Technological Crime
Dec 26, 2015
Technological Crime
2
Who Are We?
The Royal Canadian Mounted Police is the Canadian national police service.
We are an agency of the Ministry of Public Safety Canada.
The RCMP is a national, federal, provincial and municipal policing body.
We provide federal policing service to all Canadians and policing services under contract to the three territories, eight provinces (except Ontario and Quebec) and more than 200 municipalities and 600 Aboriginal communities.
3
Technological Crime mandate
Investigate
Pure Computer Crimes• Criminal offences detailed in OM.IV.1• Primarily unauthorized access and mischief to data• CIP mandate
Computer Investigative Support to
Technologically Facilitated Crimes• Any traditional crime assisted by information technologies • Search, seizure, analysis of digital evidence
4
Service Delivery Structure
RCMP - TECHNOLOGICAL CRIME PROGRAMTECHNOLOGICAL CRIME BRANCH
Program Management Support Services Technical Support Services
Policy and Program Support
Operations Support
Operations Coordination and
Liasion
Integrated Cyber Analysis Team
Technical Analysis Team
Forensic Utilities Research Team
Network and Information Operations
Team
Senior Technical Advisor
Integrated Technological Crime Units
5
The Cyber Crime Threat
Why is it a problem?
What is the nature of it?
How is it evolving?
What are our most successful techniques in combating
this threat?
6
Cost and Means of Attack
1945 1955 1960 1970 1975 1985 TODAY
INVASION ICBM / SLBM
CRUISE MISSLES
PRECISION GUIDED
MUNITIONS
COMPUTERSSTRATEGIC NUCLEAR WEAPONS
Cost of Capability
Availability of Capability
Source: SA Robert Flaim FBI
7
Why is it a problem?
•Transnational nature of the Internet = vulnerability
•Anonymous access to infrastructures via the Internet and SCADA
•Interdependencies of systems make attack consequences harder
to predict and more severe
•Malicious software is widely available and does not require a high
degree of technical skill to use
•More individuals with malicious intent on Internet
•New cyber threats outpace defensive measures
8
Why is it a problem?
• Threat not merely in the value of the data compromised, stolen,
or altered, but in the nature of an attack. Ex: Damage from a
cyber attack usually much greater than the resources needed to
accomplish the attack.
• Attacks aided by the anonymity, openness, connectivity, and
speed of the Internet.
• Ramifications include loss of confidence in the systems that
form our national core.
9
Cyberthreats
•Due to the nature of globally interconnected networks,
cyber attacks can be launched from anywhere in the world,
with rapid cascading effects in multiple jurisdictions.
•The extent of the cyber threat ranges from individuals and
organizations to national security.
•Estimates show that as few as 5% percent of
cybercriminals are caught and convicted.*
*Source: Mcafee: (McAfee North America Criminology Report - Organized Crime and the Internet 2007)
10
Cyberthreats
•Attacks against individuals often fall into two categories: • malicious software • social engineering.
•Malicious software attacks compromise home and small
business computers. Once infected, the malicious code
harvests personal data while the user is online.
•Social engineering attacks are aimed at home users and
try to trick them into revealing sensitive personal
information, such as bank logins and credit card details.
11
Cyberthreats
•Criminals are also targeting corporate networks to steal information, usually financial data, held on customer databases.
•Successful hacking attacks on businesses can yield huge amounts of personal information which can then be easily exploited.
•Since the possibility of attack is great and the volume of attackers is essentially limitless, without a defensive strategy, all users are potentially vulnerable over the Internet to criminals worldwide.
12
Sophistication of Cybercrime
•Simple Unstructured: Individuals or groups
working with little structure, forethought or
preparation
•Advanced Structured: Groups working with some
structure, but little forethought or preparation
•Complex Coordinated: Groups working with
advance preparation with specific targets and
objectives.
