Cyber Crime:

1 / 59
About This Presentation
Title:

Cyber Crime:

Description:

Global cyber crime is $ 105 billion industry which is more than global drug trafficking ... (22), an activist with Russia's Nashi youth group and aide to a pro-Kremlin ... – PowerPoint PPT presentation

Number of Views:17747
Avg rating:5.0/5.0
Slides: 60
Provided by: cbi9

less

Transcript and Presenter's Notes

Title: Cyber Crime:


1
Cyber Crime Current Threats and Trends
A presentation by Muktesh Chander IPS BE, LLB,
MA(Cr.), DCL, DHRM, Cert. SQC
OR FIETE,MCSI Addl. Commissioner of
Police Traffic, Delhi Police
2
Global Scenario
  • Global cyber crime is 105 billion industry
    which is more than global drug trafficking
  • Economic meltdown and recession
  • Under employment/unemployment in IT sector
  • Cut down on IT security budget likely

3
Indian Scenario
  • Booming software and BPO Industry
  • IT Revolution ??Digital Dependence
  • National E Governance program
  • Very few organisations in India have CISO and IT
    Security budget
  • No law for privacy
  • No compliance laws and breach disclosure
  • No law against spamming
  • Limitations of IT Act 2000
  • Weak and delayed criminal Justice System

4
Indian Scenario
  • Very few organisations in India have CISO and IT
    Security budget

5
Threats from
  • Individuals
  • Organised cyber criminals
  • Rival organisations
  • Non state actors
  • Hostile states
  • Insiders/ex employees
  • Hactivists
  • Terrorist

Muktesh Chander
6
Cyber Crime in India
Under IT Act
Crime in India 2007
52.8 increase in 2007
7
Current Threats in India
Source Cert-in
8
Global
2008 CSI Computer crime survey
9
Malicious activity by country
  • Source Symantec Corporation

10
Current threats Malware
  • Virus attacks account for more than 50 of
    security incidents. (CSI Survey 2008)
  • In the last six months of 2007, Symantec detected
    499,811 new malicious codes.
  • 136 percent increase over the previous period,
    when 212,101 new threats were detected
  • 1,122,311 total malicious codes identified by
    Symantec as of the end of 2007.
  • Two thirds of all malicious code threats
    currently detected were created during 2007.
  • Any kind of file can be infected (Flash, Adobe
    Pdf are the latest)

11
Malware
  • Malware toolkits, rootkits easily available
  • Malware writing and outsourcing for profit
  • Malware for sale
  • Blended threats
  • Mobile virus (cabir, commw.sis and its variants,
    curse of silence)
  • Flash worm ?
  • Scareware

12
Phishing
  • Phising/Pharming/Vishing/Smishing
  • Every month more than 20,000 unique phishing
    websites are detected affecting more than 200
    brands
  • Spearphishing attacks emerging

13
Phishing
  • Phishing scams showed sharp increase of 1126
    over previous year.
  • Symantec observes more than 7 million phishing
    attempts each day.

14
TOP BRANDS AFFECTED BY PHISHING ATTACKS
  • E-bay
  • Amazon
  • Paypal
  • ICICI Bank
  • UTI Bank

15
Electronic Fund Transfer
  • Tim Berners Lee the father of WWW was a victim of
    online fraud (Computer world)
  • In Nov 2008, 100 compromised card accounts
    resulted in 9 million fraudulent withdrawals
    from 130 ATMs in 49 cities across the world in
    30 minutes

16
Netherlands
St. Petersburg
London
Finland
New York
San Francisco
Germany
Israel
10 million
Vladimir Levin a ,Russian ,stole 10 million
from Citibank by computer fraud
16
17
Online grooming ,sexual exploitation and abuse of
children
  • Sec 67 B (B),(C) inserted in IT Act Amendment

18
Cyber Vandalism /graffiti
Indian TLD websites defaced during 2007
SourceCert in
19
Spam
  • Accounts for more than ½ to 2/3 of all
    e-mails or even 90 ?
  • Responsible for phishing, 419 scams and spread of
    malware, identity theft and other cyber crimes,
    choking of bandwidth ,wastage of time
  • India is in the top 10 spam sending countries

20
Spam
21
Cyber Pornography
  • Cyber pornography accounts for 46 of all cyber
    crimes under IT Act (Crime in India 2007)
  • Every second - 28,258 Internet users are viewing
    pornography
  • The pornography industry is larger than the
    revenues of the top technology companies
    combined Microsoft, Google, Amazon, eBay, Yahoo
    !, Apple, Netflix and EarthLink

Source http//www.internet-filter-review.toptenre
views.com/internet-pornography-statistics.html
22
Cyber Pornography
  • is one of the easiest way of installing malware.

23
Botnets
  • Collection of compromised computers
  • Centralized control

24
DDOS Attack using BOTS
25
Botnets
  • Source Symantec Corporation 5 million distinct
    bots

26
Botnet tracked in India
  • 25915 from June 2007 to Dec 2007
  • Source CERT In

27
Botnet
  • In Aug 2008 Dutch police apprehended Leni De with
    help from FBI and Brazilian police for running a
    botnet of 100,000 computers
  • Source CERT In

28
Use of Encryption by criminals/terrorists
  • Strong encryption tools easily available many for
    free
  • PGP
  • Steganography
  • Digital signatures (no key escrow in India)
  • Sec 69 IT Act is of no use

29
Underground market servers
Source Adapted from Symantec 2007
30
Industrial Espionage
  • Several countries and companies are indulging in
    Industrial espionage clandestinely
  • Employees reveal a lot in their personal E
    mails and social networking sites
  • s

31
Theft of Mobile Devices
  • 42 respondents reported case of laptop theft
    (CSI Survey 2008)
  • Separate offence created under IT Act Amendment

