Technology & Crime Cyber – Mini Conference ADIL ILYAS CYBER CRIME CONSULTANT – CID HQ.

Technology & CrimeCyber – Mini Conference

ADIL ILYASCYBER CRIME CONSULTANT – CID HQ

Agenda• Status:-Situational Analysis of Cyber Crimes in the

country. • Threats:- Current and Future Threats & Threat

Sources• Trends:-Patterns and roadways of Cyber Crimes in

the country• Challenges:- Technical to Administrative

Challenges• Solutions:- A way forward Case Studies

Introductions• Technology is a double-edge sword, and it's a good

idea to understand how both sides of the blade cut.• The Good Part: Medicine, Education,

Communication, Trade/Commerce, Entertainment and much more

• It facilitates crime but it has been also mobilized to successfully combat crimes, even in Tanzania. There are negative externalities brought about by the increased use of technology and some of these pose serious challenges on the course of our daily lives.

Cyber Crime - Explained

Any electronic Device that can either STORE, PROCESS or COMMUNICATE can be used to either commission an offense or be used as a target of an Offense.

Technological Enabled Crimes ( Cyber Crimes )o Traditional Crimes using new technology.o Examples: - Fraud, Counterfeiting, Tax Evasion, Money

Laundering

Computer Crimeso Crimes brought fourth by new technology

Hacking, Denial of Service Attacks, System Manipulation, Phishing, Spamming

Tools• Regular Phones, Smart Phones• Computers• Storage Devices ( Flash Disk, CDs etc)

Who can commit an offense ?• Over 18 million people in Tanzania are

connected to Mobile Phone Networks• Over 8 million people in Tanzania are

connected to the internet, with or without knowledge of their connection state.

• More than 7% of the population owns a PC• Anyone of these can commit an offense• Mostly likely they will use the same available

technology to facilitate that offense.• Practically they have the weapon for the

offense.

Our StatusQuick Fact :-• The beauty about technology it does not wait for a country or region

to fully mature into a developed state, but rather its instantaneously available across globe. The same technology may impact regions differently and bring about positive and negative outcomes.

Noticeable Government Efforts• TCRA Harmonized Communication Sector ( Pricing, Service Structure,

Resource Management )• Tanzania Police Force – Cyber Crime Unit.

o Newly Revamped Departmento Covers: Computer & Mobile Forensics, Hi-Tech Crimes, Research & Emerging

Crimes, First Responders, Stake Holder Liason, Cyber Prosecution o Continuous Training Efforts :- Over 250 First Responders / Officers have been

trained

• CERT – Establishment in progress.• Establishment of eGA• Establishment of EPOCA, and ongoing process of

Establishing Cyber Law

Our StatusCommunication Sector:-• Mobile Subscriber Registration has helped in

identifying culprits misusing the technology. But still some phones continue to operate un-registered and other with false pre-registered information

• Storage of Corroborative Evidence as CDRs with mobile operators has helped a great deal in combating crimes, but Most Operators fail to retain DHCP Logs on internet activities.

• Insider collaboration, SIM Swapping and Soft Engineering on victims has been the latest trend in Mobile Money Theft.

Our Status …

Financial Sector• Tanzania has over 26 Banks; all these banks use

the latest technology available in the market to offer services. Some of these banks even inter-connect their services to Mobile Communication Networks.

• Banks have been in the frontline of attacks by both Locals and Foreigners

• Technology used against banks are :- Key Loggers, Skimmers, ATM Cloners, Insiders, Sniffers, Identity Theft, Card Trading

Threats & Threat Sources ..Threat Source

Description & Technology used

Typical Threats Posed

Organized Criminal Groups

Criminal groups seek to attack systems for monetary gain. Key Loggers ATM Skimmers Card Cloners Identify Theft Computer & Computer

Software SMS ID Manipulation GSM Gateways Internet

Fraud Theft Forgery &

Counterfeiting Money Laundering Tax Evasion Call Termination Fraud Email Scams, Fake

