INTERPOL Capacity Building and Training Activities Lili SUN Head of Training Unit – Cybercrime Directorate June 15, 2017 Outline

General introduction to

INTERPOL’s policing capabilities for cyberspace

Cyber capacity building programmes

The way forward History of 100 years

First International Criminal Renamed as International Official inauguration of the Police Congress held in Criminal Police INTERPOL Global Complex for Innovation in Singapore. Monaco. Organization-INTERPOL 1914 1956 2015

1946 1989 •Rebuilding of the organization after INTERPOL moves its General the end of World War II Secretariat to Lyon, France. •A new headquarters set up in Paris •INTERPOL colour-coded notice system initiated EU OFFICE

LYON FRANCE

UN OFFICE LO BANGKOK RB AU OFFICE SAN SALVADOR RB ABIDJAN RB NAIROBI IGCI RB SINGAPORE RB RB HARARE BUENOS AIRES YAOUNDE A Global Presence Organized and Emerging Crime Cybercrime

Counter-Terrorism

Global Facilitator 17 databases

Nominal Stolen Motor Vehicles DNA

Stolen & Lost Fingerprints Ballistic Information Travel Documents

Police Databases • A warning system- INTERPOL Notices I-24/7

Secure Communication System(VPN) Project “Follow the Sun” Singapore Lyon Buenos Aires

GMT 22:45 – 07:15 GMT 06:45 – 15:15 06:45 - 15:15 (local time) 07:45 - 16:15 GMT 14:45 – 23:15 (Winter - local time) 11:45 - 20:15 pm 08:45 - 17:15 (local time ) (Summer - local time) Command and Coordination Centre (CCC)

1 INFORMATION SHARING AND ANALYSIS

INFORMATION SHARING AND ANALYSIS

2 GLOBAL COORDINATION IN CYBERCRIME INVESTIGATIONS

GLOBAL COORDINATION IN CYBERCRIME INVESTIGATIONS

3 DIGITALDIGITAL FORENSICSFORENSICS DIGITAL FORENSICS Provide digital forensic on-site assistance

Provide guidance Develop and on using digital TEXT provide specific forensic tools and training courses equipment

Contribute to international standards issuance 4 CYBER TRAINING

CYBER TRAINING • INTERPOL e-learning modules on cybercrime • INTERPOL Specialized Training • Training on Darknet and Cryptocurrencies • INTERPOL Digital Security Challenge National Cyber Review (NCR)

• Assess and learn from different methods of combating cybercrime • Towards more harmonized global outlook CAPACITY OF CYBER THREAT TREND FRONTLINE AND FIRST RESPONDER CAPACITY OF TO HANDLE COOPERATION WITH THIRD PROSECUTION AND CYBERCRIME INCIDENT PARTIES JUDICIAL SERVICES FOR CYBERCRIME RESPONSE MATTERS DIGITAL FORENSICS GOVERNANCE LEGISLATION INTERNATIONAL COOPERATION CAPACITY OF LAW ENFORCEMENT AGENCIES TO PREVENT AND INVESTIGATE CYBERCRIME

Assessment Areas Assessment CYBER SECURITY & CYBERCRIME STRATEGY

TRAINING Identify specific training needs

Assist in setting up cybercrime investigation DESIRED or digital forensics OUTCOMES Understand the strength and weakness, as well as identify gaps

Observations and recommendations for enhancing existing institutional, operational, legal and technical framework Completion of Report Initiation of National Cyber Review Preparation of Report NCR Life Cycle Inputs to Preliminary Questionnaire Country-Visit Consultation Information Research & Analysis ASEAN Cyber Forensic Investigation Capability

Project start date: 01/01/2015 Project end date: 31/03/2016

Beneficiary agencies: Specialized units of the Law Enforcement Agencies (LEAs) of ASEAN Countries

Funded by: Cybercrime Capacity in and the Caribbean

THE CARIBBEAN: ANTIGUA & BARBUDA, ARUBA, Project start date: 01/12/2015 MEXICO BAHAMAS, BARBADOS, CUBA, CURACAO, DOMINICAN , DOMINICA, GRENADA, Project end date: 31/03/2017 HAITI, JAMAICA, SINT MAARTEN, ST KITTS & NEVIS, BELIZE ST LUCIA, ST VINCENT & THE GRENADINES, HONDURAS TRINIDAD & TOBAGO, TURKS & CAICOS GUATEMALA EL SALVADOR GUYANA SURINAME COLOMBIA Beneficiary agencies: Cybercrime ECUADOR investigators from targeted member PERU countries in Latin America and the Caribbean.

