THE PRESENTATION WILL CENTRE ON:

OVERVIEW OF CLOUD COMPUTING◦ CLOUD COMPUTING – WHAT IS IT?◦ Conceptual & definitional Issues

SECURITY ISSUES (Public, Enterprise/Private)

Engaging the Challenges with CERTs Readiness

Conclusion And Recommendation

PRESENTAION OUTLINE

 Globalised Digital Entrapment 

Today, the world is constructing a Digital Web – which in ‘architectural -construct’ is not too different from the natural Spider-web.

It can therefore be rightly said therefore that Man has become entrapped in its own techno-knowledge dynamics?

Some of the most critical cyber crimes are:

◦ Insiders, Hackers (or "crackers"), "Hacktivism." Or Political Hacking, Criminal Groups, ◦ The Phonemasters', Internet Fraud, Foreign intelligence services. Information Warfare, ◦ Virus Writers, Internet Fraud, Identity Theft, Child Pornography, Terrorists  and many

more!

◦ Recognizing this emerging problem, the US Vice-President Al Gore asked the Attorney General on February 26, 1999, to study the problem and to report back with recommendations on how to protect people from this threat.

It is estimated that identity theft has become the fastest-growing financial crime in America and perhaps the fastest-growing crime of any kind in that society. With Identity Theft, questions often asked is:

Is There Another You?:  

Overview of Globalised Cyberspace

Cloud computing is a paradigm shift influenced by the shift from “Mainframe” to “Client-Server” in the early 1980s.

Cloud computing describes a new Roadmap

for user needs, consumption, and delivery model for IT services based on the Internet.

It typically involves “Internet-centric” and dependent provision of dynamically scalable and often “virtualized” resources.

Conceptual & Definitional Issues

Conceptual & Definitional Issues

The Nature of the Problem - Crime of the new millennium.

Cybercrime and in particular – Digital Espionage and Identity theft have been referred to by some as the crime of the new millennium.

It can be accomplished anonymously, easily, with a variety of means, and the impact upon the victim can be devastating. Identity theft is simply the theft of identity information such as a name, date of birth, Social Security number (SSN), or a credit card number.

  Victims of identity theft often do not realize they have become

victims until they attempt to obtain financing on a home or a vehicle. Only then, when the lender tells them that their credit history makes them ineligible for a loan, do they realize something is terribly wrong.

Cybersecurity: Nature of the Problem

WHAT IS IN THE CLOUD? Why is Africa Missing in the Cloud?

Cloud application services or “Software as a Service (SaaS)" deliver Software Solutions as a service over the Internet, eliminating the need to install and run the application on the customer's own computers and simplifying maintenance and support.

People tend to use the terms ‘SaaS’ and ‘cloud’ interchangeably. However, they are 2 different things. Key characteristics include:

Network-based access to, and management of, commercially available (i.e., not custom) software

Activities that are managed from central locations rather than at each customer's site, enabling customers to access applications remotely via the Web

Application delivery that is typically closer to a one-to-many model (single

instance, multi-tenant architecture) than to a one-to-one model, including architecture, pricing, partnering, and management characteristics

Centralized feature updating, which removes the need for downloadable patches and upgrades.

THE CLOUD CRITICAL ISSUES : ( SaS)

Cloud infrastructure services, also known as "Infrastructure as a Service (IaaS)", delivers computer infrastructure - typically a platform virtualization environment - as a service.

Rather than purchasing servers, software, data-center space or network equipment, clients instead buy those resources as a fully outsourced service.

Suppliers typically bill such services on a utility computing basis and amount of resources consumed (and therefore the cost) will typically reflect the level of activity.

IaaS evolved from virtual private server offerings.

CLOUD Infrastructure

DEPLOYMENT MODELS

CYBERSECURITY : DE-CLOUDING THE RISKS

Centralized Security Issues of Cloud Computing◦ Could improve due to centralization of data, increased security-

focused resources, etc. ◦ But concerns can persist about loss of control over certain

sensitive data, and the lack of security for stored kernels.

◦ Security is often as good as or better than under traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford.

