Date post: | 22-Jan-2018 |
Category: |
Technology |
Upload: | chip-thornsburg |
View: | 78 times |
Download: | 1 times |
Why Can’t Police Catch Cyber Criminals
Chip ThornsburgAlamo Cyber Security, LLC
Short Bio
Police Officer with City of Helotes, Texas
Owner, Alamo Cyber Security
Member Electronic Crimes Task Force
Taught at River City College, Southern Careers and North Texas State College
Degrees in Management, Criminal Justice / Law Enforcement, Criminology and MBA in progress
SARCASM = Greatest Spiritual Gift
First Hack = Angelo State University
Why Can’t Police Catch Cyber Criminals NOLACON 2016
DISCLAIMER
This presentation is for information purposes only. Nothing included is intended to be legal advice. Contact a Licensed Attorney or Local District Attorney’s Office if you have specific questions.
Why Can’t Police Catch Cyber Criminals NOLACON 2016
All Prices plus TT&L
Art for illustration purposes only
Past performance is no guarantee of future performance
See Store for Details
The Costs of Cyber Crime
445 Billion to 1 Trillion Annually
160 Successful Cyber Attacks per Week
Why Can’t Police Catch Cyber Criminals NOLACON 2016
April 2016
55 Million Voters in Philippines
93 Million Voters in Mexico
1.1 Million Users of Beautiful People .com
Ransomware in Healthcare & Schools
Why Can’t Police Catch Cyber Criminals NOLACON 2016
The Current State of Law Enforcement Investigations
Computer as a Tool/Target
Identity Theft
Breach of Computer Security
Fraud
IP Theft
Pirating Movies / Software
Child Pornography
Solicitation of Minors
Cyber Bullying
Why Can’t Police Catch Cyber Criminals NOLACON 2016
Computer has Evidence
Theft
Fraud
Murder
Sexual Assault
Prescription Forgery
Narcotics / Drug Offenses
Credit / Debit Card Abuse
Individual Victims
Identity Theft
Credit / Debit Card Abuse
Card “Cracking”
Ransomware
Challenge #1
Patrol Officers lack Specialized Training and Experience to document Cyber Crimes
Identity Theft
332,646 Reports in 2014
17.6 Million Americans in 2014 (est)
$16 - $18 Billion in Losses
54% were resolved within 24hrs
Why Can’t Police Catch Cyber Criminals NOLACON 2016
Resolved = Victim’s Money Returned to their Account
Challenge #2
Overlapping and Unclear Jurisdictions between Federal, State, County and Local Police Departments
Why Can’t Police Catch Cyber Criminals NOLACON 2016
Card “Cracking”
• Targeting < 25 yrs population
• New Spin on an Old Con
• Victims contacted via Social Media
• “Get Paid to Party!”
• Send Debit Card & PIN
• Bogus Counter Checks Deposited
• ATM Withdrawals across the Country
Victims of Fraud are often embarrassed and uncooperative
Challenge #3
Victims of Fraud often refuse to cooperate with an Investigation or refuse prosecution.
No Victim = No Crime
Corporate Victims
IP Theft
Insider Threats (Malicious Damage)
Denial of Service
PCI Theft
Ransomware
Insider Threats
Un-Happy Employees can cause serious damage before finally exiting the Company.
Quick Call IT to get things back up and running!!
32% of Incidents Reportedinvolved Insiders
NO EVIDENCE = NO CRIME
Challenge #4
Digital Evidence is Volatile. Through efforts to restore services much of the digital trail is lost, corrupted or the Chain of Custody is so poor the evidence is unusable in a Court.
Some Counties consider Employee Damage a Civil Matter
PCI Theft
Payment Card Information
0.0000
5.0000
10.0000
15.0000
20.0000
2010 2011 2012 2013 2014 2015
Price to Earnings Ratio
Wal-Mart Target
In 2014 Target sustained a $252 Million Loss due to Breach
Challenge #5
Lack of Timely Reporting by Corporations increases the victim pool and decreases the likelihood of finding the original offenders and source of the leak.
Intentional ?
Oversight ?
Challenge #6
Lack of Personnel. Law Enforcement Salaries are some of the lowest of the professions and most Technologists know how much their skills are worth in the private sector.
San Antonio, Texas
1.4 Million Residents
7th Largest City in US
Second to D.C in Cyber
How many Trained Officers for Cyber Crime Investigations?
Challenge #7
Lack of specific resources at the local level
State Grants
Federal Grants
University Partnerships
Secret Service: ECTF
FBI: ICAC
Challenge #8
The True Scope of the Problem is UNKNOWN
Less than 20% of
Crimes are Reported to
Law Enforcement
What can You do?
Create LEO Reporting Threshold as part of your Critical Incident Response Plan
Try to preserve evidence, if possible and limit access for Chain of Custody
4th Amendment Issues
User Agreements allow Companies Latitude that Law Enforcement does not have.
Remember patrol officers may not be very helpful
Prior to an incident reach out of local DA’s office or LEA’s White Collar Crime Unit
Join the Regional Task Force (U.S. Secret Service)
Report Criminal Acts
Questions?
Resources
United States Secret Service – Electronic Crimes Task Force / Financial Crimes Task ForceTask Force Locator: http://www.secretservice.gov/investigation/#field
Federal Bureau of Investigation (FBI) – Cyber Task Forceshttps://www.fbi.gov/about-us/investigate/cyber/cyber-task-forces-building-alliances-to-
improve-the-nations-cybersecurity-1
FBI Cyber Action Team – 48 Hour Response time for major incidents
https://www.fbi.gov/about-us/investigate/cyber/cyber-action-team
Internet Crime Complaint Center – to file a complaint
https://www.ic3.gov/default.aspx
National White Collar Crime Center – Investigation Resources and Training
https://www.ic3.gov/default.aspx
References
Identity Theft Resource Center, ITRC. (2016, March 3). Identity Theft #1 Consumer Complaint of 2015.Retrieved from Identity Theft Resource Center: http://www.idtheftcenter.org/attachments/article/985/ITRC%20Identity%20Theft%20No.1%20Consumer%20Complaint%2015%20Consecutive%20Years%20Whitepaper.pdf
Morgan, L. (2016, May 5). List of Data Breaches and Cyber Attacks in April 2016. Retrieved from IT Governance Blog: https://www.itgovernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-april-2016-156687282-records-stolen/
Nakashima, E. a. (2014, June 9). Report: Cybercrime and Espionage Costs $445 Billion Annually. Retrieved from The Washington Post: https://www.washingtonpost.com/world/national-security/report-cybercrime-and-espionage-costs-445-billion-annually/2014/06/08/8995291c-ecce-11e3-9f5c-9075d5508f0a_story.html
Walters, R. (2015, November 18). Cyber Attacks on U.S. Companies Since November 2014. Retrieved from The Heritage Foundation: http://www.heritage.org/research/reports/2015/11/cyber-attacks-on-us-companies-since-november-2014
Wiles, J. (2009, January 9). US Secret Service Electronic Crimes Task Force - We Need You to Join Us! Retrieved from SC Magazine: http://www.scmagazine.com/us-secret-service-electronic-crimes-task-force--we-need-you-to-join-us/article/30731/