Cybercrime Overview
2005
Cyber-crime in 2005
Objectifs du panorama:
To assess the emergence of new risks and determine
current trends in existing risks
To put into perspective those incidents which have gained
a certain degree of notoriety
To look on hi-tech crimes in the same light as more
traditional felonies
Selection made by a mixed workgroup (insurance agent,
lawyer, journalist, law-enforcement officers, goods and
services providers, CISO).
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
2
Cyber-crime in 2005
Selection of media events
Illustration
z of an emergence,
z of a trend,
z of a volume of incidents.
Individual case
z Impact ou stakes,
z Textbook example.
All rights reserved for images and content
All information used herein has come from open sources,
Some companies are cited out of concern for accuracy and because their names have already appeared in the media
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
3
Cyber-crime in 2005
Recap of the 2004 overview
0 Data theft : source codes and data bases
0Theft of Microsoft code source
0 Blackmail - extortion - Internet racketering
0Pgpcoder and file hostaging
0Cyberterrorism: what are we talking about ?
0«Indirect Financing » by the usurpation of
telephone numbers
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
4
Cyber-crime in 2005
Recap of the 2004 overview
0Threats to mobility: GSM, VoIP, WiFi…
0Sporadic outlines throughout the
world (ex. Helsinki games)
Recap of the 2003 overview
0Phishing: Three impostures in one
0Technological evolutions: pharming
0Greater targets: distribution, eBay,
Google, USAF…
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
5
Cyber-crime in 2005
Some references
Source code theft :
Connecticut Man Pleads Guilty in U.S. Court to Selling Stolen
Microsoft Windows Source Code, DOJ NYC, 29/08/2005
•
Blackmail - extortion - Internet racketering :
Les escrocs se mettent à la prise de fichiers en otage, 01net,
03/06/2005
Nouvelle menace sur Internet : des fichiers d'ordinateur pris en
"otages ", AP 24/06/2005
Apparition d'un nouveau virus rançonneur, AFP, 01/06/2005
•
•
•
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
6
Cyber-crime in 2005
Some references
CyberTerrorism :
http://www.theregister.co.uk/2005/12/19/terror_phone_clone_scam/
Terrorists Turn to the Web as Base of Operations, Washington Post,
07/08/05
Threats to mobility :
Commwarrior, le premier virus qui se propage par MMS, ZDnet
09/03/2005
Helsinki : un virus attaque les mobiles au stade olympique!
Silicon.fr
11/08/2005(http://www.silicon.fr/getarticle.asp?ID=10996)
•
•
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
7
Cyber-crime in 2005
Some references
Phishing :
Phishers target Yahoo Instant Messenger
(http://news.com.com/Phishers+target+Yahoo+Instant+Messenger/21007349_3-5634007.html)
Phishing : alertes sur des banques françaises
(http://www.silicon.fr/getarticle.asp?ID=11049)
La FIFA, victime d'une attaque par phishing, PCinpact,28/09/05
Dangers of phishing and pharming, The Telegraph, 24/10/2005
Phishing sous Paypal, PCINpact, 08/11/2005
Supermarkets next in line for phishing attacks
(http://www.theregister.co.uk/2005/03/14/supermarket_sweep/)
Pharming protection for Internet users, Out-Law News, 22/04/2005
EBay users hit by mass phishing attacks, vnunet, 03/01/2006
•
•
•
•
•
•
•
•
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
8
Cyber-crime in 2005
Overview 2005
0 Underground economies: bots, keyloggers,
rootkits
0Economical espionage: envy-greed
0 Loss and theft of data: the risks of identity
theft
0 Harassment to the point of physical violence
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
9
Cyber-crime in 2005
The underground economy
Synopsis
• The persistency of bots
• The vitality of conventional Trojan horses
(backdoors & keyloggers…)
• The comeback of rootkits
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
10
Cyber-crime in 2005
The persistency of bots
Reminder
Bots
are harmful programs allowing the remote takeover of
vulnerable machines in order to form a hidden attack network
(or botnet).
To infiltrate, a bot uses traditional methods; it can be
deposited on the target by:
z
z
z
z
An e-mail (spam),
A worm or virus,
A trojan horse,
Another bot already active on the machine.
It can have its own propagation module and exploit:
z
z
z
CLUSIF >
A weakness,
Open shares,
Weak or inexistant passwords.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
11
Cyber-crime in 2005
The persistency of bots
Reminder
Each bot is created with a precise
aim or goal.
We can find somewhere between 25
and 50 new ones each day!
The robot carries out its task silently
on each pirated system and is
connected automatically to a
predetermined IRC to join its botnet.
Each pirated system can
consequently be controlled remotely
by its originator or those who “rent”
its services,
It seizes information,
It takes part in grouped DDoS
attacks ,
It will be used as a relay for
Spamming and/or phishing,
In 2005, it was also largely used in
diffusing adwares.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
Diagram from the document: Work station safety:
Botnet, Alain Hugentobler
12/01/2006
12
Cyber-crime in 2005
The persistency of bots
Examples
October 2005: The Dutch police arrested 3 men suspected of
controlling a network of 100.000 computers. They were
proposing to conduct DDoS attacks and were interested in the
PayPal and Ebay accounts of their victims.
November 2005: A group of pirates based in the Middle East
managed to take control of 17,000 computers.
November 2005: In the United States, a man is held without
possibility of bail. Between June 2004 and August 2005, he
rented robot networks intended to diffuse spam or conduct
DDoS attacks. The man was also remunerated to diffuse
adwares. It is estimated that he thus able get his hands on
more than 400,000 computers .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
13
Cyber-crime in 2005
The persistance of bots
USA
August 2005
z
180solutions files a complaint against seven of its associates for having
diffused its adwares without consent. The company also denounced the illegal
actions of people in Great Britain, Australia, Canada, Lebanon, Slovenia and
Holland.
z
All these people have been designated to the FBI .
