Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force.

Published byMicah Gartside Modified over 9 years ago

Similar presentations

Presentation on theme: "COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force."— Presentation transcript:

1

2 COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force BLACK HAT BRIEFINGS SINGAPORE - 3-4 APR 2000

3 SCOPE Computer Crime Trends Definition of Computer Crime Case Studies Computer Misuse Act

4 Computer Crime Branch & Computer Forensic Branch IT Crime Investigation Procedures Computer Crime Prevention & Incident Management Conclusion INTRODUCTION

5 Computer Crimes Trend No. of reported cases relatively low Increasing trend 1993/1994-1 1995-3 1996-7 1997-37 1998-116 1999-185

6 INTRODUCTION Definition of Computer Crime When there is unauthorised access into a computer system in order to : Destroy data or programs Commit other offences

7 CASE STUDY ONE The Perfect Computer Crime System Analyst used Trojan horse program to capture colleagues password and used it to modify the Lucky Draw Program. Also gained root access whilst auditing computer system and replaced Lucky Program with fake program that allowed 3 friends to ‘win’ $485,000

8 CASE STUDY TWO Crashing of Factory Computer SystemDisgruntled system administrator inserted logic bomb that replaced system files with damaged files during backup process. Also used another logic bomb to time backing up process while he was on holiday. Caused entire company’s system to crash and halted production lines. After his dismissal, he asked a computer illiterate colleague to crash system files.

9 CASE STUDY THREE Smart Card Scam - Managers of Cinema Chain modified Daily Cashiers’ Reports on computer system and siphoned off cash. Also topped up used Smart cards illegally and sold them to cinema touts. Enlisted help of a computer service engineer to load program into a branch so as to further the crime.

10 CASE STUDY FOUR Distribution of user-ids and passwords - Two youths stole user-ids and passwords of unsuspecting users of an ISP during IRC sessions and displayed the user-ids and passwords on a web site stating that the ISP’s system security had been breached.

11 Hacking of Television's Stations web-site Two teenagers obtained illegal access to a Television Station web-site by accident and modify several of the web pages with “hacker slogans”. CASE STUDY FOUR

12 LESSONS LEARNT Lack of òPhysical Security òElectronic Security òGood Security Practices òRegular System Audit òComputer Incident Management

13 COMPUTER MISUSE ACT Section 3 - Unauthorised Access to Computer Material Section 4 - Access with Intent to Commit or Facilitate Commission of Further Offence Section 5 - Unauthorised Modification of Contents of Computer

14 Section 6 - Unauthorised Use/Interception of Computer Service Section 7 - Unauthorised obstruction of Use of Computer Section 8 - Unauthorised Disclosure of Access Code Section 9 - Enhanced punishments -Territorial Scope COMPUTER MISUSE ACT

15 CCB & CFB Computer Crime Investigation Computer Related Crime Investigation Telecommunication Frauds Investigation Training Computer Searches Computer Seizures Computer Forensic Examination Training

16 COMPUTER CRIME BRANCH Head, Computer Crime Branch OC Investigation Teams Senior Investigators Investigators

17 COMPUTER FORENSIC BRANCH Head Computer Forensics OC Computer Forensics Team Computer Forensics Examiners

18 International Co-operation Asian Working Party (Computer Crime) Links with –FBI, USSS –AFP –Hong Kong –Malaysia –Taiwan –Sweden –U.K.

19 COMPUTER CRIME INVESTIGATIONS Report Lodging What to prepare? Who should do the reporting?

20 COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Interviews (Facts gathering) Complainant / Victims System Administrators Customer Service Engineer Other Witnesses

21 COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Evidence Collection Physical evidence (eg computer system, storage media) Supporting evidence (eg system logs, callerID records)

22 COMPUTER CRIME INVESTIGATIONS Preliminary Investigation Evidence Analysis Forensic laboratory and staff for examination of storage media Technical Support from Industry experts Vendors’ information

23 COMPUTER CRIME INVESTIGATIONS Implications of Police Investigation’  Evidence in police custody till conclusion of the case  Commitment of time and resources  Adverse publicity

24 PREVENTION & INCIDENT MANAGEMENT Setting up a Security Team Implement Preventive Measures Incident Management

25 PREVENTION & INCIDENT MANAGEMENT Preventive Measures Installation and maintenance of Intrusion Detection applications, e.g., Firewall, Intrusion Detection System Proper documentation of computer systems Conduct regular system audit Password management

26 PREVENTION & INCIDENT MANAGEMENT Preventive Measures Establish links with SingCERT, etc Simulation Excercises Tracking software/hardware for bugs & vulnerabilities

27 PREVENTION & INCIDENT MANAGEMENT Incident Management - Respond swiftly Collation of essential information and facts Gathering of evidence caller id records, system access logs

28 PREVENTION & INCIDENT MANAGEMENT Incident Management Ensure system and storage media not tampered document any tampering Report fast to Computer Crime Branch

29 CONCLUSION  Report the incident as early as possible  Record all irregularities  Do not allow anyone to meddle with the computer  Do not restore the affected system

30 THE END THANK YOU

31

Download ppt "COMPUTER CRIMES - THE LAW ENFORCMENT PERSPECTIVE By: Wilfred A Nathan Computer Forensic Branch Criminal Investigation Department Singapore Police Force."

Similar presentations

By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.

Data Breach Notification Toolkit Mary Ann Blair Director of Information Security Carnegie Mellon University September 2005 CSG Sponsored by the EDUCAUSE.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.

Fraud, Scams and ID Theft …oh my! Deb Ramsay ESD 101 Chief Information Officer Technology Division.
COMPUTER CRIME An Overview Agenda u Background and History u Potential Criminals u Ethics Survey u Criminal Activity u Preventative Measures u Background.

COMPUTER CRIME An Overview Agenda u Background and History u Potential Criminals u Ethics Survey u Criminal Activity u Preventative Measures u Background.
FatMax 2007. Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.

FatMax Licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 LicenseCreative Commons Attribution-NonCommercial-ShareAlike 2.5.
Security Controls – What Works

Security Controls – What Works
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Factors to be taken into account when designing ICT Security Policies

Factors to be taken into account when designing ICT Security Policies
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.

Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.

Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Computer Misuse Act (1990). What is Computer Misuse Act (1990)? The Computer Misuse Act of 1990 is a law in the UK that makes illegal certain activities,

Computer Misuse Act (1990). What is Computer Misuse Act (1990)? The Computer Misuse Act of 1990 is a law in the UK that makes illegal certain activities,
Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.

Guidelines for Investigation. 2 Investigation of computer related frauds - Outline Reasons Ways of committing frauds Prevention Aids for investigation.

Similar presentations

Ads by Google