◦ Providers typically log accesses, but accessing the audit logs themselves can be difficult or impossible.

◦ Furthermore, the complexity of security is greatly increased when data is distributed over a wider area and / or number of devices.

Security in the Cloud?

Most cloud computing infrastructures consist of services delivered through common centers and built on servers.

Clouds often appear as single points of access for consumers' computing needs.

Managing the Risks In the Cloud

Security researchers said they have discovered software capable of stealing information installed on computers in 103 countries from a network that targeted government agencies.

The software infected more than 1,200 computers, almost 30% of which were considered high-value targets, according to a report published Sunday by Information Warfare Monitor, a Toronto-based organization.

China Journal: China Responds to Attack Reports Information Warfare Monitor report: "Tracking GhostNet" A report by researchers at Cambridge University: "The snooping dr

agon"

CYBERCRIME:HOW MUCH DO WE KNOW

Is the Digital World is Under siege? Today, there are now more Cybers–espionage attacks in the global

cyberspace than virus attacks! Apparent attacks suggest that cyberespionage is on the rise.

Few years ago, Kevin Chilton, commander of the U.S. Strategic Command, said military computer networks are increasingly coming under attack from hackers trying to steal information, many of whom he said appeared to have ties to China. (China had denied this).

The number of targeted attacks suspected of being espionage attempts detected by researchers at MessageLabs, a division of Symantec Corp., jumped from one or two per week in 2005 to an average of 53 a day in 2008.

Among the affected computers were those in embassies belonging to Germany, India, and Thailand, ministries of Iran and Latvia, and a computer network operated by critical organization around the world.

Cyber Attacks and Warefare

In the attacks tracked by the Canadian researchers, the installed software provided near-complete control over the victims' computers.

Attackers could steal files, capture passwords, and even activate a Web camera.

CYBER ATTACKS

The challenges that law enforcement agencies face in the battle with cybercrime generally being divided into three categories:

a) Technical challenges that hinder law enforcement's ability to find and prosecute criminals operating online;  

b) Legal challenges resulting from laws and legal tools needed to investigate cybercrime lagging behind technological structural, and social changes; and

c) Operational challenges to ensure that we have created a network of well-trained, well-equipped investigators and prosecutors who work together with unprecedented speed - even across national borders.

Technical Challenges: Legal

The availability of an underground market in which to sell stolen digital information provides criminals with more financial incentives to offend.

The chart following shows the main locations of servers hosting such underground markets, with 58 percent located in north America and 39 percent in western Europe (Symantec 2007), as might be expected in countries with extensive computer infrastructure.

UNDERGROUND SERVER MARKETS

LOCATION OF UNDERGROUND SERVERS

Source: Adapted from Symantec 2007:

Some of these are obviously more significant than others. 

The theft of national security information from a government agency or the interruption of electrical power to a major metropolitan area have greater consequences for national security, public safety, and the economy than the defacement of a web-site. 

But even the less serious categories have real consequences and, ultimately, can undermine confidence in e-commerce and violate privacy or property rights. 

A website hack that shuts down an e-commerce site can have disastrous consequences for a business. 

An intrusion that results in the theft of credit card numbers from an online vendor can result in significant financial loss and, more broadly, reduce consumers' willingness to engage in e-commerce. 

Because of these implications, it is critical that we have in place the

programs and resources to investigate and, ultimately, to deter these sorts of crimes”.

CYBER ATTCAKS

The followings are the critical view-points worthy of consideration:

Technology Viewpoint• Advances in high-speed telecommunications, computers and other technologies are creating new opportunities for criminals, new classes of crimes, and new challenges for law enforcement.

Economy Viewpoint• Possible increases in consumer debt may affect bankruptcy filings.• Deregulation, economic growth, and globalization are changing the volume and nature of anticompetitive behavior.• The interconnected nature of the world’s economy is increasing opportunities for criminal activity, including money laundering, white-collar crime and alien smuggling.

Government Viewpoint• Changes in the fiscal posture or policies of state and local governments could have dramatic effects on the capacity of state and local governments to remain effective law enforcement partners.