13
Computer Virus
Password Cracking
Vulnerability Exploitation
Audit Blocking
Burglaries
Back Door Exploitation
Session Hijacking
Scanners
Sniffers
Packet Spoofing
GUI Attacks
Automated Probes/Scanners
Denial of Service
WWW Attacks
Stealth / Advanced Scanners
Distributed Attack Tools
Cross Site Scripting
Staged
Auto Coordinated
Zero-Day
1980 1985 1990 1995 2000 and Beyond
Intr
uder
Kno
wle
dge
HIG
HLO
W
Attack Sophistic
ation
Source: Carnegie Mellon University
Attack Sophistication vs Intruder Knowledge
14
Threats and Capabilities
CAPABILITY
TH
RE
AT
Script Kiddies
Real Hackers
“Hacktivists”
Organized Hacker Groups
Competitors (Foreign & Domestic)
Organized Crime
Terrorists
Foreign Intelligence
Cyberwar
15
Intruder discovers new
vulnerability
Crude exploit tools developed
Novice Intruders use crude exploit tools
developed
Automated scanning / exploit tools developed
Widespread use of automated scanning / exploit tools.
Intruders begin using new types of
Exploits
Source: Carnegie Mellon University
Vulnerability Exploit Cycle
16
What is the nature of the threat?
Technical Threats
• How IT systems are configured/deployed (Speed & Convenience vs. security)
• Some systems are highly vulnerable until the worst bugs in the software have been reported and corrected, which creates a window of opportunity for criminals to exploit these systems.
• Blended Threats: Botnets/Malware/Viruses/etc
17
How is the threat evolving?• The race between criminals to exploit data/systems before security measures
protect it or law enforcement catches them.
• Blended threats are expected to increase, especially within the following areas:
- Exploitation frameworks and rootkits
- BOT-NETS, Trojan-Horse malicious code
- Increasingly Sophisticated Attacks - Wireless devices
- Zero-day exploits
- ID-Theft (Phishing)
- “High-Yield” Investment Offers
18
How is the threat evolving?• Blended threats continued:
- Online “419” Schemes
- Electronic Billing Fraud
- Auction on Line/ Non Delivery of Goods
- Targeted Attacks
- Hackers
- Child Exploitation
- SCADA – Supervisory Control and Data Acquisition
- Exploit process/software vulnerabilities for cash
19
How is the threat evolving?
Financially Motivated Cyber Crime
• Digital currency ( theft/layering stage of the money laundering process)
• Legislation• Anonymous • Borders
• Internet Payment Systems
• Online Banking
• Online Casinos
• Pre-paid Credit Cards
20
Internal & External Drivers
• Emerging 3rd generation of convergent communications device technologies
• Increased criminal use of Internet
• Increased public use of technology = increased demand for analysis
•Enhanced use of security products & services
• Capacity/proliferation of devices with increasing storage capabilities and continually shrinking electronic footprints (encryption & compression)
• Development of new technologies (VHS vs. DVR)
21
Internal & External Drivers
• Complex tracking of identification and transactions
• Jurisdiction/Nonexistent or differing laws
• Speed of cooperation and information sharing
• Private sector concerns re privacy/shareholders/solutions
• Large scale investigations with multiple sites and suspects
which can also cross international boarders
22
MOST SUCCESSFUL TECHNIQUES
Sharing information between government agencies, the private sector and the public
• Canadian Cyber Incident Response Centre (CCIRC)• Cybertip.ca portal• Phonebusters
• Strong networking / relationship building with our partners• Leveraging partnerships maximizing potential/minimizing duplication• NRCAN, Bell Security Solutions, ARIN
• Combining Efforts to Combat Cyber Crime • Cyber Crime Council• Locally, Provincially, Nationally and Internationally• G8 – HTC Sub Committee, CACP E-crimes,etc
23
MOST SUCCESSFUL TECHNIQUES
• Focused Enforcement Strategies
• Integrated Policing
• Sharing of tools, techniques and/or best practices
• Enhancing our communications strategy – internal and external
• Continuous development: employees, tools and techniques
• Continuously look to the future to identify trends & technology
• Prevention and Public Education
24
How can you help?
•Observe
•Identify
•Notify
•Partner
= positive impact
25
With ever increasing numbers, Canadians are embracing the internet.
Only by working in partnership we can achieve the goal of making the Internet a safe
community for Canadians.
26
Insp. Carole BirdOIC Program Management Support Services
Technological Crime BranchRoyal Canadian Mounted Police
(613)[email protected]