Cybercrime De ning cybercrime - Tyler Moore, Tandy ...

Cybercrime

Part I

Tyler Moore

Computer Science & Engineering Department, SMU, Dallas, TX

Lecture 11

Notes

Characteristics of cybercrime Cybercrime supply chains

Defining cybercrime

Defining cybercrime How is cybercrime different? Primary vs. infrastructure cybercrimes

We (mainly) adopt the European Commission's proposed definition:

1 traditional forms of crime such as fraud or forgery, though committed over electronic communication networks and information systems;

2 the publication of illegal content over electronic media (e.g., child sexual abuse material or incitement to racial hatred);

3 crimes unique to electronic networks, e.g., attacks against information systems, denial of service and hacking.

For this part of the course, we are mainly concerned with cybercrimes that are profit-motivated, not so much crimes fitting the second component of the definition

The boundary between traditional and cybercrimes is fluid

3 / 28

Characteristics of cybercrime Cybercrime supply chains

Defining cybercrime How is cybercrime different? Primary vs. infrastructure cybercrimes

Distinguishing between types of cybercrime

Online banking fraud

Fake antivirus

`Stranded traveler' scams

`Fake escrow' scams Advanced fee fraud

`Genuine' cybercrime

Infringing pharmaceuticals

Copyright-infringing software

Copyright-infringing music and video

Online payment card fraud

In-person payment card fraud PABX fraud

Transitional cybercrime

Industrial cyber-espionage and extortion

Welfare fraud

Traditional crime becoming `cyber'

Tax and tax filing fraud

4 / 28

Characteristics of cybercrime Cybercrime supply chains

Defining cybercrime How is cybercrime different? Primary vs. infrastructure cybercrimes

How does cybercrime differ from traditional crime?

1 Scale ? a single attack can make little money and be unsuccessful most of the time, yet still be hugely profitable if it is replicated easily for almost no cost

2 Global adddressability ? pool of available targets remains practically infinite

3 Distributed control ? stakeholders have competing interests and limited visibility across networks, which hampers ability to defend against attacks

4 International nature ? makes law enforcement more difficult

5 / 28

Notes Notes Notes

Characteristics of cybercrime Cybercrime supply chains

Defining cybercrime How is cybercrime different? Primary vs. infrastructure cybercrimes

Distinguishing between `primary' cybercrimes and

infrastructure crimes

`Primary' cybercrimes perpetrate a particular scam (e.g., phishing steals bank credentials, illicit pharmaceutical programs sell prescription drugs without prescription)

Yet these primary cybercrimes rely on a criminal infrastructure common to most scams

1 Exploits: offer a way to compromise computers so that unauthorized software can be executed

2 Botnets: provide anonymity to criminals and a resource for exploitation

3 Email spam: advertises scams to unsuspecting victims 4 Search-engine poisoning: exposes unsuspecting victims to

scams

6 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Supply chains and the division of labor

Adam Smith on pin production (1776):

One man draws out the wire, another straights it, a third cuts it, a fourth points it, a fifth grinds it at the top for receiving the head: to make the head requires two or three distinct operations: to put it on is a particular business, to whiten the pins is another ... and the important business of making a pin is, in this manner, divided into about eighteen distinct operations, which in some manufactories are all performed by distinct hands, though in others the same man will sometime perform two or three of them.

8 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

The underground economy: division of labor in cybercrime

Notes Notes Notes

Advertisement

i have boa wells and barclays bank logins.... have hacked hosts, mail lists, php mailer

send to all inbox i need 1 mastercard i give 1 linux hacked root i have verified paypal accounts with good balance...

and i can cashout paypals

Source: .

edu/~jfrankli/acmccs07/ ccs07_franklin_eCrime.pdf

9 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Credit card #s for sale on underground

Notes

Source:

10 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Services on offer on underground

Notes

Source:

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Some advertised prices on the underground

11 / 28

Notes

Source: 12 / 28

Characteristics of cybercrime Cybercrime supply chains

Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Notes

traffic

host

hook

monetization cash out

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Phishing supply chain step 1: traffic (email spam)

13 / 28

Notes

14 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Phishing supply chain step 2: host (compromise server)

Notes

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Phishing supply chain step 3: hook (phishing kit)

15 / 28

Notes

16 / 28

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Phishing supply chain step 4: monetize (bank transfer)

Notes

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Phishing supply chain step 5: cash out (hire mules)

17 / 28

Notes

18 / 28

Characteristics of cybercrime Cybercrime supply chains

Illicit online pharmacies

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

What do illicit online pharmacies have to do with phishing?

Both make use of a similar criminal supply chain 1 Traffic: hijack web search results (or send email spam) 2 Host: compromise a high-ranking server to redirect to pharmacy 3 Hook: affiliate programs let criminals set up website front-ends to sell drugs 4 Monetize: sell drugs ordered by consumers 5 Cash out: no need to hire mules, just take credit cards!

For more:

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

Abusing dynamic search terms

20 / 28

Notes Notes

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

At best you may encounter ad-filled sites

21 / 28

Notes

Characteristics of cybercrime Cybercrime supply chains

The underground economy Sample cybercrimes Strategies for integrating criminal supply chains

At worst you may encounter malware

22 / 28

Notes

23 / 28

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download