Cyber Crime in Modern SocietyA brief introduction for people who are new

in the field

Daniel Agudo GarcíaBritish Council

Barcelona, 11th of February 2016

1

The growing cyberattack surface

2

What is cybercrime about?

• Cybercrime, is any illegal act that involves the use of a computer system and a network (especially the Internet).

• The computer system may have been used in the commission of a crime as the threat agent, or it may be the target that suffered the attack.

• Threats can come from anywhere, but generally fall under three main categories:– Human deliberate or accidental (staff, maintenance

employees, cleaning services, etc.)– Non-Human (malware, phising, spam, etc.)– Natural events (flood, fire, power outage/blackout)

3

No Internet user is safe from suffering a cybercrime

4

Cybercrime facts

• Cybercrime has now exceeded illegal drug trafficking as a criminal moneymaker.

• Somebody’s identity is stolen every 3 seconds as a result of cybercrime.

• Without a sophisticated security package and a good basis of cybersecurity, your unprotected personal computer can become infected within four minutesof connecting to the Internet.

5

What Cybercriminals want?

6

Who are behind cybercrimes?

• Kids (age group 9-16 etc.)

• Organized hacktivists (Anonymous, ISIS, etc.)

• Disgruntled employees (insiders)

• Professional hackers (corporate espionage)

7

Main cyber security threats

1. PHISHING (using social engineering techniques)

2. SPAM (well known for Internet users)

3. VIRUS (Ransomware is the most dangerous nowadays)

4. BOTNET (connected computers to execute repetitive tasks, normally commiting a cybercrime)

5. DISTRIBUTED DENIAL-OF-SERVICE (The use of lots of computers to turn down a system connected to a network)

6. TROJAN HORSE (malicious code which misrepresents itself to appear interesting in order to persuade a victim to install it)

7. SPYWARE (malicious code to spy someone’s computer)

8. MANY MORE…

8

Main targets

Cyber crimes are nowadays affecting the following three main groups:

1. Cyber crimes against individuals (Identity Theft, child grooming, etc.).

2. Cyber crimes against property/assets (copyright violations, P2P, malware (blackenergy), etc.).

3. Cyber crimes against government (hacktivism, cyber espionage, etc.).

9

FYI!Hackers = cyber criminals?

The term, “hacker,” is usually used in relation to cyber criminals,

but a hacker can actually be anyone, regardless of their

intentions, who utilizes their knowledge of computer software

and hardware to break down and bypass security measures on

a computer, device or network. Hacking itself is not an illegal

activity unless the hacker is compromising a system without the

owner’s permission. Many companies and government agencies

actually employ hackers to help them secure their systems.

11

Types of hackers

Hackers are generally categorized by

type of metaphorical “hat” they don:

“white hat”, “grey hat”, and “black hat”.

There are two main factors that

determine the type of hacker:

1) their motivations

2) whether or not they are breaking

the law

12

Black Hat hackers

• Like all hackers, black hat hackers usually have extensive knowledge about breaking into computer networks and bypassing security protocols. These kind of hackers can range from amateurs to experienced hackers who’s primary motivation is usually aimed to steal data, specifically financial/personal/governmental information for personal or financial gain.

• In an increasing number nowadays, some of them can also be involved in cyber espionage or protest against a cause (hacktivism).

13

White hat Hackers

• White hat hackers choose to use their knowledge for good rather than evil. Also known as “ethical hackers,” white hat hackers can sometimes be paid employees or contractorsworking for companies as security specialists that attempt to find security holes via hacking, to help the organizations to secure their systems and protect their information.

• As a matter of fact, white hat hackers employ the same methods of hacking as black hats, with one exception- they do it with permission from the owner of the system first, which makes the process completely legal.

14

Grey Hat Hackers

• Grey hat hackers are a blend of both black and white hat activities. Often, grey hat hackers will look for vulnerabilities in a system without the owner’s permission or knowledge. If issues are found, they will report them to the owner, sometimes requesting a small fee to fix the issue. If the owner does not respond or comply, then sometimes the hackers will post the newly found exploit online for the world to see.

• These types of hackers are not inherently malicious with their intentions. In fact, they generally will not exploit the found vulnerabilities. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner prior to attempting to attack the system.

15

How to tackle Cyber crime?The following is a non exhaustive list of cyber crime prevention tips:

1. Always use strong passwords.

2. Secure all your devices connected to the Internet (laptop, tablet, smartphones, etc.).

3. Secure your social media pages and profiles.

4. Always keep your system updated, specially the web browser.

5. Protect your e-identity (be cautious when giving out personal information).

16

How to tackle Cyber crime?1. Protect your data using encryption (specially

when storing it on cloud platforms).

2. Secure your personal wireless network (avoid connecting to unknown wi-fi networks).

3. Never reply to emails that ask you to verify your information or confirm your user ID or password.

4. Avoid being scammed (always think before you click on a link or file of unknown origin).

5. Call the right person for help in case of suffering a cyber crime (don’t panic!).

17

Main references• Symantec (http://community.norton.com/)

• Symantec (http://us.norton.com/)

• McAfee (http://www.mcafee.com/us/resources/reports/rp-threats-predictions-2016.pdf)

• FireEye (https://www.fireeye.com/current-threats/stopping-todays-cyber-attacks.html)

• FireEye (“Understanding Cyber attackers and their motives” report)

• OWASP (https://www.owasp.org/index.php/Category:Threat_Agent)

• Wikipedia (https://en.wikipedia.org/wiki/Cybercrime)

• Secure Knowledge Management Inc. (http://www.slideshare.net/markb677/threat-profiling-for-cyber-security-and-information-security-programs)

• Digitaltrends (http://www.digitaltrends.com/computing/symantec-cybercrime-costs-114-billion-a-year/)

• Cross Domain Solutions (http://www.crossdomainsolutions.com/cyber-crime/)

18

Any questions?

19

Daniel Agudo GarcíaBritish CouncilBarcelona, 11th of February 2016 20