Women in law enforcement 2014
-
Upload
jacqueline-fick -
Category
Documents
-
view
14 -
download
0
Transcript of Women in law enforcement 2014
How to Approach Cyber Crime
in
South Africa
7th Annual Leadership for Women in Law Enforcement Conference
Gold Reef City, Johannesburg
28 May 2014
Adv Jacqueline Fick
Executive: Cell C Forensic Services
2 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
AGENDA
• Cyber crime defined
• Some interesting statistics
• Current position in South Africa
- National Cyber Security Policy Framework
- Types of cyber crime in South Africa
- Why are we vulnerable?
- What we are doing right
• How to approach cyber crime investigations in South Africa: Phishing
- Phishing
- Sim swap fraud
- Relationship between phishing and SIM swap fraud
- Case study
- Investigative methodology
• Closing remarks
3 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
CYBER CRIME DEFINED
• Cyber crime does not have a precise or universal definition and varies
between jurisdictions based on the perceptions of those involved:
- Norton Symantec: Any crime that is committed using a computer or
network, or hardware device. The computer or device may be the agent of
the crime, the facilitator of the crime, or the target of the crime
- Oxford Dictionaries: Crime conducted via the Internet or some other
computer network
- Wikipedia: Computer crime, or cybercrime, refers to any crime that
involves a computer and a network. The computer may have been used in
the commission of a crime, or it may be the target
- Electronic Communications and Transactions (ECT) Act, No. 25 of 2002
contains no definition
- ECT Amendment Bill: "cyber crime" means any criminal or other offence
that is facilitated by or involves the use of electronic communications or
information systems, including any device or the Internet or any one or
more of them..”
4 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
SOME INTERESTING STATISTICS
• According to Symantec’s 2013 Norton Report, cyber crime in South Africa
has collectively cost victims over R3.42 billion rand over the past 12 months.
It was also found that South Africa has the third-highest number of cyber
crime victims after Russia and China
• Areas of concern are mobile data and handling private information online. It
has been noted that cyber crime activity has made a large move towards
mobile platforms, but security and mobile security "IQ" has been left behind
and consumers are more vulnerable in these areas
• The US Federal Bureau of Investigations has flagged South Africa as the
sixth-most active cyber crime country
6 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
CURRENT POSITION IN SOUTH AFRICA
• South Africa is the second most targeted country globally when it comes to
phishing attacks (Drew van Vuuren, CEO of information security and privacy
practice, 4Di Privaca)
• Compare this statement to:
- How many law enforcement officials have received basic cyber training?
- How many cyber specialists are there in law enforcement?
• Honeynet Project
- Research shows that the average time spent in a cyber investigation was
approximately 34 hours per person to investigate an incident that took an
intruder about half an hour to complete. That's about a 60:1 ratio!
(http://www.honeynet.org/challenge/results/)
7 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
TYPES OF CYBER CRIME IN SOUTH AFRICA
• Denial of service, economic fraud and the
theft of confidential information were cited
as the main concerns for South Africa
• The top cyber services targeted are internet
banking, ecommerce sites and social media
sites
• Criminals are typically after logon
credentials, bank or credit card information
and other personally identifiable information
• The most common attack methods are still
phishing, the abuse of system privileges and
malicious code infections
(2012/13 The South African Cyber Threat Barometer)
• Section 86 and 87 of the ECT Act
8 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
WHY ARE WE VULNERABLE?
The common top cyber vulnerabilities are:
• Inadequate maintenance, monitoring and analysis of
security audit logs
• Weak application software security
• Poor control of administrator privileges
• Inadequate account monitoring and control
• Inadequate hardware/software configurations
• The internal monitoring of suspicious transactions
and the general use of internal and 3rd party fraud
detection mechanisms are still the most effective
means of detecting cyber crime
(2012/2013 The South African Cyber Threat Barometer)
• This applies to computers and handheld devices
The cybercrime world
is like an arms race:
cybercriminals pursue
a course of action until
the defenders work
out how to combat it,
at which point the
cybercriminals change
tack.
