DOCSLIB.ORG

Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime the Report of the Inquiry Into Cyber Crime

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime the Report of the Inquiry Into Cyber Crime The Parliament of the Commonwealth of Australia Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime The Report of the Inquiry into Cyber Crime House of Representatives Standing Committee on Communications June 2010 Canberra © Commonwealth of Australia 2010 ISBN 978-0-642-79313-3 (Printed version) ISBN 978-0-642-79314-0 (HTML version) Contents Foreword ............................................................................................................................................. ix Membership of the Committee .......................................................................................................... xiii Terms of reference ............................................................................................................................. xv Glossary and abbreviations .............................................................................................................. xvii List of recommendations ................................................................................................................. xxiii 1 Introduction ........................................................................................................... 1 Referral of the Inquiry .................................................................................................................. 2 Definition of Cyber Crime ............................................................................................................ 3 Overview of the Report ............................................................................................................... 4 2 Nature, Prevalence and Economic Impact of Cyber Crime ............................... 9 Introduction ............................................................................................................................... 9 Nature of cyber crime ............................................................................................................... 9 Cyber crime and the Internet ..................................................................................................... 10 Why do people commit cyber crime? ........................................................................................ 10 How do people currently commit cyber crime? .......................................................................... 11 The cyber crime industry ........................................................................................................... 23 Who commits cyber crime? ....................................................................................................... 28 Who are the victims of cyber crime? ......................................................................................... 29 Prevalence of Cyber Crime ..................................................................................................... 31 Current level of cyber crime threat ............................................................................................ 31 The outlook for cyber crime in Australia .................................................................................... 34 iv Economic impact of cyber crime ........................................................................................... 38 Committee View ........................................................................................................................ 41 3 Research and Data Collection ........................................................................... 43 Introduction ............................................................................................................................. 43 Current research and data collection .................................................................................... 43 Challenges to research and data collection ......................................................................... 48 Compatibility of data .................................................................................................................. 48 Under reporting ......................................................................................................................... 49 Information for policy development ........................................................................................... 51 Committee View ........................................................................................................................ 52 4 Community Awareness and Vulnerability ........................................................ 55 Introduction ............................................................................................................................. 55 Levels of Awareness and Uptake of E-security Measures .................................................. 55 Issues that contribute to low levels of awareness ............................................................... 59 Committee View ........................................................................................................................ 60 5 Domestic and International Coordination ......................................................... 61 Introduction ............................................................................................................................. 61 Cyber Security Strategy ............................................................................................................ 61 Domestic Policy Coordination ............................................................................................... 62 National Coordination of Cyber Space Policy ............................................................................ 63 Committee View ........................................................................................................................ 67 International Engagement ...................................................................................................... 68 Committee View ........................................................................................................................ 71 Law Enforcement Coordination ............................................................................................. 72 Cyber Crime Reporting and Assistance .................................................................................... 72 High Tech Crime Operations Centre ......................................................................................... 75 Cyber Crime Reporting ............................................................................................................. 77 Recent Innovations in Cyber Crime Reporting .......................................................................... 79 A New National Approach to Cyber Crime Reporting ................................................................ 82 Committee View ........................................................................................................................ 87 Criminal Law Enforcement Coordination .............................................................................. 89 Training and development...................................................................................................... 91 v Committee View ........................................................................................................................ 93 Public-Private Cyber Crime Intelligence Sharing ................................................................. 93 Committee View ........................................................................................................................ 99 6 Criminal and Law Enforcement Framework ................................................... 103 Introduction ........................................................................................................................... 103 Criminal Law .......................................................................................................................... 103 Computer Offences ................................................................................................................. 104 Identity Fraud Offences ........................................................................................................... 105 Commentary ........................................................................................................................... 106 Committee View ...................................................................................................................... 108 Law Enforcement Powers to Obtain Digital Evidence ....................................................... 109 Crimes Act 1914 (Cth) – Investigative Powers ........................................................................ 110 Telecommunications (Interception and Access) Act 1979 (Cth) .............................................. 111 Surveillance Devices Act 2004 (Cth) ....................................................................................... 112 Admissibility of Evidence ......................................................................................................... 113 Foreign business records ........................................................................................................ 113 International Cooperation ........................................................................................................ 114 Committee View .....................................................................................................................
