1 cybercrime decision group / ceo casper kan chang [email protected]
TRANSCRIPT
2
Two Major categories of Cybercrime
Reconstructable network Packet
Non-Reconstructable Network Packet
Traditional crimes committed via Internet. Examples: Internet Auction fraud, trafficking in contraband goods, Internet sexual assault, internet-advertising bank loans fraud
Crimes committed via internet Examples : Spreading Virus, Hacking, Illegal Access, Illegal interception, Data Interference and communication Interference.
Evidence from …Crime operation methods…Network
Packet
3
Cybercrime Investigation Steps
Task Force Team
Technical support is requested and the level is determined according to the case contents
An initial complaint is received and background intelligence information checks are completed
4
Case Study of Cybercrime
1. Crime Time
2. Crime location
3. Corpus delicti
4. Crime method
5. Perpetrator Analysis
6. Criminal damage
7. Criminal charges Search
Evidence Collection
Internet Interception
Seizure
Complete Forensic analysis and interpret the evidence found for
legal/courtroom setting
5
Collection of Cyber Crime Information
1. Computer Audit Record Collection : To collect the login audit records of the victim including DNS, IP, Account details, MAC and local times etc..
2. User Login credential authentication: To check user’s login credentials including user account, name, address, phone etc..
3. To obtain the computer communication record and contents: including E-mail, IM chat, web browsing and file transfers etc..
4. Suspects statements : criminal offence etc
5. The seizure of the suspect’s computer audit records : Web, IP, account, MAC and time etc
MSN
FTP
URL
Time
IP
Mac
Account
6
Internet advertising bank loan fraud case-1 In May 2009 KCGPB (Kaohsiung City Government Police Bureau) announced that they had received a number of bank reports alleging forged documents fraudulently representing bids for credit. This resulted in bank loan frauds with huge financial losses. An in-depth investigation revealed that the offenders flooded xx shares with others to form the fraud group. They used a domestic portal website for free web space to falsely post or sticker advertising published in the Office of credit and information. This was done to attract the much-needed cash flow of the head customer. The members of the Group forged tax, payroll and other documents to falsely strengthen the lender's financial resources and created documents to mislead the head bank customer whose credit bid to financial institutions was caught in an error of the approved loan, the group charged the customer exorbitant fees to gain large profits of financial fraud.
7
Internet advertising bank loan fraud case
8
Internet Sexual Assault cases!
Internet sexual assault cases in 2007: Daily 1.5 case, more than 60% are 12-18 years old.
June 10, 2009 Apple Daily Taipei Taiwan
Two suspects
9
Is truly pathetic and inferior to animals
July 2008 Taipei; two suspects use the Internet to invite Female net friends to participate in a party. The Female net friend is used to meet a woman at a Motel, and in turn require a sexual relationship. The victim refuses to cooperate and is physically abused and raped.
The police arrested the two suspects and further investigations revealed that as many as a dozen other people had been injured.
The victims are unwilling to report to the police due to humiliation. The police monitor the network address of the motel access to number and are able to obtain enough evidence to arrest tow suspects. The police linked the two offenders to other crimes committed in July 2008 . Questioning of the offenders revealed various nicknames were used by yahoo messenger and Peas chat rooms and various other websites.
The suspects revealed that another 5 or 6 offenders had assisted in the crimes. Police are continuing their investigations and tracing the other accomplices.
10
Hacker Data Theft – 1
Hacker Su x-jung work for the underworld to steal data 2007/09/22 China Times / Taipei / Choi Min-Yue
CIB High-Technology Crime Prevention Center and Technology have found that the Internet nickname ”Odin" a Lin, high-school sophomore, and the nickname ”CB” Su x-jung, used an academic department as the backbone network springboard with a host hidden within a Taiwan Academic Network.
The use of Trojan horse programs, together with web site vulnerabilities against well-known Web sites were used to harvest intrusive information and then, to circumvent tracing, stored this data on a foreign hosted website.
Xx telecom companies user accounts and password were compromised with more than 2.4 million pins stolen. Some websites have been damaged by having their programs removed.
Hacker Su x-jung
11
Hacker Data Theft – 2
Hacker Su x-jung works for the underworld to steal data
12
Forensics toolsTo assist in the forensic acquisition of digital evidence, it is essential that every computer crime investigator has access to the correct forensic hardware and software tools.
This plays a critical role in the detection of computer related crimes as well as the collection and analysis of evidence.
13
Network Packet Forensics Classification
Non-Reconstructable Network Packet
Viruses & Worms, Hacking & Trojans ... ...… …
Reconstructable Network Packet
Email , Web Mail ,IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Games, Telnet ,
1.
2.
14
Cyber-crime Forensics Tools
Forensics tools1
Wired , HTTPS/SSL
and VoIP Wireless
“Catch-it-while-you-can” forensics systems
2
Off-Line packet reconstruction
software
“Stop, look and listen” Off-Line Forensics software
3
Providing a mobile and 10 G base cyber forensics in assisting Homeland Security capabilities
15
Function of Forensics Tool
Capturing network packets to reconstruct Email , Web Mail , IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Game, Telnet …
Internet Interception
Forensics tools
By using Forensic Tools, we can obtain supporting evidence like log, files and records from both victim and suspect computers.
16
Network Packet Forensics Tool
By Using Off-Line packet reconstruction software to reconstruct the recorded traffic data
Network Packet
Off-Line packet reconstruction
software
17
To produce forensic results
Forensic Analysis Forensic Reports
CourtDigital Evidence
18
Total Solutions for Cyber Forensics
1. Wired packet reconstruction2. Wireless (802.11 a/b/g/n) packet
reconstruction3. HTTPS/SSL interceptor4. VOIP packet reconstruction5. Off-line packet reconstruction software6. Network packet forensics analysis
training
For more information www.digi-forensics.com
19
Network Packet Forensics Analysis Training
The knowledge of network packet analysis is important for Forensic Investigators and Lawful Enforcement Agency (LEA) to carry out their daily duty. Network Packet Forensics Analysis Training (NPFAT) provides useful and sufficient knowledge required to analyze network packets. Participants will be able to identify different packet types according to various Internet Protocols. These include Email (POP3, SMTP and IMAP), Web Mail (Yahoo Mail, Gmail, Hotmail), Instant Messaging (Windows Live Messenger, Yahoo, ICQ etc.), FTP, Telnet, HTTP and VOIP. Forensic investigation is a skillful technique, science and an art.
Gustavo Presman
MCP , EnCE , CCE , ACE
NPFA Examiner
Phillip A Russo
CFE Certified Fraud Examiner
CPDE ACE ACI
NPFA Examiner
Grad Cert Computer Security ECU
CompTIA A+,CCNA, GIAC GSec Gold
Cert IV IT IM, Cert IV IT Support, Cert IV Training
Adv Bus Dip, Police Diploma, Pub Officer Safety Dip
Frankie Chan Kok Liang
NPFA Examiner
20
Reference site in Taiwan
The Investigation Bureau of the Ministry of Justice
國家安全局 National Security Bureau 國防部 Ministry of National Defense,R.O.C
憲兵司令部 Military Police, R.O.C
海岸巡防署
Coast Guard Administration
國防大學 National Defense University
中央警察大學 Central Police University
刑事警察局Criminal Investigation Bureau
Turkish National Police Hong Kong
Police
Macau Public
21
Reference site
ST Electronics
Singapore Government Agencies
Malaysia Government Agencies