Technological Crime

advertisement
Technological Crime
2
Who Are We?
The Royal Canadian Mounted Police is the Canadian
national police service.
We are an agency of the Ministry of Public Safety Canada.
The RCMP is a national, federal, provincial and municipal
policing body.
We provide federal policing service to all Canadians and
policing services under contract to the three territories,
eight provinces (except Ontario and Quebec) and more
than 200 municipalities and 600 Aboriginal communities.
3
Technological Crime mandate
Investigate
Pure Computer Crimes
•
•
•
Criminal offences detailed in OM.IV.1
Primarily unauthorized access and mischief to data
CIP mandate
Computer Investigative Support to
Technologically Facilitated Crimes
•
•
Any traditional crime assisted by information technologies
Search, seizure, analysis of digital evidence
4
Service Delivery Structure
RCMP - TECHNOLOGICAL CRIME PROGRAM
TECHNOLOGICAL CRIME BRANCH
Program Management Support Services
Policy and Program
Support
Operations Support
Integrated Cyber
Analysis Team
Operations
Coordination and
Liasion
Technical Support Services
Technical Analysis
Team
Forensic Utilities
Research Team
Senior Technical
Advisor
Network and
Information Operations
Team
Integrated Technological Crime Units
5
The Cyber Crime Threat
Why is it a problem?
What is the nature of it?
How is it evolving?
What are our most successful techniques in combating
this threat?
6
Cost and Means of Attack
Cost of Capability
Availability of Capability
1945
INVASION
1955
1960
STRATEGIC
NUCLEAR
WEAPONS
1970
ICBM /
SLBM
1975
CRUISE
MISSLES
Source: SA Robert Flaim FBI
1985
TODAY
PRECISION
GUIDED
MUNITIONS
COMPUTERS
7
Why is it a problem?
•Transnational nature of the Internet = vulnerability
•Anonymous access to infrastructures via the Internet and SCADA
•Interdependencies of systems make attack consequences harder
to predict and more severe
•Malicious software is widely available and does not require a high
degree of technical skill to use
•More individuals with malicious intent on Internet
•New cyber threats outpace defensive measures
8
Why is it a problem?
• Threat not merely in the value of the data compromised, stolen,
or altered, but in the nature of an attack. Ex: Damage from a
cyber attack usually much greater than the resources needed to
accomplish the attack.
• Attacks aided by the anonymity, openness, connectivity, and
speed of the Internet.
• Ramifications include loss of confidence in the systems that
form our national core.
9
Cyberthreats
•Due to the nature of globally interconnected networks,
cyber attacks can be launched from anywhere in the world,
with rapid cascading effects in multiple jurisdictions.
•The extent of the cyber threat ranges from individuals and
organizations to national security.
•Estimates show that as few as 5% percent of
cybercriminals are caught and convicted.*
*Source: Mcafee: (McAfee North America Criminology Report - Organized Crime and the Internet 2007)
10
Cyberthreats
•Attacks against individuals often fall into two categories:
• malicious software
• social engineering.
•Malicious software attacks compromise home and small
business computers. Once infected, the malicious code
harvests personal data while the user is online.
•Social engineering attacks are aimed at home users and
try to trick them into revealing sensitive personal
information, such as bank logins and credit card details.
11
Cyberthreats
•Criminals are also targeting corporate networks to steal
information, usually financial data, held on customer
databases.
•Successful hacking attacks on businesses can yield huge
amounts of personal information which can then be easily
exploited.
•Since the possibility of attack is great and the volume of
attackers is essentially limitless, without a defensive
strategy, all users are potentially vulnerable over the
Internet to criminals worldwide.
12
Sophistication of Cybercrime
•Simple Unstructured: Individuals or groups
working with little structure, forethought or
preparation
•Advanced Structured: Groups working with some
structure, but little forethought or preparation
•Complex Coordinated: Groups working with
advance preparation with specific targets and
objectives.
