Best Practices and Enforcement in Cybersecurity

advertisement
Best Practices and Enforcement in Cybersecurity:
Legal, Institutional and Technical Measures
Mohamed CHAWKI, Ph.D.
© 2011
1
About the speaker






Senior Judge in Egypt.
Advisor to the Minister of Military Production.
Former advisor to the Chairman of Securities and Exchange
Commission. Egyptian Regulator of the Exchange.
Holds a Ph.D. in Law from the University of Lyon III in France, for a
dissertation on the legal framework to fight cybercrime and to protect
data exchange in both Europe and the USA.
My domain of interest covers: cybercrime, data protection and national
and security.
Founder and Chairman of the French Association of Cybercrime
Prevention (AILCC).
2
International Association of Cybercrime Prevention
www.cybercrime-fr.org




Not – for profit organization located in Paris, with 12
chapters worldwide to increase the awareness against
cybercrime.
We have organized 4 international conferences on
cybercrime and information security in: Egypt (2008), Brazil
(2009), Lebanon (2009), and the US (2010) and 3 regional
conferences in Egypt, South Africa and Morocco.
We have organised more than 20 seminars and workshops
on cybercrime.
Our next international conference takes place in Australia in
December 2011, and next regional conference takes place
in Malaysia next May 2011.
3
Introduction to Cybercrime

Cybercrime refers to a broad range of illegal activities
perpetrated through cyberspace by means of
information and communication technologies (ICTs).

Depending on the role played by technology, other
distinctions can be made:
Old crimes can be committed by new tools
(Espionage, Identity theft, Terrorism)
New tools can make new crimes possible
(Botnets, Phishing, hacking, etc)
-
-


A growing and evolving form of crime.
Cost estimated at $ 100 billion annually.
4
Parker’s Definition of Cybercrime
“…any intentional act where a victim suffered or could
have suffered a loss, and a perpetrator made or
could have made a gain and is associated with
computers”
- Parker presents three categories of cybercrime:



A computer as the target of a crime
(Trespass, Malicious Code, Dos Attacks)
The computer used as a tool for conducting a crime
(Theft, Fraud, Child pornography)
The computer is incidental to the commission of the crime
(Blackmailers or Drugs dealers)
5
Cybercrime Vs. Real World Crime
Theft
Physical Space Theft: Possession of property
shifts completely from the victim to the
offender.
Cyberspace Theft: Property is copied, so both the
offender and the victim have the property.
6
Copying as Theft
Randal L. Schwartz, former programming
consultant for Intel.
In July 1995, he was charged with
computer theft for copying a password file.
Claimed it wasn't theft because Intel still
has the passwords.
On September 11, 1995, he was
sentenced to several years’ probation, a
fine of US $ 68,000 and left to pay about
US $ 170, 000 in personal legal bills.
7
Cyberspace
“Growing Opportunities for Crime”

1. 96 billion surfers on Internet (June 30, 2010)

6 Trillion Web pages accessible on Internet

2.2 Billion Google searches/month

12% of all global trade now happens online

US$ 240 million from global cyber-crime
8
Africa Top 5 Internet Countries





Nigeria: 43,982,200 Internet users,
28.9% of the population.
Egypt: 17,060,000 Internet users,
21.2% of the population.
Morocco: 10,442,500 Internet users,
33.4% of the population.
South Africa: 6,800,000 Internet
users, 13.8% of the population.
Algeria:4,700,000 internet users,
13.6% of the population.
9
10
Cyber Security – Why is it an Important Issue?
Although the threats in cyber space remain by
and large the same as in the physical world (ex.
fraud, theft and terrorism), cyber threats are
different due to 3 important developments:

Automation has made attacks more profitable.

Action at a distance is now possible.

Attack technique propagation is now more
rapid and easier.
Cybercrime and National Security
*
In security matters, there is nothing like
absolute security.
*
We are only trying to build comfort levels,
because security costs money and lack of it
costs much more.
*
Comfort level is a manifestation of efforts as
well as a realization of their effectiveness &
limitations.
Recent studies reveal three major findings

Growing threat to national security - web espionage becomes
increasingly advanced, moving towards well-funded and wellorganized operations aimed at not only financial, but also political
or technical gain

Increasing threat to online services – affecting individuals and
industry because of growth of sophistication of attack techniques

Emergence of a sophisticated market for software flaws – that
can be used to carry out espionage and attacks on Govt. and
Critical information infrastructure. Findings indicate a blurred line
between legal and illegal sales of software vulnerabilities
Computer-Related Risks and the National
Infrastructures
14
Why ?

