Security Classification Practical Issues in dealing with different types of cybercrime.
-
Upload
kya-langwell -
Category
Documents
-
view
213 -
download
0
Transcript of Security Classification Practical Issues in dealing with different types of cybercrime.
Security Classification
Practical Issues in dealing with different types of cybercrime
Security Classification
Overview
•Society
•Crime Types
•Resources
•E-Crime (Electronic Crime) Training
•Offences
•Jurisdiction
•Case studies
Security Classification
Society
Security Classification
SocietyInternet Usage•50% of Australian adults accessed the Internet in the 12 months to November 2000
•37% of Australian households were connected to the Internet
•13% of Australian adults paid bills or transferred funds online
•10% of Australian adults purchased or ordered goods or services via the Internet
•the value of Internet e-commerce in Australia at June 2000 was estimated to be $A5.1 billion
Security Classification
Society
•10% of Australian adults purchased or ordered goods or services via the Internet
•the value of Internet e-commerce in Australia at June 2000 was estimated to be $A5.1 billion
• National Office for the Information Economy report entitled. The Current State of Play 2000
Security Classification
Crime Types
Security Classification
Crime Types
•Crimes Reported to AFP 2005-2006
•38% - Drug Importation cases
•34% - Defraud the commonwealth cases
•25% - Child Sex related cases
•3% - Counterfeit currency/documents cases
Security Classification
Crime Types
Electronic Crime Incident Type
•45% - E-Crime
•11% - Interpol
•2% - Counter terrorism
•42% - Others (Fraud, Credit Card, Money Laundering)
Security Classification
Crime types
• Breakdown of Computer Forensic Work
35% = Child Pornography
20% = Counter Terrorism
10% = Fraud (against the Commonwealth and private) (includes unauthorised access, hacking, unauthorised use of credit cards, make and use false
instruments etc)
8% = Child Grooming (using the internet and mobile phones)
5% = Drug Offences
5% = Property Offences (possess stolen property, theft, burglary, armed robbery)
5% = Regional Assistance (referrals from IDG for Solomons, PNG, East Timor etc)
4% = Family Violence/Sexual Assaults etc
3% = Internal Investigations
2% = Homicides
3% = Other
Security Classification
E-Crime Training
Security Classification
E-Crime Training
•Continuing cybercrime education from recruit level
•E-Crime awareness training
•Introduction to E-Crime
•Investigate E-Crime
•Specialist Crime type training
Security Classification
E-Crime Training
•Identify the offence
•Identify the suspect
•Identify witnesses
•Identify the victim
Security Classification
Resources
Security Classification
Resources
•Investigators access to resources
•AFP’s IT Infrastructure
•Access to computers
•Covert internet access
Security Classification
Resources
•Development of specialist investigative tools
eg. Boot cd’s / logicubes
Security Classification
Resources
•Support investigative personnel in increasing their technical and investigative skills
•Development of specialised computer crime units
•Computer Forensic support
Security Classification
Offences
Security Classification
Offences
•Is the computer a target of the offence?
•Is the computer being used to facilitate the offence?
Security Classification
Jurisdiction
Security Classification
Jurisdiction
•The internet is transnational in nature
•Who has jurisdiction?
Security Classification
Case Studies
Security Classification
Case Study 1
Problem of Jurisdiction
Security Classification
Case Study 1
•Background
Suspect initially resident in Australia then departed overseas. During his stay in Australia the suspect manages to transfer funds from a victims bank account via internet banking to his Australian bank account.
The suspect continues with twenty similar offences targeting Australians from his new country.
Security Classification
Case Study 2
Problem of identity theft
Security Classification
Case Study 2
•In 2003 a disgruntled ex Optus employee hacks into a Optus website called “efulfillment.” This website is used by corporate customers of Optus for ordering mobile phones and telecommunication services.
Security Classification
Case Study 3
Problem of identification
Security Classification
Case Study 3
On the 3rd December 2003 an email, directed to David LOWE was received at the RTA Customer Service Centre. The sender wrote:
"Unless all traffice infgringements for speeding incurred during the month of June are cancelled immediately, an explosive will be detonated in one of your major facilities. The cancellation of these infringement notices will be done quietly
with no public notification. You have 48 hours. This threat is real".
Security Classification
Questions?