Cyber Crime

The current threat to the UK

Security Marking

UK Cyber Crime

• The cost of cyber crime to the UK ?• What is cyber crime and what is cyber enabled

crime ?• The motivation behind cyber attacks.• Who are the cyber criminals ?• UK Law Enforcement• Why you should engage with Law Enforcement

Security Marking

Protect 4

Pure Cyber

Protect 5

What is Cyber Crime?

Pure Cyber crime

• Can only be committed through the use of ICT.

Cyber enabled crime

• Can be committed without technology but are assisted or escalated by the use of ICT.

What is Cyber Crime ?

• Harvesting of personal and business data to commit fraud (phishing, vishing, spear phishing, targeted malware)

• Targeted compromise of UK networked systems (network intrusion)

• Denial of Service to UK networked systems (DDoS, Ransomware)

• Blended attacks - Obfuscation of real attack (DDOS hiding malware attack/infection) Cyber crime enablers (compromised hosters, cybercrime-as-a-service)

Motivations – Pure Cyber Crime

• Child abuse images

• Political / Kudos

• Financial Reward

Who are the cyber criminals ?

• Anyone - The threat is global and due to the rise of the cyber service industry technical ability is no longer required.

• Fraud Organised Crime – Russia & former Soviet Union, Romania, West Africa, South East Asia.

• UK Organised Crime• Hactivists – 'Anonymous', 'Lulzsec'• UK 'Hackers' / 'Script Kiddies'

UK Law Enforcement

The NCCU launched as part of the National Crime Agency on 7th October 2013

Providing a highly specialised investigative response, nationally and internationally, to the most serious incidents of cyber crime.

Working proactively to eliminate and prevent opportunities for online criminality.

Assisting Law enforcement to take the lead in tackling cyber-enabled crime.

Building stronger partnerships with industry and supporting a transformational change in law enforcement’s mainstream cyber capabilities.

Current Response – the NCCU

• Strategic

• Tactical

• Operational

Challenges

• The internet

• Multi-jurisdictional

• Legislation

• Working with industry

• Skills in policing

• Competing priorities and sheer volume

Why you should engage with Law Enforcement – Operation Allendale

• On Saturday 20th & Sunday 21st October 2012 a major Phishing attack against customers of Barclaycard and First Direct banks.

• 2400 phishing sites created, tested and launched online from a server in France. 340 customers visited the sites and 35 accounts compromised.

• Reported to the Police Central e-crime Unit by Barclays investigators who identified an IP address at Park Plaza Hotel, London used to transfer money from victim accounts.

Operation Allandale - Investigation

• Working with the hotel, bank and card issuer police identified suspect Godday Sunday ETU staying at the hotel.

• 24/7 Surveillance operation against ETU who met with Inout CARAMAN and Adrian IORGOVEAN who had flown in from Romania to engage in London spending spree.

• All three arrested at the hotel on 29th October and found logged on to a 'dirty' server in the US which was found to contain 73 million email addresses and 240,000 phishing victims worldwide

Op Allandale - Suspects

Op Allandale – The Result

• All three convicted following a trial and sentenced to ETU (8yrs) CARAMAN (7yrs 2mths) IORGOVEAN (5yrs 7mths) imprisonment.

• Phishing attacks fell by 88% against the UK banking sector following arrests and 'bulk' attacks ended.

• Based on industry figures £59 million worth of fraud was prevented against UK victims.

• By working with Law Enforcement you can make a difference !!

OP PAGODE

• Intelligence received that Zeus Trojan controlled and spread from an address in Manchester.• On-line server found at address and suspect Gary Kelly, logged on as admin• Carding Forum with 7,995 registered members worldwide.• 170,000 recovered UK credit cards

Op Pagode

• Ghostmarket.net the largest english language carding forum in the world•Main organiser, Nicholas Webber ex-public schoolboy 18yrs old, deputy Ryan Thomas 17yrs old.• Suspects spent over £40,000 each on lifestyle using compromised cards.• Kelly’s ZeuS botnet operation ran over 15,000 infected computers in 159 countries harvesting over 4 million lines of personal information.

Nicholas Webber enjoying the fruits of his labour.

Nicolas Webber

5 Years

Gary Kelly

5 Years

Ryan Thomas

4 Years

Shakira Ricardo

18 Mths

Zeus Banking Trojan and GhostMarket Carding Forum

NCCU Contacts :-

• Industry referrals 24/7 NCCU on 0207 238 4106

• Via dedicated NCCU referral unit email account - [email protected]

• Industry Partnership Team – • Simon Mills tel 0207 2383545 / 07545 009516 [email protected]