The lawsuit alleges that the defendants -- Eric de Vogt of Breda, the Netherlands; Jesse
Donohue of South Melbourne, Australia; Khalil Halel of Beirut; Imran Patel of Leicester,
England; Zarox Souchi of Toronto; Youri van den Berg of Deventer, the Netherlands; and
Anton Zagar of Trbovlje, Slovenia -- used botnets to install 180Solutions' software. The
company has notified the FBI about its findings, but an FBI spokesman declined to say
whether the agency was investigating the claims.
z
In order to increase their earnings (between 7 and 50 cents per installation),
they used botnets. According to experts, a network of 5000 machines provided
an income of $744 per day or $22,346 per month.
z
180solutions thus acknowledges having remunerated for a total of
$60,000 those unscrupulous associates.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
14
Cyber-crime in 2005
The persistance of bots
Holland
October 2005
z
z
z
Early October, the Dutch police arrest three young people (19, 22
and 27 years) accused of having infiltrated 100,000 computers to
take control of them using a virus called “Toxbot”.
They are accused of hacking, data destruction and diffusion of
adwares and spywares.
15 days later, the police announce that the trio had more than 1,5
million computers and servers under their control.
November 2005
z
z
CLUSIF >
The company 180solutions stated being a key witness in this case. It
accuses the three of leading - at their expense DDoS attacks after
they decided to end their affiliation which bound them to those
individuals.
Whereas 180solutions is doing everything possible to improve its
public image by self-imposed interdiction of diffuse products without
user consent, it continues to file complaint against firewall
companies, such as ZoneAlarm (Zonelabs) for commercial prejudice.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
15
Cyber-crime in 2005
The persistance of bots
#Botz4sale (alias Jeanson James Ancheta)
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
16
Cyber-crime in 2005
The persistance of bots
#Botz4sale (alias Jeanson James Ancheta)
July 2004
z It all started with creation of an alternative version of
“rxbot”,
z The first sales were aimed at spamming and DDoS attacks.
August 2004
z Optimizing sales, each botnet is limited to 2000 machines.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
17
Cyber-crime in 2005
The persistance of bots
#Botz4sale (alias Jeanson James Ancheta)
August 2004 to October 2004
z Installation, with an accomplice, of an adwares diffusion
system via contaminated machines. The suspect becomes the
associate of several commercial companies which start to
remunerate their work
z Adwares are modified without the permission of the editing
companies in order to facilitate their spread.
z Government sites will soon be “infected”.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
18
Cyber-crime in 2005
The persistance of bots
#Botz4sale (alias Jeanson James Ancheta)
November 2004 to April 2005
z
CLUSIF >
The distribution system is very effective, and the money is coming in
on a regular bases.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
19
Cyber-crime in 2005
The persistance of bots
#Botz4sale (alias Jeanson James Ancheta)
November 2005
z Jeanson James
Ancheta is arrested,
and pleads guilty. 17
counts of indictment
are held against him:
conspiracy, money
laundering, code
transmission to a
government
computer,
unauthorized access
to a protected
computer, fraud… He
could get up to 50
years in prison.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
20
Cyber-crime in 2005
The persistance of bots
Conclusions
• The use of malevolent programs in the diffusion of
adwares is not limited to these examples,
• For unscrupulous people, it is a means of earning
easy money,
• For the advertising companies, it's a new attack on
their public image,
• A few days after the appearance of the vulnerability
concerning WMF images (December 27, 2005),
more than 6 Internet sites used this means to
diffuse adwares.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
21
Cyber-crime in 2005
The underground economy
The persistance of bots - References
„Computer virus broker arrested for selling armies of infected computers to hackers and
spammers
http://www.usdoj.gov/usao/cac/pr2005/149.html
http://www.usdoj.gov/usao/cac/pr2005/Botnet_Indictment.pdf
„Adware Firm Accuses 7 Distributors of Using 'Botnets'
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/16/AR2005081600727.html
„Un adware témoin clé du FBI dans l'affaire botnet
http://fr.news.yahoo.com/07112005/308/un-adware-temoin-cle-du-fbi-dans-l-affairebotnet.html/
„Botnet operation controlled 1.5m PCs
http://www.vnunet.com/vnunet/news/2144375/botnet-operation-ruled-million
„Cops Smash 100,000 Node Botnet, Botnet Army Disarmed
http://www.governmentsecurity.org/forum/index.php?s=0ab4deb7fc036ad7ef7ce5165b859bfd&showtop
ic=16795
„Instant Messenger RootKit Worm Tied to Worldwide Bot Network Controlled by Group in Middle
East
http://www.facetime.com/pr/pr051117.aspx
„Un pirate au virus détenu sans caution aux États-Unis
http://www2.canoe.com/techno/nouvelles/archives/2005/11/20051109-103854.html
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
22
Cyber-crime in 2005
The underground economy
Synopsis
• The persistance of bots
• The vitality of conventional Trojan horses
(backdoors & keyloggers…)
• The comeback of rootkits
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
23
Cyber-crime in 2005
The importance of Trojan horses
Reminder
Yesterdays Trojan horses are still in fashion:
z The
backdoor: program secretly implemented on a machine,
allowing its originator to remotely access a computer.
z The keylogger or password stealer: dissimulated on the
computer of its victim, the program seizes some strikes on
the keyboard and collects the names of the user, the
passwords and personal and sometimes confidential
information. The data is then returned and employed for
fraudulent use. There exist material solutions also .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
24
Cyber-crime in 2005
The importance of Trojan horses
Michaël and Ruth Haephrati
•Discovered in 2005, the
•
•
•
swindle lasted more more
than a year.
