assisting law enforcement

Upload: chikulenka

Post on 30-May-2018

225 views

Category:

Documents


0 download

TRANSCRIPT

  • 8/14/2019 Assisting Law Enforcement

    1/27

    1

    Scene of the Cybercrime:Scene of the Cybercrime:Assisting Law EnforcementAssisting Law Enforcement

    In Tracking Down andIn Tracking Down andProsecuting CybercriminalsProsecuting Cybercriminals

  • 8/14/2019 Assisting Law Enforcement

    2/27

    2

    Please allow mePlease allow me

    to introduce myselfto introduce myself

    Debra Littlejohn Shinder, MCSEDebra Littlejohn Shinder, MCSE Former police sergeant/police academy

    and college criminal justice instructor

    Technical trainer Networking, operating systems, IT security

    Author Cisco Press, Syngress Media, Que, New

    Riders

    TechRepublic, CNET,Cramsession/Brainbuzz

    Consultant Businesses and government agencies

  • 8/14/2019 Assisting Law Enforcement

    3/27

    3

    What Im going to talkWhat Im going to talk

    about todayabout today What is cybercrime and is it reallyWhat is cybercrime and is it really

    a problem?a problem?

    Who are the cybercriminals?Who are the cybercriminals?

    Why should you want to help lawWhy should you want to help law

    enforcement officers catch them?enforcement officers catch them?

    The Great Governmental DivideThe Great Governmental Divide

    How techies can build a bridgeHow techies can build a bridge

    Building the cybercrime caseBuilding the cybercrime case

  • 8/14/2019 Assisting Law Enforcement

    4/27

    4

    Civil vs. Criminal LawCivil vs. Criminal Law

    Two separate systems of lawTwo separate systems of law

    What are the differences?What are the differences?

    Double jeopardy doesnt applyDouble jeopardy doesnt apply Constitutional protections when doConstitutional protections when do

    they apply?they apply?

    Breach of contract is not a crime

    except when it is.

  • 8/14/2019 Assisting Law Enforcement

    5/27

    5

    Defining cybercrimeDefining cybercrime

    Cybercrime is any illegal act committedCybercrime is any illegal act committed

    using a computer network (especiallyusing a computer network (especially

    the Internet).the Internet).

    Cybercrime is a subset of computerCybercrime is a subset of computer

    crime.crime.

    What do we mean by illegal?Bodies of law:

    Criminal, civil and administrative

  • 8/14/2019 Assisting Law Enforcement

    6/27

    6

    Who are theWho are the

    cybercriminals?cybercriminals? Its not just about hackersIts not just about hackers

    Using the Net as a tool of the crimeUsing the Net as a tool of the crime

    White collar crime

    Computer con artists

    Hackers, crackers and network attackers

    Incidental cybercriminalsIncidental cybercriminals

    Accidental cybercriminalsAccidental cybercriminals

    Situational cybercriminalsSituational cybercriminals

  • 8/14/2019 Assisting Law Enforcement

    7/27

    7

    Who are theWho are the

    cybervictims?cybervictims? CompaniesCompanies Security? Whats that?

    Bottom liners

    IndividualsIndividuals Naive/Newbies

    Desparados

    Pseudovictims

    In the wrong place at the wrong time

    SocietySociety

  • 8/14/2019 Assisting Law Enforcement

    8/27

    8

    Who are theWho are the

    cyberinvestigators?cyberinvestigators? IT professionalsIT professionals

    Corporate security personnelCorporate security personnel

    Private investigatorsPrivate investigators Law enforcementLaw enforcement

    Ultimate destination

    This is where theauthority lies

    How can all

    Work together?

    When and why

    the police should be

    Called in

  • 8/14/2019 Assisting Law Enforcement

    9/27

    9

    Whats in it for me?Whats in it for me?

    Why should IT personnel cooperateWhy should IT personnel cooperate

    with police in catchingwith police in catching

    cybercriminals?cybercriminals?

    What are the advantages?What are the advantages?

    What are the disadvantages?What are the disadvantages?

    What are the legalities?

    What happens if you dont cooperate?

