. pdf http://us.trendmicro.com/imperia/md/content/us/trendwat ch/researchandanalysis/zeusapersistentcriminalenterprise. pdf http://www.legalserviceindia.com/cyber/itact.html http://www.legalserviceindia.com/cyber/itact.html http://www.symantec.com/norton/cybercrime/definition.js p http://www.symantec.com/norton/cybercrime/definition.js p http://www.securityworld.com/ia-420-love-bug-virus.aspx http://www.securityworld.com/ia-420-love-bug-virus.aspx http://www.finjan.com/Content.aspx?id=827 http://www.finjan.com/Content.aspx?id=827
Your consent to our cookies if you continue to use this website.