Each target was the subject
of an attack through a single
Trojan horse created for this
reason.
The antivirus was ineffective
(at the time of the facts)
because the program did not
circulate on the web.
The Trojan horse was sent by
e-mail or was integrated into
CD containing an imaginary
commercial proposal .
• Once installed, and in exchange for 3000€, the originator
provided to his customer an IP address, the user name and a
password so that they could access the PC of the victim.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
25
Cyber-crime in 2005
The importance of Trojan horses
NISCC statement
An attack of an
unprecedented scale struck
during several days the dataprocessing networks of the
UK. According to the first
estimates made by the
National Infrastructure
Safety Coordination Center of
Briton (NISCC), nearly 300
vital key sites were the target
of viral attacks via the
Internet and emails.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
26
Cyber-crime in 2005
Another sort of keylogger
Sumitomo Bank
•In March 2005, we discover
that the London offices of the
Japanese bank Sumitomo have
been, for several months the
target of a gang of pirates.
• Initially, it is imagined that
they used a keylogger software of
which there are thousands.
A few days later, it was
discovered that this keyboard
sniffer was a material solution
like so many others on the
market.
•
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
27
Cyber-crime in 2005
Another sort of keylogger
Material solutions of the trade
• Memory flash of 64 KB to 2 Mb,
• Undetectable by software,
• Transparent for the operating system of the
target machine,
• Once the equipment is recuperated, the
•
•
CLUSIF >
reading is done starting from a PC Windows
9x/Me/XP or 2000.
Prices vairy: between $20 to $200
depending on their capacity,
Possibility of purchasing the diagram and
the material in order to make it yourself.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
28
Cyber-crime in 2005
The importance of Trojan horses
Conclusions
• The attacks are (and they will be) more and more
•
•
precise. They will be aimed at a company, a group
of directors or a single person.
Even if generic detections are increasingly
effective, if a program is created specifically for a
certain target, it is likely to pass unnoticed.
Let's remain vigilant as far as “material” type
solutions of espionage are concerned.
Concentrating too much on supervising our
software environment, we run the risk of becoming
likely to forget our material environment.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
29
Cyber-crime in 2005
Underground economy
The importance of Trojan horses - References
„Economic espionage on a large scale in Israel thanks to a Trojan horse
http://cyberpolice.over-blog.com/archive-6-2005.html
„21 people, including top executives, held in unparalleled industrial spying affair
www.haaretz.com/hasen/spages/581819.html
„UK court approves extradition of Trojan Horse couple
seclists.org/lists/isn/2005/Aug/0127.html
„Trojans tackle her Majesty networks
http://rfi.fr/actufr/articles/066/article_36923.asp
„NISCC Briefing 08/2005 – Issued 18 June 2005
Targeted Trojan Email Attacks
http://www.niscc.gov.uk/niscc/docs/ttea.pdf
„Mission Impossible at the Sumitomo Bank
http://www.theregister.co.uk/2005/04/13/sumitomu_bank/
„Digital highwaymen
http://www.futureintelligence.co.uk/modules.php?op=modload&name=News&file=article&sid=49&mod
e=thread&order=0&thold=0
„KeeLogger, a keylogger for PS2 keyboards
http://www.pcinpact.com/actu/news/KeeLogger_un_keylogger_pour_clavier_PS2.htm
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
30
Cyber-crime in 2005
Underground economy
Synopsis
• The persistance of bots
• The vitality of conventional trojan horses
(backdoors & keyloggers…)
• The comeback of rootkits
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
31
Cyber-crime in 2005
Rootkits
Reminder
Rootkit : Program allowing to make another program completely
furtive by making them invisible (the program and its rootkit) to
security software such as an antivirus program. In all cases, the goal is
to prevent the user from perceiving information indicating the presence
of clandestine activities on his computer .
It makes, the files, the procedures and network connections of the
hacker invisible.
They are difficult for antiviruses to detect. Hence the need to detect
them before they are installed
The term rootkit comes from the Unix and Linux programs, where they modify the kernel syscalls (communications between
the kernel (core system) and applications).
The rootkits have been in existence for several years. The Chkrootkit project dedicated to the development of a detection tool
for Linux platforms, *BSD, Solaris and HP-UX was started in 1997.
In the world of Windows, Gred Hoglund acts as precursor in this field. He demonstrated in 1999 the capacities of his
program NT Rootkit. Such programs were already found in 2002 (Slanret, IERK and Backdoor-ALI).
This year I decided to focus on this phenomenon, because it's becoming wide spread and more and more complex.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
32
Cyber-crime in 2005
Rootkits
Evil or commercial objectives
They allow a better furtivity for already known
malicious programs (bots, password sniffers,
hidden doors…),
Commercial companies use the concept as a hidden
tool and the underground world benefit from it:
z rootkit - adware,
z Sony BMG.
Doubtful organizations are selling rootkits on
Internet.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
33
Cyber-crime in 2005
Rootkits
The technique
Usermode
z Diversion of call tables to
certain standard functions.
z The code carries out the
requested function but
modifies the data received.
Kernel mode
z Diversion of the
description table of the
server addressing certain
API systems.
z The API which is carried
out is no longer the
standard API, but a pilot
associated with a
configurating file
containing the hidden
data or that which we
want to prohibit access.