32
Threat to Embedded Systems
  • Complex and unknown
  • Becoming common
  • Involve third party

33
Identity Theft
  • Estimated more than 9 million incidents each year
    (NIJ ,US Report)
  • Separate offence created under IT Act Amendment

34
Insider Abuse
  • By disgruntled present of Ex employees
  • 44 respondents reported insider abuse
  • (CSI Survey 2008)

35
Other cyber crimes
  • Hacking
  • Denial of service attacks
  • Data diddling
  • Cyber stalking
  • Cyber squatting
  • IPR Violations
  • Mobile cloning (Both GSM and CDMA)

36
Cyber skirmishes
37
  • 2000 Hackers holy war between Israel and
    Palestine
  • 2001 There was a war between Chinese and
    American hackers

38
(No Transcript)
39
(No Transcript)
40
(No Transcript)
41
Cyber terrorism
42
Critical Information Infrastructure
  • CII Means
  • Information Communication Systems
  • connected with
  • National Security
  • Public Safety
  • Public Health
  • Critical Sectors of Economy

Muktesh Chander
42
43
Likely targets of cyber terrorism
  • Power grids (nuclear power stations)
  • Banking and Financial systems
  • Stock Exchanges
  • Transportation Control systems
  • MRTS, ATC, Rail/Airlines reservations
  • Tele-Communications
  • Gas / Oil / Water Pipelines control systems
  • Internet Backbones
  • Health/Food
  • Emergency services
  • Military/Defense Installations Attack on C4 I

44
Estonia Attack
  • Estonia a Baltic nation with population of only
    1.4 million people
  • One of the most wired nations
  • Pioneer in E Governance
  • Almost 100 citizen use online banking
  • Every citizen has PKI enabled I card with
    embedded chip
  • Online elections

45
Estonia Attack
Contd..
  • Govt. relocated 2nd world war Red Army memorial
    (a Bronze statue)
  • On April 2007 computers of Estonian Parliament,
    banks, ministries, newspapers and broadcasters,
    political parties etc.were targets for cyber
    attack using DDOs, spam botnets etc.
  • Attack continued for three weeks
  • Cyberterrorists defenders both acted in adhoc
    manner

46
Estonia Attack
Contd..
  • An Estonian court has convicted the first
    individual in the 2007 cyber attacks against
    Estonia.
  • "Dmitri Galushkevich an ethnic Russian used his
    home PC to launch a denial-of-service attack that
    knocked down the Web site for the political party
    of Estonia's prime minister for several days..."
  • He was fined 17,500 kroons (approx. US 1,642).

47
Estonia Attack
Contd..
  • Konstantin Goloskokov(22), an activist with
    Russia's Nashi youth group and aide to a
    pro-Kremlin member of parliament has admitted
    having organised the attack as an act of civil
    disobedience. Sergeiei Markov, a Russian State
    Duma Deputy has corroborated the facts
  • (Mar.12,2009,SC Magazine)

48
Trends
  • Prediction in a fast changing and evolving field
    is difficult
  • Law of exponential return of technological changes

49
Current Trends in cyber crime
  • Following trends are clearly visible-
  • The time to exploit vulnerability is decreasing.
  • Cyber crimes are being committed with financial
    gains in mind
  • The attack sophistication is increasing and more
    automation can be seen in attacks.
  • The speed of spread of an attacks is increasing.
     
  •  

50
Current Trends in cyber crime
5. The attacks are more targetted than before.
6. Phishing is increasing on SMS, Telephone
other platforms. 7. Coordinated automatic
attacks by remotely controlled Bots for DDoS, for
sending SPAM and other such malicious purposes
are showing increasing trend and will pose
biggest threat to Information Security.
51
Current Trends in cyber crime
8. Mobile connectivity using WiFi technology and
convegence of mobile phones with PDAs and other
wireless devices will add another dimension to
cyber crime. 9. There is growing evidence of
organized crime and cyber crime are beginning to
overlap with activities of drug mafia,
pedophiles, international money laundering people
who use Internet to coordinate their activities.
 
52
Current Trends in cyber crime
  • 10.Industrial espionage increasing
  • Political ideologists have started using
    hactivism to propagate their ideas through
    Internet and the electronic civil disobedience
    activities are surfacing.
  • Terrorist organizations are increasingly using
    Internet communication and cryptography to
    secretly communicate and organize their
    activities.
  • State sponsored Cyber war

53
Current Trends in cyber crime
  • Cyber crime would increase on social networking
    sites
  • Web 2.0
  • Data is becoming primary focus of cyber crime
  • Netbook, Ipod touch, Smart phones, 3G enabled
    phones will be affected
  • Used and stolen hardware will be source of data
    loss

54
Future
20.Stock market manipulations. Pump and dump
schemes 21.Skimming of Card information directly
from ATM 22.SPAM will transform in SPIM and SPIT
55
Current Trends in India
  • Recent spate of Phishing activities
  • Numbers of cases of data theft from BPO and call
    center companies R
  • Risk from third party relationship.

56
Current Trends in India
4.Recent theft of sensitive information in
electronic form from National Security Council
Secretariat has added another dimension to
Information Security in the country. 5.Adequate
attention towards management of information
security and a very few companies have gone for
information needed
57
Current Trends in India
  • The most serious gap in implementation of
    information security management is threat from
    insiders and ex-employees.
  • The widespread absence of even the most routine
    security tools and policies has left many Indian
    companies vulnerable to serious attack and the
    inevitable financial losses that follow.
  • User education and awareness is of utmost
    importance in Business to Customers models such
    as Internet banking, online auction and shopping.

58
Current Trends in India
  • Use of Digital signature still rare

59
Questions?
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Cyber Crime:" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!