international trends in cyber crime prosecutions sean b. hoar assistant united states attorney...
Post on 26-Dec-2015
220 Views
Preview:
TRANSCRIPT
International Trendsin Cyber Crime Prosecutions
Sean B. HoarAssistant United States Attorney
United States Department of Justicesean.hoar@usdoj.gov
Workshop for the Judiciary on Cyber CrimeAbu Dhabi, United Arab Emirates
June 3rd, 2010
The Internet . . . a new world . . .
In the time it takes for me to make this presentation . . . – Over 37,000 blogs will be posted on the Internet– Over 1,300,000 “tweets” will be sent on Twitter– Over 7,292,000 people will log on to Facebook– Over 41,660,000 videos will be watched on
YouTube– Over 118,000,000 searches will be conducted on
Overview of presentation
International trends in cyber crime– Backdrop: insecure web infrastructure;
dynamic, constantly evolving technology– Result: malware, intrusions, spam,
financial fraud, intellectual property theft, sale of illegal substances & information
investigation & prosecution
Impediments & solutions
Primary international trend -malware-
Malware (a contraction of "malicious software") refers to software developed for the purpose of doing harm. Malware can generally be classified based on – how it is executed, how it is spread and/or
what it is intended to do
Malware generally takes the form of a virus, a worm, a Trojan horse, a backdoor, crimeware, or spyware
Primary international trend -malware-
Insecure web infrastructure– In last half of 2009
225% growth in malicious web sites
95% of user-generated comments to blogs, chat rooms/message boards were spam or malicious
77% of Web sites with malicious code are legitimate sites that have been compromised, i.e. they are sites that you visit . . .
13.7% of searches for trending news/buzz words led to malware
Websense Security Labs
Primary international trend -malware-
Insecure email messaging technology– Last half of 2009
85.8% of all emails were spam
81% of emails contained a malicious link
tens of thousands of Hotmail, Gmail and Yahoo email accounts were hacked and passwords stolen and posted online
phishing lures doubled in the second half of 2009 representing 4% of spam email
Websense Security Labs
Primary international trend -malware-
Cyber criminals continue to go where the money is . . .
Crimeware is malware specifically designed to steal money . . . Crimeware exploits continue unabated . . .
Primary international trend -Malware-
Web infrastructure & use– The top 100 most visited Web properties are
social networking and search engines.– The next 1,000,000 most visited sites, or the
known Web, are primarily current events, regional and genre sites.
– The next 100,000,000 sites - the “long tail” of the Internet, or the unknown Web, are junk, personal, and scam sites which are specifically set up for fraud and abuse.
Primary international trend -Malware-
Driving force behind cyber crime is $$
New generation of Web content targeted– Social networking sites and search engines
have evolved rapidlyBusiness growth is driving Web 2.0 adoption in the workplace
Consumer habits have shifted to Web 2.0 apps
– Because more businesses and consumers are using Web 2.0 sites, these sites are increasingly targeted for malicious purposes
International trendmalware perpetrator turf wars
A new Russian botnet – Spy Eye – has been programmed to kill a much more established rival botnet - Zeus – in order to remove the Zeus software from the victim computer, giving Spy Eye exclusive access to user names and passwords– Zeus and Spy Eye are both Trojan-making toolkits
Steal online banking credentials
Designed to give criminals easy means of creating own "botnet" networks of password-stealing programs
Provide option of deleting other malicious code, i.e. “Kill Zeus” option on Spy Eye
– Zeus sells for $2500, Spy Eye for $500, on the black market
International trendattackers capitalize on major events
Major events provide fodder for attacks designed to steal personal or business information - where there are major events there will be major scams:– The Olympics/major sporting events– Health concerns (H1N1 scare)– Natural catastrophes (earthquake in Haiti)– Economic crisis
International trendintrusions
Network intrusions– Identity theft – multi-billion dollar industry . . .
Critical infrastructure intrusions– Sensitive data – Sectors necessary to support society
Distributed denial of service attacks– Extortion
Web site defacement
International trendintrusions
February 3, 2010: – A Venezuelan citizen, Edwin Pena, was first to
be charged with hacking into networks of Voice Over Internet Protocol (VOIP) providers and reselling hacked VOIP services for profit
Pena sold more than 10 million minutes of Internet phone service to telecom businesses at deeply discounted rates, causing more than $1.4 million in losses in less than one year
One victim business was billed for more than 500,000 unauthorized calls
International trendintrusions/data mining
Identity theft/surreptitious software – Keyloggers
Exploit security flaws and monitor the path that carries data from the keyboard to other parts of the computer – more invasive than phishing – relying upon infection rather than deceptionTens of millions of machines are infected with keyloggers, putting billions in bank account assets at the fingertips of fraudstersMonitoring programs often hidden within e-mail attachments, files shared via p-2-p networks, or embedded in web pages – exploiting browser features
International trendintrusions/data mining
February 8, 2010– A Swedish national, Philip Pettersson, was charged
with hacking into computer networks of Cisco and the National Aeronautics and Space Administration
December 23, 2009– A New York man, Stephen Watt, was sentenced to
two years in prison and ordered to pay $171.5 million in restitution for providing a “sniffer” program to others
– The “sniffer” program was used to monitor and capture credit card data as it traveled across computer networks
International trendintrusions/data mining
December 29, 2009– A Miami man, Albert Gonzalez, pled guilty to
hacking into computer networks supporting major American retail and financial businesses
– Stole tens of millions of credit card accounts affecting more than 250 financial institutions
– It is one of the largest data breaches ever investigated and prosecuted in the U.S.A.
