Upload
navvara
View
230
Download
0
Embed Size (px)
Citation preview
8/8/2019 Mcafee Na Virtual Criminology Report
1/20
McAfee VirtualCriminology Report :
North American Study intoOrganized Crime and the Internet
July 2005 McAfee 2005
8/8/2019 Mcafee Na Virtual Criminology Report
2/20
Share Scams
Hacking
Online Protection Racket
Bot-Nets for Hire
Organized Crime Phishing
Credit Card Fraud
Corporate Espionage
Money Laundering
Political Crime
8/8/2019 Mcafee Na Virtual Criminology Report
3/20
8/8/2019 Mcafee Na Virtual Criminology Report
4/20
CONTENTS
INTRODUCTION 5
SECTION ONE 6
Cybercrime, New and Improved
SECTION TWO 11
Attack of the Zombies
SECTION THREE 15
Looking to the Future
CONCLUSION 17
APPENDIX 18
National Law Enforcement Agencies
GLOSSARY 19
FURTHER INFORMATION 20
4
8/8/2019 Mcafee Na Virtual Criminology Report
5/20
8/8/2019 Mcafee Na Virtual Criminology Report
6/20
8/8/2019 Mcafee Na Virtual Criminology Report
7/20
8/8/2019 Mcafee Na Virtual Criminology Report
8/20
8
Burglars
Bogus callers knock at thefront door and pretend to befrom a legitimate business.In the meantime, theiraccomplice enters throughthe back door to stealvaluable possessions.
Viruses
The same mechanism worksonline. The back dooron a PCis opened up through illegalhacker behavior, enablingviruses to spread easily andinfect a machine.
Boiler Room Share Scams
Criminals pretend to bebrokers and sell shares viatelephone at an artificiallyinflated price, or shares ofcompanies that are noteven listed.
Pump-and-Dump Share Scams
Buying shares in companiesand using online share sites toissue false statements topump up the price beforeselling them for profit.
Bogus Callers
Criminals who phone up theirvictims and ask for their creditcard number, security details,or passwords, pretending theyare from the security
department of a bank.
Phishing
Phishing e-mails direct thevictim to the Web site of acriminal that mimics thebanks Web site, asks for a
credit card number, PINnumbers, and security details,and stores them for thecriminals own use.
Bank Robbery
Old-fashioned bank robbery:gangs rob high street banks/security vans.
Hacking
Hacking into a bankscomputer systems andtransferring money overelectronic payment systems.
Credit Card Theft
Criminals steal credit cardstatements and utility billsfrom garbage cans tofraudulently use the identityof their victims.
Online Credit Card Theft
Cybercriminals stealthousands of credit cardnumbers at a time by hackinginto company databases.
Protection Rackets
In the old world shopkeeperswere forced to pay a ransomto organized criminal gangs
to stop their shops beingrobbed or set on fire.
Online Extortion
Today organized criminals tryto force e-businesses to pay aransom to protectonline
shops from online attacks.
Comparisons
between
real-life crime
and cybercrime
All of the online versions of these crimesoffer criminals a number of advantages:
1 Criminals do not need to be physically
present at the scene to commit the crime.
2 These crimes can be committed acrossgeographies, i.e., someone in Russia
could commit a crime in the U.S./
Canada/France/UK/Germany/Italy, etc.
3 Using computers, the crime is carried
out automatically, at high speed and
attacks a vast number of victims at the
same time, making it harder to track
and prosecute.
8/8/2019 Mcafee Na Virtual Criminology Report
9/20
8/8/2019 Mcafee Na Virtual Criminology Report
10/20
8/8/2019 Mcafee Na Virtual Criminology Report
11/20
8/8/2019 Mcafee Na Virtual Criminology Report
12/20
8/8/2019 Mcafee Na Virtual Criminology Report
13/20
8/8/2019 Mcafee Na Virtual Criminology Report
14/20
8/8/2019 Mcafee Na Virtual Criminology Report
15/20
8/8/2019 Mcafee Na Virtual Criminology Report
16/20
Phishing and Identity Theft
The weaknesses of digital identity management and the ability
to use false identities to tap into global credit card and financialnetworks will continue to make this form of fraud attractive tocybercriminals. Although improvements in software andauthentication technology will reduce some areas of risk foridentity theft, social engineeringwill continue to provideopportunity for crime and newtechnological vulnerabilities likethe ability to illegally duplicatesome biometric identificationdata will likely be discovered.
16
Our information
infrastructure is regularly
probed for weaknesses
countless times every dayby hackers. Worms and
viruses that can cripple
vital systems propagate
with frightening speed.
These cyber incidents can
cause billions of dollars ineconomic damages, and
can pose a real physical
risk when they disrupt vital
infrastructure.
