Скачать презентацию ICT Crime Investigation Case Study on Internet Скачать презентацию ICT Crime Investigation Case Study on Internet

dcb688d15e47d94b42ae96f054b74be4.ppt

  • Количество слайдов: 18

ICT Crime Investigation-    Case Study on Internet Lawful Interception Yang, Kai-Sheng Technical Crime ICT Crime Investigation-    Case Study on Internet Lawful Interception Yang, Kai-Sheng Technical Crime Prevention Center Criminal Investigation Bureau National Police Agency

Agenda • Current Situation • Case Study • Future Challenges 2 Agenda • Current Situation • Case Study • Future Challenges 2

Current Situation • Emerging Advanced Technologies – Popularity of Infrastructures and Multiple Applications/Services in Current Situation • Emerging Advanced Technologies – Popularity of Infrastructures and Multiple Applications/Services in Internet • Wired Broadband: ADSL、Cable Modem、Fiber Optic(FTTx) • Wireless Broadband: Wi-Fi、Wi. MAX • Marketplace Platform: Auction (3 C Products, game awards), Online Game – Integration with Telecom Service • • Easy and Convenient Communication; Low Cost ISR( International Simple Resale ) Vo. IP:Skype Mobile Network 3

Current Situation • Fact of Crimes (Census in 2009) – Serious Social Issue: The Current Situation • Fact of Crimes (Census in 2009) – Serious Social Issue: The No. 1 on Ten Major Public Grievances was telephone and Internet fraud crime • Telephone Fraud Crime –Title Used by Fraud Crime » Government Agencies: 1. Police 2. Post Office » Guess Who: 1. family(friends) 2. call from bar 3. acquaintance pretended » By Privacy Information Leakage: 1. Police 2. Bank 3. Telecom Service Provider • Internet Fraud Crime –Major Crime Model » Auction: 1. Yahoo!  2. 露天拍賣 » Credit Card: 1. take good by fraud 2. game points 4

Cases Study • Telephone Fraud Crime – Case of “A Number” Change (The “A Cases Study • Telephone Fraud Crime – Case of “A Number” Change (The “A Number” is the same as the Caller ID) • Internet Fraud Crime – Case of Auction Crime • Hacker Intrusion – Case of collecting 50, 000 items of Personal Data for Several Fraud Crime Groups 5

Case of “A Number” Change • Recently the ways of fraud groups are from Case of “A Number” Change • Recently the ways of fraud groups are from local, traditional phone fraud to new type of cross boarder fraud crime with advanced ICT technologies • By “A Number” of Vo. IP Display, they can change their numbers into the ones of public services, banks, famous trading companies • Major Types: – Cash in Delivery or Draft by Counter to Specified Account • Pretend Police or Prosecutor for case investigation • Pretend Hospital to apply medical stipend, or take case investigation – ATM Operation • Phish Website, 3 C or Book Internet Shop, Internet Bank with Installment, fund transfer 6

“A Number” Display Change China 2 Taiwan 1 4 Vo. IP Switch in China “A Number” Display Change China 2 Taiwan 1 4 Vo. IP Switch in China 5 Fraud Group HK Taiwanese Operator 3 Victim HK Operator 7

Auction Fraud Crime • Major Crime Types: 1、Fake Auction 2、True Auction (Replace the targeted Auction Fraud Crime • Major Crime Types: 1、Fake Auction 2、True Auction (Replace the targeted good with different one in delivery) 3、Triangle Fraud (Trick both seller and buyer as victims) 8

Internet Auction Fraud 1、 Fake Auction / True Fraud Post false auction information to Internet Auction Fraud 1、 Fake Auction / True Fraud Post false auction information to those innocent people and invite them to trade in for money transfer Trading Platform B : Buyer, Victim A: Swindler Money Draft 9 9

