Comprehensive Countermeasures against Crime in Japan and ...
High-Tech Crime Countermeasures
description
Transcript of High-Tech Crime Countermeasures
High-Tech Crime Countermeasures
Ko IKAIHigh-Tech Crime Technology Division
National Police Agency, JAPAN
Agenda State of High-Tech Crime Countermeasures
Framework Facilities and Equipment Human Resources Training
Challenges
State of High-Tech Crime
Basic Statistics 56,453,000(44% of whole nation)
use Internet in Japan 15,962,000 use broadband
connection 48% of households have Internet
connection (except by cell phones)
Estimation on Feb. 30, 2003, Internet White Paper 2003 (Internet Association Japan)
Intrusive Activities
0
200
400
600
800
1000
1200
1400
1600
1800
2000
Apr, 2003 May, 2003 J un, 2003
Detected by 57 IDS installed in police organizations
Breakdown of Intrusive Activities
Based on 119,822 detectionsbetween Apr. 1 and J un. 30, 2003
53.9%37.9%
0.2%3.1%
3.0%
1.6%0.2% Infection attempt by worms
Port scan
ICMP related activity
Backdoor connection attempt
Intrusion attempt into WWW server
Denial of service attack
Others
Complaints
2,965
11,135
17,277
19,329
0
5,000
10,000
15,000
20,000
25,000
1999 2000 2001 2002
Breakdown of Complaints
Based on 19,329 complaints in 2002
21%
17%
13%12%
11%
6%
20%Internet Auctions
Fraud & Sharp Business
Defamation
Illegal & Harmful Contents
Spam E-mails
Illegal network access, Virus
Others
Arrests
83 116247
484
712
958
179
110
30
63
299
44
51
35
31
0
200
400
600
800
1000
1200
1997 1998 1999 2000 2001 2002
Violation of the Unauthorized Computer Access LawCrime against Computer/ DataInternet Crime
262415 357
559
810
1039
Breakdown of Arrests- 31 35 51 + 16
110 44 63 30 -33
C omputer Fraud 98 33 48 18 -30
Illega l production/Destructionof electro-magnetic date
5 9 11 8 -3
O bstruction of business bydestroying computer
7 2 4 4 0
247 484 712 958 + 246
C hild Prostitution 0 8 117 268 + 151
C hild Pornography 9 113 128 140 + 12
Fraud 23 53 103 112 + 9
Distribution of O bscene O bject 147 154 103 109 + 6
V iolation of juvenile protectionordinance
4 2 10 70 + 60
Intimidation 4 17 40 33 - 7
Infringement of C opyright 21 29 28 31 + 3
Defamation 12 30 42 27 - 15
O thers 27 78 141 168 + 27
357 559 810 1,039 + 229
408 + 163
20021999
121
2000
245
2001
Total
Crime against Computer/Data
Internet Crime
Unauthorized Computer Access
9
Countermeasures
FrameworkFacilities and Equipment
Human ResourcesTraining
Framework
Police System in Japan National Police Agency(NPA)
National governmental organization Duty: supervision and planning
related to national law and budget Prefectural Police Forces(PPF)
Local governmental organization Duty: actual police operation
National Efforts High-Tech Crime Technology Division (HT
CTD) since 1999 Unauthorized Computer Access Law Official notice of high-tech crime counter
measures to PPFs Official notice of cyber-terror countermea
sures to PPFs Subsidy for PPFs
National Center of Computer Forensics(NCCF) Part of HTCTD Technical core of high-tech crime
countermeasures Dealing with extremely difficult
evidences
Cyber Force Center(CFC) Part of HTCTD Established in 2001 Focusing on protection against
cyber attacks to critical infrastructure entities
24/7/365 watch and warning Information hub for computer
network security
Local Efforts Establishment of High-Tech Crime
Task Forces(HTCTF) High-tech crime reporting point
Establishment of Cyber-Terror Task Forces
Employment of people with IT skills as special investigators or IT security advisors
Facilities and Equipment
Cost Overview NCCF
Initial: 15.3 million USD Maintenance: 1 million USD
CFC Initial: 53.5 million USD Maintenance: 13 million USD
(1 USD = 120 JPY)
Facilities NCCF
National-owned building 5 floors, 1500 sq. meters
(approx. 15000 sq. feet) CFC
Private-owned building (rented) 8 floors, 4500 sq. meters
Equipments in NCCF Massive log analysis system Password analysis system Credit card analysis system Virtual Internet environment X-ray inspection system Clean room Various softwares Honey pot
Equipments in CFC 24/7/365 watch and warning
center Honey pot
Distributed IDS R&D environment Simulation environment Training environment
Equipments in HTCTD HQ WWW server (@police)
http://www.cyberpolice.go.jp/ Cybercrime Technical Information Networ
k System(CTINS) Purpose: information sharing among 10 cyb
ercrime law enforcement units in Asia China; Hong Kong, China; India; Indonesia;
Korea; Malaysia; Philippines; Singapore; Thai; and Japan
Human Resources
Wanted People NCCF
People with EXTREME expertise on computer forensics
CFC People with computer/network
security expertise Dynamic employment is difficult in
Japan
Base of Human Resources 4,000 info-communication
specialists inside police organization
They have built and maintained police communication infrastructure for 49 years
It WAS able to pick-up necessary talent
People from Private Sector Contractor
Maintainer of equipments R&D staffs
Hiring Some local HTCTFs hires experts as special
investigator or IT security advisor
Current State NCCF
12 officials (forensic experts) 5 contractors (experiment staffs)
CFC 18 officials (computer/network security
specialists) 10 contractors (R&D staffs)
HTCTD HQ 18 officials (chief and administrative staffs)
Training
Training program National Police Academy
High-tech crime technology course Cyber-terror technology course
Training program by private sector Specially designed by various venders International conference
OJT in foreign law enforcements FBI, Secret Service, NHTCU(UK)
Challenges Company secrets
Dominant system vendor Cell phone vender
Personnel circulation Co-ordination with security
community FIRST, National CERT, NIRT
Questions?