an e-crime combating strategy a public and private task team perspective i-week presentation - spring 2004

2 SAPS SAPS Banks Banks Audit Companies Audit Companies Cell-phones Cell-phones IT IT Legal Legal Crime Combating Agents Crime Combating Agents A task team of different sectors were applied

3 An effective and sustainable solution for combating e-crime at an industry level, nationally and internationally, through public private partnership networking The Need

4 Understanding The Problem Understanding The Problem Addressing The Problem Addressing The Problem Typical Partners & Associates Typical Partners & Associates The strategic approach to find a solution was

5 UNDERSTANDING THE PROBLEM

6 Computer and Network Attack Taxonomy ATTACKS HACKER CRIMINAL CORP RAIDER CORP RAIDER SPY TERRORIST VOYEUR VANDAL TOOLS PHYSICAL ATTACK PHYSICAL ATTACK AUTONOMY AGENT AUTONOMY AGENT SCRIPT OR PROGRAM SCRIPT OR PROGRAM INFO EXCHANGE INFO EXCHANGE USER COMMAND USER COMMAND DISTRIBUTED TOOL DISTRIBUTED TOOL TOOLKIT VULNER- ABILITIES VULNER- ABILITIES DESIGN PROBE ACTIONS IMPLEMENT ATION IMPLEMENT ATION CONFIGUR ATION CONFIGUR ATION DATA TAP SCAN FLOOD AUTHENTI- CATE AUTHENTI- CATE COPY READ BYPASS SPOOF MODIFY STEAL DELETE TARGETS ACCOUNT COMPUTER COMPONENT PROCESS DATA INTERNET NETWORK RESULTS INCREASED ACCESS INCREASED ACCESS THEFT OF RESOURCES THEFT OF RESOURCES DENIAL OF SERVICE DENIAL OF SERVICE DISCLOSED INFO DISCLOSED INFO CORRUPT INFO CORRUPT INFO OBJECTIVES CHALLENGE, THRILL, STATUS CHALLENGE, THRILL, STATUS OBTAIN INFO OBTAIN INFO DAMAGE POLITICAL GAIN POLITICAL GAIN FINANCIAL GAIN FINANCIAL GAIN Source: Howard & Longstaff (1998:16)

7 Attack Sophistication vs Intruder Technical Knowledge High Intruder Knowledge Attack Sophistication Password guessing Self-replicating code Password cracking Exploiting known vulnerabilities Burglaries Hijacking sessions Back doors Disabling audits Sweepers Sniffers Packet spoofing Denial of service “Stealth”/advanced scanning techniques Network management diagnostics Graphical user interface Automated probes/scans WWW attacks Source: Carnegie Mellon University, 2000 Distributed attack tools Low

8 Percentage of organisations that have experienced specific computer-related crimes % 67.00% 16.00% 15.00% 20.00% 77.00% 18.00% 13.00% 40.00% 6.00% 1.00% Sabotage of data or networks Virus attacks Financial fraud Theft or propriety info Attacks, e.g. denial of service Theft of laptops Unauthorised website access/misuse Spoofing attacks Theft of other hardware Telecoms fraud Telecoms eavesdropping Active wiretapping Source: NHTCU

9 What do respondents consider to be the single most serious impact of a computer enabled crime on an organisation? 4% Share price of your company 34% Ability of company to operate 32 % Ability of company to do business 23% Public image or reputation of company 7% Finances of company Source: NHTCU

10 Formulating an applicable e-crime definition The following applies explicitly as criminal offences in the RSA: Electronic Communications and Transactions Act 25 of 2002, Cybercrime ; Sections 86 – 88  Unauthorised access to, interception of or interferences with data  Computer-related extortion, fraud and forgery  Attempt, and aided abetting The Common Law Offences on Theft “ E-crime is any crime committed by means of any electronic device or interface or programme code ”

11 The following is also understood as e-crime  Where a computer (or system) is the subject of a criminal attack (e.g. Hacking/cracking, Denial of service, Virus, Spamming, Spoofing)  Where a computer is used to commit a criminal offence (e.g. Fraud, money-laundering, tax evasion, trafficking, extortion, illegal funds transfers)  Where evidence of criminal activity is stored on a computer or other electronic storage media (e.g. Details of fraud dealing) Obviously, these categories are not mutually exclusive.