 • Recently swindler groups use faked trade messages in auction platform or community • Recently swindler groups use faked trade messages in auction platform or community BBS to attract students with concert ticket, high price 3 C products, fashion designs in order to get money • Faked Auction – Intrude PTT, Facebook Not only in Auction platform, swindler groups also use high popular BBS station (PTT) or Facebook to trick students It was reported that 5 students were suffered in PTT during Chinese New Year period. One female student was tricked by NT$2800 with the concert ticket of Super Junior, and another male student was tricked by NT$1000 with Sakura cup of Japanese Starbucks 10

2、 True Auction True Cheating(Swapping) Post trade information by high-credited account to attract orders, 2、 True Auction True Cheating(Swapping) Post trade information by high-credited account to attract orders, and deliver low priced trash to buyers in order to make an image of trade disputes. Late on all information investigated by police are faked. Trade Platform A: Seller Money Draft B: Buyer Dispute ? Trick? Delivery-low price, Trash undelivery 11

3、 Middle-man Cheating( Triangle Cheating) Looking for high-valued good from e-commerce website, and posting 3、 Middle-man Cheating( Triangle Cheating) Looking for high-valued good from e-commerce website, and posting the same information in another website to attract buyers to send money to seller, and take away goods directly from seller A. Seller 4. C seduces B to send money to A 5. Send goods to C 1. C buys from A to get information C. Swindler B. Buyer 2. Post trade information to attract B 12 3. award 12

Internet Middle-man  Young Girl Tricks Money New trick of “Internet Middle-man”! One young girl Internet Middle-man  Young Girl Tricks Money New trick of “Internet Middle-man”! One young girl plans to buy designer purse, takes account number of seller, posts trade information to another website to attract buyer to send money to seller, and takes purse from seller and runs away 13

Case of Fake Auction 14 Case of Fake Auction 14

Hacker Intrusion - 50, 000 Personal Data Breach • In 26 Aug. , 2008, Hacker Intrusion - 50, 000 Personal Data Breach • In 26 Aug. , 2008, Taiwan police caught a hacker group, who integrate database with 50, 000 pieces of personal data stolen from account DB of Post Bank of China, Health Insurance Bureau, Ministry of Education and several Telecom operators, as well as several million NT dollars. 6 criminals were caught by red-hand. Ø Hacker Channel: ØBy collocate or hosting service in China ØJumping Board: By collage mail servers, host IP’s are all over China Ø Database Enquiry Website with High Profit: ØHacker group intruded database in Post Bank of China, stole millions NT dollars, and intruded and stole 50, 000 pieces of personal data from National Health Insurance Bureau, Ministry of Education and several telecom operators ØOne piece of personal data enquiry for NT$300 by name, 15 National ID # or other fussy enquiry method

Future Challenges 1. Emerging High Tech Crime, High Risky Social Security – The outlaw Future Challenges 1. Emerging High Tech Crime, High Risky Social Security – The outlaw use modern technologies to commit more crimes – Emerging high tech crime challenges lawful investigation drastically 2. IT with Telecom, Fraud Crime Cross Boarder – Anonymous, cross-boarder ICT crimes will be the major features in Internet, mobile phone…etc platforms. If lawful enforcement cannot keep up with technology, it will be great impact to efficiency and capability of LEA – Leader of hacker group likes to commit crime cross strait 16

Future Challenges 3. Internet Black Market Formed – Information of backdoors, breakdown Trojan – Future Challenges 3. Internet Black Market Formed – Information of backdoors, breakdown Trojan – Phishing – Cross-boarder Crime hacker – Professional Cacker • Stealing Account information Faked website Phish Account – By Trojan or faked website, get account name, password, personal or transaction information 4. Greater Development of Internet Lawful Interception – Multiple Internet Applications and Services to 140+ – Decoding method for LI must be aligned with protocol upgrade, such as IM: MSN、QQ – Unique encryption break down, such as Vo. IP、 17 Skype

Thank you for Your Attention ICT Crime Investigation-   Case Study on Internet Lawful Interception Thank you for Your Attention ICT Crime Investigation-   Case Study on Internet Lawful Interception Technical Crime Prevention Center CIB Yang, Kai-Sheng (楊凱勝) Email: apkz [email protected] com Tel: 886 -2 -23452581 18