Load more

Recommended publications
  • Telecommunications Infrastructure Support Guide
    Telecommunications Infrastructure Support Guide Making the most of the nbn and the Mobile Black Spot Program First Edition — October 2016 A NSW Government Initiative Front Cover: Ed Fagan, Cowra Address & Contact Details Photo: Kate Barclay Suite 4, 59 Hill Street First Edition published in 2016 by Regional Development Australia (PO Box 172) Central West, Orange, NSW. ORANGE NSW 2800 02 6369 1600 This publication is copyright. Apart from any fair use as permitted under the Copyright www.rdacentralwest.org.au Act 1968, no part may be produced by any process without permission from the publisher. All For any questions relating to this guide or the information Rights Reserved. contained herein, please feel free to contact RDA Central West and we will endeavour to provide assistance where possible. Disclaimer: Information provided in this publication is intended as a general reference and is provided About Regional Development Australia Central West in good faith. It is made available on the understanding that Regional Development Australia RDA Central West is a Commonwealth and State funded not-for- Central West is not engaged in rendering professional advice. profit organisation responsible for the economic development and long term sustainability of the NSW Central West region. Regional Development Australia Our organisation is overseen by a Committee of dedicated local Central West makes no leaders who possess a wide cross section of professional skills and statements, representations, or warranties about the accuracy experience. or completeness
    [Show full text]
  • Webproxy, DNS Hijacking, Layer Seven Level Security Approach: to Protect SAAS from Web Based DDOS and Web Service Based DDOS Attacks in Cloud
    International Journal of Engineering Research & Technology (IJERT) ISSN: 2278-0181 Vol. 2 Issue 2, February- 2013 Webproxy, DNS Hijacking, Layer Seven Level Security Approach: To Protect SAAS From Web based DDOS and Web Service Based DDOS Attacks In Cloud S.Tamilselvi1, Dr.S.Tamilarasi2,S.Loganathan3 1. M. tech , ISCF, Dr.mgr educational and research institute, chennai 2. Associate Professor, CSE, Dr.mgr educational and research institute, chennai 3.Assistant Professor, ECE, Paavai Engineering College , Namakkal, Tamil Nadu ABSTRACT Cloud services offers platform services, software services, infrastructure services via web services. Cloud computing is an emerging trend in business these type of services increases vulnerability which world. Provide services to its customers on demand, invite attackers. common vulnerabilities are services like Infrastructure services , Platform services , Software services , Network services so Security level attacks: on. Resources are maintained in the virtualIJERT IJERT datacenters for both private and public clouds. Saas 1. Dictionary attacks contains web application services, windows 2. Brute force attacks application services, tools services, console 3. Spoofing application services, third party software services so 4. Credential theft on. In web application services web based distributed 5. Password cracking denial and web services based distributed denial of attack is easily implemented hacker because web Management level attacks: application transmitted through hypertext transfer protocol and web services through XML, WSDL .In 1. Credential theft 2. Elevation of privileges this paper we introduce DNS hijacking security, Web 3. luring proxy implementation, application level security to resolve web based and web services based distributed Infrastructure layer security attacks: denial of service attacks. 1.
    [Show full text]
  • Infoblox White Paper
    Enterprise Strategy Group | Getting to the bigger truth.™ White Paper Enterprise DNS Security By Jon Oltsik, Senior Principal Analyst March 2018 This ESG White Paper was commissioned by Infoblox and is distributed under license from ESG. © 2018 by The Enterprise Strategy Group, Inc. All Rights Reserved. White Paper: Enterprise DNS Security 2 Contents Executive Summary ................................................................................................................................................................. 3 The State of Cybersecurity in 2018 ......................................................................................................................................... 3 DNS and Cybersecurity ............................................................................................................................................................ 5 DNS for Cybersecurity Advantage ....................................................................................................................................... 5 Enterprise-Class Secure DNS ................................................................................................................................................... 6 Enter Infoblox ActiveTrust Suite (Cloud and On-premises) ................................................................................................ 7 The Bigger Truth .....................................................................................................................................................................