12 Interpol’s definitions of e-crime offences are also incorporated  Unauthorized access and interception  Alteration of computer data  Computer Related Fraud  Unauthorized reproduction  Computer sabotage  Computer-related crime (Other)

13 The critical e-crime issues that need to be addressed 1.Preventing/combating “Digital Identity” theft 2.Preventing/combating “Denial of Services” threat 3.Establishing an effective reporting procedure of e-crime incidents to SAPS 4.Improving the speed of law-enforcement responses to e-crime incidents 5.Establishing effective legal procedures for seizing evidence information 6.Understanding and dealing with International Jurisdiction limitations 7.Educating the industry on handling e-crime incidents, minimize crime risk, resolve incidents in an effective manner

14 The critical issues to be addressed (cont’d) 8.Addressing the need for higher sanctions on statutory offences 9.Resolving the lack of tracking capability (Stemming from lack of legislation) 10.Overhauling of the Criminal Procedures Act 11.Upgrading the limited expertise to deal with e-crime in both public and private sector 12.Keeping abreast with expanding technology 13.Establishing of “ joint ” training sessions with SAPS & CJS departments on e-crime matters 14.Improving co-operation between relevant role players (SAPS, ISPs, Tel & Cell-phone Companies)

15 E-crime: as-is description  Criminal Operating Environment –No global boundaries –Real-time execution  Knowledge & Skills –Lack of knowledge & skills –Lack of professional standards  Crime Combating Cooperation –No real co-operation & co- ordination –Fragmented Intelligence  Law Enforcement –E-crime’s priority not high enough (Specific SAPS, NPA, Justice) –Limited knowledge of e-crime importance/impact/intervention required  Legislation Shortfalls –Legal protection lacking & lagging –International laws not in synch  Business Risk –At risk & vulnerable –Countering e-crime technology expensive Fragmented Insufficient Lacking Business at Risk Exposed Limited deterrent Key take-outs

16 E-crime: to-be description  Criminal Operating Environment –Penetrations traceable –No tolerance towards criminals  Knowledge & Skills –Available knowledge & skills –Applied professional standards  Crime Combating Cooperation –Effective co-operation & co- ordination –Effective Intelligence network –Effective PPP ties  Law Enforcement –Effective SAPS & Justice support –The ability to combat e-crime should have higher priority  Legislation Shortfalls –Effective Legislation –International laws in synch  Business Risk –Reduced business risk –Capitalising on Economy of Scale opportunities to counter e-crime United Front Effective Legislation Experts on Tap Reduced Business Risk Controlled & Policed Effective Law Enforcement

17 Gaps between as-is and to-be Insufficient Legislation Business At Risk Policing Shortfall Hostile Environment Insufficient Knowledge Poor CooperationAs-is Effective Legislation Business Prosperity Effective Policing Controlled Environment Expert Knowledge Available United Front Against E-CrimeTo-be Laws Business Policing Environ- ment Know- ledge Co- operation

18 Desired end-state A national expert core (real and/or virtual) e-crime combating coordinating centre (ec³) with an effective private and public network of partnerships, supporting its stakeholders in countering e-crime effectively and efficiently

19 ADDRESSING THE PROBLEM

20 The main purpose of the proposed strategy To establish a real-time e-crime combating centre, through private public partnerships to enable expertise information exchange between the partners, clients, law enforcers and e-crime experts, on a national and international level, to combat e-crime effectively and efficiently

21 The main thrust of the proposed strategy –Real-time response –Support & enhance SAPS e-crime combating capability –Coordinating & support e-crime combating –Real-time e-crime attack notification & alerts –On-line e-crime Intelligence services –Expert guidance on tap –Joint e-crime training of associates –Setting of e-crime minimum industry norms –Lobby for effective legislation –Standards for e-crime professionals –Offer business economy-of-scale opportunities in combating e-crime attacks

22 The key strategic issues that needs to be addressed Key take-outs Global, Borderless & Faceless  E-crime knows no boundaries / jurisdictions  E-crime is faceless, virtual and evolving  Technology to commit e-crime becomes more available and easier to apply Knowledge & Skill Gaps  Shortages of knowledge and skill to counter e-crime  Minimal training standards for e-crime combating experts  Limited professional expert enquiry facility on tap Legislation Insufficiencies  RSA legislation inadequate  International legislation to counter e-crime not in synch  RSA experts on e-crime legislation limited  Limited e-crime expert lobby body in the RSA Escalating Threat Knowledge Shortfall Inadequate Legislation

23 The key strategic issues (cont) Law Enforcement Limitations  CJS has limited capability  RSA reporting, investigation and prosecution processes sub- optimal  E-crime needs higher priority in the RSA Intelligence & Communication Processes Uncoordinated  Intelligence sources on e-crime fragmented in RSA  Limited real-time communication exchange centre for inter alia e-crime alerts  Limited integrated Public Private Partnership e-crime combating network in place  Need for a knowledge management and dissemination centre  Limited maintained “E-crime Combating Guidelines” Business Risk  More businesses exposed to e-crime attacks that are rising in frequency and magnitude  Protection costs are escalating  Limited identified e-crime combating expert alliance network to link in with Long Way to Go Limited Coordination Escalating Risks

24 if these are the key strategic issues, what are the likely key success factors in combating e-crime?

