Download 網路犯罪案例 Cyber crime Case

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
Document related concepts

Distributed firewall wikipedia , lookup

Unix security wikipedia , lookup

Computer security wikipedia , lookup

Mobile device forensics wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Deep packet inspection wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Cybercrime wikipedia , lookup

Transcript 
Cybercrime
Decision Group / CEO
Casper Kan Chang
[email protected]
1
Two Major categories of Cybercrime
Crimes committed via internet
Examples : Spreading Virus, Hacking,
Illegal Access, Illegal interception, Data
Interference and communication
Interference.
Network
Packet
Crime operation methods…
Non-Reconstructable
Network Packet
Evidence from …
Traditional crimes committed
via Internet.
Examples: Internet Auction fraud,
trafficking in contraband goods,
Internet sexual assault, internetadvertising bank loans fraud
Reconstructable
network Packet
2
Cybercrime Investigation Steps
An initial complaint is received and
background intelligence information
checks are completed
Technical support is requested and the level is determined
according to the case contents
Task Force Team
3
Case Study of Cybercrime
1. Crime Time
2. Crime location
Evidence
Collection
3. Corpus delicti
4. Crime method
5. Perpetrator Analysis
Internet
Interception
6. Criminal damage
7. Criminal charges
Search
Seizure
Complete Forensic analysis and
interpret the evidence found for
legal/courtroom setting
4
Collection of Cyber Crime Information
1. Computer Audit Record Collection : To collect the
login audit records of the victim including DNS, IP,
Account details, MAC and local times etc..
2. User Login credential authentication: To check
user’s login credentials including user account,
name, address, phone etc..
Email
MSN
FTP
URL
3. To obtain the computer communication record
and contents: including E-mail, IM chat, web
browsing and file transfers etc..
4. Suspects statements : criminal offence etc
5. The seizure of the suspect’s computer audit
records : Web, IP, account, MAC and time etc
Time
IP
Mac
Account
5
Internet advertising bank loan fraud case-1
In May 2009 KCGPB (Kaohsiung City Government Police Bureau)
announced that they had received a number of bank reports
alleging forged documents fraudulently representing bids for credit.
This resulted in bank loan frauds with huge financial losses. An indepth investigation revealed that the offenders flooded xx shares
with others to form the fraud group. They used a domestic portal
website for free web space to falsely post or sticker advertising
published in the Office of credit and information. This was done to
attract the much-needed cash flow of the head customer. The
members of the Group forged tax, payroll and other documents to
falsely strengthen the lender's financial resources and created
documents to mislead the head bank customer whose credit bid to
financial institutions was caught in an error of the approved loan,
the group charged the customer exorbitant fees to gain large
profits of financial fraud.
6
Internet advertising bank loan fraud case
7
Internet Sexual Assault cases!
Internet sexual assault cases in 2007: Daily 1.5 case,
more than 60% are 12-18 years old.
June 10, 2009 Apple Daily Taipei Taiwan
Two suspects
8
Is truly pathetic and inferior to animals
July 2008 Taipei; two suspects use the Internet to invite Female net friends to
participate in a party. The Female net friend is used to meet a woman at a Motel,
and in turn require a sexual relationship. The victim refuses to cooperate and is
physically abused and raped.
The police arrested the two suspects and further investigations revealed that as
many as a dozen other people had been injured.
The victims are unwilling to report to the police due to humiliation. The police
monitor the network address of the motel access to number and are able to obtain
enough evidence to arrest tow suspects. The police linked the two offenders to
other crimes committed in July 2008 . Questioning of the offenders revealed
various nicknames were used by yahoo messenger and Peas chat rooms and
various other websites.
The suspects revealed that another 5 or 6 offenders had assisted in the crimes.
Police are continuing their investigations and tracing the other accomplices.
9
Hacker Data Theft – 1
Hacker Su x-jung work for the underworld to steal data
2007/09/22 China Times / Taipei / Choi Min-Yue
CIB High-Technology Crime Prevention Center and Technology have found that the
Internet nickname ”Odin" a Lin, high-school sophomore, and the nickname ”CB” Su
