Mcafee Na Virtual Criminology Report

8/8/2019 Mcafee Na Virtual Criminology Report

1/20

McAfee VirtualCriminology Report :

North American Study intoOrganized Crime and the Internet

July 2005 McAfee 2005


2/20

Share Scams

Hacking

Online Protection Racket

Bot-Nets for Hire

Organized Crime Phishing

Credit Card Fraud

Corporate Espionage

Money Laundering

Political Crime


3/20


4/20

CONTENTS

INTRODUCTION 5

SECTION ONE 6

Cybercrime, New and Improved

SECTION TWO 11

Attack of the Zombies

SECTION THREE 15

Looking to the Future

CONCLUSION 17

APPENDIX 18

National Law Enforcement Agencies

GLOSSARY 19

FURTHER INFORMATION 20

4


5/20


6/20


7/20


8/20

8

Burglars

Bogus callers knock at thefront door and pretend to befrom a legitimate business.In the meantime, theiraccomplice enters throughthe back door to stealvaluable possessions.

Viruses

The same mechanism worksonline. The back dooron a PCis opened up through illegalhacker behavior, enablingviruses to spread easily andinfect a machine.

Boiler Room Share Scams

Criminals pretend to bebrokers and sell shares viatelephone at an artificiallyinflated price, or shares ofcompanies that are noteven listed.

Pump-and-Dump Share Scams

Buying shares in companiesand using online share sites toissue false statements topump up the price beforeselling them for profit.

Bogus Callers

Criminals who phone up theirvictims and ask for their creditcard number, security details,or passwords, pretending theyare from the security

department of a bank.

Phishing

Phishing e-mails direct thevictim to the Web site of acriminal that mimics thebanks Web site, asks for a

credit card number, PINnumbers, and security details,and stores them for thecriminals own use.

Bank Robbery

Old-fashioned bank robbery:gangs rob high street banks/security vans.

Hacking

Hacking into a bankscomputer systems andtransferring money overelectronic payment systems.

Credit Card Theft

Criminals steal credit cardstatements and utility billsfrom garbage cans tofraudulently use the identityof their victims.

Online Credit Card Theft

Cybercriminals stealthousands of credit cardnumbers at a time by hackinginto company databases.

Protection Rackets

In the old world shopkeeperswere forced to pay a ransomto organized criminal gangs

to stop their shops beingrobbed or set on fire.

Online Extortion

Today organized criminals tryto force e-businesses to pay aransom to protectonline

shops from online attacks.

Comparisons

between

real-life crime

and cybercrime

All of the online versions of these crimesoffer criminals a number of advantages:

1 Criminals do not need to be physically

present at the scene to commit the crime.

2 These crimes can be committed acrossgeographies, i.e., someone in Russia

could commit a crime in the U.S./

Canada/France/UK/Germany/Italy, etc.

3 Using computers, the crime is carried

out automatically, at high speed and

attacks a vast number of victims at the

same time, making it harder to track

and prosecute.


9/20


10/20


11/20


12/20


13/20


14/20


15/20


16/20

Phishing and Identity Theft

The weaknesses of digital identity management and the ability

to use false identities to tap into global credit card and financialnetworks will continue to make this form of fraud attractive tocybercriminals. Although improvements in software andauthentication technology will reduce some areas of risk foridentity theft, social engineeringwill continue to provideopportunity for crime and newtechnological vulnerabilities likethe ability to illegally duplicatesome biometric identificationdata will likely be discovered.

16

Our information

infrastructure is regularly

probed for weaknesses

countless times every dayby hackers. Worms and

viruses that can cripple

vital systems propagate

with frightening speed.

These cyber incidents can

cause billions of dollars ineconomic damages, and

can pose a real physical

risk when they disrupt vital

infrastructure.

Margaret Bloodworth, Deputy

Minister, Public Safety andEmergency Preparedness,

May 25, 2005


17/20

Conclusion

Cybercrime is not going to go away. As computer securityimproves, the cost of the damage it causes may fall, and it mayevolve into different forms of attack, but as computers become

more deeply embedded indaily activity, criminals willcontinue to use them.Individuals can defendagainst cybercrime bypracticing a reasonabledegree of computer hygiene,by installing anti-virus andanti-spyware programs andkeeping systems updatedand by exercising areasonable degree of caution.Expanded use of encryptionand authenticationtechnologies will make the

criminals task more difficult.The information technologyindustry has begun the longand arduous process of

building more secure computers and networks.

