protecting the vulnerable from cyber-crime rebecca rogers bournemouth university cyber security unit
TRANSCRIPT
Protecting the vulnerable from cyber-crimeRebecca Rogers
Bournemouth University Cyber Security Unit
2
Social Interaction
http://www.internetlivestats.com/one-second/
3
What Happens to Your Data
4
The World Wide Web
5
The Dark-Web
6
Accessing the Dark-Web
• Not all bad• Require special software to access • The Onion Router• Sets up the specificconnections you needto access dark Websites
7
TOR
• Onion Routing – bounces internet users and website traffic through relay run by thousands of volunteers around the world.
• Difficult to trace Internet activity back to user• Intended to protect the personal privacy of
users
8
Bitcoins
• Encrypted digital currency• When paired with TOR – increases anonymity– No one can trace a purchase/sale
• Favourite currency for cyber criminals
9
Who is interested in buying yourstolen data?
• Data travelled to 22 countries and 5 continents• Accessed 1,100 times in 12 days• 2 cybercrime syndicates shared data with peers
• Data tracking technology to uncover what happens to sensitive data after a hacker stole it.
10
Who is interested in buying yourstolen data?
• Criminals contacted the source requesting to buy it in bulk.
• Bitglass's watermark "phones home" when a file is opened or downloaded, grabbing IP address, geographic location, and the type of device accessing it.
11
How your data gets sold
• Marketplaces on the dark web, not unlike eBay – Feedback systems for vendors (“cheap and good A+”), – Refund policies (usually stating that refunds are not
allowed).– No special codewords to learn, no back-channels that
must be sussed out. – Information is very well categorised, eg. On the
AlphaBay market one can just click on the button marked “Fraud,” then into subsections like “Personal Information & Scans” or “CVV & Cards.”
12
How your data gets sold
13
How your data gets sold
14
Product Pricing
Source: 2013 panda security report – the cyber crime black market: uncovered
15
Who is stealing your data
• Before the Internet, criminals required physical access.
• Original hackers originally attacked technology for fun – now attack the user for financial gain.
• Used to work alone, now work as teams, trading information to create a more complete picture of an individual.
16
The Cost
• Costing worldwide economy £289 Billion annually
• UK is Europe’s Number One Target For Cyber Crime
• UK Individuals lost £268M in year up to 31st August 2015 (total £34 Billion)
• Most proceeds of fraud leave the UK – true cost to UK economy
17
The Cost – Elderly and Vulnerable• The impact is wide-reaching– often on low fixed incomes which make recovering from
financial loss impossible– they are likely to suffer psychological effects such as stress,
anger, emotional upset and embarrassment which they may not recover from
– can become dependent on government support where they had previously been self-reliant – increased cost to UK economy
• Often end up on ‘suckers lists’ identifying them as potential targets – creating a vicious circle which they cannot escape
18
Why the elderly and vulnerable?
• Elderly and Vulnerable more attractive – Easier to confuse– More trusting– Unlikely to report– Savings– Desire for products offering better quality of life– Changes in pensions• An increase in the number of pensions-related calls
around the time the new rules came into force.
19
Profiling - TalkTalk
• Potentially 1.2million customers had their personal information stolen by hackers. – Significantly dates of birth were taken as well as names, addresses,
email addresses, telephone numbers, credit card and bank details• Calls claiming to be offering compensation• Emails instructing victims to download software to ‘protect’
their systems• Many calls were made up to five days before TalkTalk
announced that they had been hacked.• Some of the conmen have call centre training which means
they sound genuine
20
Tactics
• Botnets – take control of computers and use processing power/storage to launch attacks - http://map.norsecorp.com/
• Phishing/Spam emails – Spear, whaling • Buffer overflow – accessing unused memory and overflowing causing
disruption • Covert channel – tapping in covertly eg. Man in the middle (wifi and cable)
attacks• Malicious software – software designed to cause deception – Trojan• Input attacks – eg. SQL injections (TalkTalk) tricks database into telling it
confidential information• Social engineering – builds a profile based on publically available
information and uses for eg. ID theft but also traditional techniques of deceit
• Back door – avoids authorisation and authentication requirements
21
Tactics – Phishing Emails
22
Tactics – Phishing Emails
23
Reporting
• More than half Britons have fallen victim to cybercrimes
• Less than a third actually reported the crimes– Unsure who to report it to.– Do not perceive as a real crime– Too trivial – Not aware they are a victim– May get reimbursed by bank (don’t need a crime
reference number to get money back). – note change to regs on police reporting cyber crime
24
Reporting
• Those aged 65+ are less likely than all internet users to use some online, and most mobile, security features
• They are also less likely to report having negative online experiences.
25
Prosecution
• 2007 – 2012 only 88 people sentenced under computer misuse act 1990.– Difficult to investigate and prosecute– Mostly under non-financial fraud crime
26
Changes to legislation
• Computer misuse act updated – Made easier to prosecute British nationals
irrespective of where they are located• However, only 10% of UK cyber crime is committed by
UK Nationals• No overarching jurisdiction
– Aimed at protecting National infrastructure (power, water) as opposed to individuals• No deterrent to low level cyber criminals
27
What the future holds
• Elderly and vulnerable will be all but cut off from government services, shops and local communities because of the rise of the internet
• Increasing use of apps to help those with long-term conditions manage their care, with more use of online booking of appointments, as well as medical consultations online.• Approximately 40% of people aged 65 or over in the UK do
not have access to the internet at home
28
What can be done
• Training and Education – Elderly and vulnerable not experiencing technology
through education or employment– Training 6.2 million people without basic digital skills
would cost £875m by 2020• Designing systems which take into account the
capabilities of the most vulnerable in our society– By making the device seem like an everyday watch, it
reduces at least some of the potential barriers to the elderly in its use.