Websites Denial of Service

Attacks Piracy Defamation and

Offensive Content Impersonation

Threats & Threat Sources ..Threat Source

Description & Technology used

Typical Threats Posed

Amateur Offenders

Offenders with various motivations some monetary gains while others focus on personal agendas Mobile Phones Computers Internet

Harassment & Threats

Theft Defamation Impersonation

Threats & Threat Sources ..Threat Source

Description & Technology used

Typical Threats Posed

Insiders The disgruntled organization insider is a principal source of computer crime. Insiders may not need a great deal of knowledge about computer intrusions because their knowledge of a target system often allows them to gain unrestricted access to cause damage to the system or to steal system data.

Theft Fraud Denial of Service

Attacks Theft of Information

In order to commit the offense

MOTIVATION & OPPORTUNITY

MOTIVATORStFINANCIAL

PERSONAL MOTIVATIONS

ADVENTURE / POWER

HI-TECH

Motivators  

FINANCIAL GAIN(fraud, theft, scams,

forgery)

REVENGE(against people,

communities, corporates,

governments, countries)

 CURIOSITY(knowledge, sensation,

intellectual challenge);

 FAME

(media attention, boasting, political).

Opportunities• 7 YEARS AGO

AllyDar Es Salaam

JoanithaArusha

Opportunities• 4 YEARS AGO

AllyDar Es Salaam

JoanithaArusha

MPESA MPESA

Opportunities• 1 YEAR AGO

AllyDar Es Salaam

JoanithaArusha

MPESA TIGO PESA

Opportunities• NOW

AllyDar Es Salaam

JoanithaArusha

CRDB BANKNMB BANK

MPESA

TIGO PESAMPESA

OR MOBILE BANKING

CARDLESS WITHDRAWO

Opportunities for Criminals• Increased volume of E-Commerce and online

corporate transactions• Increased connectivity for both targets and

offenders• Increased vulnerability of targets• Convergence of Technologies

Typical Offenses• Fraud• Call Termination Fraud• Credit/Debit Card Trading• Organized Scams• Terrorism• Money Laundering• Denial of Services• Piracy• Counterfeiting• Tax Evasion• Impersonation and concealment of identity• Illegal Interception of Communication

Administrative Challenges• Enactment of Cyber Laws that will encompass all aspects of Cyber

Crimes and Computer Related Offenses• Delay Educational Sectors to introduce Disciplines in Cyber Crimes• Lack National Strategy in Combating Cyber Crimes• Consumer & End User Education on New Products• Admissibility of Electronic Evidence in Courts• Education and Training to Law Enforcement Officers, Prosecutors

and Judicial• Retaining of Corroborative Evidence by Third Party Providers• Stakeholder collaboration still a challenge• No Standard Operating Procedures or Best Practices Adopted• Working IN Border but fighting a borderless crime• Costs 

Technical Challenges• Many Offenses are never detected• Many detected Offenses are never reported• Difficult to Quantify offenses• Distributed Systems make search and seizure difficult• Encryption• Skills sets required to Investigate and Forensically

extract ESI• Difficult to Police Cyber Space• Convergence of Technologies• The Constantly Evolving Technological Landscape

and Emerging Crime ware Technique

Tools• Using Hardware based Key loggers. A common

method across Asia/African Markets

Card Cloning /SkimmingCard Cloning /Skimming

ATM Fraud

ATM Fraud

ATM Fraud

ATM Fraud

Way Forward• On a more holistic level, a multifaceted approach

is certainly required in order to comprehensively deal with the problem most effectively.o EDUCATION

• Educating information technology users including individuals, corporate entities and organizations is a largely preventative measure.

• Universities & Institutions should accommodate Information Security

o PUBLIC & PRIVATE PARTNERSHIPS• Both are inter-dependent on one another.

o DEFENSIVE TECHNOLOGY• Monitoring & Forensic Technology