International trendintrusions/data mining
November 10, 2009– Hackers from Estonia, Russia, and Moldova charged
with hacking into a computer network which is part of the Royal Bank of Scotland
– They compromised data encryption used by RBS WorldPay to protect customer data on payroll debit cards
– They raised account limits, provided “cashers” counterfeit payroll debit cards, and withdrew more than $9 million from more than 2100 ATMs in over 280 cities worldwide in less than 12 hours
International trenddata breaches - still a problem?
In 2005, U.S. state laws began requiring disclosure of data breaches– February 15, 2005, ChoicePoint was first major
disclosed breach of 163,000 identitiesCost $25 million in damages and restitution
– June 16, 2005, CardSystems was next major disclosed breach and 40 million credit card accounts were compromised
Between January 2005 and May 2010 354,544,631 records were breached in U.S.
International trenddata breaches – getting more costly
In 2009, data breaches cost companies– Approximately $204 per compromised
customer record– Approximately $6.75 million per data breach
International trendphishing continues to evolve . . .
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.
International trendphishing via social engineering . . .
Social‐engineering schemes use spoofed e‐mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords.
International trendphishing via technical subterfuge
Technical subterfuge schemes plant crimeware onto PCs to steal credentials– often using systems to intercept consumers
online account user names and passwords – to corrupt local navigational infrastructures to
misdirect consumers to counterfeit websites (or authentic websites through phisher -controlled proxies used to monitor and intercept consumers’ keystrokes)
International trendphishing
October 7, 2009– 100 persons charged in the U.S. and Egypt in
sophisticated phishing operation that fraudulently collected personal information from thousands of victims which was used to defraud American banks
International trend password stealing software: all-time high
The number of crimeware‐spreading sites infecting PCs with password‐stealing crimeware reached an all time high of 31,173 in December of 2008,
an 827 percent increase from January of 2008 (APWG)
International trendphishing reports: high value targets
While reports decreased, a substantial increase in phishing focused on high‐value targets such as personnel with treasury authority (APWG)
International trendunique phishing sites: far too many
The number of unique phishing websites detected by APWG during the fourth quarter of 2009 continue to be very high
International trendphishing targets – where the $$ is . . .
The financial services sector continues to be the most targeted industry sector (APWG)
International trendrogue anti-malware products . . .
Rogue antivirus products are some of the most efficient – and increasingly preferred ‐ ways to victimize consumers. Unlike banking Trojans, where cybercriminals have to infect a PC, steal data, etc., a rogueware attack simply fools users into paying for worthless software – or forcing them to make a ransom payment. The user is the one willing to pay in order to “disinfect” their PC ‐ or free it from a cybercriminal’s control.
International trendrogue anti-malware
Cybercriminals profit faster by increasing the proportion of users who pay after downloading rogueware. These techniques have rocketed , with new cybercriminals using ransomware – which don’t let you use
your PC until you buy a ‘license’ (AWPG)
International trendmalicious code evolution
Crimeware (data-stealing malicious code designed to victimize financial institution customers and co-opt institutional identities); Generic Data Stealing (data stealing Trojans and code designed to send information from an infected machine, control it, and open backdoors on it); Other (remainder of malicious code such as auto-replicating worms, dialers for charge-back scams, etc.) (APWG).
International trends48% of all computers are infected . . .
International trendspam . . . almost 9 out of 10 messages
3.1 billion messages were processed by the Hosted Infrastructure (over 100 million per day) of which 87.3% of all email was spam , 94.8% of spam included
an embedded URL , and 1.2% of spam emails were phishing attacks
www.websense.com
International trendspam categories
McAfee.com
International trendspam/phishing
January 14, 2010– A Romanian citizen, Cornel Tonita, pleaded guilty to
phishing and spamming by harvesting email addresses from Internet sites, primarily colleges and universities in the U.S., and providing the email addresses to others so that they could be spammed.
