An Introduction to Cyber Crime

advertisement
Presented By: Brian Nienhaus
 What
is cybercrime?
 Running a cybercrime syndicate
 Cybercrime attacks
 Countermeasures
 Organization profiles
Who, Where, When, Why
 “The
degree of overlap between
[organized crime and cybercrime] is
likely to increase considerably in the
next few years. This is something that
needs to be recognized by business and
government as an emerging and very
serious threat to cyber-security.”

Cybercrime is…?
 “offenses ranging from criminal activity against
data to content and copyright infringement”
(Council of Europe’s CC Treaty)
 United Nations refers to acts of fraud, forgery
and unauthorized access

“…unlawful acts wherein the computer is
either a tool or a target or both.”.


The Internet encourages anonymity and
is distributed in nature
Many countries have very few laws
addressing cybercrime
 Love Bug Virus
 VB script that spread via email and corrupted
many different file types
 FBI traced the virus to the Philippines

The increasing growth of e-commerce
 22.3% increase in # from 2008
211% increase in financial loss
 Median dollar loss: $575
 Crimes with no documented loss
or harm are not included
Top 5 categories:
Non-delivered merchandise: 19.9%
Identity Theft: 14.1%
Credit Card Fraud: 10.4%
Auction Fraud: 10.3%
Computer Fraud: 7.9%
UNORGANIZED




Usually the work of an
individual
Decentralized
Smaller resource base
Hit and run
mentality/opportunistic
ORGANIZED




Centralized group of
criminals
Many based in “hostile”
nation
Extensive access to
resources/business
connections
Extended operations





Hackers discover vulnerabilities and sell to
the highest bidder
Crimeware suites created and sold to less
technically inclined users
Crimeware-as-a-service mentality
Data supplier model
Pricing profiles introduced
 Credits cards = cheap
 Healthcare info/single logins for organizations = expensive

Cybercrime economy mirrors actual economy

Organized crime closely mimics the
actual economy
 Regionally-specific & enterprise-specific
campaign
 Each attack campaign gathered centrally to sell
 Campaigns managed remotely from these
central servers

Data and asset management is just as
essential as in traditional business







(1) Boss deploys malicious code package
(2) Campaign managers retrieve package
and customized as needed
(3) Malicious network used to inject
package into legitimate sites. Commissionbased
(4) Injected code served to users
(5) Toolkit affects individual users
(6) Infection data sent back to central
location
(7) PII flows back to boss


Example of crimeware toolkit that
originates from Eastern Europe,
primarily Russia and the Ukraine
Utilizes three major components and
powerful encryption:
 ZueS trojan
 ZueS config file
 Specifcation of dropsite


Config file defines subset of targets
ZueS collects session variables during
sessions
 Bypasses auth. Mechanisms and piggybacks
session
 Criminals are able to move money to third
parties in real-time

ZueS Builder provides binary files for
constructing a botnet

How simple is it?
 Number of new ZeuS binaries in the past month:
18,985
 Number of new ZeuS binaries seen in the past
week: 4,582
 Number of new ZeuS binaries seen in one day:
977


Trend Report
ZeuS Video

Consider:
 Hardware and software keeps getting cheaper
 Combine the Internet and a global scope, the the
potential for attacks is limitless
 Security will always be breached
 Even when laws are passed to increase
technological safeguards, new technology will
always outstrip legislation

I3C
 Accepts complaints, investigates, and/or redirects to
appropriate law enforcement
 Joint operations with other agencies
 Publishes cyber-security information

IT Act(2000)
 Attempt to define various electronic specifications:
 Digital Signatures
 Use/Retention of electronic records
 Security
 Certification Authorities
 Offenses







http://www.ic3.gov/media/annualreport/2009_IC3Report.p
df
http://www.ic3.gov/media/annualreport/2009_IC3Report.p
df
http://us.trendmicro.com/imperia/md/content/us/trendwat
ch/researchandanalysis/zeusapersistentcriminalenterprise.
pdf
http://www.legalserviceindia.com/cyber/itact.html
http://www.symantec.com/norton/cybercrime/definition.js
p
http://www.securityworld.com/ia-420-love-bug-virus.aspx
http://www.finjan.com/Content.aspx?id=827
Download