Increased funding for law enforcement, including training incyber forensics, improved vehicles for international cooperation(like the efforts in the G-8 to create national points of contact forcybercrime), and effective national laws (modeled on the Council

of Europe Cybercrime Treaty) will also help narrow theopportunities for cybercriminals.

Carnegie Mellons CERT Coordination Centers 2004 AnnualReport states, In every way, the next twenty years will bring

more of everything. More threats, more attacks, more resourcesat risk, more interconnection, more communication, moreemergencies.

It is hard to say if we are at the high tide of computer crime andcan expect levels to drop in the future, or whether cybercrimewill increase even further. What we can say is that as long aspeople use computers, criminals will attack them.

17

With the Council of

Europes Convention,

weve seen that with the

laws in place, people canbe effectively prosecuted.

Paul Kurtz, Executive Director,

Cyber Security Industry Alliance

and a former White House

cyber security official


18/20


19/20

Immigration and Customs Enforcement (ICE)ICE is aninvestigative arm of the Department of Homeland Security. ICEs

Cybercrimes Center investigates Internet crime cases involvingchild pornography, money laundering, arms and drug trafficking,and intellectual property rights violations.

Federal Trade CommissionThe Federal Trade Commissioninvestigates complaints involving spam, fraud, identity theft, andspyware, and takes legal action against violators.

Major Cities High-Tech Crimes Units

Many major cities in the U.S. and Canada, such as Vancouver,Edmonton, New York, Austin, and Los Angeles, have alsocreated high-tech crime units responsible for investigatingcybercrime. These units have specially trained investigators whoknow computers, how to collect and store digital evidence, andhow to connect with the IT community for assistance. Someunits specialize in particular criminal activities, such as financialcrimes and fraud. Toronto police, in cooperation with the RCMPand with Microsoft, have created a Child Exploitation TrackingSystem (CETS) that allows police to communicate and match

data rapidly. Other police forces in Canada are making use ofCETS, and the FBI has tested the system in the U.S.

GLOSSARY

Bot: Rogue computer code used to operate a denial of service attack.

Cybercrime: Term used to describe all crime committed usingcomputers, especially the Internet.

Cyber Corporate Espionage: Legitimate businesses using cybercrimeto attack competitors or steal sensitive business information.

Distributed Denial of Service (DDoS): Hackers link thousands ofcomputers and activate them to bombard a company Web site

with bogus queries, paralysing normal operations before issuinga blackmail demand.

Extortion: Obtaining money from a third party by use of a threat.

Hacking: Unauthorized access to a computer, network, or Website of a third party.

Phishing: Using spoof e-mails or directing people to fake Websites to fool them into divulging personal financial details socriminals can access their accounts.

Pump and Dump: Organized criminals buy up cheap shares in acompany, spread false business information via the Internet toincrease the share price (pump), and then sell the shares at thehigh price (dump).

Script Kiddies: Hackers, usually teenage computer geeks, whodisrupt a system for fun rather than financial gain.

Trojan Horse: A malicious program that appears to be harmlessthrough the fact it is hidden.

Zombie: A computer that has been infected and is under thecontrol of another person.

19


20/20

FURTHER INFORMATION

Press Inquiries, U.S.

Tracy Ross

McAfee, Inc.Direct line: 408.346.5965E-mail: [email protected]

Ryan Lowry

Porter Novelli

Direct line: 415.975.2294E-mail: [email protected]

Press Inquiries, Canada

Kathy Swail

McAfee, Inc.Direct line: 514.428.2561E-mail: [email protected]

David EisenstadtThe Communications Group Inc.Direct line: 416.696.9900E-mail: [email protected]

Beth Merrick

The Communications Group Inc.Direct line: 416.696.9900E-mail: [email protected]

General Information

For additional information, please call 888.847.8766or visit www.mcafee.com.

20

McAfee, Inc.

3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com

McAfee is a registered trademark or trademark of McAfee, Inc. and/or its affiliates in the US and/or

other countries. The color red in connection with security is distinctive of McAfee brand products. Allother registered and unregistered trademarks herein are the sole property of their respective owners. 2005 McAfee, Inc. All Rights Reserved. 6-vcr-na-001-0605

Documents

Mcafee Na Virtual Criminology Report