c0c0n 2014 23 august 2014 dinesh o bareja @god’s own country in the year 2014
TRANSCRIPT
C0c0n 2014 23 August 2014Dinesh O Bareja
Pains & PrizesPride & Prejudice of Collaboration
@God’s Own Country in the year 2014
Enhancing collaboration to counter cybercrime in the world of virtual realities and Social media
\
Disclaimer.. Problems, issues, solutions are indicative and not finite
The reason is that if one gets down to brass tacks, the list can go on and on…
\
• The world is a global village• Level playing field (was said about
business but also applies to criminals and cops)
• Non-existent Borders or Jurisdiction• Anonymity
Internet Clichés
\
A little more of general stuff…. There’s more to cybercrime under the hood
\The Bottomline, Topline, Middle line
Or
… any line… is..
Unfortunate Truisms
of Kal-Yug Aaj-Yug
EYE O
PEN
ER
S
Cybercrime is BIG business and is highly profitable
Whether it is
ethical or unethical
\
Yes… cybercrime can be
Ethical or Unethical
If it is ethical it (may) mean it is legal then how can we call it a crime
\
Legal Crimes
• The IT Act requires a body corporate to have “reasonable security” in place
• By law an ISO certification will suffice which I buy in the open market
• Government or private organizations do not disclose the extent of damage in event of a cybercrime – collusion ? Abetment ? Shame ?
\
Legal Crimes
• Complaints are dropped once an informal investigation is done – usually the complainant does not want to proceed
• Will we let go of a person who has attacked another with a gun or knife
\
Legal Crimes Body corporate has to have
“reasonable” security in place!
ISO Certification is available for sale off the shelf
Organizations authorize hackers to exploit their systems. Will someone ‘authorize’ a bomb explosion too
\
Legal Crimes1. Companies and
Government bodies do not disclose when they have been hacked – can they desist if money has been stolen thus hiding a crime
2. LEA usually drops investigation on the request of the complainant!
\
Yes
It is a different worldIt has changed It is still changing (exponentially)
Are we keeping pace?No!!
\
Cybercrime is not a cause for concern because it is growing exponentially
EYE O
PEN
ER
S
But… because it can be the cause of frustration, anger and other stress disorders in the LEA
\
Excluded from this talk
And we do not want to talk about capacity, capability and such challenges as this is not within the scope of this talk / topic / panel
\
What is needed
Breakaway from conventional thinking
Move at speed
Empower team membersAccept reality / need of transparency…
\
COLLABORATE
& How can we do this…
Make your expertise, information, intelligence, resources, tools available across the country and taste Glory!
BENEFIT & SUCCEED
Adopt the open source philosophy to give unconditionally – your goodwill will always come around to you
SHARE
Reap the benefit of the information and expertise received through the sharing mechanism
Enhancing collaboration to counter cybercrime in the world of virtual realities and Social media
\
Let me get back to the topic of the day…
\
Inability to continue investigation due to non-availability of cross-border information
Lack of knowledge of modus operandi for a crime which may have happened elsewhere
MLAT works at the speed of carrier pigeons
Pain
\
Too many stakeholdersGlob
al Pain Trained manpower, access to technology, budget constraints
Tone-at-the-top
The process is convoluted, long and frustrating
\
Report Lodged
Crime Perpetrate
d
Identifies Modus Operand
i
Starts Investigatio
n
Obtains Evidenc
e
Discovers IP
AddressStop
Investigation
There’s hope
Domestic
International
File Papers Go Home
The normal lifecycle of a cybercrime investigation
This is illustrative and does not purport to be the actual / complete lifecycle
\
The Solution of collaboration
\
Directory of primary
‘intermediary’ organizations
Relationships with
International LEA, CERT,
Intelligence, Home,
Judiciary
Collaborative
Relationships
Sharing…. - Advisories- Crime Information- Cybercriminal Profiles - Modus Operandi- Technology advances
Partnership Framework
A central agency which will act as a
clearing house (e.g.
CyberDome)
\
How can this work
\
International Anti-
Cybercrime Exchange
A central agency which will act as a
clearing house and contribute information
and intelligence to the Exchange
Information is provided back
to the national
agency which will update
the domestic system and
investigation can come to
close
Also facilitate collaborative investigations
, arrests or actions
\
Single window communication
Credibility established at both ends
Judicial acceptabilityQuick resolution
no more Pain!
PRIZE
\
The Collaboration Case
• Charity begins at home• Cyber Dome can bring all states on one
platform and establish an international example
• Central Information Request Agency at national level for communication
\
Why should I share my information or technique
This is my idea or innovation
The medal is mine
This was to have been my moment of glory
PRIDE & PREJUDICE
\
At Present.. Who is working in the domain of international anti-cybercrime
At the forefront… Microsoft, Facebook, Google and other technology majors
\
Concluding notes and words..
\
The problem
o Cross Border Crimeso Non availability of
informationo No proactive policing (pre-
cog)o Differing protocols and laws o Multiple LEAs o Corporate challenges of ISP
EYE O
PEN
ER
S
\
The Dangers Ahead
• Internet of Things• Mobile technology• Dis-satisfied young geeks• Easy availability of mal-tools• Easy availability of targets• Continued practice of LEA transfers• Keeping your head in the sand• My daddy strongest attitude
\
Logic bombsData TheftATM Credit / Debit card cloningChild PornDark Markets/UndergroundCorporate EspionageWearable / blowable technology
419 Scams & variantsSpear PhishingWebsite defacementCyber BullyingMoney mulesBank account cleanout
RansomwareKeyloggersPrivacy infringement Identify Theft – account takeoverCyber blackmail Man in the middle
SpamCritical Infrastructure Power Sector
The Dangers Ahead
\
A fi
nal EYE O
PEN
ER
A sucker will keep being born every minute & fools will continue to be easily parted with their money
Both add to the burden of LEA through their participation in scams and crimes as primary victims!
\
Dinesh O Bareja
Lving Information Security
• Contact Information:• E: [email protected]• T: +91.9769890505• T: @bizsprite• F: dineshobareja• L: http://in.linkedin.com/in/dineshbareja
Thank You !