Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal...
-
Upload
truongthuy -
Category
Documents
-
view
221 -
download
3
Transcript of Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal...
![Page 1: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/1.jpg)
SESSION ID:
#RSAC
David J. Hickton
Confronting Cybercrime: Exploring the Legal and Investigative Challenges
PNG-R03F
United States AttorneyWestern District of Pennsylvania@WDPANews
![Page 2: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/2.jpg)
#RSAC
Why Pittsburgh?
![Page 3: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/3.jpg)
#RSACPittsburgh:Uniquely Positioned for the Cyber Fight
3
![Page 4: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/4.jpg)
#RSAC
University of Pittsburgh Bomb Threats
International Cyber Hoax
![Page 5: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/5.jpg)
#RSAC
University of Pittsburgh Bomb Threats
5
March/April 2012
40+ bomb threats sent through anonymizers
100+ evacuations of buildings and students
$300K in additional security costs to University
![Page 6: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/6.jpg)
#RSAC
University of Pittsburgh Bomb Threats
6
Hoax Investigation
JTTF investigates
Overcame use of anonymizers/email remailers
Full cooperation of Pitt’s IT department
International partners: England, Ireland and Scotland
“Tell the Pitt police that bombs are in Litchfield Towers, the Cathedral of Learning, Salk, Scaife, PA and Ruskin Halls.”
April 21, 2012 Email
![Page 7: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/7.jpg)
#RSAC
University of Pittsburgh Bomb Threats
7
Adam Stuart BusbyIndicted for email threat campaign against University of Pittsburgh, U.S. Attorney and three Federal Courthouses
Scottish separatist living in Dublin, Ireland
Wanted by Scotland for similar conduct
Presently in hospital in Scotland
![Page 8: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/8.jpg)
#RSAC
Chinese Economic Espionage
Industrial Hacking by a Nation State
![Page 9: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/9.jpg)
#RSAC
Chinese Economic Espionage
9
PLA Military Hackers
First time the United States has leveled cyber espionage charges against the military of a foreign country
31-count indictment charging five members of Chinese military with theft of technological secrets and communications
![Page 10: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/10.jpg)
#RSAC
Chinese Economic Espionage
10
U.S. Entities Attacked
![Page 11: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/11.jpg)
#RSAC
Chinese Economic Espionage
11
Westinghouse Electric Company, LLC
Westinghouse in negotiations with Chinese Nuclear Power Corporation regarding AP1000 reactor Construction in China
May 2010: pipe support engineering documents stolen
2010-2012: emails of top executives stolen
![Page 12: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/12.jpg)
#RSAC
Chinese Economic Espionage
12
United States Steel CorporationBetween 2009-2012, US Steel was engaged in trade cases against Chinese steel manufacturers
Two weeks before a decision in one of the disputes, an employee working in a relevant division of US Steel received a spearphishing e-mail message
At about the same time, names and descriptions of thousands of US Steel servers were stolen
![Page 13: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/13.jpg)
#RSAC
Chinese Economic Espionage
13
Allegheny Technologies, Inc.Partner in a joint venture with major Chinese Steel Company and, between 2009 and 2012, was engaged in a trade case against the same Chinese firm
The day after a board meeting for the joint venture in Shanghai, the network credentials for virtually every employee were stolen
![Page 14: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/14.jpg)
#RSAC
Chinese Economic Espionage
14
United SteelworkersIn 2012, USW’s President issues a “call to action” against Chinese policies
The next day, emails containing strategic discussions from senior union employees were stolen
Two days after the union publicly advocated for duties on Chinese imports, more email messages containing strategic discussions were stolen
![Page 15: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/15.jpg)
#RSAC
Chinese Economic Espionage
15
AlcoaIn 2008, Alcoa announced a partnership with a major Chinese Aluminum company to acquire a stake in another foreign company
Three weeks later, senior Alcoa managers received spearphishing email messages
![Page 16: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/16.jpg)
#RSAC
Chinese Economic Espionage
16
SolarWorld USAMay 2012 - September 2012: thousands of employee emails and attachments were stolen
During the same timeframe, SolarWorld was engaged in trade cases against Chinese solar manufacturers
![Page 17: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/17.jpg)
#RSAC
Chinese Economic Espionage
17
What Did They Steal?