Usermode : Elitebar/SearchMiracle
Kernel mode : CommonName, ISearch
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
34
Cyber-crime in 2005
Rootkits
The TOP-10 (*)
# 1 : FURootkit
z It's propagated via botnets,
z #5 since January 2005, #3 in October 2005
# 2 : IsPro
z Unknown to the general public but quite present all the
same,
z #7 since January 2005, #15 in October 2005
# 3 : Hacker Defender
z Distributed as a “commercial product”
# ?? : SONY BMG (DRM-rootkits - Digital Rights Management)
(*) Statistics resulting from the increase made by MSRT (Malicious Software
Removal Tool) from Microsoft for Windows 2003, Windows XP or Windows
2000
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
35
Cyber-crime in 2005
Rootkits
Example: on line sale of « hacker defender »
• Antivirus protection
• Antivirus support 6
months
• Source code
• Internal inifile
• Logoner
• Antidetection engine
• Antidetection engine
6 months
Price:
Price: 900€
900€
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
36
Cyber-crime in 2005
Rootkits
Example: on line sale of « hacker defender »
We were talking about them already in 2002,
(http://www.vulnerabilite.com/actu/20020308151752rootkit_windows.html)
Today the site proposes pay versions (between 600 and 900 €)
for subscriptions with updates ensuring the buyer an
undetectability by security software (licenses for 1, 2 or 6
months),
If W32/HackDef is present on a machine, it generally masks
other potentially undesirable software present on the
computer (adwares/spywares).
To find the name of the software hidden by W32/HackDef, we need to
search the rootkit host directory for the configuration file with the .ini
extension. By opening this file, we can determine the software that
Win32/HackDef is hiding on the computer.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
37
Cyber-crime in 2005
Rootkits
Example: SONY BMG - DRM
Digital Rights Management (DRM)
z eXtended Copy Protection (XCP)
z Announced publicly on: 31 October 2005
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
38
Cyber-crime in 2005
Rootkits
Example: SONY BMG - DRM
3 November 2005, Sony indicates that the system has
existed for approximately 8 months. They propose
detection and desinstallation tools.
z Various weak points are revealed.
z Rootkits are being used by the underground world (to
get around the anti-cheat system of the on line role
playing game - World of Warcraft)
z This rootkit is now detected by anti-virus programs
z
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
39
Cyber-crime in 2005
Rootkits
Detection
SysInternals proposes a freeware called« RootkitRevealer »:
z It carries out a first passover which consists of obtaining
a list of all the files on the hard drive using the normal
Windows API
z Then a second pass is carried out, where it makes a new
list of files by reading the contents directly from the
disc, without passing by Windows API.
z The comparison of the two makes it possible to highlight
the hidden files (files which are legitimate or not).
Other tools or utilities:
z BlackLight, UnHackMe, Attack Tool Kit (ATK – OpenSource – GPL), RKDetector, Process Guard, Anti Hook,
z HijackThis, Ekinx, CodeStuff Starter
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
40
Cyber-crime in 2005
Rootkits
Detection
Anti-virus programs will be (are) the good solution too:
z Current research shows that it is possible to implement
generic detections.
z For the time being, the best technique of detection is
searching for programs hidden in computer memory.
z It will undoubtedly always be necessary for the rootkit to
wait until the machine reboots in order to function. It is
at this moment that it needs to be detected.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
41
Cyber-crime in 2005
Rootkits
Conclusions
• We will be talking about rootkits again in 2006 !
• The fear is that some rootkits - those the most malevolent remain undetected for a certain amount of time.
• Undetected, not because of a technical impossibility, but
simply owing to the fact that they will have not yet been
identified.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
42
Cyber-crime in 2005
The criminal element
Rootkits - References
„Techniques of adwares and spyware
Eric Chien - Conférence Virus Bulletin de 2005
„Les fonctionnalités des rootkits et comment les contrer (Alexey Monastyrsky, Konstantin
Sapronov, Yury Mashevsky - Analyste Virus, Kaspersky Lab).
http://www.viruslist.com/fr/analysis?pubid=167948065
„Sony, Rootkits and Digital Rights Management Gone Too Far (Mark's Sysinternals Blog)
http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html
„More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home (Mark's Sysinternals Blog)
http://www.sysinternals.com/blog/2005/11/more-on-sony-dangerous-decloaking.html
„The Hacker Defender Project (Holy Father)
http://hxdef.czweb.org/
„Les Rootkits Windows de plus en plus sophistiqués (2002)
http://www.vulnerabilite.com/actu/20020308151752rootkit_windows.html
„Le contrôle d’intégrité et ses limites (actes du symposium SSTIC05, Cyril Leclerc, ARSeO)
http://actes.sstic.org/SSTIC05/Limites_du_controle_d_integrite_classique/SSTIC05-articleLeclerc-Limites_du_controle_d_integrite_classique.pdf
„RootkitReleaver (SysInternals Freeware)
http://www.sysinternals.com/Utilities/RootkitRevealer.html
„"RootkitRevealer" : la riposte aux "rootkits" Windows (CERT-IST)
http://www.certist.com/fra/ressources/Publications_ArticlesBulletins/Environnement_Microsoft/RootkitRevealerl
ariposteauxrootkitsWindows/
„Le rootkit de Sony permet aussi de tricher sous WoW !
http://fr.news.yahoo.com/04112005/308/le-rootkit-de-sony-permet-aussi-de-tricher-sous-wow.html
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
43
Cyber-crime in 2005
Overview 2005
0 Underground economies: bots, keyloggers,
rootkits
0 Economic espionage: envy-greed
0 Loss and theft of data : the risks of identity
theft
0 Harassement to the point of physical violence
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
44
Cyber-crime in 2005
Economic espionage: envy-greed
Several cases of economic espionage supposed or
proven made the news in 2005.
z
z
CLUSIF >
The facts:
• Hacking of Ericsson in Sweden (judged)
• Transmission of trade secrets to competitors in
the United States (accusations)
• Valéo case in France: (instruction not yet
finished at the time of the edition of this
document)
• Case of espionage with a Trojan horse in the
United Kingdom and Israel: concerning several
countries, case in progress.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
45
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z Sweden: in April 2005, a Hungarian dataprocessing consultant is condemned to 3 years
in prison for industrial espionage. He's
appealing his judgment.
