James Palmer, Cornell University Brea Llorens, DePauw University

Published byHelena Greene Modified over 7 years ago

Similar presentations

Presentation on theme: "James Palmer, Cornell University Brea Llorens, DePauw University"— Presentation transcript:

1 Modeling Cyber Crimes and Investigations for Digital Forensics Education
James Palmer, Cornell University Brea Llorens, DePauw University Sarah Kaufman, Mesa Community College Christopher Gibbons, University of Massachusetts Lowell MdGayas Chowdhury, University of Massachusetts Lowell Cindy Chen, University of Massachusetts Lowell Xinwen Fu, University of Massachusetts Lowell Computer Science Department University of Massachusetts Lowell  

2 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

3 Introduction The Internet is now a battlefield of cyber war and cybercrimes Digital forensics education meets the urgent need of cyberspace operations professionals Network forensics focuses on evidence collection, analysis and suspect identification in a networked environment Often involves computer forensics – forensics over individual end systems Computer Science Department University of Massachusetts Lowell  

4 Motivation Current network forensics education lacks a systematic view of real-world cybercrimes and investigations Individual techniques are taught in class without sufficient real-world case support Security terms and jargons are all over the media and textbook, often confusing, ad hoc and not systematic Computer Science Department University of Massachusetts Lowell  

5 Contributions Define three basic crime strategies and model a real world cyber crime case as a sequence of these three basic crime strategies Define two basic investigation strategies and model a cybercrime investigation as combinations of the two basic investigation strategies Research and develop a secure cybercrime case web database system with enough case details of both cybercrimes and investigations Give complete definition of cybercrime classifications from the FBI Internet Crime Complaint Center (IC3) Computer Science Department University of Massachusetts Lowell  

6 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

7 Three Basic Cybercrimes
Computer focused crimes Computer assisted crimes Non-cyber attack (i.e. traditional crime) Computer Science Department University of Massachusetts Lowell  

8 Real-world Cybercrime Model
Model: a real-world cybercrime is combination of the three basic crimes How many types of cybercrimes exist under this model? A specific crime has n phases and each phase involves a crime. The number of combinations is 3n, e.g. n=5, 243 More complicated: each basic crime may use a variety of crime techniques such as buffer overflow and SQL injection. More combinations! Computer Science Department University of Massachusetts Lowell  

9 Case Study - Computer focused crime
In 2010, A Dutch national Joey Vogelaar hacked into a company involved in the production release and stole digital versions of three Hollywood movies: “How Do You Know” by Sony Pictures Entertainment “Rango” by the Paramount production “Megamind” by Dreamworks Computer Science Department University of Massachusetts Lowell  

10 Computer assisted crime
Ross William Ulbricht created a web site called Silk Road in approximately January 2011 and operated this global dark marketspace Illegal goods and services including controlled substances, hacking software and services Silk Road utilized Tor Tor is abused to provide anonymity for illegal activities, sellers and buyers Bitcoin was used as the currency of Silk Road Computer Science Department University of Massachusetts Lowell  

11 Non-cyber crime From at least December 2007 through June 2009, Radostin Paralingov and Ulian Parlingov installed skimming devices at branches of Citibank and JPMorgan Chase Bank in the New York City area A skimming device is installed over an ATM card reader and steals the card information from the magnetic strip A hidden camera is often installed on or around the ATM machine to steal the PIN number Computer Science Department University of Massachusetts Lowell  

12 Complicated Case - Credit/debit card fraud
Phase 1 (involving computer assisted crime): From at least as early as September 2010 through at least June 2012, Olanrewaju Abiola and conspirators purchased stolen credit card data on the Internet If hacking was used, a computer focused crime Phase 2: (involving traditional crime) Made counterfeit gift, credit/debit cards, and driver licenses Bought gift cards and other merchandise at merchant locations like Nordstrom in or around the Washington-Baltimore region Returned the merchandise to convert stolen data to cash Computer Science Department University of Massachusetts Lowell  