    [Show full text]
  • Perth Public Hearing Transcript
    __________________________________________________________ PRODUCTIVITY COMMISSION INQUIRY INTO THE TELECOMMUNICATIONS UNIVERSAL SERVICE OBLIGATION MR P LINDWALL, Presiding Commissioner TRANSCRIPT OF PROCEEDINGS AT PERTH ON TUESDAY, 14 FEBRUARY 2017 AT 8.43 AM Telecommunications 14/02/17 1 © C’wlth of Australia INDEX Page MR BRUCE BEBBINGTON 4-7, 88 MIDWEST DEVELOPMENT COMMISSION MR ROBERT SMALLWOOD 17-31 SHIRE OF CUBALLING MR GARY SHERRY 32-37 REGIONAL DEVELOPMENT AUSTRALIA WHEATBELT MS JULIET GRIST 37-46, 87-88 MEMBER FOR AGRICULTURAL REGION THE HON. MARTIN ALDRIDGE MLC 46-55 GREAT NORTHERN TELECOMMUNICATIONS MR ANDREW MANGANO 55-63 SHIRE OF COOROW MR TED JACK 63-73, 86-87 WA DEPARTMENT OF REGIONAL DEVELOPMENT MR KEVIN LEE 73-76 ISOLATED CHILDREN’S PARENTS’ ASSOCIATION WA MS ELYCE DONAGHY 76-78 WHEATBELT BUSINESS NETWORK MS AMANDA WALKER 79-86 TELSTRA MR BOYD BROWN 89 SHIRE OF WESTONIA MR JAMIE CRIDDLE 89-90104-106 Telecommunications 14/02/17 2 © C’wlth of Australia MR LINDWALL: Good morning. Welcome to the public hearings for the Productivity Commission inquiry into the Telecommunications Universal Service Obligation. My name is Paul Lindwall and I am the Commissioner for the inquiry. I would like to start off with a few housekeeping matters. In the event of an emergency, Travelodge Hotel staff will direct or assist people in evacuating and moving to the Assembly points. We will be breaking for morning tea at around 11 am. We look like we will be concluding the hearing around 1 pm. If you have any particular questions, or wish to present at this hearing, please see PaoYi here at the back, who can arrange you to present or make a statement.
    [Show full text]
  • Annual Report 2011
    Telecommunications Industry Ombudsman TELECOMMUNICATIONS INDUSTRY OMBUDSMAN 2011 ANNUAL REPORT A year of change CONTENTS ABOUT US 1 How the TIO works 1 Board and Council 2 THE YEAR AT A GLANCE 5 Ombudsman’s overview 5 A year of change 6 Highlights 7 Top trends 2010-11 8 PERFORMANCE 11 Resolving complaints 11 Our organisation 18 Contributing to the co-regulatory environment 22 Creating awareness 23 The Road Ahead 26 TIO IN NUMBERS 27 Complaint statistics 2010–11 27 Top 10 members 32 Complaints by member 37 Timeliness 49 Industry Codes 50 FiNANCiaL REPORT FOR THE YEAR ENDED 30 JUNE 2011 55 Financial report 56 APPENDICES 88 Appendix 1 Systemic issues 1 July 2010- 30 June 2011 88 Appendix 2 List of public submissions made by the TIO 91 Appendix 3 Calendar of outreach activities 93 Appendix 4 Issues by Category 94 Appendix 5 Explanation of TIO data terms 108 1 ABOUT US How the TIO works The Telecommunications Industry Ombudsman is a fast, free and fair dispute resolution service for small business and residential consumers who have a complaint about their telephone or internet service in Australia. We are independent and do not take sides. Our goal is to settle disputes quickly in an objective and non-bureaucratic way. We are able to investigate complaints about telephone and internet services, including by collecting all documentation and information relevant to the complaint. We have the authority to make binding decisions (decisions a telecommunications company is legally obliged to implement) up to the value of $30,000, and recommendations up to the value of $85,000.
