MRC Data Sharing Policy Peter Dukes Policy Lead – Data Sharing & Preservation
Cybercrime and data sharing
-
Upload
ian-brown -
Category
Technology
-
view
1.167 -
download
0
description
Transcript of Cybercrime and data sharing
+
Cyber crime and data sharingDr Ian Brown, Senior Research Fellow, Oxford Internet Institute
+
+Outline
Definitions and the scale of the threat Graffiti, fraud, terror and war Value at risk
Developing an effective strategy and working with other organisations
+Cyber graffiti
Defacement of Web sites with inadequate security
Mainly for propaganda and bragging
Increasingly used to distribute “drive-by” malware
+Cyber fraud
Highly efficient criminal economy has sprung up (bot herders, coders, mules, phishermen)
Phishing (Symantec observed 207,547 unique phishing messages 2H 2007) – with increased targeting
Denial of Service extortion (Symantec observed 5,060,187 bots 2H 2007)
Anti-Phishing Working Group Q2 2008 report
+Scale of fraud
Internet Crime Complaint Center 2007 Annual Report p.3
Symantec Report on the Underground Economy 2008 p.49
+Insider fraudInformation required Price paid to
‘blagger’ Price charged to customer
Occupant search/Electoral roll check (obtaining or checking an address)
not known £17.50
Telephone reverse trace £40 £75 Telephone conversion (mobile) not known £75 Friends and Fami ly £60 – £80 not known Vehicle check at DVLA £70 £150 – £200 Criminal records check not known £500 Area search (locating a named person across a wide area)
not known £60
Company/Director search not known £40 Ex-directory search £40 £65 – £75 Mobile t elephone account enquiries not known £750 Licence check not known £250 “What price privacy?”, Information Commissioner, May 2006
+Cyber terror
“Terrorists get better returns from much simpler methods such as car bombs. Cyberterror is too low key: not enough dead bodies result, and attacks are too complex to plan and execute.” (Bird 2006)
Reality is use for communications, research (CBNR info poor - Stenersen 2007), propaganda, recruitment and belonging (Labi 2006 and Shahar 2007), tactical intel (US Army 2005)
+Cyberwar?
Attacks on Estonian finance, media and govt websites by Russian nationalist groups after statue moved
“Complexity and coordination was new… series of attacks with careful timing using different techniques and specific targets” (NATO)
Arbor Networks monitored 128 distinct attacks, with 10 lasting over 10 hours and reaching 90Mbps
+Digital Pearl Harbor
Exercise conducted by US Naval War College & Gartner July 2002
3-day simulated attack on Critical National Infrastructure with attackers given $200m, 5 years planning, access to state-level intelligence
Local, temporary attacks could be successful; sustained, national attacks would not
+China TITAN RAIN
Incursions into DoD, German chancellory, Whitehall, NASA, Lockheed Martin…
“Chinese attackers are using custom Trojan horse software targeted at specific government offices, and it is just walking through standard defences. Many government offices don’t even know yet that they are leaking information. 99% of cases are probably still not known.” (NATO)
“Intrusion detection systems react to obvious signatures such as lots of traffic from one IP address – so onion routing and botnets are used to disguise the origin of intrusions.” (Sommer)
+Governmental responses
Protecting govt infrastructure – $294m requested by DHS for 2009; $6bn requested for NSA initiative
Critical infrastructure programmes – e.g. CPNI, InfraGard
Law enforcement response – e.g. PCeU; FBI has 800+ full-time agents, received 320,000 complaints in 2007
Updating legislation – Council of Europe Cybercrime Convention
+Industry responses
Software patches and anti-virus tools – arms races
Anti-Phishing Working Group
CERTs/CSIRTs
Security Development Lifecycle programmes
+Issues for geospatial intelligence Intelligence and military agencies generally have high
standards of computer security BUT they are increasingly interacting with other governmental
and private organisations with much weaker controls general-purpose software is ridden with vulnerabilities proliferation of data makes it harder to control
Is your key goal availability and integrity of data?
Where confidentiality is important, how far can you trust data sharing partners’ systems?
Where personal data is involved, can you manage data protection requirements and risks?
+Planning your response
What are your key information assets – and how far will they be shared with (less) trusted partners?
What are your key threats? Graffiti artists? Fraudsters? Sub-state actors? Nation states? Insiders?
How well are your systems designed, operated and policed to manage your information risk?
Are you partnering appropriately with other agencies and industry?
+References
Juliette Bird (2006) Terrorist Use of the Internet, The Second International Scientific Conference on Security and Countering Terrorism Issues, Moscow State University Institute for Information Security Issues, October 2006
Nadya Labi (2006) Jihad 2.0, Atlantic Monthly pp.102—107, Jul/Aug 2006
Yael Shahar (2007) The Internet as a Tool for Counter-Terrorism, Patrolling and Controlling Cyberspace, Garmisch, April 2007
Anne Stenersen (2007) Chem-bio cyber-class – Assessing jihadist chemical and biological weapons, Jane’s Intelligence Review, Sep 2007
US Army (2005) Army Regulation 530–1, Operations Security (OPSEC), Apr 2007