Denis Edgar-Nevill

Denis Edgar-Nevill Cybercrime Security SG Cybercrime Can’t be Defeated – Just Lived With! Denis Edgar-Nevill Chair, BCS Cybercrime Forensics SG 11th March 2014 Tidal Wave of Cybercrime Zero Day Problem

• A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability.

Zero Day Problem

How do we avoid everyday being a zero-day? What We Need to Know

CYBERCRIME FORENSIC TECHNIQUES AND PRACTICAL SKILLS IMPLEMENTATION

HISTORY of CYBERCRIME The Language of Cybercrime Overlapping Vocabularies

LAW COMPUTING INFORMATICS

CYBERCRIME FORENSICS

BUSINESS FORENSIC SCIENCE Cybercrime Forensic Terms

• BACKSCATTER • DROPPER • GOOGLEDORK • PHLASHING • RADICAL TRANSPARENCY • MUNG • MUNGE • TYPO-SQUATTING • WABBIT • BULLET TIME

Cybercrime Forensic Terms

• BACKSCATTER – Undeliverable replies from attacks using IP address spoofing;

• DROPPER - Software used to install malware on a computer;

• GOOGLEDORK – System which gives away information in error messages;

• PHLASHING – Permanent DOS attack corrupting firmware in network devices;

• RADICAL TRANSPARENCY – Hackers deliberately not hiding their identities;

• MUNG – Mash Until No Good - Destroy data beyond recovery;

• MUNGE - Modify Until Not Guessed Easily - Minor changes to passwords to make them harder to guess);

• TYPO-SQUATTING - Registering with minor typo differences to well-known sites;

• WABBIT – Self-replicating process in memory (e.g. Fork Bomb);

• BULLET TIME – Slowing down traffic/give time for defence systems to be activated; Malware Names

• TUESDAY VIRUS – Triggered on Tuesdays • FLAME VIRUS – Displays flames on screen • PIKACHU VIRUS – Display message including this name of a Pokémon cartoon character • JERUSALEM VIRUS – Malware discovered in Israel • KOOBFACE WORM – Named after the hacker group which produced it

Those that detect viruses name them – not the authors! Malware Names

• HLUX BOTNET – Kaspersky Labs • KEILIHOS BOTNET - Microsoft Malware Names

•JERUSALEM VIRUS •NOV30 VIRUS, LEE MORTON’S LOVER VIRUS, PHENOMEN VIRUS, PLO VIRUS, PUERTO VIRUS, RUSSIAN VIRUS, SPANISH VIRUS, STANDARD.AA33CCDDEE VIRUS, STANDARD.NOCOMMAND VIRUS, STANDARD.NULL VIRUS, STANDARD.SUMSDOS VIRUS, STANDARD.UMSDOS VIRUS, STANDARD.VAR VIRUS ...

People - Cybercriminals

• ABNOW, ACID PHREAK, AUTOMATIC JACK, BADB, BILLY_THE_KID, THE MENTOR, BLUE ARCHER, BYTE BANDIT, CURRUPT, EBA, ERIC BLOODAXE, ICEMAN, JESTER SLUGGO, KERRANG KAHN, KING BLOTTO, KROTREAL, LEDED, THE LEFTIST, LEMON LI, LEX LUTHOR, LORD DIGITAL, LORD MICRO, MARAUDER, MARK TABAS, MIXER, NETWIZ, N00GIE, OXOMAR, PEABODY, PHASE JITTER … People

• SOLO • Gary McKinnon - Hacked NASA and USDOD sites between February 2001 and March 2002 • CAPTAIN CRUNCH • John Draper - One of the first HACKERS in the United States of America in a practice known as phone phreaking. He was sentenced to five years’ probation for toll fraud in 1972; • PHIBER OPTIK • Mark Abene - Formed the Masters of Deception (MODS) hacker group responsible for extensive phone phreaking in New York in the 1990’s; • MEGA-D • Oleg Nikolaenko - Arrested in Las Vegas in the United States of America in November 2010. Set up a botnet of more than 500,000 computers sending around one third of the world’s SPAM per day.

Examples of Cybercrime Parking Your Car Selling a Puppy Selling a Puppy

Cheque Clears

£x times 3!

Cheque Cancelled £x Criminal = £x + puppy You = - (£x + puppy)

Commercial Music

iTunes Commercial Music

iTunes Car Radio

“Go back to the garage where you bought the car – and ask them for the code” File Previews Impossible to Police All Cybercrime

very serious crime NCA (National Crime Agency) International/national (e.g. money laundering, CEOP people trafficking, (Child Exploitation and national security) Online Protection Centre) serious crime, Investigated PCeU national/regional Police Central e-Crime Unit (e.g. paedophilia, pornography, blackmail, robbery, offences against the Regional Forces person) Not Investigated low-level computer Cybercrime crime Why We Can’t Defeat Cybercrime

Recognised Need To be Careful

Complexity of Cybercrime Infrastructure

PUBLIC PERCEPTION

25 Continuing Professional Development Professional Body Organisations

1,626 members in 55 countries Regular Updates Centres of Excellence ECENTRE England’s Cybercrime Centre of Excellence Network for Training, Research and Education Networking Conferences European Centres of Excellence Local Centres Thank You

Denis Edgar-Nevill

Chair, BCS Cybercrime Forensics Specialist Group Head, Centre of Cybercrime Forensics Canterbury Christ Church University [email protected]