Cyberspace and the Police

Mamoru TAKAHASHI

Head of Computer Forensic Center, Hi-tech Crime Technology Division

National Police Agency, Japan

Security Measures by Government

• Basic IT Law (Jan. 2001)• Electronic Government

– To be established by fiscal 2003

• IT Security Office at Cabinet Secretariat is in charge of Security Aspect– Action Plan on Building Infrastructure to Counter

Hackers and Other Cyber Threats (Jan. 21, 2000)– Special Action Plan on Fighting Cyber-terrorism against

Critical Infrastructure (Dec. 15, 2000)– How Government and the Private Sector Can Work

Together to Fight Cyber-terrorism (Oct. 2, 2001)

“Guidelines for IT Security Policy”

• Formulated in July 2000.

• Each ministry and agency in the government finished formulating its own policy by Dec. 2000.

• Contents– Physical security– Human security (Education, Training, Password

management)– Technical security– Operation

• Security Practices had Reviewed by Nov. 2002

NIRTNational Incident Response Team

• Established in April 2002, to react cyber attacks against e-government.

• It’s mission is to share information and make emergency responses to counter cyber terrorism

against e-government.

• This is one of our projects to prepare for establishment of e-government.

NPA Organization for Technical Support to Cyber Crime Investigations

H i- tec h C r ime T ec hno logic al S upport C enterC omputer F orens ic C enterE s tablis hed in A pr il 2000

C yber T error is m T ec hno logy O ffi c eC yber F orc e C enter

E s tablis hed in A pr il 2001

H i- tec h C r ime T ec hno logy D ivis ionE s tablis hed in A pr il 2000

Computer Forensics Center

Trends of Internet Usage in Japan

• Estimated 47.08 millions (2000), up 74% year over year.

• Estimated 87.2 millions (2005).

• Cf. Population :

126.9 millions (2000)0102030405060708090Millions

1997 1998 1999 2000 2005

2585

110

7997

176

83

179

262

116

299

415

247

110

357

35

484

44

55931

712

63

810

0

100200300400500600700800900

1995 1996 1997 1998 1999 2000 2001

Violation of the Unauthorized Computer Access Law

Crime against PC or electronic format

Internet Crime

Arrest Rate for Cyber Crime

A Pile of Hard Disks as Evidence

Framework Against Cyber Terrorism

Introduction Video

Intrusion Detection Network System

• Collects information real-time from police forces nationwide.

• Detects and analyzes incidents on the Internet.

• Shares the analysis with various organizations.

• Contact Point for other Organizations.

• 24/7 Monitoring

1st Quarterly Report

• 24/7 Cyber Force's watch activity– watching cyber attack attempts to the police fac

ilities nationwide

• Analysis of criminal and malicious activities on the Internet– based on data of the second quarter of FY2002

• First analysis of this kind in Japan– first ever analysis in Japan

Emanation Source

20.6%

18.8%

18.2%

7.2%

5.9%

4.9%

3.8%

3.6%

3.2%3.2%

10.5% Italy

US

J apan

China

S Korea

Israel

Dominica

Germany

Thailand

Canada

Others

Emanation source does not necessarily mean that the attacker(s) come from there.

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Korea

China

Japan

US

Italy

Ping probe Port scanAccess to backdoor Attack to DNSAttack to Web server DoS AttackOthers

Country Trend

Emanation source does not necessarily mean that the attacker(s) come from there.

Number of Attack

0

200

400

600

800

1000

1200

1400

1600

1800

2000

July August September1 5 10 15 20 251 5 10 15 20 25 1 5 10 15 20 25

Attack Method

27.2% 57.3%

0.8%2.1%

0.7%4.1%

7.8%

( )ＩＣＭＰ通信ＩＰｱﾄ ﾚ゙ｽ確認 ( )ﾎﾟー ﾄｽｷｬﾝ ｻｰ ﾊ 使゙用ｻｰﾋ ｽ゙の確認バックドア接続要求 ＤＮＳへの攻撃Ｗｅｂサーバへの攻撃 SＤｏ攻撃その他

Ping probe Port ScanAccess to back door Attack to DNSAttack to Web Server Ｄｏ S AttackOthers

Usage of the Analysis

• Public announcement– raising public awareness of security by providing data

through the Internet

• Strengthen relationship with critical infrastructure– promoting anti-cyber terrorism efforts

• Strengthen international cooperation– information sharing with foreign law enforcement

agencies

Future Work

• Timely information provision– Information provision through the NPA security portal

site (to be operational in March 2003)

• Continuous research on analysis method• Maximization of analysis value

– Promote information sharing among the industry, academia and the government (ex. Critical infrastructures, the Cabinet Secretariat, universities)

Conclusions

• Malicious Activities on the Net are Active• Meaningful Analysis Method of Net Activities

must be Devised• Crucial for the Police to have Technical Capability

to deal with Cyber Crime→• Closer Relationship between Government and

Industry is Crucial• Security Awareness is Necessary

Contact Information

Mamoru Takahashi

Head of Computer Forensic Center

Hi-tech Crime Technology Division

National Police Agency

mtakahashi00@npa.go.jp