25 The key success factors in combating e-crime Global, Borderless & Faceless  E-crime phenomenon ring-fenced (understanding the domain)  Forewarning and countering e-crime attacks & evolution  Identified & tracked technology to commit e-crime  Enhanced user awareness (situational awareness re e-crime) Knowledge & Skill Gaps  Access to knowledge and skill to counter e-crime  Aggressive training programme embarked upon  Effective minimum training standards for e-crime combating experts  Professional state of the art enquiry facility on knowledge/skill enquiries on-tap Legislation Insufficiencies  Effective RSA e-crime combating legislation in place  International legislation to combat e-crime in synch  National experts on e-crime legislation on-tap  Effective national e-crime expert body to do lobbying Effective Legislation Knowledge on Tap Contained Threat

26 The key success factors in combating e-crime (cont) Law Enforcement Limitations  CJS “e-crime ready”  National reporting, investigation and prosecution processes enhanced  A higher priority on e-crime in the RSA Intelligence & Communication Processes Uncoordinated  Centralised collation of information on e-crime  Information sources identified, categorised and optimally exploited  Real-time communication exchange centre for e-crime alerts and other communications established  Public Private Partnership e-crime combating network in place  Knowledge management and dissemination centre established  “E-crime Combating Guidelines” on-tap Business Risk  Businesses exposure to e-crime attacks contained  Benefiting on Economies-of-Scale opportunities to combat e- crime  Affordable e-crime combating expert alliance network to link into for assistance and support Win - Win Controlled Risk Intelligence Sharing

27 The Value Chain to combat e-crime Crime Intelli gence Minim um Securi ty Requir ement s Crime Comb ating Strate gies Indus try Unity & Dilige nce Crime scenarios Criminal Intelligence Crime combating network Crime victimization risks Security standards Effective technology Sufficient knowledge Required skills Effective regulations Effective strategic alliances Effective strategies Timeous alerts Shared synergistic strategies Multi-level strategies Minimum Industry Standards Effective legislation Effective Prosecuting Authority Effective law enforcement Effective crime containment Affordable crime containment

28 Proposed strategic objectives to combat e-crime Prime Goal Objective Primary Activities Establish an ec 3 Design, establish and implement concept, according to real and/or virtual business model  Find “Right” Sponsors  Develop business case  Develop project plan  Implement

29 Proposed Goals for the ec 3 to Attend To GoalsObjective Primary Activities Address the Global, Borderless & Face-less nature of e-crime Pro-actively research, identify and expose e-crime types, and modus operandi of e-criminals  Establish the initial intelligence capability  Establish international links  Do best practice research  Enhance the PPP  Publish Bridge Knowledge & Skill Gaps Develop and provide access to real-time skilled and knowledgeable experts & establish e-professionalism on tap  Enhance critical mass of the PPP  Develop communications strategy  Refine the business model Address Legislation Insufficiencies Prioritise needs and lobby for regulatory shortcomings on behalf of all stakeholders  Research present legislation  Identify gaps  Identify stakeholders  Identify target audience  Lobby

30 Proposed Goals for the ec 3 to Attend To (cont’d) GoalsObjective Primary Activities Address Law Enforcement Limitations Assist with the identification, co-ordination and resolving of law enforcement limitations through PPP agreements  Research present capabilities  Identify gaps  Develop plans and budgets  Further enhance the PPP  Implement over time line Ensure Intelligence Availability Host and provide a central real- time integrated e-crime combating intel-ligence capability  Develop an intelligence design  Develop the processes  Implement systems  Refine Reduce Business E-crime Risk Reduce business-risk by capitalising on e-crime combating opportunities by means of strategic alliances  Develop understanding of relevant business risks  Identify relevant alliances  Implement and Capitalise on economy-of-scale e-crime combating opportunities  Understand the playing field regarding all relevant role-players  Develop plan to pool resources

31 PARTNERS & ASSOCIATES

32 Typical networking partners & associates for an e-crime combating centre (ec³) SAPS BANKS (National & International) CERT (DARPA) INSURERS NPA FINANCIAL INSTITUTIONS INTERPOL PRIVATE INDUSTRY INTERNET SERVICE PROVIDERS STATE DEPARTMENTS BUSINESS / E-COMMERCE PROVIDERS TRAVEL INDUSTRY TELECOMMUNICATION PROVIDERS CONSUMER GROUPS ACADEMICS TRADE ASSOCIATES WORLD BANK SADC CSIR (CRIME TECHNOLOGY) ETC

33 Questions? Views on are we pointing in the right direction? WHO ELSE CAN / SHOULD CONTRIBUTE … AND IS WILLING TO JOIN FORCES? Contact: Jac Spies

34 Thank you for the opportunity to address such an influential and learned gathering on such an urgent matter