  • 8/14/2019 Assisting Law Enforcement

    10/27

    10

    The GreatThe Great

    (Governmental) Divide(Governmental) Divide Law enforcement cultureLaw enforcement culture

    Highly regulated

    Paramilitary (emphasis on para)

    By the book

    The Police Power myth

    Weight of lawagency policy

    political factors

    Public relations

  • 8/14/2019 Assisting Law Enforcement

    11/27

    11

    Police SecretsPolice Secrets

    Most officers are not as confident asMost officers are not as confident as

    they appearthey appear

    Command presence required

    The bluff is in

    Most cops feel pretty powerlessMost cops feel pretty powerless

    Cops dont like feeling powerless

    Most cops dont understandMost cops dont understand

    technologytechnology

    Cops dont like not understanding

  • 8/14/2019 Assisting Law Enforcement

    12/27

    12

    This leads toThis leads to

    A touch of paranoiaA touch of paranoia

    Us vs. Them attitudeUs vs. Them attitude

    Cops against the world

    The truth about the thin blue lineThe truth about the thin blue line

    The blue wall of silenceThe blue wall of silence

    Best kept secret:

    Cops are human beings

  • 8/14/2019 Assisting Law Enforcement

    13/27

    13

    Why cops and techiesWhy cops and techies

    dont mixdont mix Lifestyle differencesLifestyle differences

    Elitist mentality on both sidesElitist mentality on both sides

    Adversarial relationshipAdversarial relationship Many techies support or at least admire

    talented hackers

    Its human nature to protect your own

    Many cops dont appreciate the

    difference between white and black hat

    Bad laws

  • 8/14/2019 Assisting Law Enforcement

    14/27

    14

    What cops and techiesWhat cops and techies

    have in commonhave in common Long, odd hoursLong, odd hours

    Caffeine addictionCaffeine addiction

    Dedication to/love of jobDedication to/love of job Want things to make senseWant things to make sense

    Problem solvers by natureProblem solvers by nature

    What can tech people do

    to solve the problem

    of how to work with law enforcement?

  • 8/14/2019 Assisting Law Enforcement

    15/27

    15

    Building team spiritBuilding team spirit

    Ability to think like the criminalAbility to think like the criminal Important element of good crime detection

    Difficult for LE when they dont know thetechnology

    ITs roleITs roleYou know the hacker mindset

    You know what can and cant be done with

    the technologyYou know where to look for the clues

    Police know or should know

    law, rules of evidence, case building,

    court testimony

  • 8/14/2019 Assisting Law Enforcement

    16/27

    16

    Bridging the GapBridging the Gap

    Talk the talkTalk the talk

    Technotalk vs police jargon

    Learn the conceptsLearn the concepts

    Legal

    Investigative procedure

    Understand the protocolsUnderstand the protocols

    Unwritten rules

  • 8/14/2019 Assisting Law Enforcement

    17/27

    17

    Building the CaseBuilding the Case

    Detection techniquesDetection techniques

    Collecting and preserving digitalCollecting and preserving digital

    evidenceevidence

    Factors that complicate prosecutionFactors that complicate prosecution

    Overcoming the obstaclesOvercoming the obstacles

  • 8/14/2019 Assisting Law Enforcement

    18/27

    18

    CybercrimeCybercrime

    Detection TechniquesDetection Techniques

    Auditing/log filesAuditing/log files

    Firewall logs and reportsFirewall logs and reports

    Email headersEmail headers

    Tracing domain name/IP addressesTracing domain name/IP addresses

    IP spoofing/anti-detection techniquesIP spoofing/anti-detection techniques

  • 8/14/2019 Assisting Law Enforcement

    19/27

    19

    Collecting and PreservingCollecting and Preserving

    Digital EvidenceDigital Evidence File recoveryFile recovery

    Preservation of evidencePreservation of evidence

    Intercepting transmitted dataIntercepting transmitted data

    Documenting evidence recoveryDocumenting evidence recovery

    Legal issuesLegal issues

    Search and seizure laws

    Privacy rights

    Virtual stings (honeypots/honeynets)

    Is it entrapment?