    [Show full text]
  • Godaddy – Domain Hijacking
    Domain Hijacking Matthew C. Stith, Spamhaus Eddy Winstead, ISC April 29th, 2020 https://www.isc.org What we’re going to covering • What why and how of domain hijacking • Examples of various hijacking methods • High profile stories about hijacked domains • What can be done to protect domains and networks • Q&A 2 What is Domain Hijacking? • Malicious actors gaining access to the DNS records of a legitimate domains (which they do not own): • In some cases only the root domain’s DNS is changed. This is reflected in the WHOIS. • In other cases a new host (subdomain) is created with new DNS settings. This practice is called domain shadowing. This is not visible at the WHOIS level. 3 Why is it exploited? These following two factors lead to a positive reputation: • The age of the domain • The legitimacy of the domain Meaning many of these domains could be able to send email or serve content without much scrutiny from content or reputation filters. 4 How is it happening? Phishing Social Compromised Exploiting Malware engineering DNS weaknesses in applications 5 Investigating domain hijacking • Passive DNS data is collected with special Client queries local DNS resolver Passive DNS Data probes activated on a DNS Resolver. Domain not included in cache • The probes record anonymized cache Data from Query external root server recursive miss. segment is recorded • Data is collected through DNS recursive Domain not found servers. Query top level domain server • Simple and extensive search functionalities make this data easy to Domain not found Client
    [Show full text]
  • Regional Internet Access Survey Results, 2016
    Regional Internet Access Survey Results, 2016 The BIRRR Regional Access Survey results – a tool to assist in lobbying for Better Internet for Rural, Regional, and Remote Australia BIRRR #datadrought #fixbushinternet Produced by Rachel Hay for Better Internet for Rural, www.birrraus.com Regional and Remote Australia (BIRRR) www.facebook.com/groups/BIRRR/ 2 May 2016 2 This report is published under a Creative Commons License (http://creativecommons.org/licenses/by-nc-nd/3.0/) Publisher James Cook University Townsville, Australia ISBN XXX-X-XXXXXXX-X-X 3 Contents Executive Summary .......................................................................................................................... 7 About BIRRR (Better Internet for Rural Regional and Remote Australia) ......................................... 8 About the Survey ............................................................................................................................... 9 About the sample .............................................................................................................................. 9 About the dataset .............................................................................................................................. 9 Results ............................................................................................................................................ 10 SECTION 1 .................................................................................................................................. 14
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]
  • NBN Methodology Report
    ​Mozo Experts Choice Awards NBN Plans 2018 The Mozo Experts Choice Awards recognise products that deliver exceptional value to consumers. They’ve been running since 2014, but this is the first year they’ve been awarded to the best value NBN broadband plans. Product providers don’t pay to be in the running and we don’t play favourites. Our judges base their decision on hard-nosed calculations of value to the consumer, using Mozo’s extensive product database and research capacity. We identify the most important features of each product, group each product into like-for-like comparisons, and then calculate which are better value than most. Winning a Mozo Experts Choice Award means that a product is in the top 10% of products in terms of value for money. ● For product providers, it’s a third-party endorsement of their product. ● For consumers, it’s a sign that a product is among the leaders and is worthy of consideration. This report lists the winners and explains the judging methodology. 1 ​ NBN Plans - 2018 Winners NBN 25 Contract activ8me Sonic ActiveNet Fast AusBBS Standard Harbour ISP Standard myNetFone Standard 25 Spintel Standard Waterfront Networks NBN-25/5 NBN 50 Contract activ8me Super Sonic ActiveNet Faster Belong Standard Plus - Large Exetel Standard Plus Southern Phone Turbo Spintel Plus TPG Fast NBN 100 Contract activ8me HyperSonic ActiveNet Fastest AusBBS Premium Belong Standard Premium - Large Exetel Premium Harbour ISP Standard Plus Southern Phone Max Spintel Premium 2 ​ NBN 25 No Lock-in ActiveNet Fast AusBBS Standard Aussie
    [Show full text]
  • Optus Recognises That Such an Approach, Whilst It Has Strong Policy Merit, Might Be Challenging Politically
    Public Version | Page 1 Executive Summary 3 Developments in the sector have removed the need for a USO 5 Historical rationale of the USO 5 Current USO is a failed policy 7 There is no need for a USO 8 No justification for multiple sets of infrastructure to deliver USO 13 Retail competition over competitive infrastructure ensures supply 13 Current USO imposes high and untested costs 16 Extent of the current USO 16 Costs of the current USO 18 The USO distorts competition 22 Impact of USO on competitors 23 USO tax diverts competitive rural investment 25 Interaction with other government policies 25 Alternate USO policy options 27 A reformed USO should leverage off the NBN infrastructure 28 Promoting retail competition for provision of services 29 Keeping Telstra’s USO contractual position whole 31 Appendix A. Historic rationale of the USO 32 Appendix B. Issues Paper Questions 39 Public Version | Page 2 1.1 The Universal Service Obligation (USO) remains rooted in principles more applicable to the analogue era of telecommunications. It is predominantly focused on the delivery of fixed voice handsets and voice calls over fixed line copper connections. The widespread deployment and use of mobile, data and broadband services now render it increasingly inappropriate. 1.2 Three decades after the genesis of the USO the industry is vastly different from that which existed in the late 1980s: (a) Whilst Telstra retains a dominant position in the market, especially in regional Australia, competitive forces and regulation ensure that customers have access to genuine choice in a way that was not possible in the 1980s.