13 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

14 Cybercrime Investigation Model
Laws and constitution protect user privacy and prohibit arbitrary surveillance on the Internet Traditional investigative technique such as sting operations are necessary, sometimes more efficient Two broad categories of cybercrime investigative strategies are applied by law enforcement Computerized techniques Traditional operations A combination of these two strategies can be utilized in the investigation of a specific case. Computer Science Department University of Massachusetts Lowell  

15 Traditional Sting Operation: A Case of Sex Trafficking
A sting operation often has the following four elements 1. An opportunity or enticement to commit a crime 2. A targeted likely offender or group of offenders 3. An undercover or hidden police officer 4. A ‘gotcha’ climax when the operation ends with arrests.” Law enforcement acted as pimps and approached suspects willing to pay for sex with underage girls of years old After the negotiation was sealed for the deal, five people were arrested during the 2014 Sturgis Motorcycle Rally Computer Science Department University of Massachusetts Lowell  

16 Computerized Techniques
Ardolf hated his neighbor reporting his kiss of his neighbor’s 4 year old son’s lip He cracked the WEP encryption of his neighbor’s router Sent various harassing and threatening s including a death threat against Bidenon April 1, 2009, under the name of his neighbor The law enforcement traced back to the neighbor’s router and found they were innocent A packet capturing device (sniffer) captured packets when the threat was sent to Biden The packet content contained Ardolf’s name and IP address He was sentenced an 18-year prison. Computer Science Department University of Massachusetts Lowell  

17 A Complicated Investigation
United States Of America v. Ross William Ulbricht, master of Silk Road Traditional Operations Traditional sting operations: agents registered accounts within Silk Road and purchased over 100 items of controlled substances U.S Customs and Border Protection (CBP) intercepted counterfeit identity documents from Canada on July 10, 2013 with Ulbricht’s photo with different names Around July 26, 2013, Homeland Security agents visited the residence of the mail address and encountered Ulbricht Computer Science Department University of Massachusetts Lowell  

18 Computerized Techniques in Silk Road Case
Searched the Internet for Silk Road related info Earliest posting mentioning Silk Road on by altoid on Jan 27, 2011 Posting for hiring bitcoin professionals on bitcointalk.org by altoid on Oct 11, 2011, directing interested users to Subpoenaed Google for subscriber information of (identifying Ross Ulbricht) and the IP address accessing and Comcast for the residence of the IP Identified a few Silk Road servers Inputting invalid login credentials into Silk Road, the investigators obtained error messages including a Silk Road server IP The server is imaged and analyzed disclosing other Silk Road backup servers and various evidences matching the evidences found on the Internet Computer Science Department University of Massachusetts Lowell  

19 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

20 Cybercrime Case System
FBI established Internet Crime Complaint Center (IC3) in 2003 Reporting incidents and law enforcement agencies investigating and prosecuting these crimes IC3 news lacks technique details of crimes or investigations We have been referring to Public Access to Court Electronic Records (PACER) [PACER16] and RECAP to obtain those details and record them into the online database We expect the website will generate a great impact on both education and research in academics Computer Science Department University of Massachusetts Lowell  

21 Database Structure crime_catgory: categories defined by FBI IC3 with their definition technique: records both attack and investigation techniques users: used for access control cases_has_technique: records the technique involved in a case cases: case description and its category Computer Science Department University of Massachusetts Lowell  

22 First Version Developed by 2015 REU site students and Xinwen Fu
OWASP Zed Attack Proxy (ZAP) Application used for scanning and finding vulnerabilities ZAP was developed by Open Web Application Security Project (OWASP) Computer Science Department University of Massachusetts Lowell  

23 Sample Scanning Results
Computer Science Department University of Massachusetts Lowell  

24 Current Version Guess it is secure
Computer Science Department University of Massachusetts Lowell  

25 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

26 Preliminary Survey Results
We have introduced the cyber crime and investigation models and case studies to two MSIT (Master of Science in Information Technology) classes on digital forensics in Fall 2015 and Spring 2016 The two classes had 48 students in total They all agreed that the models and case study “Help much understand digital forensics” More rigid survey study will be performed for both undergraduates and graduates as future work Computer Science Department University of Massachusetts Lowell  

