67 resultados para cybercrime
Resumo:
Lack of a universally accepted and comprehensive taxonomy of cybercrime seriously impedes international efforts to accurately identify, report and monitor cybercrime trends. There is, not surprisingly, a corresponding disconnect internationally on the cybercrime legislation front, a much more serious problem and one which the International Telecommunication Union (ITU) says requires „the urgent attention of all nations‟. Yet, and despite the existence of the Council of Europe Convention on Cybercrime, a proposal for a global cybercrime treaty was rejected by the United Nations (UN) as recently as April 2010. This paper presents a refined and comprehensive taxonomy of cybercrime and demonstrates its utility for widespread use. It analyses how the USA, the UK, Australia and the UAE align with the CoE Convention and finds that more needs to be done to achieve conformance. We conclude with an analysis of the approaches used in Australia, in Queensland, and in the UAE, in Abu Dhabi, to fight cybercrime and identify a number of shared problems.
Resumo:
Phishing and related cybercrime is responsible for billions of dollars in losses annually. Gartner reported more than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008 (Gartner 2009). This paper asks whether the majority of organised phishing and related cybercrime originates in Eastern Europe rather than elsewhere such as China or the USA. The Russian “Mafiya” in particular has been popularised by the media and entertainment industries to the point where it can be hard to separate fact from fiction but we have endeavoured to look critically at the information available on this area to produce a survey. We take a particular focus on cybercrime from an Australian perspective, as Australia was one of the first places where Phishing attacks against Internet banks were seen. It is suspected these attacks came from Ukrainian spammers. The survey is built from case studies both where individuals from Eastern Europe have been charged with related crimes or unsolved cases where there is some nexus to Eastern Europe. It also uses some earlier work done looking at those early Phishing attacks, archival analysis of Phishing attacks in July 2006 and new work looking at correlation between the Corruption Perception Index, Internet penetration and tertiary education in Russia and the Ukraine. The value of this work is to inform and educate those charged with responding to cybercrime where a large part of the problem originates and try to understand why.
Resumo:
An estimated A$75,000 is lost by Australians everyday to online fraud, according to the Australian Competition and Consumer Commission (ACCC). Given that this is based on reported crime, the real figure is likely to be much higher. It is well known that fraud, particularly online fraud, has a very low reporting rate. This also doesn’t even begin to encompass non-financial costs to victims. The real cost is likely to be much, much higher. There are many challenges to policing this type of crime, and victims who send money to overseas jurisdictions make it even harder, as does the likelihood of offenders creating false identities or simply stealing legitimate ones. But despite these challenges police have started to do something to prevent the impact and losses of online fraud. By accessing financial intelligence, police are able to identify individuals who are sending money to known high-risk countries for fraud. They then notify these people with their suspicions that they may be involved in fraud. In many cases the people don’t even know they may be victims or involved in online fraud.
Resumo:
Info 2009 (Professional & Legal Issues) Coursework. A fictional interview with an Ex-Cybercriminal for the purpose of teaching users about the broad topic of cybercrime. This includes: Video Interview (2 parts) Poster Interview Script Reference List Follow the link to watch the video also hosted on youtube Part 1: http://www.youtube.com/watch?v=fO1jPNNy4iM&feature=mfu_in_order&list=UL Part 2: http://www.youtube.com/watch?v=9PufbpPe8yc&list=ULyJcmN7qVfPg&playnext=1 Credits to Mike Fisk(http://www.soul-amp.com/)for the blue globe image used.
Resumo:
A guest lecture by Professor David S.Wall from the University of Durham. This talk will explore the way that networked technology has transformed criminal behaviour. The first part will map out cybercrimes and identify the challenges they pose for both criminologists and also regulators. The second part will show that cybercrimes are informational, networked and global. In this section it will also be shown that cybercrimes are highly disorganised forms of offending when compared to the organisation of more 'traditional' crimes, but display some new organisational logics of their own. The third part of the talk will illustrate how the 'culture of fear' that has arisen around cybercrime has placed demands upon government and police - demands that, for reasons related to the distinct nature of cybercrimes, are hard to resolve. The fourth and final part will look at the new policing arrangements that are designed, it is argued here, to close the reassurance gap.
Resumo:
Presentation slides + mini quiz on the topic of cybercrime.
