Computer Incident Response Team · PDF filecybercrime among governments, ... •...
Transcript of Computer Incident Response Team · PDF filecybercrime among governments, ... •...
![Page 1: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/1.jpg)
Role in Combating Cybercrime
Computer Incident Response Team
Mohamad Sazly B Musa
IMPACT
22nd September 2011
![Page 2: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/2.jpg)
2
Agenda
1. Overview of Cyber Crime
2. Statistics
3. Fighting Cyber Crime
4. The Role of CIRT
5. Why Establish CIRT?
6. Benefits of CIRT
7. CIRT Initiatives
8. Legal Basis for Collaboration
9. Conclusion
![Page 3: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/3.jpg)
3
“Criminal acts using computers and networks as tools or targets”
Cyber Crime: Definition
The use of a computer to achieve illegal ends
![Page 4: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/4.jpg)
4
Types of Cyber Crime
•Hacking•Viruses & worms
•DDoS•Web defacement
•Phishing•Espionage
•Identity theft•Credit card frauds
•Pornography•Online gambling
•Spam
•Software piracy•P2P
•Cyberterrorism•Attacks on Government
Infrastructure•Cyber laundering
Com
pute
r Rela
ted
Conte
nt
Rela
ted
Copyright
Rela
ted
Com
bin
ation
Offense
s
![Page 5: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/5.jpg)
5
Challenges
• Before
Nearly all crimes were local
Evidence never far from the crime scene
• Now
Internet crimes span multiple jurisdiction
Specialised procedures & forensics
Evidence across borders
How to get Legal Assist across borders
![Page 6: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/6.jpg)
6
Cyberspace starts with the internet…
Scope of Cyberspace
Network of networks
= Internet
![Page 7: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/7.jpg)
7
Modern Weapons Economics
$1.5 to $2 billion
$80 to $120 million
What does a stealth bomber cost?
What does a stealth fighter cost?
$1 to $2 millionWhat does a cruise missile cost?
$300 to $50,000What does a cyber weapon cost?
![Page 8: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/8.jpg)
8
Cyber Crime Statistics 2010
http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf
Internet Crime Complaint Centre
![Page 9: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/9.jpg)
9
Hacktivist
• Hacking refers to unlawful access to a computer system
• One of oldest computer related crimes
Lulz SecurityAnonymous Group
![Page 10: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/10.jpg)
10
Anonymous Activities
• Operations Payback, Avenge Assange, and Bradical - Dec 2010
To support WikiLeaks and launched DDoS attacks against Amazon, PayPal, MasterCard, Visa and the Swiss bank Post Finance
• Operation Sony 2011
To attack Sony websites in response to Sony's lawsuit against George Hotz
![Page 11: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/11.jpg)
11
Anonymous Activities
• Operation Malaysia - June 2011
Launched attacks on ninety-one websites of the Malaysian government in response to the blocking of file sharing websites
• Operation Anti-Security - July 2011
The group has teamed up with LulzSec to hack the websites and release information from a large number of government and corporate sources.
![Page 12: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/12.jpg)
12
Strategy to Fight Cyber Crime
• Technology
The quality of software needs to improve
• Education
To raise the risk awareness of the everyday visitor in cyberspace
• Legal Frameworks
Legislation that keeps up with the current challenges of cybercrime must exist and continually evolve.
• International Cooperation
To improve international cooperation and mutual assistance on cybercrime among governments, industry and non-governmental organisations (NGOs)
![Page 13: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/13.jpg)
13
The Role of CIRT
• Cybercrime is a global problem, so it goes without saying that it needs a global response.
• Need to build up national cyber defense
CERTs, CSIRTs, national security agencies, etc.
Improve incident response capability – how fast can we respond to attack
• CIRT can provide a single point of contact for dealing with cyber security incidents
![Page 14: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/14.jpg)
14
• Motivators driving the establishment of CIRT:
Increase in the number of reported computer security incidents
Growth in the number of reported vulnerabilities
The realisation that system and network administrators alone cannot protect organisational systems and assets
The realisation that a prepared plan and strategy is required
To encourage citizens and companies to report crimes more often
Why Establish CIRT?