27 Outline Introduction Cybercrime model Cybercrime investigation model
A web-based cyber crime case system Preliminary survey Conclusion Computer Science Department University of Massachusetts Lowell  

28 Conclusion Comprehensive classification of cybercrime strategies, cybercrime investigation strategies A cybercrime in a case as a combination of computer assisted strategy, computer focused strategy and non-cyber strategy. Very manageable! A cybercrime investigation as a combination of computerized strategies and traditional operations. Very manageable! Web based system documenting and classifying cases Easy venue for searching related cases Technical details from PACER, RECAP and others Populated with real-life examples of cybercrime Refer to the paper for definitions of FBI IC3 categories Computer Science Department University of Massachusetts Lowell  

29 Major IC3 Cybercrime Categories
Advance Fee Fraud Auction Fraud Blackmail/Extortion Charity Fraud Consumer Complaint (non-auction) Counterfeiting/Forgery: Credit/Debit Card Fraud Computer Damage (Destruction/Damage/Vandalism of Property) Drug/Narcotic Offenses Business/Employment Fraud FBI Scams Gambling Offenses ID Theft Illegal Business Intimidation Investment Fraud Miscellaneous Fraud Non-Delivery of Merchandise (non-auction) Overpayment Fraud Pornography/Obscene Material Prostitution (NIBRS: Prostitution Offenses Relationship Fraud Rental Fraud Spam Stolen Property Offenses Terrorist Threat

30 Thank you! Xinwen Fu 30/15 Computer Science Department University of Massachusetts Lowell  

Download ppt "James Palmer, Cornell University Brea Llorens, DePauw University"

Similar presentations

Similar presentations

Viet Nam Hitech Crime Investigation Department Dr. Tran Van Hoa

Viet Nam Hitech Crime Investigation Department Dr. Tran Van Hoa
Security Classification Practical Issues in dealing with different types of cybercrime.

Security Classification Practical Issues in dealing with different types of cybercrime.
A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.

A Gift of Fire, 2edChapter 7: Computer Crime1 Computer Crime.
2 Language of Computer Crime Investigation

2 Language of Computer Crime Investigation
1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?

1. What is Identity Theft? 2. How Do Thieves Steal An Identity? 3. What Do Thieves Do with Stolen Identities? 4. What Can I Do To Avoid Becoming a Victim?
Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.

Measuring Cybercrime Pieter Hartel. How? Victim reporting initiatives »FBI Internet Criminal Complaint Centre Population and business surveys »CBS (Statistics.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.

Page 1 Presented Insp. Amos Sylvester Trinidad and Tobago Police Service.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.

Personal Identity Theft in the Web-based Business World Presenter – Rick Weatherspoon Xtreme Computing, LLC.
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
What distinguishes cyber crime from “traditional” crime? What distinguishes cyber crime from “traditional” crime? How has the Internet expanded opportunities.

What distinguishes cyber crime from “traditional” crime? What distinguishes cyber crime from “traditional” crime? How has the Internet expanded opportunities.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.

© 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license.
Cyber Crimes.

Cyber Crimes.
WHO’S IN YOUR “WALLET” WHO’S IN YOUR “WALLET” YOU BETTER “RECOGNIZE” YOU BETTER “RECOGNIZE” STEPPING $200 $200 $300 $400 $500 $400 $300 $200 $500 $400.

WHO’S IN YOUR “WALLET” WHO’S IN YOUR “WALLET” YOU BETTER “RECOGNIZE” YOU BETTER “RECOGNIZE” STEPPING $200 $200 $300 $400 $500 $400 $300 $200 $500 $400.
An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.

An Insight into the Relationship Between Social Media and the Susceptibility to Malicious Intent Presented by Rebecca Morgan 15/05/2015 >>>>2.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
Ads by Google