Upload
micah-gartside
View
217
Download
0
Embed Size (px)
Citation preview
COMPUTER CRIMES -THE LAW ENFORCMENT PERSPECTIVE
By:Wilfred A NathanComputer Forensic BranchCriminal Investigation DepartmentSingapore Police Force
•BLACK HAT BRIEFINGS
•SINGAPORE - 3-4 APR 2000
SCOPE
Computer Crime Trends
Definition of Computer Crime
Case Studies
Computer Misuse Act
Computer Crime Branch &
Computer Forensic Branch
IT Crime Investigation Procedures
Computer Crime Prevention &
Incident Management
Conclusion
INTRODUCTION
INTRODUCTION
Computer Crimes Trend
No. of reported cases relatively low
Increasing trend
1993/1994 -1
1995 - 3
1996 - 7
1997 - 37
1998 - 116
1999 - 185
0
20
40
60
80
100
120
140
160
180
200
CASES 1 3 7 37 116 185
93/4 95 96 97 98 99
INTRODUCTION
Definition of Computer CrimeWhen there is unauthorised access into a computer system in order to :
Destroy data or programsCommit other offences
CASE STUDY ONE
The Perfect Computer Crime System Analyst used Trojan horse program to capture colleagues password and used it to modify the Lucky Draw Program. Also gained root access whilst auditing computer system and replaced Lucky Program with fake program that allowed 3 friends to ‘win’ $485,000
CASE STUDY TWO
Crashing of Factory Computer System Disgruntled system administrator inserted logic bomb that replaced system files with damaged files during backup process. Also used another logic bomb to time backing up process while he was on holiday. Caused entire company’s system to crash and halted production lines. After his dismissal, he asked a computer illiterate colleague to crash system
files.
CASE STUDY THREE
Smart Card Scam - Managers of Cinema Chain modified Daily Cashiers’ Reports on computer system and siphoned off cash. Also topped up used Smart cards illegally and sold them to cinema touts. Enlisted help of a computer service engineer to load program into a branch so as to
further the crime.
CASE STUDY FOUR
Distribution of user-ids and passwords - Two youths stole user-ids and passwords of unsuspecting users of an ISP during IRC sessions and displayed the user-ids and passwords on a web site stating that the ISP’s system security had been breached.
Hacking of Television's Stations web-site Two teenagers obtained illegal access to a Television Station web-site by accident and modify several of the web pages with “hacker slogans”.
CASE STUDY FOUR
LESSONS LEARNT
Lack of
Physical Security
Electronic Security
Good Security Practices
Regular System Audit
Computer Incident Management
COMPUTER MISUSE ACT
Section 3 - Unauthorised Access to Computer Material
Section 4 - Access with Intent to Commit or Facilitate Commission of Further Offence
Section 5 - Unauthorised Modification of Contents of Computer
Section 6 - Unauthorised Use/Interception of Computer Service
Section 7 - Unauthorised obstruction of Use of Computer
Section 8 - Unauthorised Disclosure of Access Code
Section 9 - Enhanced punishments
- Territorial Scope
COMPUTER MISUSE ACT
CCB & CFB
• Computer Crime Investigation
• Computer Related Crime Investigation
• Telecommunication Frauds Investigation
• Training
• Computer Searches• Computer Seizures• Computer Forensic
Examination• Training
COMPUTER CRIME BRANCH
• Head, Computer Crime Branch
• OC Investigation Teams
• Senior Investigators
• Investigators
O rgan isation S tru ctu re o f C om p u ter C rim e B ran ch
S E N IO R IN V E S TIG A TO R S
IN V E S TIG A TO R S
IN V E S TIG A TIO N TE A M 'A '
S E N IO R IN V E S TIG A TO R S
IN V E S TIG A TO R S
IN V E S TIG A TIO N TE A M 'B '
H E A D
COMPUTER FORENSIC BRANCH
O rgan isation S tru ctu re of C om p u ter F oren sics B ran ch
C O M P U TE R F O R E N S IC E X A M IN E R S
C O M P U TE R F O R E N S IC TE A M
H E A D
• Head Computer Forensics
• OC Computer Forensics Team
• Computer Forensics Examiners
International Co-operation
• Asian Working Party (Computer Crime)
• Links with– FBI, USSS
– AFP
– Hong Kong
– Malaysia
– Taiwan
– Sweden
– U.K.
COMPUTER CRIME INVESTIGATIONS
Report Lodging
What to prepare?
Who should do the reporting?
COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation
Interviews (Facts gathering)
Complainant / Victims
System Administrators
Customer Service Engineer
Other Witnesses
COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation
Evidence Collection
Physical evidence (eg computer system, storage media)
Supporting evidence (eg system logs, callerID records)
COMPUTER CRIME INVESTIGATIONS
Preliminary Investigation
Evidence Analysis
Forensic laboratory and staff for examination of storage media
Technical Support from Industry experts
Vendors’ information
COMPUTER CRIME INVESTIGATIONS
Implications of Police Investigation’
Evidence in police custody till conclusion of the case
Commitment of time and resources
Adverse publicity
PREVENTION & INCIDENT MANAGEMENT
Setting up a Security Team
Implement Preventive Measures
Incident Management
PREVENTION & INCIDENT MANAGEMENT
Preventive Measures
Installation and maintenance of Intrusion Detection applications, e.g., Firewall, Intrusion Detection System
Proper documentation of computer systems
Conduct regular system audit
Password management
PREVENTION & INCIDENT MANAGEMENT
Preventive Measures
Establish links with SingCERT, etc
Simulation Excercises
Tracking software/hardware for bugs & vulnerabilities
PREVENTION & INCIDENT MANAGEMENT
Incident Management -
Respond swiftly
Collation of essential information and facts
Gathering of evidence
caller id records, system access logs
PREVENTION & INCIDENT MANAGEMENT
Incident Management
Ensure system and storage media not tampered
document any tampering
Report fast to Computer Crime Branch
CONCLUSION Report the incident as early as possible
Record all irregularities
Do not allow anyone to meddle with the computer
Do not restore the affected system
THE END
THANK YOU