Security Classification

Practical Issues in dealing with different types of cybercrime

Security Classification

Overview

•Society

•Crime Types

•Resources

•E-Crime (Electronic Crime) Training

•Offences

•Jurisdiction

•Case studies

Security Classification

Society

Security Classification

SocietyInternet Usage•50% of Australian adults accessed the Internet in the 12 months to November 2000

•37% of Australian households were connected to the Internet

•13% of Australian adults paid bills or transferred funds online

•10% of Australian adults purchased or ordered goods or services via the Internet

•the value of Internet e-commerce in Australia at June 2000 was estimated to be $A5.1 billion

Security Classification

Society

•10% of Australian adults purchased or ordered goods or services via the Internet

•the value of Internet e-commerce in Australia at June 2000 was estimated to be $A5.1 billion

• National Office for the Information Economy report entitled. The Current State of Play 2000

Security Classification

Crime Types

Security Classification

Crime Types

•Crimes Reported to AFP 2005-2006

•38% - Drug Importation cases

•34% - Defraud the commonwealth cases

•25% - Child Sex related cases

•3% - Counterfeit currency/documents cases

Security Classification

Crime Types

Electronic Crime Incident Type

•45% - E-Crime

•11% - Interpol

•2% - Counter terrorism

•42% - Others (Fraud, Credit Card, Money Laundering)

Security Classification

Crime types

• Breakdown of Computer Forensic Work

35% = Child Pornography

20% = Counter Terrorism

10% = Fraud (against the Commonwealth and private) (includes unauthorised access, hacking, unauthorised use of credit cards, make and use false

instruments etc)

8% = Child Grooming (using the internet and mobile phones)

5% = Drug Offences

5% = Property Offences (possess stolen property, theft, burglary, armed robbery)

5% = Regional Assistance (referrals from IDG for Solomons, PNG, East Timor etc)

4% = Family Violence/Sexual Assaults etc

3% = Internal Investigations

2% = Homicides

3% = Other

Security Classification

E-Crime Training

Security Classification

E-Crime Training

•Continuing cybercrime education from recruit level

•E-Crime awareness training

•Introduction to E-Crime

•Investigate E-Crime

•Specialist Crime type training

Security Classification

E-Crime Training

•Identify the offence

•Identify the suspect

•Identify witnesses

•Identify the victim

Security Classification

Resources

Security Classification

Resources

•Investigators access to resources

•AFP’s IT Infrastructure

•Access to computers

•Covert internet access

Security Classification

Resources

•Development of specialist investigative tools

eg. Boot cd’s / logicubes

Security Classification

Resources

•Support investigative personnel in increasing their technical and investigative skills

•Development of specialised computer crime units

•Computer Forensic support

Security Classification

Offences

Security Classification

Offences

•Is the computer a target of the offence?

•Is the computer being used to facilitate the offence?

Security Classification

Jurisdiction

Security Classification

Jurisdiction

•The internet is transnational in nature

•Who has jurisdiction?

Security Classification

Case Studies

Security Classification

Case Study 1

Problem of Jurisdiction

Security Classification

Case Study 1

•Background

Suspect initially resident in Australia then departed overseas. During his stay in Australia the suspect manages to transfer funds from a victims bank account via internet banking to his Australian bank account.

The suspect continues with twenty similar offences targeting Australians from his new country.

Security Classification

Case Study 2

Problem of identity theft

Security Classification

Case Study 2

•In 2003 a disgruntled ex Optus employee hacks into a Optus website called “efulfillment.” This website is used by corporate customers of Optus for ordering mobile phones and telecommunication services.

Security Classification

Case Study 3

Problem of identification

Security Classification

Case Study 3

On the 3rd December 2003 an email, directed to David LOWE was received at the RTA Customer Service Centre. The sender wrote:

"Unless all traffice infgringements for speeding incurred during the month of June are cancelled immediately, an explosive will be detonated in one of your major facilities. The cancellation of these infringement notices will be done quietly

with no public notification. You have 48 hours. This threat is real".

Security Classification

Questions?