Imagine if…
 On 9-11, the last image
people saw on their TVs
was
the
World
TC
collapsing and then the
phones went dead and the
power grid failed

Imagine if…
 On 9-11, after the initial
attacks, as all flights were
grounded, those planes
still in the air could not
land because of a series of
attacks on the air traffic
control system
15
Top Emerging National Security Cyber Threats
Cyber Terrorism
 Botnets
 Cyber Espionage
 Cyber attacks against financial
services:
A - Phishing
B - Identity Theft

16
- Cyber Terrorism -

Definition:
“Politically motivated, attacks against
information, computer systems, computer
programs and data which results in
violence against non-combatant targets
by sub-national groups or clandestine
agents”
(FBI)
17
Terrorist Cyber Capabilities


-
-
-
The FBI reveals various
reports about activities of
terrorist organizations in the
Internet
Main activities:
Research
Publishing Information
(recruitment)
Communication between
members of terrorist groups
Terrorist financing and money
laundering

AL QAEDA TRAINING MANUAL
“Using public sources openly and
without resorting to illegal means,
it is possible to gather at least
80% of all information required
about the enemy”
18
Objectives of Cyber Attacks
-
Loss of Integrity
Loss of Availability
Loss of Confidentiality
Physical Destruction
19
- Botnets - Compromised computers that
run under a common control
structure
- Botnet was started from the IRC
bots and computer virus/worm.
- Elements of a botnet are:



Zombies (bots)
IRC control channels
Botmaster
The Threat from Botnets




Functions
 Email senders
- Spam, phishing, virus
 DOS attacks
Rented out for $300 to $700 per hour
Over 10,000 botnets become active each day
(Symantec)
It has been estimated that up to one quarter of all
personal computers connected to the internet may
be part of a botnet (BBC, 2007).
21
- Cyber Espionage 
This act involves the unauthorized probing to test a target
computer’s configuration or evaluate its systems defenses
or the unauthorized viewing and copying of data files.

U.S. counterintelligence officials reportedly have stated
that about 140 different foreign intelligence organizations
regularly attempt to hack into the computer systems of U.S.
government agencies and U.S. companies.

The Internet, including satellite links and wireless local
networks, now offers new, low cost and low risk
opportunities for espionage.
22
Echelon

Echelon was reportedly set up in 1971 as an electronic
monitoring system during the Cold War. EuropeanUnion member Britain helps operate the system, which
includes listening posts in Canada, Australia, and New
Zealand. Echelon is described as a global spy system
reportedly capable of intercepting wireless phone calls,
e-mail, and fax messages made from
almost any location around the world.

Some government officials warn that criminals now sell
or rent malicious code tools for cyber espionage, and
the risk for damage to U.S. national security due to
cyber espionage conducted by other countries is great.
23
- Phishing


Scam to steal valuable information such as
credit cards, social security numbers,
user IDs and passwords.
Also known as "brand spoofing"
Official-looking e-mail sent to potential
victims :
 Pretends to be from their ISP, retail store, etc.,
 Due to internal accounting errors or some other pretext, certain
information must be updated to continue the service.
24
Technology
To update your account information and start using our services please click on the link below
http://wed.da-us.citibank.com/cgi-bin/help_desk/verify.asp
25
Technology
26
Statistics…



The number of unique phishing email reports received by APWG from
consumers and reporting partners in June 2010 is 33,617.
The country hosting the most phishing websites is the US.
The percentage of computers infected with banking trojans and
password stealers rose to 17 percent compared to last year.
Source: APWG
27
- Identity Theft 



-
Is the use of other individuals’ information
to create a new identity and accounts.
Is now # 1 reported crime to the Federal
Trade Commission.
ICTs improvements make check and
credit fraud easier.
Oct. – Feb. is peak time for fraud:
Holidays are high time to spend for us.
Holidays are high transaction volume for merchants.
28
Mechanisms of Cyberspace Identity Theft





