Leveraging The Multi-Disciplinary Approach to Countering Organised Crime Anna Cevidalli Technical Report RHUL{MA{2010{06 31st March 2010 Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports ROYAL HOLLOWAY MSc PROJECT Anna Cevidalli Student Number: 100630541 Supervisor: John Austen Leveraging The Multi-Disciplinary Approach to Countering Organised Crime An Evaluation for Information Security and Business Professionals SEPTEMBER 2009 Submitted as part of the requirements for the award of the MSc in Information Security at Royal Holloway, University of London. I declare that this assignment is all my own work and that I have acknowledged all quotations from the published or unpublished works of other people. I declare that I have also read the statements on plagiarism in Section 1 of the Regulations Governing Examination and Assessment Offences and in accordance with it I submit this project report as my own work. Signature Date ACKNOWLEDGEMENTS I would like to thank the staff at Royal Holloway and especially John Austen, my Project Supervisor, for their invaluable support and assistance in completing this project. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anna Cevidalli RHUL MSc Project – September 2009 (Main Document) TABLE OF CONTENTS 1 INTRODUCTION.....................................................................................................................1 1.1 OVERALL PURPOSE ..................................................................................................................2 1.2 SPECIFIC OBJECTIVES ..............................................................................................................2 1.3 SCOPE ........................................................................................................................................3 1.4 METHODOLOGY .........................................................................................................................3 2 EXECUTIVE SUMMARY........................................................................................................5 3 OVERVIEW OF ORGANISED CRIME ..................................................................................7 3.1 DIFFERENT PERCEPTIONS ABOUT ORGANISED CRIME ..........................................................7 3.1.1 The International Perspective....................................................................................7 3.1.2 The Public/ Media Perspectives................................................................................8 3.1.3 The Government/ Law Enforcement Perspectives...................................................9 3.1.4 The Academic Perspective......................................................................................10 3.1.5 The Victim’s Perspective .........................................................................................10 3.1.6 The Economic Perspective......................................................................................11 3.1.7 The Corporate Perspective .....................................................................................11 3.1.8 The Information Security Perspective .....................................................................13 3.1.9 The Challenge of Synthesising Divergent Views....................................................15 3.1.10 The Multi-Disciplinary Perspective..........................................................................16 3.2 DISPELLING THE MYTHS .........................................................................................................18 3.2.1 The Limitations of Public Pronouncements and Statistics .....................................18 3.3 DEFINING THE REALITIES ........................................................................................................25 3.3.1 Organised Crime Groups ........................................................................................26 3.3.2 Technology-oriented and Online Organised Crime Groups...................................30 ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anna Cevidalli RHUL MSc Project – September 2009 (Main Document) 4 TECHNOLOGY AND ORGANISED CRIME .......................................................................32 4.1 ONLINE ORGANISED CRIME GROUPS AND INFORMATION TECHNOLOGY ............................32 4.1.1 Specific Threats Posed by Online Organised Crime Groups.................................33 4.1.2 Key Attributes of Information and Technology exploited by OOCGs.....................34 4.2 THE PROBLEM OF CRIMEWARE ..............................................................................................40 4.3 THE INTERNET AND THE WEB AS ATTACK VECTORS ............................................................43 5 THE BUSINESS OF ORGANISED CRIME.........................................................................45 5.1 THE IMPORTANCE OF ONLINE ORGANISED CRIME BUSINESS MODELS ..............................45 5.2 STRATEGIC ANALYSIS AND ONLINE ORGANISED CRIME GROUPS ......................................55 5.2.1 Employing Morphological Analysis within a Multi-Disciplinary Context .................56 6 CONCLUSION ......................................................................................................................59 7 REFERENCES......................................................................................................................62 8 KEY TERMS..........................................................................................................................93 8.1 DEFINITIONS OF KEY TERMS AS USED WITHIN THIS PAPER AND ITS APPENDICES ...........93 9 GLOSSARIES.......................................................................................................................95 9.1 GLOSSARY OF ACRONYMS ............................................................................................95 9.2 GLOSSARY OF INFORMATION SECURITY AND TECHNICAL TERMS USED WITHIN THIS PAPER AND THE APPENDICES ............................................................97 APPENDICES Appendix A Tables of organised crime characteristics (1 – 6) Appendix B Real-life online organised crime case studies Appendix C Morphological Analysis (MA) Methodology and Matrices Appendix D Information and IT Attributes Exploited by Offenders ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anna Cevidalli RHUL MSc Project – September 2009 (Main Document) 1 INTRODUCTION “The key to formulating effective responsive strategies to cybercrime is to understand the different perspectives that the different actors in the field of cybercrime bring to the subject rather than see them in binary terms as either right or wrong... See, for example, the different, but real, experiences of the business community and the individual user. It is also crucial to hold realistic expectations of what the police can and cannot do.” David Wall, ‘Cybercrime, Media and Insecurity: The Shaping of Public Perceptions of Cybercrime’ 1 If the warnings are to be believed, organised crime is rapidly taking over criminal activity on the Internet, cynically exploiting legitimate business models in the pursuit of huge profit. At the same time, some critics remain doubtful whether such statements can be taken to be authoritative or are merely ‘hype’. They highlight the issue that ‘organised crime’ is an imprecise concept which is very susceptible to subjective interpretation. A substantial academic literature has developed over half a century to answer the question, ‘What is organised crime?’ and still the concept remains elusive, complicated by the recent emergence of the online criminal groups. These groups share many characteristics with their terrestrial counterparts yet they are also, due to their sophisticated exploitation of the benefits and vulnerabilities of the Internet, said to be evolving new characteristics whereby they are more educated, innovative and collaborative than the crime groups that came before them. 2 For governments, law enforcement, Information Security (IS) professionals and others who are tasked with protecting the valuable assets accessible stored on the Internet, ‘tried and trusted’ resources such as technical countermeasures and the international Information Security Standards, the 27000 series, have existed for some time to combat all types of online threat, including those from organised crime. In the last few years, professionals from all disciplines have recognised that they can no longer work in ‘silos’ and must collaborate to manage the problem. Considerable progress is being made in this area, for instance with the publication of national cybersecurity and organised crime strategies in the US and UK. However, if it is true that there is a close correlation between online organised crime and business, perhaps there is another resource available which remains largely ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- Anna Cevidalli RHUL MSc Project – September 2009 (Main Document) 1/103
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages197 Page
-
File Size-