x-jung, used an academic department as the backbone network springboard with a
host hidden within a Taiwan Academic Network.
The use of Trojan horse programs, together with web site vulnerabilities against
well-known Web sites were used to harvest intrusive information and then, to
circumvent tracing, stored this data on a foreign hosted website.
Xx telecom companies user accounts and password were compromised with more
than 2.4 million pins stolen. Some websites have been damaged by having their
programs removed.
Hacker Su x-jung
10
Hacker Data Theft – 2
Hacker Su x-jung works for the underworld to steal data
11
Forensics tools
To assist in the forensic acquisition of digital
evidence, it is essential that every computer
crime investigator has access to the correct
forensic hardware and software tools.
This plays a critical role in the detection of
computer related crimes as well as the collection
and analysis of evidence.
12
Network Packet Forensics Classification
1. Viruses & Worms,
Hacking &
Trojans ... ...… …
Non-Reconstructable
Network Packet
2. Email , Web Mail ,IM,
Reconstructable
Network Packet
FTP , P2P, VoIP, Video
Streaming , HTTP,
Online Games, Telnet ,
13
Cyber-crime Forensics Tools
1
Forensics tools
2
3
Wired , HTTPS/SSL
and VoIP
“Stop, look and listen”
Off-Line Forensics
software
Wireless
“Catch-it-while-you-can”
forensics systems
Off-Line packet
reconstruction
software
Providing a mobile and 10 G base cyber forensics in assisting
Homeland Security capabilities
14
Function of Forensics Tool
Forensics
tools
By using Forensic Tools, we can obtain supporting
evidence like log, files and records from both victim
and suspect computers.
Internet
Interception
Capturing network packets to
reconstruct Email , Web Mail , IM,
FTP , P2P, VoIP, Video Streaming ,
HTTP, Online Game, Telnet …
15
Network Packet Forensics Tool
By Using Off-Line packet reconstruction
software to reconstruct the recorded traffic
data
Network
Packet
Off-Line packet
reconstruction
software
16
To produce forensic results
Digital Evidence
Forensic Analysis
Court
Forensic Reports
17
Total Solutions for Cyber Forensics
1. Wired packet reconstruction
2. Wireless (802.11 a/b/g/n) packet
reconstruction
3. HTTPS/SSL interceptor
4. VOIP packet reconstruction
5. Off-line packet reconstruction software
6. Network packet forensics analysis
training
For more information
www.digi-forensics.com
18
Network Packet Forensics Analysis Training
The knowledge of network packet analysis is important for Forensic
Investigators and Lawful Enforcement Agency (LEA) to carry out their
daily duty. Network Packet Forensics Analysis Training (NPFAT) provides
useful and sufficient knowledge required to analyze network packets.
Participants will be able to identify different packet types according to
various Internet Protocols. These include Email (POP3, SMTP and IMAP),
Web Mail (Yahoo Mail, Gmail, Hotmail), Instant Messaging (Windows Live
Messenger, Yahoo, ICQ etc.), FTP, Telnet, HTTP and VOIP. Forensic
investigation is a skillful technique, science and an art.
Frankie
Chan Kok
Liang
Phillip A
Russo
CFE Certified Fraud Examiner
CPDE ACE ACI
Gustavo Presman
NPFA Examiner
MCP , EnCE , CCE , ACE
Grad Cert Computer Security ECU
NPFA Examiner
CompTIA A+,CCNA, GIAC GSec Gold
NPFA
Examiner
Cert IV IT IM, Cert IV IT Support, Cert IV Training
Adv Bus Dip, Police Diploma, Pub Officer Safety Dip
19
Reference site in Taiwan
刑事警察局
Criminal Investigation Bureau
The Investigation Bureau of
the Ministry of Justice
國家安全局 National Security Bureau
國防部
Ministry of National Defense,R.O.C
憲兵司令部 Military Police, R.O.C
海岸巡防署
Coast Guard Administration
國防大學 National Defense University
中央警察大學 Central Police University
20
Reference site
Turkish National
Police
Hong Kong
Police
ST Electronics
Macau
Public
Singapore Government
Agencies
Malaysia Government
Agencies
21
Related documents
FORENSICS Computer Forensics
FORENSICS Computer Forensics
Summer Packet EnteringGrade7
Summer Packet EnteringGrade7
Computer Forensics
Computer Forensics
Introduction to Forensics
Introduction to Forensics
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
Computer Forensics - FSU Computer Science
Computer Forensics - FSU Computer Science
Unit I: Forensic Science Introduction
Unit I: Forensic Science Introduction
Forensics INtroduction
Forensics INtroduction
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
The Titans and the 12 Great Olympians
Computer Forensics – Foundations What is computer forensic
Computer Forensics – Foundations What is computer forensic