Download presentation
Presentation is loading. Please wait.
1
1
2
2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005
3
3 What is High Tech Crime Definition –Criminal activities with the help of (or used against) ICT or Internet Project HTC –Learning by doing –Vital infrastructures –Survey –International –PPP –Information exchange
4
4 Press release ‘Zombie’ network of more than 100,000 hacked computers Last week, The Dutch National Police arrested three men –members of a group of cyber criminals- suspected of large scale “hacking”. The men set up a worldwide network of over a 100.000 hacked computers. The computers were automatically attacked and infected with a Trojan Horse, a piece of malware that will settle unnoticed in the computer of the victim. Experts of the National High Tech Crime Centre (NHTCC) assisted in the investigation, lead by the National Prosecutor. The network, a so-called ‘botnet’, was dismantled in co-operation with GOVCERT.NL, the Computer Emergency Response Team of the Dutch government, XS4All Internet and other providers. With over a 100,000 infected computers, the dismantled network is one of the largest investigated. The botnet existed of hacked servers en PC’s, receiving ‘zombie codes’ through computers all over the world. ‘Zombie’ networks are regarded the biggest threat of the security of the Internet. The government and the industry acknowledge the dangers of networks like these.
5
5 BOTNET ACTIVITY Screen capture Spam Malware Spyware Phishing ID-theft Keylogging
6
6 Crimes and techniques Crimes –Computer intrusion –Phishing –ID-theft –E-bay hacking Techniques –Hacking –Botnets –Trojans –Keyloggers –Screen capture –Good coding skills!
7
7 Modus Operandi Cease every opportunity Switch easily Grow more sophisticated –Use of encryption Connected to organized crime –Professionalisation of high tech crime
8
8 Sources of Information Law enforcement –Wanted in the USA; –Information about “virus gang” in EU; –Intelligence from the UK; –Group known in NL; Industry –Report of hack –Virus information –Online auctions –Operational info! –Botnet expertise –“zombie” IPs
9
9 Disruption! Many compromised networks –Impossible to investigate them all Only investigation is not enough; Technical measures, e.g.; –Block IP’s via CERT networks –Dismantle the botnets; –…;
10
10 Lessons learned Shift from dDoS to on-line fraud; Organised Crime discovered the internet; To many opportunities for flexible cyber criminals; What about disruption? LE and industry cooperation
11
11 Thanks for your attention! hansoudealink@nhtcc.nl
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.