Funded by: ASEAN Cyber Capacity Development Project

Project start date: Oct. 2016 Project end date: Sep. 2018

Beneficiary agencies: Specialized units of the Law Enforcement Agencies (LEAs) of ASEAN Countries

Funded by: Ministry of Foreign Affairs of Japan Implementation of Objective 2 activities of GLACY+ Project

Project start date: 01/03/2017 Project end date: 29/02/2020

OTHER POTENTIAL PRIORITY COUNTRY: KENYA, NIGERIA AND OTHER COUNTRIES IN CARIBBEAN, LATIN AMERICA AND ASIA/PACIFIC Beneficiary agencies: Law enforcement officer responsible for cybercrime and electronic evidence in beneficiary countries in Africa, Asia/Pacific, Caribbean and Latin America region. The Way Forward

INTERPOL Standardized INTERPOL Cyber Cyber Curriculum Capacity-Building De-confliction …… Tool/Platform

A B C • Challenges on cybercrime training – Improving learning effectiveness – Expanding library of content and training programs – Delivering consistent service – Reducing development cycle times • Expectations of member countries for INTERPOL • Roles identified in the Cybercrime lifecycle

Digital First Forensics Responder Specialist

Cybercrime Investigator Intelligence Analyst

Judge/ Management Prosecutor • Frontline officer – Knowledge of ICT – Knowledge of current legislation and policies related to crimes using technology – Could handle digital evidence properly • Digital Forensics Specialist – Advanced cybercrime awareness – Advanced knowledge of legal and jurisdiction issues – Expert knowledge in one or more forensics areas – Data recovery – Chip off forensics – Memory forensics – Malware analysis and reverse engineering • Police Officers in various operational units – Technical skills – Legal skills • Cybercrime Intelligence Analyst – Strategic and operational crime analysis – Analytical and visualization tools – Big data management and analysis – Social networks and OSINT • Management – Profound knowledge of cybercrime – Advanced knowledge of legal and jurisdiction issues – Effective relationship management in international cooperation • Judge/Prosecutor – High level cybercrime awareness – Knowledge of legal and jurisdiction issues – Knowledge of the institutional framework for international cooperation TRAINING AWARENESS

Responders Track Digital Forensics Track Investigations Track Intelligence Track Management Track Judiciary Track

Introductory Open Source IT General Cybercrime Awareness and General Cybercrime Awareness General Cybercrime Awareness General Cybercrime Awareness General Cybercrime Awareness Forensics types of cybercrimes and types of cybercrimes and types of cybercrimes

Network Investigations Strategic and operational crime Specialist INTERPOL Certified Crime Scene Atendance Core Mobile Phone Forensics Cybercrime legal issues Cybercrime legal issues Fundamentals analysis

Basic Commercial Tools Internet Investigation Managing a Cybercrime/Digital Network Investigations Understanding Digital Evidence

Training Fundamentals Forensics Unit Fundamentals Fundamentals

Network Investigations Windows Forensics(NTFS) Cybercrime legal issues Fundamentals

Managing a Cybercrime/Digital Cyber legislation concepts Live Data Forensics Internet investigations Analytical and visualisation tools Internet investigations Forensics Unit

Intermediate Network Network Investigations Managing an international cyber Risks of cyber investigations Network Investigations Network Investigations Forensics Fundamentals investigation

Intermediate Mobile Phone Linux as an Investigative Tool, part Social media and Open Source Social media and Open Source Internet investigations

Forensics 1 Intelligence (OSINT) Intelligence (OSINT) Intermediate Linux as an Investigative Tool, Social media and Open Source Big data management and Network Investigations part 2 Intelligence (OSINT) analysis

Introduction to Malware Analysis

Linux as an Investigative Tool, part Social media and Open Source Jurisdiction specific SOP Forensic Scripting Databases and data mining 2 Intelligence (OSINT)

INTERPOL Certified Expert INTERPOL Certified

Awareness on new trends in Deep web and Virtual - Advanced Malware Analysis technology Doarklis

Cloud forensics Wireless LAN & VOIP Investigations

Cryptocurrencies forensics DNS abuse and criminal use of DNS Advanced

IOT devices

Advanced Mobile Forensic Techniques: JTAG and Chip- off Forensics

Decryption

Audio/Video Forensics

Advanced Commercial Tools Training • A certification system – INTERPOL Certified Cyber Fundamentals – INTERPOL Certified Specialist – INTERPOL Certified Expert • A Train the Trainer approach – Scalable – Sustainable Capacity Requestors builders

De-confliction Tool

Facilitator Optimizing resource utilization/prioritization 1

Coordinate efforts between capacity builders 2

Window for global cyber capacity buidling 3 ghg

Africa

Pacific ASEAN

Mid East LATAM Current status – Platform has been deployed on INTERPOL Secure Cloud – A working prototype stage – Access to approved users will be by username/password issued by INTERPOL, via INTERPOL secure website (https) Questions: • Priority countries? Any relating programmes? • Challenges & solutions? • The best way to progress? • Any other matters? نشكركم جزيل الشكر على انتباهكم Thank You-Merci-Gracias [email protected]