![Page 15: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/15.jpg)
15
CIRT Functions
• Provides a single point of contact for reporting security incidents
• Assists the organisational constituency and general computing community in preventing and handling computer security incidents
• Shares information and lessons learned with other response team
• Collaborate with law enforcement agencies and local authority bodies
![Page 16: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/16.jpg)
16
It is critical that mechanisms are in place to:
• Provide early warnings
• Effectively detect & identify the activity
• Develop mitigation & response strategies
• Establish trusted communications channels
• Effect a coordinated response
• Share data & information about the activity
• Track & monitor this information to determine trends & long term remediation strategies
CIRT Functions
![Page 17: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/17.jpg)
17
Benefits of CIRT
• Serve as a trusted point of contact
• Develop an infrastructure for coordinating response
• Develop a capability to support incident reporting
• Conduct incident, vulnerability & artifact analysis
• Participate in cyber watch functions
• Help organisations to develop their own incident management capabilities
• Provide language translation services
• Make security best practices & guidance available
• Provide awareness, education & trainings
![Page 18: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/18.jpg)
18
CIRT Initiatives
• India, US join hands to fight cyber crime, sign MoU(http://www.governancenow.com/gov-next/egov/india-us-join-hands-fight-cyber-crime-sign-mou)
To enable exchange of critical cyber security information and expertise between the two governments through the CERT-In and US Computer Emergency Readiness Team (US-CERT)
• The Government of Luxembourg presented the new Cybersecurity board and the "Computer Emergency Response Team", in the effort to anticipate and fight virtual attacks. (http://www.investinluxembourg.lu/ict/new-strategy-prevent-and-fight-cybercrime)
![Page 19: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/19.jpg)
19
CIRT Initiatives
• EU prepares to set up Computer Emergency Response Team (http://www.infosecurity-magazine.com/view/18608/eu-prepares-to-set-up-computer-emergency-response-team)
The European Union has set up a team to establish a Computer Emergency Response Team (CERT) to counter the threat of cyber attacks against EU institutions, bodies and agencies.
• East Africa to fight cybercrime with CERT (http://news.idg.no/cw/art.cfm?id=CBB60BB2-1A64-6A71-CEB17DB32C209CD3)
A plan for the five East African states of Uganda, Kenya, Tanzania, Rwanda and Burundi to set up Computer Emergency Response Teams (CERTs) to fight cybercrime is under way, as countries involved seek to involve the ITU's help.
![Page 20: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/20.jpg)
20
Workshops & CIRT DeploymentObjectives:
- To assist partner countries’ assessment of its readiness to implement a National CIRT.
- IMPACT reports on key issues and analysis, recommending a phased implementation plan for National CIRT.
- In later stages the national CIRT will also be provided with enabling tools.
- Conducted workshops for 24 countries globally
No. Partner Countries Status
1 Afghanistan Completed in October 2009
2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010
3 Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast Completed in May 2010
4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010
5 Serbia, Montenegro, Bosnia & Albania Completed in November 2010
6 Cameroon, Chad, Gabon, Congo & Sudan Completed in December 2010
7 Cambodia, Vietnam, Myanmar Under Assessment Currently
8 Armenia Planned for October 2011
9 Laos Assessment in September 2011
10 Montenegro, Kenya, Zambia, Nigeria, Uganda Deployment in 2011-12
![Page 21: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/21.jpg)
21
Legal Basis for Collaboration
• Need to improve on the standard collaboration documents for the different CIRTs due to a wide diversity in the legislation
Standard Non Disclosure Agreement (NDA)
Standard Acceptable Use Policy (AUP)
Terms of Reference (ToR)
Standard Service Level Agreement (SLA)
Collaboration Agreements
Memorandum of Understanding (MOU)
Contract
![Page 22: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/22.jpg)
22
Conclusion
• Cyber security is a global problem that has to be addressed globally by all governments jointly
• No government can fight cybercrime or secure its cyberspace in isolation
• International cooperation is essential to securing cyberspace
• It is not a technology problem that can be ‘solved’; it is a risk to be managed by a combination of defensive technology
![Page 23: Computer Incident Response Team · PDF filecybercrime among governments, ... • Collaborate with law enforcement agencies and local ... 7 Cambodia, Vietnam,](https://reader034.fdocuments.in/reader034/viewer/2022051718/5a71ca597f8b9ab6538d06da/html5/thumbnails/23.jpg)
IMPACTJalan IMPACT63000 CyberjayaMalaysia
T +60 (3) 8313 2020F +60 (3) 8319 2020E [email protected] © Copyright 2010 IMPACT. All Rights Reserved.
Thank you
www.facebook.com/impactalliance