Cyber-Trespass
Phishing Websites
Spywares
Malicious Applications
Spoofing
29
How do Thieves Use The Stolen Data?
-
-
-
-
-
Producing and using counterfeit checks
under your name or an employer’s
name.
Securing a driver’s license with their
photograph but in your name.
Opening a bank account and writing
checks.
Obtaining loans.
Assuming the Identity of another person.
30
Why do Cyber attacks are so Successful?
We face many challenges:




Anonymity of offenders.
Choosing the appropriate
jurisdiction.
Search and seizure of digital
evidence.
Logistical and practical barriers.
31
National Legal Framework on Cybercrime
Source: www.cybercrimelaw.net
-
Some countries have specific cybercrime laws.
Some countries do not have specific cybercrime laws.
Some countries are debating the adoption of cybercrime laws.
Region
No. of Countries
Countries with Cybercrime Laws
Africa
52
6
Asia
44
23
Europe
46
36
North & Central America
23
5
Oceania
12
2
South America
12
5
32
The Republic of Botswana


A)
B)
C)
D)
E)
F)
Adopted Cybercrime and Computer Crime Related Act of 2010.
This law prohibits:
Unauthorized access to computer system.
Unauthorized access to computer service.
Access with intent to commit an offence.
Unauthorized interference with data.
Interception of data to facilitate another offence.
Cyberfraud.
33
South Africa


A)
B)
C)
Law No. 25 of 2002 entitled “Electronic Communications and
Transactions Act” , was adopted in 2002.
Articles 85 – 89 prohibits:
Unauthorized access to computer system.
Data interference.
Fraud by computer.
34
Algeria




Adopted a new law of 19 articles in July 2009 to
fight cybercrime.
Articles 3, 4 and 7 give the state powers to censor
Internet content and prosecute cases when that is
required.
Articles 10 and 11 require “Internet service
providers” to store all communications and
identifying information for a minimum period of one
year.
Articles 13 and 14 introduce a new body for
combating cybercrime.
35
Republic of Senegal


A)
B)
C)
D)
Adopted law no. 2008 – 11 on cybercrime.
Articles 431 – 7 to 431 – 65 prohibit:
Illegal acts against computer systems.
Illegal acts against personal data.
Child pornography offences.
Illegal use of computer service.
36
Zambia

In 2004 , The Computer Misuse and Crimes law,
was passed in Zambia:
A)
One of the offences is unauthorised access to
computer data.
The second offence is that of access with intent
to commit offences.
Other offences include unauthorised modification
of computer material, damaging or denying
access to computer system, unlawful possession
of devices and data Electronic fraud.
B)
C)
37
Mauritius


A)
B)
C)
D)
E)
F)
G)
The Computer Misuse and Cybercrime Act was adopted in
2003.
The main offences mentioned in this law are:
Unauthorised access to computer data.
Access with intent to commit offences.
Unauthorised access to and interception of computer service.
Unauthorised modification of computer material.
Damaging or denying access to computer system.
Unauthorised disclosure of password.
Electronic fraud
38
Egypt


A)
B)
C)
D)
Didn’t enact specific legislations to fight cybercrime.
Some laws may be used to fight cyber offences like:
Intellectual property law no. 82 – 2002
Electronic signature law no. 15 – 2004
Telecommunications law no. 10 – 2003
Child law no. 12 - 2006
39
---Regional level--
OHADA
“
The
Organisation
Harmonozation of Business Law”:
-
Exchange of information between member
countries.
Organize workshops to exchange experience
between member states.
Participate with the African Union to fight
cybercrime.
-
-
for
the
40
International Convention on Cybercrime

The Convention on Cybercrime is the first international
treaty seeking to address Computer crime and Internet
crimes by harmonizing national laws.

The following offences are defined by the Convention:
illegal access, illegal interception, data interference,
system interference, misuse of devices, computerrelated forgery, computer-related fraud, offences related
to child pornography and offences related to copyright
and neighbouring rights.

Opened for signature on 23/11/2001.
Number of ratifications: 30
Number of signatures not followed by ratifications: 16


41
Issues for the Future





Increase the awareness about changing threats
due to the growing technical skills of extremists
and terrorist groups.
Develop more accurate methods for measuring
the effects of cybercrime.
Help to determine appropriate responses by law
enforcement to cyberattacks.
Explore ways to increase security education and
awareness for businesses and home PC users;
and
Find ways for private industry and government to
coordinate to protect against cyberattacks.
42
Download