Resumo:
MaAfee White Paper: Cybercrime exposed Required reading
Resumo:
Human ICT implants, such as RFID implants, cochlear implants, cardiac pacemakers, Deep Brain Stimulation, bionic limbs connected to the nervous system, and networked cognitive prostheses, are becoming increasingly complex. With ever-growing data processing functionalities in these implants, privacy and security become vital concerns. Electronic attacks on human ICT implants can cause significant harm, both to implant subjects and to their environment. This paper explores the vulnerabilities which human implants pose to crime victimisation in light of recent technological developments, and analyses how the law can deal with emerging challenges of what may well become the next generation of cybercrime: attacks targeted at technology implanted in the human body. After a state-of-the-art description of relevant types of human implants and a discussion how these implants challenge existing perceptions of the human body, we describe how various modes of attacks, such as sniffing, hacking, data interference, and denial of service, can be committed against implants. Subsequently, we analyse how these attacks can be assessed under current substantive and procedural criminal law, drawing on examples from UK and Dutch law. The possibilities and limitations of cybercrime provisions (eg, unlawful access, system interference) and bodily integrity provisions (eg, battery, assault, causing bodily harm) to deal with human-implant attacks are analysed. Based on this assessment, the paper concludes that attacks on human implants are not only a new generation in the evolution of cybercrime, but also raise fundamental questions on how criminal law conceives of attacks. Traditional distinctions between physical and non-physical modes of attack, between human bodies and things, between exterior and interior of the body need to be re-interpreted in light of developments in human implants. As the human body and technology become increasingly intertwined, cybercrime legislation and body-integrity crime legislation will also become intertwined, posing a new puzzle that legislators and practitioners will sooner or later have to solve.
Resumo:
Cybercrime has rapidly developed in recent years and malware is one of the major security threats in computer which have been in existence from the very early days. There is a lack of understanding of such malware threats and what mechanisms can be used in implementing security prevention as well as to detect the threat. The main contribution of this paper is a step towards addressing this by investigating the different techniques adopted by obfuscated malware as they are growingly widespread and increasingly sophisticated with zero-day exploits. In particular, by adopting certain effective detection methods our investigations show how cybercriminals make use of file system vulnerabilities to inject hidden malware into the system. The paper also describes the recent trends of Zeus botnets and the importance of anomaly detection to be employed in addressing the new Zeus generation of malware.
Resumo:
The productisation of crime toolkits is happening at an ever-increasing rate. Previous attacks that required indepth knowledge of computer systems can now be purchased online. Large scale attacks previously requiring months to setup a botnet can now be scheduled for a small fee. Criminals are leveraging this opportunity of commercialization, by compromising web applications and user's browser, to gain advantages such as using the computer's resources for launching further attacks, or stealing data such as identifying information. Crime toolkits are being developed to attack an increasing number of applications and can now be deployed by attackers with little technical knowledge. This paper surveys the current trends in crime toolkits, with a case study on the Zeus botnet. We profile the types of exploits that malicious writers prefer, with a view to predicting future attack trends. We find that the scope for damage is increasing, particularly as specialisation and scale increase in cybercrime.
Resumo:
With increasing popularity and 1.9 billion cumulative registered accounts, virtual worlds are seeing an increase in a cybercrime named Virtual Property Theft. Currently, there is no data available on victim's perception of reasons for this theft. In this study, the authors aim to identify these reasons, and fill the need for a deeper understanding of VPT. This study used a survey including questions on virtual property ownership, theft, recovery and security. This survey is the first to report the views of victims of theft and remarkably showed although users are aware of offenders and have adequate security knowledge, 23% still become victims. This highlights that cyber criminals have found loopholes in existing security systems. Finally, given the continual growth of virtual worlds, it is essential to develop new policies and effective regulations. In this paper we will discuss the most critical survey results relating to security and provide statistical analysis.
Resumo:
Esta tesis se centra en el análisis de dos aspectos complementarios de la ciberdelincuencia (es decir, el crimen perpetrado a través de la red para ganar dinero). Estos dos aspectos son las máquinas infectadas utilizadas para obtener beneficios económicos de la delincuencia a través de diferentes acciones (como por ejemplo, clickfraud, DDoS, correo no deseado) y la infraestructura de servidores utilizados para gestionar estas máquinas (por ejemplo, C & C, servidores explotadores, servidores de monetización, redirectores). En la primera parte se investiga la exposición a las amenazas de los ordenadores victimas. Para realizar este análisis hemos utilizado los metadatos contenidos en WINE-BR conjunto de datos de Symantec. Este conjunto de datos contiene metadatos de instalación de ficheros ejecutables (por ejemplo, hash del fichero, su editor, fecha de instalación, nombre del fichero, la versión del fichero) proveniente de 8,4 millones de usuarios de Windows. Hemos asociado estos metadatos con las vulnerabilidades en el National Vulnerability Database (NVD) y en el Opens Sourced Vulnerability