Between March 2002 to June 2004, he made
his way into the information processing
systems of Ericsson and accessed information
fraudulently. One of the criminal charges
against him is the unauthorized detention of
secret information.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
46
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z According to the Swedish media, he had
gotten his hands on the user names and their
passwords, and had also seized encrypted
information, source codes used in Ericsson
mobiles, and secret military data. The Swedish
Defense Ministry being one of the customers of
Ericsson.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
47
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z Still according to the Swedish media, the
pirate explained that actually he just wanted
to show the weak points in the security
systems of Ericsson and to obtain employment
with the company. But the judge did not
believe his story, suggesting instead that he
had another idea: that of selling to the highest
bidder on the Internet the data which he had
obtained, and that if he sought employment
them he should have contacted the company
to propose his candidature .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
48
Cyber-crime in 2005
Economic espionage: envy-greed
z
The facts (continued):
z USA: in 2005, the former IT director of
Lightwave Microsystems pleads guilty to
having offered to a competitor, data containing
manufacturing secrets of his employer.
He admitted to having stolen the dataprocessing backups with the information that
he intended to resell to the competitor. In an
unusual turn of events, the competitor he
contacted, JDS-Uniphase, had warned the FBI.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
49
Cyber-crime in 2005
Economic espionage: envy-greed
z The facts (continued):
USA : in 2005, a 3rd corporate official from BES
(Business Engine Software Corporation), this one
the former chairman, admits having planned the
hacking of a competitors (NiKU) information
processing system.
z During 10 months, data from NIKU would thus
have been copied and broken down at BES, to
profit from it .
z
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
50
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z It's during an on line training course organized by
NIKU via a specialized Web site that the intrusion
would have been made .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
51
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z France (April 2005): case in progress, the person
accused is presumed innocent at the time when
this document is published.
z The automobile parts supplier Valeo filed a
complaint .
z A Chinese trainee in the company is suspected of
having copied data to her personal hard drive.
z She is arrested at the end of April 2005 and
held in jail for 53 days.
z The AFP (Agence France Press) reveals this case
in a dispatch which announces the imprisonment
of the girl “suspected of industrial espionage”.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
52
Cyber-crime in 2005
Economic espionage: envy-greed
z
CLUSIF >
The facts (continued):
z
A complaint is filed for fraudulent access to an
automated data system, and breach of trust.
z
According to the information published by various
media, the young trainee is alleged to have taken
the data home with her.
z
The young woman explained to the press that she
copied the data for her thesis.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
53
Cyber-crime in 2005
Economic espionage: envy-greed
z
The facts (continued):
• In an interview published on June 21, 2005 by
the daily newspaper Libération, the young woman
explains to the journalist who asks her: Why did
you copy Valeo files to your portable hard drive?
“To prepare my thesis. At school, the students
are all so used to bringing their hard drives that I
did the same thing in the corporate environment.
For us, it's all very natural. ”
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
54
Cyber-crime in 2005
Economic espionage: envy-greed
z
The facts (continued):
• In the same interview for Libération, she explains
that she downloaded the files to sort them out at
her home.
• Speaks of 30 or 40 files
• Indicates that she had access to all the files on
the Intranet and that she did not think that it was
confidential.
• Explains having erased data from a Valeo PC for
lack of space.
• Whatever the out come of this case, it raises the
question of IT security in companies.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
55
Cyber-crime in 2005
Economic espionage: envy-greed
The facts (continued):
Great Britian/ Israël:
z
z This too concerns a case in progress in which the
suspects are presumed innocent.
z An Israeli writer discovers on the Internet
chapters of a book “L for Lies” written with his
wife Varda, even though the book is not yet
published .
z He files a complaint with the police, which
proceed to examine the writers computer.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
56
Cyber-crime in 2005
Economic espionage: envy-greed
z
The facts (continued):
Great Britain/ Israel:
• The computer appears have been compromised
by an email sent by the ex-husband of the
daughter of Varda, the email containing a Trojan
horse, presented as an inscription form for their
grand-daughter’s school .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
57
Cyber-crime in 2005
Economic espionage: envy-greed
z The facts (continued):
CLUSIF >
z
A short time after the discovery of their book on
the Internet, the couple received a CD ROM from
their ex-son-in-law allegedly sent by a student of
the writer. The writer specifies that he did not
install the CD ROM on his computer.
z
On the host where a copy of the book was stored,
the police find other discoveries: data taken from
several other computers.
z
Thus in 2005 an affaire of economic espionage of
rather great importance is revealed.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
58
Cyber-crime in 2005
Harassment to the point of physical violence
z The facts (continued):
CLUSIF >
z
The former son-in-law of the writers is arrested in
London, by Scotland Yard, in May 2005, following
an Israeli extradition request. His wife is also
arrested .
z
They are accused of unauthorized modification of
computer contents.
z
The ex-son-in-law of the writer is suspected of
having sold custom made Trojan horse programs
to private detective companies, for their
customers wanting spy on their competitors .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
59
Cyber-crime in 2005
Harassment to the point of physical violence
z
CLUSIF >
The facts (continued):
z The presumed victims, quoted by the media, include
companies of several different industries: telephone,
automobile, cable television, fashion, mineral water,
food, finance, high technology, press, publishing, etc .
z
The custom made Trojan horses would appear to have
been sent to their targets either by the means of
emails, or by means of CD presented as CD of
promotional offers sent by trade partners. It would not
appear to be mass diffusion but more likely targeted
diffusion.
z
Emails and CD Roms give the impression of coming
from known sources or their partners: personalization .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
60
Cyber-crime in 2005
Economic espionage: envy-greed
z
The facts (continued):
z The executives of several private information
companies are questioned by the police in Israel,
and a few indictments followed in July 2005 .
z
z
CLUSIF >
Justice: the cases interest the Israeli and British
Justice, for the time being. The police not
excluding that American, European, or companies
from other countries may have been targeted,
there could easily have been other countries
concerned by this affair.