Margaret Bloodworth, Deputy
Minister, Public Safety andEmergency Preparedness,
May 25, 2005
8/8/2019 Mcafee Na Virtual Criminology Report
17/20
Conclusion
Cybercrime is not going to go away. As computer securityimproves, the cost of the damage it causes may fall, and it mayevolve into different forms of attack, but as computers become
more deeply embedded indaily activity, criminals willcontinue to use them.Individuals can defendagainst cybercrime bypracticing a reasonabledegree of computer hygiene,by installing anti-virus andanti-spyware programs andkeeping systems updatedand by exercising areasonable degree of caution.Expanded use of encryptionand authenticationtechnologies will make the
criminals task more difficult.The information technologyindustry has begun the longand arduous process of
building more secure computers and networks.
Increased funding for law enforcement, including training incyber forensics, improved vehicles for international cooperation(like the efforts in the G-8 to create national points of contact forcybercrime), and effective national laws (modeled on the Council
of Europe Cybercrime Treaty) will also help narrow theopportunities for cybercriminals.
Carnegie Mellons CERT Coordination Centers 2004 AnnualReport states, In every way, the next twenty years will bring
more of everything. More threats, more attacks, more resourcesat risk, more interconnection, more communication, moreemergencies.
It is hard to say if we are at the high tide of computer crime andcan expect levels to drop in the future, or whether cybercrimewill increase even further. What we can say is that as long aspeople use computers, criminals will attack them.
17
With the Council of
Europes Convention,
weve seen that with the
laws in place, people canbe effectively prosecuted.
Paul Kurtz, Executive Director,
Cyber Security Industry Alliance
and a former White House
cyber security official
8/8/2019 Mcafee Na Virtual Criminology Report
18/20
8/8/2019 Mcafee Na Virtual Criminology Report
19/20
Immigration and Customs Enforcement (ICE)ICE is aninvestigative arm of the Department of Homeland Security. ICEs
Cybercrimes Center investigates Internet crime cases involvingchild pornography, money laundering, arms and drug trafficking,and intellectual property rights violations.
Federal Trade CommissionThe Federal Trade Commissioninvestigates complaints involving spam, fraud, identity theft, andspyware, and takes legal action against violators.
Major Cities High-Tech Crimes Units
Many major cities in the U.S. and Canada, such as Vancouver,Edmonton, New York, Austin, and Los Angeles, have alsocreated high-tech crime units responsible for investigatingcybercrime. These units have specially trained investigators whoknow computers, how to collect and store digital evidence, andhow to connect with the IT community for assistance. Someunits specialize in particular criminal activities, such as financialcrimes and fraud. Toronto police, in cooperation with the RCMPand with Microsoft, have created a Child Exploitation TrackingSystem (CETS) that allows police to communicate and match
data rapidly. Other police forces in Canada are making use ofCETS, and the FBI has tested the system in the U.S.
GLOSSARY
Bot: Rogue computer code used to operate a denial of service attack.
Cybercrime: Term used to describe all crime committed usingcomputers, especially the Internet.
Cyber Corporate Espionage: Legitimate businesses using cybercrimeto attack competitors or steal sensitive business information.
Distributed Denial of Service (DDoS): Hackers link thousands ofcomputers and activate them to bombard a company Web site
with bogus queries, paralysing normal operations before issuinga blackmail demand.
Extortion: Obtaining money from a third party by use of a threat.
Hacking: Unauthorized access to a computer, network, or Website of a third party.
Phishing: Using spoof e-mails or directing people to fake Websites to fool them into divulging personal financial details socriminals can access their accounts.
Pump and Dump: Organized criminals buy up cheap shares in acompany, spread false business information via the Internet toincrease the share price (pump), and then sell the shares at thehigh price (dump).
Script Kiddies: Hackers, usually teenage computer geeks, whodisrupt a system for fun rather than financial gain.
Trojan Horse: A malicious program that appears to be harmlessthrough the fact it is hidden.
Zombie: A computer that has been infected and is under thecontrol of another person.
19
8/8/2019 Mcafee Na Virtual Criminology Report
20/20
FURTHER INFORMATION
Press Inquiries, U.S.
Tracy Ross
McAfee, Inc.Direct line: 408.346.5965E-mail: [email protected]
Ryan Lowry
Porter Novelli
Direct line: 415.975.2294E-mail: [email protected]
Press Inquiries, Canada
Kathy Swail
McAfee, Inc.Direct line: 514.428.2561E-mail: [email protected]
David EisenstadtThe Communications Group Inc.Direct line: 416.696.9900E-mail: [email protected]
Beth Merrick
The Communications Group Inc.Direct line: 416.696.9900E-mail: [email protected]
General Information
For additional information, please call 888.847.8766or visit www.mcafee.com.
20
McAfee, Inc.
3965 Freedom Circle, Santa Clara, CA 95054, 888.847.8766, www.mcafee.com
McAfee is a registered trademark or trademark of McAfee, Inc. and/or its affiliates in the US and/or
other countries. The color red in connection with security is distinctive of McAfee brand products. Allother registered and unregistered trademarks herein are the sole property of their respective owners. 2005 McAfee, Inc. All Rights Reserved. 6-vcr-na-001-0605