Technological Crime. 2 Who Are We? The Royal Canadian Mounted Police is the Canadian national police service. We are an agency of the Ministry of Public.

Technological Crime

2

Who Are We?

The Royal Canadian Mounted Police is the Canadian national police service.

We are an agency of the Ministry of Public Safety Canada.

The RCMP is a national, federal, provincial and municipal policing body.

We provide federal policing service to all Canadians and policing services under contract to the three territories, eight provinces (except Ontario and Quebec) and more than 200 municipalities and 600 Aboriginal communities.

3

Technological Crime mandate

Investigate

Pure Computer Crimes• Criminal offences detailed in OM.IV.1• Primarily unauthorized access and mischief to data• CIP mandate

Computer Investigative Support to

Technologically Facilitated Crimes• Any traditional crime assisted by information technologies • Search, seizure, analysis of digital evidence

4

Service Delivery Structure

RCMP - TECHNOLOGICAL CRIME PROGRAMTECHNOLOGICAL CRIME BRANCH

Program Management Support Services Technical Support Services

Policy and Program Support

Operations Support

Operations Coordination and

Liasion

Integrated Cyber Analysis Team

Technical Analysis Team

Forensic Utilities Research Team

Network and Information Operations

Team

Senior Technical Advisor

Integrated Technological Crime Units

5

The Cyber Crime Threat

Why is it a problem?

What is the nature of it?

How is it evolving?

What are our most successful techniques in combating

this threat?

6

Cost and Means of Attack

1945 1955 1960 1970 1975 1985 TODAY

INVASION ICBM / SLBM

CRUISE MISSLES

PRECISION GUIDED

MUNITIONS

COMPUTERSSTRATEGIC NUCLEAR WEAPONS

Cost of Capability

Availability of Capability

Source: SA Robert Flaim FBI

7

Why is it a problem?

•Transnational nature of the Internet = vulnerability

•Anonymous access to infrastructures via the Internet and SCADA

•Interdependencies of systems make attack consequences harder

to predict and more severe

•Malicious software is widely available and does not require a high

degree of technical skill to use

•More individuals with malicious intent on Internet

•New cyber threats outpace defensive measures

8

Why is it a problem?

• Threat not merely in the value of the data compromised, stolen,

or altered, but in the nature of an attack. Ex: Damage from a

cyber attack usually much greater than the resources needed to

accomplish the attack.

• Attacks aided by the anonymity, openness, connectivity, and

speed of the Internet.

• Ramifications include loss of confidence in the systems that

form our national core.

9

Cyberthreats

•Due to the nature of globally interconnected networks,

cyber attacks can be launched from anywhere in the world,

with rapid cascading effects in multiple jurisdictions.

•The extent of the cyber threat ranges from individuals and

organizations to national security.

•Estimates show that as few as 5% percent of

cybercriminals are caught and convicted.*

*Source: Mcafee: (McAfee North America Criminology Report - Organized Crime and the Internet 2007)

10

Cyberthreats

•Attacks against individuals often fall into two categories: • malicious software • social engineering.

•Malicious software attacks compromise home and small

business computers. Once infected, the malicious code

harvests personal data while the user is online.

•Social engineering attacks are aimed at home users and

try to trick them into revealing sensitive personal

information, such as bank logins and credit card details.

11

Cyberthreats

•Criminals are also targeting corporate networks to steal information, usually financial data, held on customer databases.

•Successful hacking attacks on businesses can yield huge amounts of personal information which can then be easily exploited.

•Since the possibility of attack is great and the volume of attackers is essentially limitless, without a defensive strategy, all users are potentially vulnerable over the Internet to criminals worldwide.

12

Sophistication of Cybercrime

•Simple Unstructured: Individuals or groups

working with little structure, forethought or

preparation

•Advanced Structured: Groups working with some

structure, but little forethought or preparation

•Complex Coordinated: Groups working with

advance preparation with specific targets and

objectives.