    [Show full text]
  • Annual Report 2005 5
    Telecommunications Industry Ombudsman Telecommunications Industry Ombudsman 2005 Annual Report Providing free, independent, just, informal and speedy Annual Report resolution of complaints 2005 Telecommunications Industry Ombudsman Limited ACN 057 634 787 Telephone 03 8600 8700 Facsimile 03 8600 8797 Freecall TH 1800 062 058 Freefax TH 1800 630 614 TTY 1800 675 692 Translator & Interpreter Service 131 450 Website www.tio.com.au Postal Address PO Box 276 Collins Street West Melbourne Victoria 8007 Australia Street Address Level 15, 114 William Street Melbourne Victoria 3000 Australia PROVIDING FREE, INDEPENDENT, JUST, INFORMAL AND SPEEDY RESOLUTION OF COMPLAINTS ABOUT TELECOMMUNICATIONS SERVICES. Established in 1993, the Telecommunications Industry Ombudsman Limited (TIO) is a free and independent dispute resolution service for residential and small business consumers who have been unable to resolve a complaint with their telephone or internet service provider. The TIO is wholly funded by telephone and internet service providers, who are required by law to be How to make a complaint part of, and pay for, the TIO Scheme. Before lodging a complaint with the TIO you should: • try to solve the problem with your telephone company The TIO’s Annual Report includes a comprehensive or Internet service provider review of complaint statistics for the 2004/05 • try to get the name of the person you spoke to at financial year. These statistics are published for the company • gather any papers relevant to the complaint, such as the information of consumers, and to help service contracts, bills or copies of correspondence (please do not providers identify areas where they can improve send original documents to the TIO).
    [Show full text]
  • DNS and the DNS Cache Poisoning Attack
    Lecture 17: DNS and the DNS Cache Poisoning Attack Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) June 25, 2021 3:21pm ©2021 Avinash Kak, Purdue University Goals: The Domain Name System BIND Configuring BIND Running BIND on your Ubuntu laptop Light-Weight Nameservers (and how to install them) DNS Cache Poisoning Attack Writing Perl and Python code for cache poisoning attacks Dan Kaminsky’s More Virulent DNS Cache Poisoning Attack CONTENTS Section Title Page 17.1 Internet, Harry Potter, and the Magic of DNS 3 17.2 DNS 5 17.3 An Example That Illustrates Extensive DNS 13 Lookups in Even the Simplest Client-Server Interactions 17.4 The Domain Name System and The dig Utility 28 17.5 host, nslookup, and whois Utilities for Name 42 Lookup 17.6 Creating a New Zone and Zone Transfers 45 17.7 DNS Cache 48 17.7.1 The TTL Time Interval 51 17.8 BIND 56 17.8.1 Configuring BIND 58 17.8.2 An Example of the named.conf Configuration File 64 17.8.3 Running BIND on Your Ubuntu Laptop 68 17.9 What Does it Mean to Run a Process in a 70 chroot Jail? 17.10 Phishing versus Pharming 73 17.11 DNS Cache Poisoning 74 17.12 Writing Perl and Python Code for Mounting a 81 DNS Cache Poisoning Attack 17.13 Dan Kaminsky’s More Virulent Exploit for 92 DNS Cache Poisoning 17.14 Homework Problems 99 Computer and Network Security by Avi Kak Lecture 17 Back to TOC 17.1 INTERNET, HARRY POTTER, AND THE MAGIC OF DNS If you have read Harry Potter, you are certainly familiar with the use of owl mail by the wizards and the witches.
    [Show full text]