To be followed…
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
61
Cyber-crime in 2005
Economic espionage: envy-greed
z
Consequences and stakes:
Each year brings a new batch of economic
espionage cases, an activity which doesn't
appear to slacken.
• Diversity of the means employed:
• From intrusion, to theft, passing by custom
made malevolent programs.
• Espionage cases are sometimes difficult to
detect, and can be difficult to prosecute on
a legal level, depending on whether or not
adapted laws exist.
•
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
62
Cyber-crime in 2005
Economic espionage: envy-greed
Some references :
Agence France Presse
http://www.thelocal.se/article.php?ID=1076&date=20050309
http://news.zdnet.co.uk/internet/security/0,39020375,39193998,00.htm
http://www.infoworld.com/article/05/04/26/HNsonyhacker_1.html?APPLICATION%20SE
CURITY
http://www.usdoj.gov/usao/can/press/html/2005_12_08_oneilguiltyplea.htm
http://www.baselinemag.com/article2/0,1397,1741503,00.asp
http://www.liberation.fr/page.php?Article=305532
http://www.guardian.co.uk/international/story/0,,1495669,00.html
http://www.haaretz.com/hasen/spages/581819.html
http://www.globes.co.il/serveen/globes/docview.asp?did=931923&fid=942
http://www.ynetnews.com/articles/0,7340,L-3133649,00.html
http://web.israelinsider.com/Articles/Briefs/5702.htm
http://www.spectrum.ieee.org/print/2145
http://www.washingtonpost.com/wpdyn/content/article/2005/05/30/AR2005053000486.html
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
63
Cyber-crime in 2005
Overview 2005
0Underground economies: bots, keyloggers,
rootkits
0 Economic espionage: envy-greed
0 Loss and theft of data: the risks of identity
theft
0 Harassement to the point of physical violence
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
64
Cyber-crime in 2005
Loss and theft of data
zFact:
many cases of disclosure in mass of personal
data (including banking) were exposed in 2005:
z Computer thefts
z Losses
of backup
z Compromising
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
of systems
http://www.clusif.asso.fr/
12/01/2006
65
Cyber-crime in 2005
Loss and theft of data
zFact
(continued)
z These cases, because of the volume and the
type of data revealed, show not only the risks
of financial fraud but identity theft also.
z The most of the examples come primarily from
the United States, because of laws requiring
companies victims of data theft to inform the
people concerned .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
66
Cyber-crime in 2005
Loss and theft of data
z
CLUSIF >
Chronology and details: computers theft
z Medical center San Jose (March 2005):
personal data lost for 185.000 patients.
¾ Billing data transferred from the hospitals
network host towards two work stations for
the needs for the annual audit.
¾ Theft of two computers .
¾ Notification of the patients by the hospital
(as per American law).
¾ Only part of the statistical data on the hard
drives.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
67
Cyber-crime in 2005
Loss and theft of data
zChronology
and details : computer theft (continued)
z University of Berkeley (April 2005)
¾ Theft of a laptop computer containing the
personal data (including social security
numbers) of 98.000 people.
¾ The laptop was sold through a on line auction
site and is found by the police, hard drive
reformatted .
¾ Apparently, no proof of malevolent use of the
data.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
68
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: loss of backups
z Ameritrade Holding (avril 2005):
¾ Loss of a backup during a transfer offsite by a
specialized company .
¾ Files of 200.000 customers revealed.
z Bank of America (Febuary 2005):
¾ Loss of backups (baggage handler theft?)
containing banking information pertaining to
1,2 million government employees
¾ The data contained account holder information
(account numbers and addresses for example)
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
69
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: loss of backups (continued)
z Citigroup (April 2005):
¾ Loss by UPS of bands containing the data
(transactions and social security numbers) for
3,9 million customers.
¾ Loss during the transfer to a credit bureau.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
70
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: compromises
z Cardsystems (April 2005):
¾ Technical provider for Visa and Mastercard
processing card transactions
¾ Discovery of the compromise of Cardsystems
network, with potential access to 40 million
credit card numbers (which should not have
been kept!)
¾ Recovery of 68,000 numbers; international
banks indicate that this disclosure brought
about fraudulent transactions
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
71
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: compromises (continued)
z ChoicePoint (origin of the case in October 2004)
¾ Company specializing in financial data supplies
to credit companies.
¾ Information theft (150,000 people): social
security and telephone numbers, e-mail
addresses, debt information, etc. via the
usurpation of loan companies.
¾ Diversion of correspondences addressed to
customers
¾ 750
complaints filed for identity theft,
investigations underway
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
72
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: compromises (continued)
z LexisNexis (April 2005)
¾ Publishing and professional information (legal,
financial and economic).
¾ Several security incidents discovered in a data
base in the information system of a subsidiary
company (Seisint) of the group .
¾ information concerning 32,000 people: names,
addresses, social security numbers, drivers
license numbers …
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
73
Cyber-crime in 2005
Loss and theft of data
zChronology
and details: compromises (continued)
z Jackson Community College (may 2005)
¾ Break-in on the network and potential access
to 8000 social security numbers
¾ Access to students and professors passwords,
which are also the passwords to the opening of
the new accounts, without these passwords
being systematically modified.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
74
Cyber-crime in 2005
Loss and theft of data
zStakes
and consequences: ID theft
z The personal data becomes a sought out and
lucrative item:
¾ That is to say, the attack is directly aimed
at data .
