\ The Bottomline, Topline, Middle line Or … any line… is.. Cybercrime is BIG business and is highly profitable Whether it is ethical or unethical
\ If it is ethical it (may) mean it is legal then how can we call it a crime
\ The IT Act requires a body corporate to have “reasonable security” in place By law an ISO certification will suffice which I buy in the open market Government or private organizations do not disclose the extent of damage in event of a cybercrime – collusion ? Abetment ? Shame ?
\ Complaints are dropped once an informal investigation is done – usually the complainant does not want to proceed Will we let go of a person who has attacked another with a gun or knife
\ Body corporate has to have “reasonable” security in place! ISO Certification is available for sale off the shelf Organizations authorize hackers to exploit their systems. Will someone ‘authorize’ a bomb explosion too
\ 1.Companies and Government bodies do not disclose when they have been hacked – can they desist if money has been stolen thus hiding a crime 2.LEA usually drops investigation on the request of the complainant!
\ But… because it can be the cause of frustration, anger and other stress disorders in the LEA
\ And we do not want to talk about capacity, capability and such challenges as this is not within the scope of this talk / topic / panel
\ Breakaway from conventional thinking Move at speed Empower team members Accept reality / need of transparency…
\ COLLABORATE Make your expertise, information, intelligence, resources, tools available across the country and taste Glory! BENEFIT & SUCCEED Adopt the open source philosophy to give unconditionally – your goodwill will always come around to you SHARE Reap the benefit of the information and expertise received through the sharing mechanism
\ Report Lodged Crime Perpetrated Identifies Modus Operandi Starts Investigation Obtains Evidence Discovers IP Address Stop Investigatio n There’s hope Domestic International File Papers Go Home This is illustrative and does not purport to be the actual / complete lifecycle
\ Directory of primary ‘intermediary’ organizations Relationships with International LEA, CERT, Intelligence, Home, Judiciary Collaborative Relationships Sharing…. - Advisories - Crime Information - Cybercriminal Profiles - Modus Operandi - Technology advances Partnership Framework A central agency which will act as a clearing house (e.g. CyberDome)
\ A central agency which will act as a clearing house and contribute information and intelligence to the Exchange Information is provided back to the national agency which will update the domestic system and investigation can come to close Also facilitate collaborative investigations, arrests or actions
\ o Cross Border Crimes o Non availability of information o No proactive policing (pre- cog) o Differing protocols and laws o Multiple LEAs o Corporate challenges of ISP EYE OPENERS
\ Internet of Things Mobile technology Dis-satisfied young geeks Easy availability of mal-tools Easy availability of targets Continued practice of LEA transfers Keeping your head in the sand My daddy strongest attitude
\ Logic bombs Data Theft ATM Credit / Debit card cloning Child Porn Dark Markets/Underground Corporate Espionage Wearable / blowable technology 419 Scams & variants Spear Phishing Website defacement Cyber Bullying Money mules Bank account cleanout Ransomware Keyloggers Privacy infringement Identify Theft – account takeover Cyber blackmail Man in the middle Spam Critical Infrastructure Power Sector