13

Computer Virus

Password Cracking

Vulnerability Exploitation

Audit Blocking

Burglaries

Back Door Exploitation

Session Hijacking

Scanners

Sniffers

Packet Spoofing

GUI Attacks

Automated Probes/Scanners

Denial of Service

WWW Attacks

Stealth / Advanced Scanners

Distributed Attack Tools

Cross Site Scripting

Staged

Auto Coordinated

Zero-Day

1980 1985 1990 1995 2000 and Beyond

Intr

uder

Kno

wle

dge

HIG

HLO

W

Attack Sophistic

ation

Source: Carnegie Mellon University

Attack Sophistication vs Intruder Knowledge

14

Threats and Capabilities

CAPABILITY

TH

RE

AT

Script Kiddies

Real Hackers

“Hacktivists”

Organized Hacker Groups

Competitors (Foreign & Domestic)

Organized Crime

Terrorists

Foreign Intelligence

Cyberwar

15

Intruder discovers new

vulnerability

Crude exploit tools developed

Novice Intruders use crude exploit tools

developed

Automated scanning / exploit tools developed

Widespread use of automated scanning / exploit tools.

Intruders begin using new types of

Exploits

Source: Carnegie Mellon University

Vulnerability Exploit Cycle

16

What is the nature of the threat?

Technical Threats

• How IT systems are configured/deployed (Speed & Convenience vs. security)

• Some systems are highly vulnerable until the worst bugs in the software have been reported and corrected, which creates a window of opportunity for criminals to exploit these systems.

• Blended Threats: Botnets/Malware/Viruses/etc

17

How is the threat evolving?• The race between criminals to exploit data/systems before security measures

protect it or law enforcement catches them.

• Blended threats are expected to increase, especially within the following areas:

- Exploitation frameworks and rootkits

- BOT-NETS, Trojan-Horse malicious code

- Increasingly Sophisticated Attacks - Wireless devices

- Zero-day exploits

- ID-Theft (Phishing)

- “High-Yield” Investment Offers

18

How is the threat evolving?• Blended threats continued:

- Online “419” Schemes

- Electronic Billing Fraud

- Auction on Line/ Non Delivery of Goods

- Targeted Attacks

- Hackers

- Child Exploitation

- SCADA – Supervisory Control and Data Acquisition

- Exploit process/software vulnerabilities for cash

19

How is the threat evolving?

Financially Motivated Cyber Crime

• Digital currency ( theft/layering stage of the money laundering process)

• Legislation• Anonymous • Borders

• Internet Payment Systems

• Online Banking

• Online Casinos

• Pre-paid Credit Cards

20

Internal & External Drivers

• Emerging 3rd generation of convergent communications device technologies

• Increased criminal use of Internet

• Increased public use of technology = increased demand for analysis

•Enhanced use of security products & services

• Capacity/proliferation of devices with increasing storage capabilities and continually shrinking electronic footprints (encryption & compression)

• Development of new technologies (VHS vs. DVR)

21

Internal & External Drivers

• Complex tracking of identification and transactions

• Jurisdiction/Nonexistent or differing laws

• Speed of cooperation and information sharing

• Private sector concerns re privacy/shareholders/solutions

• Large scale investigations with multiple sites and suspects

which can also cross international boarders

22

MOST SUCCESSFUL TECHNIQUES

Sharing information between government agencies, the private sector and the public

• Canadian Cyber Incident Response Centre (CCIRC)• Cybertip.ca portal• Phonebusters

• Strong networking / relationship building with our partners• Leveraging partnerships maximizing potential/minimizing duplication• NRCAN, Bell Security Solutions, ARIN

• Combining Efforts to Combat Cyber Crime • Cyber Crime Council• Locally, Provincially, Nationally and Internationally• G8 – HTC Sub Committee, CACP E-crimes,etc

23

MOST SUCCESSFUL TECHNIQUES

• Focused Enforcement Strategies

• Integrated Policing

• Sharing of tools, techniques and/or best practices

• Enhancing our communications strategy – internal and external

• Continuous development: employees, tools and techniques

• Continuously look to the future to identify trends & technology

• Prevention and Public Education

24

How can you help?

•Observe

•Identify

•Notify

•Partner

= positive impact

25

With ever increasing numbers, Canadians are embracing the internet.

Only by working in partnership we can achieve the goal of making the Internet a safe

community for Canadians.

26

Insp. Carole BirdOIC Program Management Support Services

Technological Crime BranchRoyal Canadian Mounted Police

(613)[email protected]