(The current state of
cybercrime 2014: Global
Malware Outlook April
2014)
9 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
WHAT WE ARE DOING RIGHT
South Africa is moving in the right direction:
• ECT Act and the ECT Amendment Act
• More effective public private partnerships
• Sharing of intelligence
• International cooperation and recognition
• Cyber Security Policy Framework
10 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
NATIONAL CYBER SECURITY POLICY FRAMEWORK
(2012/2013 The South African Cyber Threat Barometer)
11 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
HOW TO APPROACH CYBER CRIME IN SOUTH AFRICA:
PHISHING
12 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
PHISHING
• Phishing is a technique used to gain personal information for purposes of
identity theft, using fraudulent e-mail messages that appear to come from
legitimate businesses. These authentic-looking messages are designed to
fool recipients into divulging personal data such as account numbers and
passwords, credit card numbers and other personal information
• Phishers also use spam, fake web sites, computer malware and other
techniques to trick people into divulging sensitive information
• It is easier to hack a user than a computer
• Once the phishers have captured enough information from a victim, they
either use the stolen information to defraud a victim, or sell it on the black
market for a profit
13 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
SIM SWAP FRAUD
• SIM swap fraud is a type of spear phishing (i.e. targeted) attack
• It is committed when a fraudster convinces a victim’s mobile network operator
to transfer a victim’s cellular number (MSISDN) to a SIM in the possession of
the fraudster
• Details are obtained through phishing/smishing and social engineering
techniques. SIM swap attacks are effectively an extension of phishing
attacks, key loggers, etc. which are generally based on organised groups
• The fraudster can then receive any incoming calls and text messages,
including banking one-time-passcodes (OTPs) that are sent to the victim’s
phone
• This type of attack poses financial and reputational risks
14 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
RELATIONSHIP BETWEEN PHISHING AND SIM SWAP FRAUD
• In most instances SIM swap fraud works hand-in-
hand with phishing/ smishing (SMS phishing)
• SIM swapping is also described as the second
phase of a phishing scam
• When banks introduced measures such as OTPs to
combat phishing attacks and other malware,
fraudsters performed SIM swaps to get hold of the
OTPs
• Whilst the attacks are highly targeted, it is based on
a set of users who have been phished or key-logged
and whose banking credentials have been
previously compromised
15 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
CASE STUDY: IZIGEBENGU ENTERPRISES
Mr. Inhlanzi has always been an entrepreneur and decided to put his good
business sense to work. Several of his family, friends and previous business
colleagues joined in his venture to develop innovative ‘investment’ products for
the mobile and banking industry. And so Izigebengu Enterprises was born.
With the help of his trusted CTO they launched the “ama Phish-Phish”
campaign which was geared towards growing their customer base. They soon
accumulated a pool of potential “customers”, but realised that they had to have
access to their financial profiles and a way to contact them on their cell phones
to ensure maximum offset of their products and services. Fortunately for Mr.
Inhlanzi he still kept contact with some of his friends working in the mobile and
financial industries and they were willing to assist him with his endeavours at a
minimal fee.
Phase 2 of the “ama Phish-Phish” strategy was to recruit staff for Project “le-
SIM swap” and once implemented, business started booming. With the client
details and SIM swaps done, they could insure healthy investments from their
targeted clients.
16 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
With the help of previous business associates and other international investors,
client funds were quickly re-invested to ensure a maximum return on
investment.
But a new cartel appeared on the horizon, posing a significant threat to the
operations of Izigebengu Enterprises.
The banks, mobile operators and other agencies joined forces, and their anti-
competitive behaviour soon drove Mr. Inhlanzi to drink. His business strategies
could still be effective if the different role players did not unite their forces
against him.
Sadly, the future of Izigebengu Enterprises looks bleak….
CASE STUDY: IZIGEBENGU ENTERPRISES (continued)
17 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
INVESTIGATIVE METHODOLOGY
• The curricula vitae of the role players – profiling and analysis
• Have they committed a crime? If so what?
• Syndicate activities?
• Can one agency investigate alone?
• Nature of the evidence
• Racketeering prosecutions?
• An opportunity missed by Mr. Inhlanzi – premium rated services
19 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
CLOSING REMARKS
• Treat information as a valuable but fragile asset and
important evidence in criminal investigations
• Effective public private partnerships contribute to
successful investigations
• Accurate reporting of cyber crime = accurate statistics
• Cost analysis of cyber crime and cyber investigations –
money talks
• Training and awareness
• Effective and efficient cyber investigations:
- Make use of intelligence
- Be pro-active
- Think out of the box
- Collaborate!
21 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014
BIBLIOGRAPHY
• 2012/2013 The South African Cyber Threat Barometer A strategic public-
private partnership (PPP) initiative to combat cybercrime in SA
http://www.wolfpackrisk.com
• http://cybercrime.org.za
• 2013 Norton Report
http://www.yle.fi/tvuutiset/uutiset/upics/liitetiedostot/norton_raportti.pdf
• SA loses R3.42bn to cyber crime, Staff Writer, ITWeb, 17 Feb 2014
http://www.itweb.co.za/index.php?option=com_content&view=article&id=709
18
• SA moves to curb rife cybercrime, Samuel Mungadze, 14 February 2014
http://www.bdlive.co.za/business/technology/2014/02/14/sa-moves-to-curb-
rife-cybercrime
• The current state of cybercrime 2014: Global malware outlook April 2014
http://www.emc.com/collateral/fraud-report/online-fraud-report-0414.pdf