Technological Crime

2 Who Are We? The Royal Canadian Mounted Police is the Canadian national police service. We are an agency of the Ministry of Public Safety Canada. The RCMP is a national, federal, provincial and municipal policing body. We provide federal policing service to all Canadians and policing services under contract to the three territories, eight provinces (except Ontario and Quebec) and more than 200 municipalities and 600 Aboriginal communities.

3 Technological Crime mandate Investigate Pure Computer Crimes Criminal offences detailed in OM.IV.1 Primarily unauthorized access and mischief to data CIP mandate Computer Investigative Support to Technologically Facilitated Crimes Any traditional crime assisted by information technologies Search, seizure, analysis of digital evidence

4 Service Delivery Structure

5 The Cyber Crime Threat Why is it a problem? What is the nature of it? How is it evolving? What are our most successful techniques in combating this threat?

6 Cost and Means of Attack Source: SA Robert Flaim FBI

7 Why is it a problem? Transnational nature of the Internet = vulnerability Anonymous access to infrastructures via the Internet and SCADA Interdependencies of systems make attack consequences harder to predict and more severe Malicious software is widely available and does not require a high degree of technical skill to use More individuals with malicious intent on Internet New cyber threats outpace defensive measures

8 Why is it a problem? Threat not merely in the value of the data compromised, stolen, or altered, but in the nature of an attack. Ex: Damage from a cyber attack usually much greater than the resources needed to accomplish the attack. Attacks aided by the anonymity, openness, connectivity, and speed of the Internet. Ramifications include loss of confidence in the systems that form our national core.

9 Cyberthreats Due to the nature of globally interconnected networks, cyber attacks can be launched from anywhere in the world, with rapid cascading effects in multiple jurisdictions. The extent of the cyber threat ranges from individuals and organizations to national security. Estimates show that as few as 5% percent of cybercriminals are caught and convicted.* *Source: Mcafee: (McAfee North America Criminology Report - Organized Crime and the Internet 2007)

10 Cyberthreats Attacks against individuals often fall into two categories: malicious software social engineering. Malicious software attacks compromise home and small business computers. Once infected, the malicious code harvests personal data while the user is online. Social engineering attacks are aimed at home users and try to trick them into revealing sensitive personal information, such as bank logins and credit card details.

11 Cyberthreats Criminals are also targeting corporate networks to steal information, usually financial data, held on customer databases. Successful hacking attacks on businesses can yield huge amounts of personal information which can then be easily exploited. Since the possibility of attack is great and the volume of attackers is essentially limitless, without a defensive strategy, all users are potentially vulnerable over the Internet to criminals worldwide.

12 Sophistication of Cybercrime Simple Unstructured: Individuals or groups working with little structure, forethought or preparation Advanced Structured: Groups working with some structure, but little forethought or preparation Complex Coordinated: Groups working with advance preparation with specific targets and objectives.

13 Source: Carnegie Mellon University Attack Sophistication vs Intruder Knowledge

14 Threats and Capabilities

15 Source: Carnegie Mellon University Vulnerability Exploit Cycle

16 What is the nature of the threat? Technical Threats How IT systems are configured/deployed (Speed & Convenience vs. security) Some systems are highly vulnerable until the worst bugs in the software have been reported and corrected, which creates a window of opportunity for criminals to exploit these systems. Blended Threats: Botnets/Malware/Viruses/etc

17 How is the threat evolving? The race between criminals to exploit data/systems before security measures protect it or law enforcement catches them. Blended threats are expected to increase, especially within the following areas: - Exploitation frameworks and rootkits - BOT-NETS, Trojan-Horse malicious code - Increasingly Sophisticated Attacks - Wireless devices - Zero-day exploits - ID-Theft (Phishing) - “High-Yield” Investment Offers

18 How is the threat evolving? Blended threats continued: - Online “419” Schemes - Electronic Billing Fraud - Auction on Line/ Non Delivery of Goods - Targeted Attacks - Hackers - Child Exploitation - SCADA – Supervisory Control and Data Acquisition - Exploit process/software vulnerabilities for cash

19 How is the threat evolving? Financially Motivated Cyber Crime Digital currency ( theft/layering stage of the money laundering process) Legislation Anonymous Borders Internet Payment Systems Online Banking Online Casinos Pre-paid Credit Cards

20 Internal & External Drivers Emerging 3rd generation of convergent communications device technologies Increased criminal use of Internet Increased public use of technology = increased demand for analysis Enhanced use of security products & services Capacity/proliferation of devices with increasing storage capabilities and continually shrinking electronic footprints (encryption & compression) Development of new technologies (VHS vs. DVR)

21 Internal & External Drivers Complex tracking of identification and transactions Jurisdiction/Nonexistent or differing laws Speed of cooperation and information sharing Private sector concerns re privacy/shareholders/solutions Large scale investigations with multiple sites and suspects which can also cross international boarders

22 MOST SUCCESSFUL TECHNIQUES Sharing information between government agencies, the private sector and the public Canadian Cyber Incident Response Centre (CCIRC) Cybertip.ca portal Phonebusters Strong networking / relationship building with our partners Leveraging partnerships maximizing potential/minimizing duplication NRCAN, Bell Security Solutions, ARIN Combining Efforts to Combat Cyber Crime Cyber Crime Council Locally, Provincially, Nationally and Internationally G8 – HTC Sub Committee, CACP E-crimes,etc

23 MOST SUCCESSFUL TECHNIQUES Focused Enforcement Strategies Integrated Policing Sharing of tools, techniques and/or best practices Enhancing our communications strategy – internal and external Continuous development: employees, tools and techniques Continuously look to the future to identify trends & technology Prevention and Public Education

24 How can you help? Observe Identify Notify Partner = positive impact

25 With ever increasing numbers, Canadians are embracing the internet. Only by working in partnership we can achieve the goal of making the Internet a safe community for Canadians.

26 Insp. Carole Bird OIC Program Management Support Services Technological Crime Branch Royal Canadian Mounted Police (613)