  • 8/14/2019 Assisting Law Enforcement

    20/27

    20

    Factors that complicateFactors that complicate

    prosecution of cybercrimeprosecution of cybercrime

    Difficulty in defining the crimeDifficulty in defining the crime

    Jurisdictional issuesJurisdictional issues

    Chain of custody issuesChain of custody issues

    Overcoming obstaclesOvercoming obstacles

    Lack of understanding of technology(by courts/juries)

    Lack of understanding of law

    (by IT industry)

  • 8/14/2019 Assisting Law Enforcement

    21/27

    21

    Difficulty inDifficulty in

    defining the crimedefining the crime CJ theoryCJ theory

    mala in se

    mala prohibita

    Elements of the offenseElements of the offense

    Defenses and exceptionsDefenses and exceptions

    Burden of proofBurden of proof Level of proofLevel of proof

    Civil vs. criminal law

    Statutory, Case and Common Law

  • 8/14/2019 Assisting Law Enforcement

    22/27

    22

    Jurisdictional issuesJurisdictional issues

    Defining jurisdictionDefining jurisdiction

    Jurisdiction of law enforcementJurisdiction of law enforcement

    agenciesagencies

    Jurisdiction of courtsJurisdiction of courts

    Types of jurisdictional authorityTypes of jurisdictional authority

    Level of jurisdictionLevel of jurisdiction

  • 8/14/2019 Assisting Law Enforcement

    23/27

    23

    Chain of CustodyChain of Custody

    What is the chain of custody?What is the chain of custody?

    Why does it matter?Why does it matter?

    How is it documented?How is it documented?

    Where do IT people fit in?Where do IT people fit in?

  • 8/14/2019 Assisting Law Enforcement

    24/27

    24

    Overcoming theOvercoming the

    obstaclesobstacles

    Well defined roles andWell defined roles and

    responsibilitiesresponsibilities

    The prosecution teamThe prosecution team Law enforcement officers

    Prosecutors

    Judges

    Witnesses

    What can CEOs and IT managers do?

  • 8/14/2019 Assisting Law Enforcement

    25/27

    25

    Testifying in aTestifying in a

    cybercrimes casecybercrimes case

    Expert vs evidentiary witnessExpert vs evidentiary witness

    Qualification as an expertQualification as an expert

    Testifying as an evidentiary witnessTestifying as an evidentiary witness

    Cross examination tacticsCross examination tactics

    Three types of evidence:Physical evidence

    Intangible evidence

    Direct evidence

  • 8/14/2019 Assisting Law Enforcement

    26/27

    26

    Summing it upSumming it up

    Cybercrime is a major problem and growingCybercrime is a major problem and growing

    Cybercrime is about much more than hackersCybercrime is about much more than hackers

    There is a natural adversarial relationshipThere is a natural adversarial relationship

    between IT and policebetween IT and police

    Successful prosecution of cybercrime must be aSuccessful prosecution of cybercrime must be ateam effortteam effort

    IT personnel must learn investigation and policeIT personnel must learn investigation and police

    must learn technologymust learn technology

  • 8/14/2019 Assisting Law Enforcement

    27/27

    27

    The book:The book:

    Defining and Categorizing CybercrimeDefining and Categorizing Cybercrime

    A Brief History of the Rise of CybercrimeA Brief History of the Rise of Cybercrime

    Understanding the People on the Scene of theUnderstanding the People on the Scene of the

    CybercrimeCybercrime

    Understanding Computer and NetworkingUnderstanding Computer and Networking

    BasicsBasicsUnderstanding Network Intrusions and AttacksUnderstanding Network Intrusions and Attacks

    Understanding Cybercrime PreventionUnderstanding Cybercrime Prevention

    Implementing System SecurityImplementing System Security

    Implementing Cybercrime Detection TechniquesImplementing Cybercrime Detection Techniques

    Collecting and Preserving Digital EvidenceCollecting and Preserving Digital EvidenceUnderstanding Laws Pertaining to ComputerUnderstanding Laws Pertaining to Computer

    CrimesCrimes

    Building and Prosecuting the Cybercrime CaseBuilding and Prosecuting the Cybercrime Case

    Training the Cybercrime Fighters of the FutureTraining the Cybercrime Fighters of the Future

    Scene of the Cybercrimeby Debra Littlejohn Shinder