Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia.

Slides:

Advertisements

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

Advertisements

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

UNIT 20 The ex-hacker.

Craig Rimando Luke White. “hacking” - negative connotation Not always that way Originally a compliment Not all hacking necessarily bad “Good” hacking?

Black, White, Grey Hat Hackers Not all hackers are bad…which one’s which?

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

PEOPLE’S REPUBLIC OF HACKING By: Lani N, Ashley R, Michael R, Gregory R.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Monitoring and Prevention of Hate Crime (and Incidents) in Policing Work Chris Taylor Independent Consultant (Formerly Chief Inspector, London’s Metropolitan.

Cyber Crime The current threat to the UK Security Marking.

HALDEBIQUE Geoffroy ROYER Johan  Crime motivated attacks  Hacktivism  Cyber Warfare.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

The Threat of Cyber War The Issue of Cyber Security.

Explorations in Cyber International Relations (ECIR) Patrick Henry Winston Explorations in Cyber International Relations OSD Minerva Research Project at.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Preparedness for cybersecurity threats domestic aspects of cyber security Jaan Priisalu.

Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Cracking down on international cyberterrorism

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Federal Bureau of Investigation

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

What it is About  This poster is about The Nine Elements of Digital Citizenship.  It also has a lot of information about Cyber bullying.  There were.

Introduction to Computer Ethics

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Rights When Arrested Objective 2.01 Recognize types of courts. Business Law.

Arrests and Miranda. 2 Copyright and Terms of Service Copyright © Texas Education Agency, These materials are copyrighted © and trademarked ™ as.

Information Warfare Playgrounds to Battlegrounds.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Cyber Warfare Case Study: Estonia

Cyber Security Nevada Businesses Overview June, 2014.

NATO Advanced Research Workshop “Best Practices and Innovative Approaches to Develop Cyber Security and Resiliency Policy Framework” Scenario for Discussion.

Challenges Opportunities en threats for cybercrime fighters John van Krieken LLM MMO Datum 9 oktober 2009.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Information Warfare Playgrounds to Battlegrounds.

ICT & Crime Introduction. Homework read THREE stories from ict.com/news/news_stories/news_crime.htm & produce a 3-fold leaflet describing/discussing.

Chapter 6.2.  Define the freedoms that are protected by the First Amendment.  Summarize the amendments that protect against abuse of power by the government.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Arrests and Miranda.  Right to a grand jury  Protection against double jeopardy  Protection against self-incrimination  Right to due process  Custody.

Legal Studies * Mr. Marinello ARRESTS AND WARRANTS.

Cyber Services Plc BRIEF SUMMARY  Founded in 2015  Founders and members are security veterans with proven international reputation  Resources.

COORDINATED STRATEGY TO IMPROVE FIGHT against VAT FRAUD in LITHUANIA September 2013, Riga.

Issues for Computer Users, Electronic Devices, Computer and Safety.

Criminal Justice Process: The Investigation The criminal justice process includes everything that happens to a person from the moment of arrest, through.

IDENTITY FRAUD Lesson 2-5. A Few Figures on Fraud… 1 in Americans are victims of identity fraud each year. $ Average out of pocket cost to.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

PRESENTED BY : Bhupendra Singh

Dr. Maria Chr. Alvanou Criminologist-Terrorism Expert Rome 20/10/2016

Nation State Actors Lex Dunlap.

Entry Into the System Arrests and Miranda.

To Know what Cyber crime is

Melissa McBee Anderson Ethan Via Federal Bureau of Investigations

Attribution & the globalization of criminal evidence

Agenda Equifax data hack Best Buy stops selling Kaspersky

Cyber Crimes Chunlian QU 9/18/2018.

U.S. Department of Justice

Entry Into the System Arrests and Miranda.

Final Project Part 1: Paper and Storyboard

Firewalls and Security

Ethical Hacking.

Challenges and Successes in the Zambian ICT Security Sector

Prosecution Service of Georgia

Marcial Quinones-Cardona

Presentation transcript:

Cyber Attacks Response of the Criminal Law Margus Kurm State Prosecutor Office of the Prosecutor General of Estonia

Prologue 8th of May 1945 World War II ended A statue (called Bronze Soldier) in downtown of Tallinn had become a continual source of conflict In the Government started preparatory works to relocate the statue to the military graveyard In the evening Russian speaking people started to come to the scene to protect the statue This and the following nights Tallinn (and also some cities in North- East) was carried away by riots (ca 1000 were arrested and one killed) Estonia fell under a politically motivated offensive cyber campaign

Cyber Attacks – Who and Why? Phase 1 – H-Activism –In April most of the attacks were carried out by people of varying IT skills who wanted to protest against the government. –Their methods were mostly primitive and they were often not aware of the potential consequences of their actions. –Most of them were calmed down before Phase 2 started. Phase 2 – E-Terrorism –Between and Estonia faced attacks that require at least cracker level skills and recourses. –They used more sophisticated methods and chose their targets carefully. –They were not only protestants, but someone who really wanted to disturb the every day life of Estonian people and government.

Cyber Attacks – How? Defacement of web-pages (government, prime minister, political parties, etc) Saturating the serves by varying primitive methods, such as pinging Professional DDoS Attacks where BOTnets and standard tools were used Necessary information (hacking instructions as well as the addresses of the “right” websites) were provided and discussed in different (mostly Russian) forums

Identification of Perpetrators It was a massive work of data collection and analyses which was done in cooperation with different public and private institutions as well as foreign partners in Europe and USA The followings were the main steps: –Logs taken from hackers’ forums were compared with logs we got from servers attacked –Matching IP-s were separated into two categories - domestic and foreign –Next step was to find out if the domestic IP belongs to a compromised computer or a possible attacker –When we got enough ground to believe that the IP is used by an attacker we started with traditional investigation methods, such as wire- tapping, search etc –Some compromised computers were copied and their communication were monitored in order to reach to the BOTnets –Some very active IP-s were sent to Russian authorities in the form of MLA and with the request to find out the owners or users

Results One prosecution and conviction Tens of suspected persons whose guilt was not proven Hundreds of suspicious IP-addresses (mostly Russian) which we can do nothing with, because Russia refused to co-operate At least one BOTnet was discovered and closed down

Problems Attackers had no personal motivation, thus we had no other way to move on, but IT-tracks (logs) Most of the manpower were used for defence and prevention and not for collecting and fixing evidence in a way it should be done for trial in criminal court It is very difficult to discover professional hacker using only IT-tracks and having no intelligence Tracks leaded us to Russia which refused to co-operate There is a limit in how much aid (read: resources spent) you can ask from your friends in abroad

Lessons Learnt Effective co-operation between private and public sector is possible. Sort of informal “defence-network” may even work better than hierarchic institutions, but co-ordination and some management is still needed to avoid doubling and assure fast exchange of information. Defence and prevention should be the priority, both during the action as well as in the peace time. State will never have that much resources to defend everybody. Thus, companies depending on Internet and internal networks must pay attention to security. Fast international cooperation is very important.

Lessons Learnt - Remark Criminal law as a measure should not be overestimated in case of that kind of massive attacks, because : –It is too slow and resource consuming, international co-operation especially –It has not enough preventive effect, because big bugs can never be identified and they know it –It has public nature and that is why private companies (especially financial institutions) are not interested in being victims of cyber crime