International trend spam/stock fraud
November 23, 2009– Residents of Hong Kong and the U.S. were each
sentenced to several years in prison for spamming with the use of botnets which compromised computers and manipulated financial transactions and the stock market
– They forfeited a total of $870,000
International trendfinancial fraud
Manifests in a variety of forms– Identity theft/carding– Auction fraud– Advance fee fraud/419 scams– High Yield “Investment” Programs– Pyramid schemes– Pump-and-dump stock scams– Pay-per-click advertising fraud– Espionage
International trend financial fraud/auction fraud/identity theft
United States v. Mondello – could have happened anywhere in the world– Local high school graduate and computer genius– Between December 2005 and October 2007
Initiated thousands of separate online auctions
Using more than 40 fictitious usernames and online payment accounts to sell copies of counterfeit software
Generated more than $400,000 in personal profit
International trend financial fraud/auction fraud/identity theft
United States v. Mondello – could have happened anywhere in the world– Mondello acquired victims’ names, bank account
numbers and passwords by using a computer keystroke logger.
– The keystroke logger installed itself on victims’ computers and recorded victim’s name and bank account information as information was being typed.
– The program then electronically sent the information back to Mondello which he then used to establish fictitious usernames and online payment accounts.
International trend financial fraud/auction fraud/identity theft
United States v. Mondello - outcome– Pled guilty to criminal copyright infringement,
aggravated identity theft and mail fraud– Consented to the forfeiture of more than $225,000 in
cash proceeds, and also forfeited computer-related equipment used to commit the crime.
– Sentenced to serve 48 months in prison – Ordered to serve three years of supervised release
and perform 450 hours of community service during that time
– Made anti-piracy video for RIAA
International trendNigerian scams continue to abound
Nigerian scams– Traditional “419” Nigerian letter scam– Overpayment scam– Check cashing scam– Re-shipping scam – Tax Refund scam – Lottery scam – Internet romance scam – Inheritance scam– Insurance scam – Business opportunities scam – Investment scam
International trendNigerian scams continue to abound
February 17, 2010– A Nigerian citizen, Okpako Mike Diamreyan
was convicted of wire fraud for running an advance fee fraud scam
– The scam enticed victims to send money via the Internet with the promise of receiving a larger sum of money in the future
International trend economic espionage
February 8, 2010– An aerospace engineer was sentenced to over 15
years in prison for economic espionage and acting as an agent of the People’s Republic of China for more than 30 years while working for Rockwell and Boeing in the U.S., from which he stole trade secrets, including information related to the Space Shuttle program and the Delta IV rocket
International trendIntellectual property theft
IP theft - a huge international problem– 90% of the software, DVDs, and CDs sold in
some countries are counterfeit*
The total global trade in counterfeit goods is more than $600 billion a year**– IP theft costs U.S.A. businesses an
estimated $250 billion annually, as well as 750,000 U.S.A. jobs.***
*InformationWeek**World Customs Organization; Interpol. *** U.S. Department of Commerce
International trendIntellectual property theft
January 22, 2010– A Saudi citizen, Ehab Ali Ashoor, was found guilty of
trafficking in counterfeit Cisco goods – He purchased counterfeit Cisco Gigabit Interface
Converters (GBICs) on the Internet in an attempt to satisfy a contract with the U.S. Marine Corps in Iraq
February 5, 2010– A Chinese national, Yongcai Li, was sentenced to 30
months in prison and ordered to pay $790,683 in restitution for trafficking in counterfeit Cisco goods
International trendsale of unlawful substances/information
Unlawful sale/distribution of narcotics & other controlled substances
Unlawful sale/distribution of classified information
Illegal exports – violation of trade embargos
Impediments to enforcement of international cyber crime
Technically complex subject matter– Lack of technically trained investigators,
prosecutors, judges and jurors– Technical forensic process may be required to
acquire and preserve evidence
Time sensitive– Evidence may be fleeting– Special legal process may be required to
acquire and preserve evidence
Impediments to enforcement of international cyber crime
Limited resources– Data intensive– Competes with other priorities
Transnational– Separate sovereigns– Lack of treaties or dual criminality provisions – Slow, cumbersome MLAT process– Language barriers
Solutions to enforcement of international cyber crime
Increased human and monetary resources– Increased technical training– Adequate technology– Increased language training
Increased international cooperation– Fundamental dual criminality standards
between all countries– Expansion of informal networks for immediate
assistance
Solutions to enforcement of international cyber crime
Increased international cooperation (continued)– Uniform financial standards for certain types
of transactions/sites– Uniform financial standards for suspicious
monetary transaction alerts– Uniform agreements to share seized assets,
which constitute proceeds of fraud, with assisting agencies/governments
Any questions??
International Trendsin Cyber Crime Prosecutions
Sean B. HoarAssistant United States Attorney
United States Department of Justicesean.hoar@usdoj.gov
Workshop for the Judiciary on Cyber CrimeAbu Dhabi, United Arab Emirates
June 3rd, 2010
top related