13
Attack Sophistication vs Intruder Knowledge
HIGH
Zero-Day
Staged
Distributed Attack
Tools
Auto
Coordinated
Intruder Knowledge
WWW Attacks
Automated
Probes/Scanners
Cross Site
Scripting
Packet Spoofing
Scanners
Denial of
Service
Back Door
Exploitation
GUI Attacks
Audit Blocking
Sniffers
Session
Hijacking
Password
Cracking
Burglaries
A
c
tta
k
Stealth /
Advanced
Scanners
ic
t
s
hi
p
So
on
i
t
a
LOW
Vulnerability
Exploitation
Computer Virus
1980
1985
1990
1995
Source: Carnegie Mellon University
2000 and Beyond
14
Threats and Capabilities
Cyberwar
THREAT
Foreign Intelligence
Terrorists
Organized Crime
Competitors (Foreign & Domestic)
Organized Hacker Groups
“Hacktivists”
Real Hackers
Script Kiddies
CAPABILITY
15
Vulnerability Exploit Cycle
Automated scanning /
exploit tools developed
Widespread use of
automated scanning /
exploit tools.
Intruders begin
using new types of
Exploits
Novice Intruders use
crude exploit tools
developed
Crude exploit
tools developed
Intruder
discovers new
vulnerability
Source: Carnegie Mellon University
16
What is the nature of the threat?
Technical Threats
•
How IT systems are configured/deployed (Speed & Convenience vs.
security)
•
Some systems are highly vulnerable until the worst bugs in the
software have been reported and corrected, which creates a window
of opportunity for criminals to exploit these systems.
•
Blended Threats: Botnets/Malware/Viruses/etc
17
How is the threat evolving?
•
The race between criminals to exploit data/systems before security measures
protect it or law enforcement catches them.
•
Blended threats are expected to increase, especially within the following
areas:
- Exploitation frameworks and rootkits
- BOT-NETS, Trojan-Horse malicious code
- Increasingly Sophisticated Attacks
- Wireless devices
- Zero-day exploits
- ID-Theft (Phishing)
- “High-Yield” Investment Offers
18
How is the threat evolving?
•
Blended threats continued:
- Online “419” Schemes
- Electronic Billing Fraud
- Auction on Line/ Non Delivery of Goods
- Targeted Attacks
- Hackers
- Child Exploitation
- SCADA – Supervisory Control and Data Acquisition
- Exploit process/software vulnerabilities for cash
19
How is the threat evolving?
Financially Motivated Cyber Crime
•
Digital currency ( theft/layering stage of the money
laundering process)
• Legislation
• Anonymous
• Borders
•
Internet Payment Systems
•
Online Banking
•
Online Casinos
•
Pre-paid Credit Cards
20
Internal & External Drivers
• Emerging 3rd generation of convergent communications device
technologies
• Increased criminal use of Internet
• Increased public use of technology = increased demand for
analysis
•Enhanced use of security products & services
• Capacity/proliferation of devices with increasing storage
capabilities and continually shrinking electronic footprints
(encryption & compression)
• Development of new technologies (VHS vs. DVR)
21
Internal & External Drivers
• Complex tracking of identification and transactions
• Jurisdiction/Nonexistent or differing laws
• Speed of cooperation and information sharing
• Private sector concerns re privacy/shareholders/solutions
• Large scale investigations with multiple sites and suspects
which can also cross international boarders
22
MOST SUCCESSFUL TECHNIQUES
Sharing information between government agencies, the private sector
and the public
• Canadian Cyber Incident Response Centre (CCIRC)
• Cybertip.ca portal
• Phonebusters
• Strong networking / relationship building with our partners
• Leveraging partnerships maximizing potential/minimizing duplication
• NRCAN, Bell Security Solutions, ARIN
• Combining Efforts to Combat Cyber Crime
• Cyber Crime Council
• Locally, Provincially, Nationally and Internationally
• G8 – HTC Sub Committee, CACP E-crimes,etc
23
MOST SUCCESSFUL TECHNIQUES
• Focused Enforcement Strategies
• Integrated Policing
• Sharing of tools, techniques and/or best practices
• Enhancing our communications strategy – internal and
external
• Continuous development: employees, tools and
techniques
• Continuously look to the future to identify trends &
technology
• Prevention and Public Education
24
How can you help?
•Observe
•Identify
•Notify
•Partner
= positive impact
25
With ever increasing numbers, Canadians are
embracing the internet.
Only by working in partnership we can achieve
the goal of making the Internet a safe
community for Canadians.
26
Insp. Carole Bird
OIC Program Management Support Services
Technological Crime Branch
Royal Canadian Mounted Police
(613)990-1353
Carole.Bird@rcmp-grc.gc.ca
Download