Credentials
Intellectual property
Strategic plans
Cost and price data
Trade case strategy
![Page 18: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/18.jpg)
#RSAC
Chinese Economic Espionage
18
![Page 19: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/19.jpg)
#RSAC
Chinese Economic Espionage
19
PLA Unit 61398
Employs hundreds, perhaps thousands of personnel
Requires personnel trained in computer security and computer network operations
Has large-scale infrastructure and facilities in the “Pudong New Area” of Shanghai
![Page 20: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/20.jpg)
#RSAC
GameOver Zeus/Cryptolocker
Malware Intrusion by Foreign Actors
![Page 21: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/21.jpg)
#RSAC
GameOver Zeus Malware
21
GameOver Zeus Malware1 Million infected computers worldwide; 25% in the United States
$100M+ wire transferred from compromised computers to cyber criminals overseas
Haysite Reinforced Plastics of Erie, Penn. bilked of $375K in October 2011
![Page 22: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/22.jpg)
#RSAC
Zeus Malware
22
![Page 23: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/23.jpg)
#RSAC
GameOver Zeus Malware
23
![Page 24: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/24.jpg)
#RSAC
Cryptolocker
24
Cryptolocker “Ransomware”
Spread through GameOver Zeus
Encrypts computer files, decrypting upon payment of ransom
Computers infected: 234,000+
Estimated losses: $27M+ in first two months of operation
![Page 25: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/25.jpg)
#RSAC
GameOver Zeus/Cryptolocker
25
All Tools ApproachCriminal indictment
Civil injunction to dismantle botnet
International partners
Private business partners
$3M reward/FBI Cyber Most Wanted
![Page 26: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/26.jpg)
#RSAC
Darkode
Cybercrime Forum
![Page 27: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/27.jpg)
#RSAC
Darkode
27
Global Cybercrime MarketplaceLargest, most sophisticated English language forum
Buy, sell, trade, share cybercrime products
Malware, botnets, passwords, Facebook Spreader, Dendroid
Invitation only; apply with hacking resume
![Page 28: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/28.jpg)
#RSAC
Darkode
28
Malware exampleDendroid: created by CMU student Morgan Culbertson, aka “Android”
Control Android phones, place/record phone calls, intercept texts, open apps, take photos/videos, infect Android applications
$65,000 to purchase; $300/month to lease
![Page 29: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/29.jpg)
#RSAC
Darkode
29
Operation Shrouded Horizon
Multi-year investigation, infiltrated forum at high level
Seized domain
70 members and associates searched or arrested globally
U.S. charges 12 criminally in U.S., Sweden, Pakistan, Spain and Slovenia
![Page 30: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/30.jpg)
#RSAC
Future of Cybercrime Fighting
![Page 31: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/31.jpg)
#RSAC
Future of Cybercrime Fighting
31
Challenges
Privacy/Security balance
Improved risk management
Greater deterrence
Resiliency
![Page 32: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/32.jpg)
#RSAC
Future of Cybercrime Fighting
32
Opportunities
Forge relationships with the private sector that are appropriate, lawful and effective
Improve reporting of cyber intrusions
Centralize intelligence and sharing regarding cyber intrusions
![Page 33: Confronting Cybercrime: Exploring the Legal and ... · Confronting Cybercrime: Exploring the Legal and Investigative Challenges. PNG-R03F. United States Attorney. ... Facebook Spreader,](https://reader034.fdocuments.in/reader034/viewer/2022042611/5adce3237f8b9a4a268cb3af/html5/thumbnails/33.jpg)
#RSAC
Future of Cybercrime Fighting
33
Opportunities
Enhance development and distribution of cyber intelligence products to private sector and across government
Increase and expedite international cooperation
Improve victim outreach and cooperation