Database (OSVDB) con el fin de realizar un seguimiento de la decadencia de la vulnerabilidad en el tiempo y observar la rapidez de los usuarios a remiendar sus sistemas y, por tanto, su exposición a posibles ataques. Hemos identificado 3 factores que pueden influir en la actividad de parches de ordenadores victimas: código compartido, el tipo de usuario, exploits. Presentamos 2 nuevos ataques contra el código compartido y un análisis de cómo el conocimiento usuarios y la disponibilidad de exploit influyen en la actividad de aplicación de parches. Para las 80 vulnerabilidades en nuestra base de datos que afectan código compartido entre dos aplicaciones, el tiempo entre el parche libera en las diferentes aplicaciones es hasta 118 das (con una mediana de 11 das) En la segunda parte se proponen nuevas técnicas de sondeo activos para detectar y analizar las infraestructuras de servidores maliciosos. Aprovechamos técnicas de sondaje activo, para detectar servidores maliciosos en el internet. Empezamos con el análisis y la detección de operaciones de servidores explotadores. Como una operación identificamos los servidores que son controlados por las mismas personas y, posiblemente, participan en la misma campaña de infección. Hemos analizado un total de 500 servidores explotadores durante un período de 1 año, donde 2/3 de las operaciones tenían un único servidor y 1/2 por varios servidores. Hemos desarrollado la técnica para detectar servidores explotadores a diferentes tipologías de servidores, (por ejemplo, C & C, servidores de monetización, redirectores) y hemos logrado escala de Internet de sondeo para las distintas categorías de servidores maliciosos. Estas nuevas técnicas se han incorporado en una nueva herramienta llamada CyberProbe. Para detectar estos servidores hemos desarrollado una novedosa técnica llamada Adversarial Fingerprint Generation, que es una metodología para generar un modelo único de solicitud-respuesta para identificar la familia de servidores (es decir, el tipo y la operación que el servidor apartenece). A partir de una fichero de malware y un servidor activo de una determinada familia, CyberProbe puede generar un fingerprint válido para detectar todos los servidores vivos de esa familia. Hemos realizado 11 exploraciones en todo el Internet detectando 151 servidores maliciosos, de estos 151 servidores 75% son desconocidos a bases de datos publicas de servidores maliciosos. Otra cuestión que se plantea mientras se hace la detección de servidores maliciosos es que algunos de estos servidores podrán estar ocultos detrás de un proxy inverso silente. Para identificar la prevalencia de esta configuración de red y mejorar el capacidades de CyberProbe hemos desarrollado RevProbe una nueva herramienta a través del aprovechamiento de leakages en la configuración de la Web proxies inversa puede detectar proxies inversos. RevProbe identifica que el 16% de direcciones IP maliciosas activas analizadas corresponden a proxies inversos, que el 92% de ellos son silenciosos en comparación con 55% para los proxies inversos benignos, y que son utilizado principalmente para equilibrio de carga a través de múltiples servidores. ABSTRACT In this dissertation we investigate two fundamental aspects of cybercrime: the infection of machines used to monetize the crime and the malicious server infrastructures that are used to manage the infected machines. In the first part of this dissertation, we analyze how fast software vendors apply patches to secure client applications, identifying shared code as an important factor in patch deployment. Shared code is code present in multiple programs. When a vulnerability affects shared code the usual linear vulnerability life cycle is not anymore effective to describe how the patch deployment takes place. In this work we show which are the consequences of shared code vulnerabilities and we demonstrate two novel attacks that can be used to exploit this condition. In the second part of this dissertation we analyze malicious server infrastructures, our contributions are: a technique to cluster exploit server operations, a tool named CyberProbe to perform large scale detection of different malicious servers categories, and RevProbe a tool that detects silent reverse proxies. We start by identifying exploit server operations, that are, exploit servers managed by the same people. We investigate a total of 500 exploit servers over a period of more 13 months. We have collected malware from these servers and all the metadata related to the communication with the servers. Thanks to this metadata we have extracted different features to group together servers managed by the same entity (i.e., exploit server operation), we have discovered that 2/3 of the operations have a single server while 1/3 have multiple servers. Next, we present CyberProbe a tool that detects different malicious server types through a novel technique called adversarial fingerprint generation (AFG). The idea behind CyberProbe’s AFG is to run some piece of malware and observe its network communication towards malicious servers. Then it replays this communication to the malicious server and outputs a fingerprint (i.e. a port selection function, a probe generation function and a signature generation function). Once the fingerprint is generated CyberProbe scans the Internet with the fingerprint and finds all the servers of a given family. We have performed a total of 11 Internet wide scans finding 151 new servers starting with 15 seed servers. This gives to CyberProbe a 10 times amplification factor. Moreover we have compared CyberProbe with existing blacklists on the internet finding that only 40% of the server detected by CyberProbe were listed. To enhance the capabilities of CyberProbe we have developed RevProbe, a reverse proxy detection tool that can be integrated with CyberProbe to allow precise detection of silent reverse proxies used to hide malicious servers. RevProbe leverages leakage based detection techniques to detect if a malicious server is hidden behind a silent reverse proxy and the infrastructure of servers behind it. At the core of RevProbe is the analysis of differences in the traffic by interacting with a remote server.