Evaluation of Cybersecurity Viewpoints

Evaluation of Cybersecurity Viewpoints

Globalization Viewpoint • Issues of criminal and civil justice increasingly transcend national

boundaries, require the cooperation of foreign governments, and involve treaty obligations, multinational environment and trade agreements and other foreign policy concerns.

Social-Demographic Viewpoint • The numbers of adolescents and young adults, now the most crime-prone

segment of the population, are expected to grow rapidly over the next several years.

The Unpredictable Viewpoint • The Global War on Terrorism requires continual adjustments to new

conditions. The Department is determined to proactively confront new challenges in its effort to protect the Nation.

• Response to unanticipated natural disasters and their aftermath, which require the Department to divert resources in an effort to deter, investigate and prosecute disaster-related federal crimes such as charity fraud, insurance fraud and other crimes.

• Changes in federal laws may affect responsibilities and workload. • Much of the litigation caseload is defensive. T

A multitude of threats exist for mobile devices, and the list will

continue to grow as new vulnerabilities draw the attention of malicious actors. This paper provides a brief overview of mobile device malware and provides information on the following threats to mobile devices:

Social engineering;

Exploitation of social networking;

Mobile botnets;

Exploitation of mobile applications; and

Exploitation of m-commerce

CLOUD ACTIVITIES AND THREATS

FlexiSpy is commercial spyware sold for up to $349.00 per year.

Versions are available that work on most of the major smartphones, including Blackberry, Windows Mobile, iPhone, and Symbian-based devices.

The following are some of the capabilities provided by the software

COMMERCIAL SPY SOFTWARE

Listen to actual phone calls as they happen;

Secretly read Short Message Service (SMS) texts, call logs, and emails;

Listen to the phone surroundings (use as remote bugging device);

View phone GPS location;

Forward all email events to another inbox;

Remotely control all phone functions via SMS;

Accept or reject communication based on predetermined lists; and

Evade detection during operation.

FlexiSpy claims to help protect children and catch cheating spouses, but the implications of this type of software are far more serious.

Imagine a stranger listening to every conversation, viewing every email and text message sent and received, or tracking an individual’s every movement without his or her knowledge.

SPY SOFTWARE CAPABILITIES

Cybercrime is a very serious challenge to Global development endeavor of the New Millennium. This new information order presents a lot of opportunities, benefits and equal risks to the brave new world.

Each nation owes it a responsibility to the world to come up with responses on how to combat Cybercrime.

Private and Public sectors must collaborate to resolve issues of standards and procedures. It has been noticed that the efforts of the Council of Europe on Cybercrime has received International attention.

Need for a Convention on Cyber Crime as multilateral instrument specifically designdedS to address the problems posed by the spread of criminal activity in computer networks. 

Way Forward Recommendation for Nigeria

Create National Cybersecuritty & Cybercrime Film & Documentary on the critical issues (Positive and Negative) on impact of the Internet on Nigerians and Africans.

Establish Nigeria ‘s IT Presence in the Silicon valley, Bangalore, Israel, Russia, etc.

Establish a Framework for National Software Policy and Legislation

Establish National e-Government Academies at Federal, State and Local Government Levels.

Build and Develop critical mass (Capacities/Capabilities) for Software Code Warriors . Establish a Cybercrime Reporting Centre

Develop Cloud Technology Technical Negotiators Specialists.

Maintain up-to-date software, including operating systems and applications;

Install anti-virus software as it becomes available and maintain up-to-date signatures and engines;

Enable the personal identification number (PIN) or password to access the mobile device, if available;

Encrypt personal and sensitive data, when possible;

Disable features not currently in use such as Bluetooth, infrared, or Wi-Fi;

Set Bluetooth-enabled devices to non-discoverable to render them invisible to unauthenticated devices;

Use caution when opening email and text message attachments and clicking links;

Avoid opening files, clicking links, or calling numbers contained in unsolicited email or text messages;

Avoid joining unknown Wi-Fi networks;

Delete all information stored in a device prior to discarding it; and

Maintain situational awareness of threats affecting mobile devices.

Anti-virus software exists for some mobile devices, which is one component of a layered

RECOMMENDATION