This document discusses the history and future of cybercrime. It defines cybercrime as any criminal activity using computers as tools or targets. Cybercrimes are divided into categories against persons, property, and government. The document also outlines common internet crime schemes like identity theft, fraud, and hacking. It describes how hackers obtain and traffic stolen credit card data on Russian language sites. Looking ahead, the document predicts trends in more sophisticated spear phishing, personal data theft, and cross-border cyber attacks as cybercriminals exploit weak international law enforcement cooperation.
2. Introduction
• Cybercrimes can be basically divided into 3 major categories:
1. Cybercrimes against persons.
2. Cybercrimes against property.
3. Cybercrimes against government.
3. • "Any criminal activity that uses a computer
either as an instrumentality, target or a means
for perpetuating further crimes comes within
the ambit of cyber crime."
4. what makes a crime a cyber crime??
• when information and communications technology (ICT)
systems and intellectual property become targets of
exploitation, intrusion, identity and information theft.
• when ICT devices are used as means to commit crimes
• where the ICT devices are used as mediums of committing
crimes. For example, sedition, disharmony or unrest,
slandering and instigating at higher scale come under this
category
5. Two Threat Categories:
1. Emerging Threats to National Security
Computer Intrusions from:
• Terrorist Groups
• State Actors
2. Traditional Crime Migrating to the Internet
Cyber-facilitated:
• Hacking Groups
• On-line Child Exploitation
• Intellectual Property Violations
• Internet Fraud
• Identity Theft
The Cyber Threat EnvironmentThe Cyber Threat Environment
9. Current Environment
Carding Among Hackers
• Illicit Trafficking in Stolen Credit Card Information
• Conducted Openly on Russian-language Hacker Sites Starting
in the Late 1990s
• Confluence of Events in Late 1990s
– Appearance of Domestic Credit Cards in RF
– Dot-Com E-commerce Boom
– Economic Collapse of 1998 —> Widespread Unemployment in the
Nascent IT Sector
A Brief History…
14. Carding Internet Sources
WEB SITES, SUCH AS
• www.web-hack.ru
• Cardingworld.cc
ARE AVAILABLE TO ALL WHO WISH A
NEW IDENTITY.
- Look like legitimate ID/Driver’s License but may
contain the word “Novelty” somewhere in small print
15. How They Get Your Info
• Spam
• Pre-texting/Social Engineering/Fake Sites
• Compromised Databases
• Skimming
• Old Computers
16. Motivation
• Show me the money$$$
– Generation of hackers have grown up.
– Needs have shifted to accommodate age.
– Need to pay for:
• Food
• Rent
• Love life
18. Trends and Predictions
• Spear Phishing
– Faked “internal” emails
• Continued attacks on personal information
– Outsourcing to third party businesses
– Blogs “Myspace.com”
• Continued increase in cross border attacks
– Exploiting poor law enforcement cooperation between
many countries.
19. Trends and Predictions
• WiFi
– Easy behind the firewall access to networks
• VoIP
– DoS against phones or call hijacking
– Covert Trojan delivery (researched by some Universities
around the world)
– SPIT - Voice spam
• BIOS (hardware) level rootkits
– Can be written in common programming language for
cross platform use
20. Trends and Predictions
• Attacks continue to get more sophisticated
– Difficult to detect
– Faster propagation (ie Botnets)
• End users more at risk
– Shift from servers to clients
• Response tools very basic
– Tools still very basic
21. Trends and Predictions
• Instant message bots
– Artificial intelligence software that convinces you
to download virus.
• Application targeted attacks
– Programs that require Internet access to work
(Oracle, RealPlayer, iTunes…)
• More relevant IDS and network protection
– False positive rate currently too high.
23. Security Risk For Home User…
• Confidentiality
• Integrity
• Availability
24. Example of Intellectual property theft:-
Data crimes
• Data Interception: Interception of data in
transmission.
• Data Modification: Alteration, destruction, or erasing
of data.
• Data Theft: Taking or copying data, regardless of
whether it is protected by
Editor's Notes
“I am selling credit cards in batches of 100 pieces”
“I am buying credit cards”