¾ Or
indirectly, following the theft of
computers or back up losses, the data
found can be valuable for identity theft.
¾ Example: arrest of 17 people in Arizona,
the police found a laptop computer
containing a large volume of personal and
banking data .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
75
Cyber-crime in 2005
Loss and theft of data
zStakes
and consequences: ID theft (continued)
z The risks of disclosure of personal data is
worsened by poor public awareness of these
problems:
¾ Personal data can be obtained rather easily
from their owners.
¾ Example: a London survey (March 2005)
which showed that 92% of a 200 person
sample group gave personal information
(addresses, names of parents, children) to a
surveyor who offered free theatre tickets in
exchange for answers to the survey
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
76
Cyber-crime in 2005
Loss and theft of data
zStakes
z Two
CLUSIF >
and consequences: ID theft (continued)
types of protection against ID theft:
¾ Technical measurements: system and
networks security, encoding of important or
sensitive data on backups and laptops.
¾ Organizational measures: sensitizing
collaborators on security measures,
evaluating and checking security
procedures.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
77
Cyber-crime in 2005
Loss and theft of data
zStakes and consequences: ID theft (continued)
z Protecting data is not sufficient because
we
realizes that certain elements:
¾ find themselves saved on several different
systems, which can sometimes have very
low levels of protection,
¾ may be gotten rather easily directly from
their owner.
z It is thus also necessary to reinforce the
authentification procedures using personal data
thus making it more difficult to use compromised
data.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
78
Cyber-crime in 2005
Loss and theft of data
zStakes
and consequences: ID theft (continued)
z Illustration
of
the
need
to
reinforce
authentification procedures: example of a couple,
owners of a home in Texas, who find a stranger
installed in their house upon their return from
vacation. This person presents in all good faith an
act proving that he paid money to acquire this
house. The swindle begins with the theft of the
wife's personal data. Social security number,
driver license number and a signature copy were
enough to draw up this false document.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
79
Cyber-crime in 2005
Loss and theft of data
Links to learn more :
•http://www.californiahealthline.org/index.cfm?Action=dspItem&itemID=110469
•http://www.pcinpact.com/actu/news/LUniversite_de_Berkeley_retrouve_ses_donnees_per
du.htm
•http://www.theregister.co.uk/2005/04/29/backup_tapes_are_backdoor_for_id_thieves/
•http://www.pcinpact.com/actu/news/Bank_of_America_a_un_petit_probleme_de_perte_d
e_me.htm
•http://news.zdnet.com/2100-1009_22-5733971.html
•http://www.msnbc.msn.com/id/8260050/
•http://www.msnbc.msn.com/id/6969799/
•http://www.silicon.fr/getarticle.asp?ID=8633
•http://www.vnunet.fr/actualite/securite/piratage/20050412015
•http://www.crime-research.org/news/29.05.2005/1264/
•http://www.reseaux-telecoms.net/actualites/lire-vol-d-identites-arrestations-en-serie11213.html
•http://www.vnunet.com/vnunet/news/2127049/uk-wide-open-identity-theft
•http://www.plastic.com/article.html;sid=05/08/23/19205287;cmt=60
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
80
Cyber-crime in 2005
Overview 2005
0 Criminal elements: bots, keyloggers,
rootkits
0 Economic espionage: envy-greed
0 Loss and theft of data: the risks of identity
theft
0 Harassment to the point of physical violence
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
81
Cyber-crime in 2005
Harassment to the point of physical violence
Aggression and violence which is not
“virtual”
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
82
Cyber-crime in 2005
Harassment to the point of physical violence
Facts:
A multitude of cases revealed or solved in 2005
reminds us that computer criminal activity is a
human fact, that it touches human beings and not
only machines.
z
The suffering generated can be intense, violent, and
sometimes lethal.
The computer is used here as a means for attackers
release their anger, to violate intimacy, to offend
others, encourage hatred, to brag of their
misdeeds, to bait their victims, and in some cases,
leads to murder.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
83
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
z Great
Britain: During 3 years a woman
badgers her one night stand: hacking his
emails, diffusing false emails, creation of a
Web site proclaiming that he's a homosexual,
inscription without his knowledge on web sites,
one of which a chat room for homosexual
prisoners, diffusion rumors stating that he had
a STD, etc. In January 2005 the young woman
was sentenced
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
.
http://www.clusif.asso.fr/
12/01/2006
84
Cyber-crime in 2005
Harassment to the point of physical violence
z
Facts (continued):
z Singapore: a man is sentenced in October
2005 to one month in prison for having
threatened, via SMS, his ex-girl friend that he
would post photos of her naked on Internet.
z
CLUSIF >
France: the ex-wife of a judge and her son
sentenced in April 2005 for having posted on
the net, nude photo's of his new wife, and
contacting several newspapers inviting them to
go to the Web site where they were exposed.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
85
Cyber-crime in 2005
Harassment to the point of physical violence
z
CLUSIF >
Facts (continued):
z France:
an under aged girl is notified that a
video sequence of her, taken without her
knowledge in the dressing room of a swimming
pool; is on a pornographic Web site in the United
States.
z France: kids out of control in blogs. Several highschool pupils are expelled from school in 2005 for
having insulted or harassed classmates or
teachers.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
86
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
z
CLUSIF >
France (November 2005):
The author of the Web site “S.O.S France” is
sentenced for insulting people because of their
religious beliefs. Articles diffused on the site
qualified the Moslems as “hoodlums”.
