Annex 10 - Group discussion presentation (Vietnam)
advertisement
Cyber crime issues – current state of cyber security readiness and cyber crime enforcement capability Viet Nam Hitech Crime Investigation Department Dr. Tran Van Hoa Brunei – April 2010 STRUCTURE OF HITECH CRIME DEPARTMENT Police General Department of Criminal Investigation and Prevention Hightech Crime Department Division 1 Division 2 Division 3 Division 4 Division 5 - Division 1: Staff Division - Division 2: In charge of Cyber Crime - Division 3: In charge of crimes using Hightech - Division 4: Liaison Office in HCMC - Division 5: In charge of data recovering, e-evidence collecting Viet Nam Hitech Crime Investigation Department Page 2 Group discussion Vietnam High Tech Crime Division (VHTCD) was established on 2 March 2005. VHTCD’s responsibilities are to prevent and combat high tech crime in all forms; recover, analyze e-evidences to assist operational investigation requests. Viet Nam Hitech Crime Investigation Department Page 3 APRIL 2005: STUDY TOUR OF 4 VN POLICE OFFICERS AT AHTCC-AFP Viet Nam Hitech Crime Investigation Department Page 4 Cyber crime issues - In 2010 Vietnam has 22 Million internet users and 7 ISP. - Based on internet, Cyber crime is no border crime - Criminals and terrorist groups explore more ways to work together - Cyber crime becoming more organized and nowadays as a transnational business, damage the nation infrastructure, economy and national security. . Viet Nam Hitech Crime Investigation Department Page 5 Current state of cyber security readiness and cyber crime enforcement capability Increasing Threat of cyber crime and the necessity to take countermeasures: 1. The increasing use of new technologies, automated attacking tools by cyber criminals (SQL injection, fake IP, fake email, fake mobile phone number, using proxy server…) 2. Challenges in combating trans border cyber crime: - New technique for tracking Internet cyber attacks; - Issues of international co-operation in cyber crime investigation and information exchange and jurisdiction. - Tracing and identifying criminals; Initial information gathering and undercover online investigations; 3. Digital forensic analysis of evidence and data recovering; Viet Nam Hitech Crime Investigation Department Page 6 Cyber crime issues - Amendment of cyber crimes to new criminal code; - Legal issues relating digital evidence of procedural law - Issues of manpower and training for law enforcement forces, public prosecutor and judges Viet Nam Hitech Crime Investigation Department Page 7 Current state of cyber security readiness and cyber crime enforcement capability Other trend in cyber crime methods: - The growing profit from cyber attacks by targeting core banking, internet commerce website (data usually have credit card information). - Cyber criminals can choose to operate from geographic locations where penalties for some forms of cyber crime may not yet exist. - Cyber attacks can silently steal information without leaving behind any damage that would be noticed by a user, escape detection in order to remain on host systems for longer periods of time. Viet Nam Hitech Crime Investigation Department Page 8 Cyber crime issues + Increasing use of mobile communication devices for attacking by cyber criminals. + Using new technologies allow cyber criminals, terrorist organizations to transcend borders and operate internationally with less chance of detection. + It is estimated that only five percent of cybercriminals are ever arrested or convicted. Viet Nam Hitech Crime Investigation Department Page 9 Cyber crime trend Viet Nam Hitech Crime Investigation Department Page 10 Cyber crime issues Current issues: e-Crime dominated by fraud Online banking and credit cards Targeted attacks to gain data Individuals, e-commerce sites, transaction processing Anonymous and international Activity is global and hard to trace Fast, irrevocable, unidentifiable payments Virtual payment systems are method of choice Viet Nam Hitech Crime Investigation Department Page 11 Cyber crime issues Some typical methods attack of cyber crime: - Denial of service (DDoS, botnet), virus, malware, phishing… Malicious code can scan a victim’s computer for sensitive information, such as name, address, place and date of birth, social security number, mother’s maiden name, and telephone number. Full identities obtained this way are bought and sold in online markets. Viet Nam Hitech Crime Investigation Department Page 12 Cyber crime issues - Stolen credit card numbers and bank account information can be sold online - Cyber criminals offer services: ship goods, change the billing address, manipulation of stolen PINs or passwords. Viet Nam Hitech Crime Investigation Department Page 13 Current state of cyber security readiness and cyber crime enforcement capability Viet Nam Hitech Crime Investigation Department Page 14 Fraud using e-commerce Credit card fraud Steal bank account, credit card information with following modus operandi: 1- Attacking shopping website via SQL Injection to obtain email list, credit card number, personal information 2- Phishing, 3- Collecting, buying credit card number on internet 4- Stealing credit card information by using Keylogger, spyware… 5- Skimming Viet Nam Hitech Crime Investigation Department Page 15 Current state of cyber security readiness and cyber crime enforcement capability Significant increases in credit and debit card fraud: 6 modes operandies: 1- Selling credit card information on internet, almost to criminals in foreign countries 2- Using credit card information to make fake ATM card and cashing in ATM 3- Using credit card information to make fake color credit card, paying for luxury services and goods in shops, hotels, air fairs… 4- Using credit card information to buy (card absent) in web shops 5- Shipping: Using credit card information to buy goods in internet and sending it to other and collect later 6- Transfer money from stolen credit cards to bank account, for gambling Viet Nam Hitech Crime Investigation Department Page 16 Current state of cyber security readiness and cyber crime enforcement capability Fraud using e-commerce: - Auction fraud - Non-delivery fraud - Money invest Fraud Money laundering using e-money: Transfer money from stolen credit cards, bank accounts to emoney accounts : e-gold, webmoney, paypal, e-passport... Or Western Union, bank account of the criminals Viet Nam Hitech Crime Investigation Department Page 17 Current state of cyber security readiness and cyber crime enforcement capability - E-mail fraud containing fraudulent details notifying win of million of USD to cheat and obtain personal assets. - Access to database of telecommunication companies, banks, government agencies, enterprises… and steal information. Viet Nam Hitech Crime Investigation Department Page 18 Current state of cyber security readiness and cyber crime enforcement capability Need a better Measurement: In 2009: 5 amendments regarding cyber crime in the Penal Code of Vietnam: - Article 224. Spreading virus to computer networks, harm to computer network, telecommunication networks, internet and digital equipments. - Article 225. Blocking or causing operation disorders to computer network, telecommunication networks and digital equipments (DDOS, BOTNET attacking). - Article 226. Illegally Spreading information into or illegally using information in computer networks, telecommunication networks or internet (hacking, abuse). - Article 226a. Illegally accessing to other people's computer networks, internet, telecommunication networks or digital equipments. - Article 226b. Using computer networks, internet, telecommunication networks or digital equipments to obtain other people's assets (fraud). This is important cyber crime law, developing with international assistance. Viet Nam Hitech Crime Investigation Department Page 19 Current state of cyber security readiness and cyber crime enforcement capability Viet Nam Hitech Crime Investigation Department Page 20 Current state of cyber security readiness and cyber crime enforcement capability Viet Nam Hitech Crime Investigation Department Page 21 International co-operation Purpose: - Exchange of information, experience - Cooperation on cyber crime investigation - Training for law enforcement agencies in less developing countries on cyber crime investigation and data recovering Viet Nam Hitech Crime Investigation Department Page 22 Vietnam Hightech Crime Department Thank you http://www.hitechcrime.vn hoatv@hitechcrime.vn Viet Nam Hitech Crime Investigation Department Page 23
