Presented By: Brian Nienhaus

What is cybercrime? Running a cybercrime syndicate Cybercrime attacks Countermeasures Organization profiles

Who, Where, When, Why

“The degree of overlap between [organized crime and cybercrime] is likely to increase considerably in the next few years. This is something that needs to be recognized by business and government as an emerging and very serious threat to cyber-security.”

Cybercrime is…? “offenses ranging from criminal activity

against data to content and copyright infringement” (Council of Europe’s CC Treaty)

United Nations refers to acts of fraud, forgery and unauthorized access

“…unlawful acts wherein the computer is either a tool or a target or both.”.

The Internet encourages anonymity and is distributed in nature

Many countries have very few laws addressing cybercrime Love Bug Virus VB script that spread via email and

corrupted many different file types FBI traced the virus to the Philippines

The increasing growth of e-commerce

22.3% increase in # from 2008211% increase in financial loss Median dollar loss: $575 Crimes with no documented loss or harm are not included

Top 5 categories:Non-delivered merchandise: 19.9%Identity Theft: 14.1%Credit Card Fraud: 10.4%Auction Fraud: 10.3%Computer Fraud: 7.9%

UNORGANIZED ORGANIZED

Usually the work of an individual

Decentralized Smaller resource base Hit and run

mentality/opportunistic

Centralized group of criminals

Many based in “hostile” nation

Extensive access to resources/business connections

Extended operations

Hackers discover vulnerabilities and sell to the highest bidder

Crimeware suites created and sold to less technically inclined users

Crimeware-as-a-service mentality Data supplier model Pricing profiles introduced

Credits cards = cheap Healthcare info/single logins for organizations =

expensive Cybercrime economy mirrors actual economy

Organized crime closely mimics the actual economy Regionally-specific & enterprise-specific

campaign Each attack campaign gathered centrally to

sell Campaigns managed remotely from these

central servers Data and asset management is just

as essential as in traditional business

(1) Boss deploys malicious code package

(2) Campaign managers retrieve package and customized as needed

(3) Malicious network used to inject package into legitimate sites. Commission-based

(4) Injected code served to users (5) Toolkit affects individual users (6) Infection data sent back to central

location (7) PII flows back to boss

Example of crimeware toolkit that originates from Eastern Europe, primarily Russia and the Ukraine

Utilizes three major components and powerful encryption: ZueS trojan ZueS config file Specifcation of dropsite

Config file defines subset of targets ZueS collects session variables

during sessions Bypasses auth. Mechanisms and piggybacks

session Criminals are able to move money to third

parties in real-time ZueS Builder provides binary files for

constructing a botnet

How simple is it? Number of new ZeuS binaries in the past

month: 18,985 Number of new ZeuS binaries seen in the

past week: 4,582 Number of new ZeuS binaries seen in one

day: 977

Trend Report ZeuS Video

Consider: Hardware and software keeps getting

cheaper Combine the Internet and a global scope,

the the potential for attacks is limitless Security will always be breached Even when laws are passed to increase

technological safeguards, new technology will always outstrip legislation

I3C Accepts complaints, investigates, and/or

redirects to appropriate law enforcement Joint operations with other agencies Publishes cyber-security information

IT Act(2000) Attempt to define various electronic

specifications: Digital Signatures Use/Retention of electronic records Security Certification Authorities Offenses

http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf

http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf

http://us.trendmicro.com/imperia/md/content/us/trendwatch/researchandanalysis/zeusapersistentcriminalenterprise.pdf

http://www.legalserviceindia.com/cyber/itact.html http://www.symantec.com/norton/cybercrime/

definition.jsp http://www.securityworld.com/ia-420-love-bug-

virus.aspx http://www.finjan.com/Content.aspx?id=827