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
87
Cyber-crime in 2005
Harassment to the point of physical violence
z
Facts (continued):
z France (November 2005): publication of
francophobe messages on Internet, and
messages calling for attacks on police stations .
z
CLUSIF >
France (November 2005): arrests of bloggers in
the Bouches du Rhône (13) and in the Seine
Saint-Denis (93) at the time of urban rioting. In
question: the voluntary provocation to degrade,
dangerous for the population, via the Internet .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
88
Cyber-crime in 2005
Harassment to the point of physical violence
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
89
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
2 interesting lessons to highlight:
z To help surfers and page editors to avoid the
skidding into that vague area between the
freedom of expression and respect of others, the
Forum des Droits sur Internet published a
document: “Je blogue tranquille” and the
association “Ni putes ni soumises” a “guide du
respect” intended to teach respect for one
another .
z
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
90
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
Japan: blog, diary of murder ? (November 2005)
A under aged girl is arrested, on her blog the
progressive decline of her mothers health, whom
she is suspected of poisoning .
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
91
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
z
The act of attacking a person to film the scene on
their mobile phones and then sending it to friends
and schoolmates by MMS or by Internet is called
“Happy slapping”.
For the time being, only a few cases were
revealed in 2005.
Technology (mobile phones) is not the cause, but
the use which they make of it.
The fact of filming the aggression can be
considered as a worsening factor.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
92
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
Switzerland: June 2005, two 13 year old
schoolboys strike a child and film the sequence
on their portable telephone.
France: in November 2005, in Vienne, three
young men are arrested for gang rape, collecting
and diffusion of pornographic images of minors.
They filmed the scene with a mobile phone.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
93
Cyber-crime in 2005
Harassment to the point of physical violence
Facts (continued):
Great Britain (May 2005): a girl is attacked and
wounded for a scene filmed on a mobile phone.
z
Great Britain (April 2005): a 14 year old teenager
hangs himself after having been filmed being
aggressed by his classmates .
Great Britain (September 2005): sentencing of a man
to 14 years in prison for having attacked and raped a
girl: he had filmed the scene on his telephone to
send it to friends.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
94
Cyber-crime in 2005
Harassment to the point of physical violence
z
CLUSIF >
Facts (continued):
z Another phenomenon: cyberbullying. To better
understand the phenomenon of brimades
harassment, by interposed data processing, two
American researchers conducted a study in 2005,
of nearly 1500 teenagers:
z 16,7 % of teenagers state having done so on
line.
z 50% say they did it for fun.
z Approximately 35% consider that it makes the
victims stronger.
z See the details of the preliminary results of the
study of Sameer Hinduja and Justin W.Patchin
at cyberbullying.us
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
95
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
z Australia: closing in June 2005 of a chat room
for rapists. On the site, “The Rape Club”,
description of the use of arms by rapists and
proposing rape photographs said to be
“authentic”.
z France: in October 2005, in Besancon, a man
already sanctioned for contacts on a minor is
sentenced to 7 years of prison for aggressions
made on minors. He used Internet to recruit
“baby sitters”.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
96
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
z
CLUSIF >
France: arrest of a man in October 2005 in the
North of France for inciting the commission of a
crime through the press. The man tried to pass as
a woman whose fantasy was be to be raped, in
order to recruit people to rape one of his
neighbors. Case in progress .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
97
Cyber-crime in 2005
Harassment to the point of physical violence
z Facts (continued):
France: recruiting a hired killer on Internet. In
April 2005, a man is arrested in Nancy for trying
to hire a hit man. He sought have his mistress'
boyfriend eliminated by a hired killer while trying
to cover it up as an accident.
z Japan: a woman files a complaint against a man
whom she had hired on the net to eliminate her
lovers wife, for breach of contract. He is
sentenced for swindle in December 2005.
z
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
98
Cyber-crime in 2005
Harassment to the point of physical violence
z
CLUSIF >
Facts (continued):
z China: a 41 year old man stabbed one of his
game mates. He didn't support the fact that the
other man sold the virtual saber won in a multiplayers on line game, a saber that he had lent to
him. According to media's which report this case,
the man had initially gone to file a complaint with
the police for the theft of his virtual weapon. The
law having no provisions for cases of virtual
property, his complaint was not taken, furious,
the man went to kill his game mate.
z He was sentenced to death with stay of
execution, a sentence which can be commuted to
life in prison .
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
99
Cyber-crime in 2005
Harassment to the point of physical violence
z
Stakes and consequences:
Internet is a fabulous communication tool and
knowledge. In certain cases, it also become a new
theatre and vector of violences.
The human aspect of the sufferings generated for the
victims because of these offences or violences must
be considered.
The psychological attacks, offences, violences take a
long time to cure.
Physical violence is sometimes irreparable.
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
100
Cyber-crime in 2005
Harassment to the point of physical violence
z
Stakes and consequences:
The need for information and prevention against
some of these attacks
Impossibility of preventing certain forms of these
violences
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
101
Cyber-crime in 2005
Harassment to the point of physical violence
Some references:
Agence France Presse
http://foruminternet.org
http://www.niputesnisoumises.com
http://www.theregister.co.uk/2005/01/28/cyberstalker_sentence/
http://news.bbc.co.uk/1/hi/england/leicestershire/4217191.stm
http://www.manchesteronline.co.uk/men/news/s/159/159553_girl_16_held_over_happy
_slap_attack.html
http://www.manchesteronline.co.uk/men/news/s/163/163172_happy_slap_mums_fury.
html
http://www.cyberbullying.us
http://www.marianne-en-ligne.fr/archives/edocs/00/00/41/82/document_article_marianne.phtml
http://news.bbc.co.uk/1/hi/technology/4072704.stm
CLUSIF >
clusif@clusif.asso.fr + 33 1 5325 0880
http://www.clusif.asso.fr/
12/01/2006
102