1 / 40

Overview of Cybersecurity & Cybercrime

Overview of Cybersecurity & Cybercrime. Eng. J N Kariuki BSc( Eng ) LLM CEng REng MIET FIEK MKIM Commmunications Secretary, National Communication Secretariat. National Communication Secretariat. Section 84 KIC Act,Cap411A,Laws of Kenya

indira-chan
Télécharger la présentation

Overview of Cybersecurity & Cybercrime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Overview of Cybersecurity & Cybercrime Eng. J N Kariuki BSc(Eng) LLM CEng REng MIET FIEK MKIM Commmunications Secretary, National Communication Secretariat

  2. National Communication Secretariat • Section 84 KIC Act,Cap411A,Laws of Kenya • Function : advise Govt. on communication policy

  3. Summary • Abstract • Why worry about Cybersecurity • Vulnerabilities • Cybersecurity, Cybercrime • Examples • Privacy

  4. Why worry about Cybersecurity • Societal benefits of ICTs • New opportunities for growth, prosperity and creation of wealth • Shift from industrial to digital economy with many e-applications e-health, e-money e.g. M-PESA, e-government, etc

  5. Vulnerabilities • Greater capacity of ICT,greater vulnerability • Is Kenya protected from cyber attacks? • Many OFC e.g. TEAMS,SEACOM,EASSy,LION etc. • Internet Usage increasing

  6. INTERNET STATISTICSwww.internetworldstats.com • Kenya. ,int users.(17.38m-2011)(17.38%) in last quarter),subs 6.15m (13.48%) • Mobile 28.08million(5.89%)

  7. Cybersecuritysimplified def. “the prevention of damage to , unauthorised use of ,exploitation of , and if needed the restoration of electronic information and communication systems, and the information they contain , in order to strengthen the confidentiality , integrity and availability of these systems”

  8. CYBERSPACEthe apparent, or virtual-location within which electronic activities are undertaken

  9. CYBERSPACE …..cont’d • Laws relating to evidence, contract, defamation, intellectual property have all a role to play, as do provisions of criminal law

  10. Cyber crime • Ordinary crime committed by computer • Computer crime versus internet crime • Computer crime (includes internet crime also called cyber crime)

  11. INVOLVEMENT OF COMPUTER SYSTEMS IN COMMISSION OF CRIMES • As target of the offence • The tool used in the offence • May contain evidence of the offence

  12. Denial of Service Attacks • Technique used that overwhelms the resource of target computer which results in the denial of service to other computers • Distributed DoS: Use of numerous computers to attack target computer from numerous launch points

  13. WEBSITE DEFACING • Damaging contents of websites • Motives: • Personal grudge; e.g., dismissed employee • Asserting political belief; e.g., affixing cannabis leaves on the website of a court

  14. WEBSITE DEFACING • Damaging contents of websites • Motives: • Personal grudge; e.g., dismissed employee • Asserting political belief; e.g., affixing cannabis leaves on the website of a court

  15. 2010 Child abuse Data • Domains 1,351(Reduced due to int.effort to stop them) • URLs 16,739 location of providers.(42% North america,41% Europe,17% Asia)

  16. Child online Protection • http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-COP.01-11-2010-PDF-E.pdf • Takedown of Child porn sites

  17. COMPUTER PORNOGRAPHY • What may be freely available in some jurisdictions, may be objectionable in others • International consensus that ‘child pornography’ must be banned • Pseudo-photographs – digitally modified images depicting child in a sexual activity • Grooming or child luring online

  18. Critical Infrastructurevital element of national security.: massive impact on the economy • The US Government has divided the critical infrastructure into the following segments: information and • communications, electric power, transportation, oil and gas, banking and finance, water, emergency services • and government (including the military).

  19. CII attackstuxnet-1st attack on Scada • In 2010, Stuxnet virus attack on control system of Iranian Nuclear reactor • Stuxnet is for sabotage-manipulates equipment to behave erratically while reporting “normal” to operators of system. • In May,21,2011 cyber attack on defence contractor Lockheed Martin which compromised RSA securID tokens. Intention: to compromise customer,program or personal data.

  20. PAYLOAD VIRUS • Viruses delivered as blended threat • (spam message directs user to a malicious website which then results in a virus being downloaded to the users computer e.g e-cards)

  21. MALICIOUS CODE-VIRUSES,WORMS and TROJANS Computer code written with sole intent to:- cause damage to an equipment Steal information- personal or business Serious financial and security threat e.g. Melissa virus,1999.

  22. WORMS AND TROJANS • Worms • similar to viruses; but multiply without human interaction • Trojan • innocent-looking program that contains hidden functions

  23. BOTNET Groups of “zombied” computers remotely controlled by hackers,even though the owners are unaware of it.These zombies do malicious things like forward spam,viruses,worms or gang up together to do outright attacks against targeted computer systems.

  24. CYBER-TERRORISM “concerted, sophisticated attacks on networks” (Yasin, 1999)

  25. CYBER-TERRORISM “ … the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political and social objectives.” (Denning, 2000)

  26. Forms of cyber-terrorist attacks • access to the military computer systems resulting in missile launches • access a manufacturing facility and alter formula used to produce drug or other product to render products lethal

  27. Intercepting a Mobile Phone • Mobile phones lock on to the most powerful cellular radio signals • Establish pico-cell • Handset responds to the ‘rogue’ pico-cell • Pico cell harvests the data which is analysed for account hacking and ID fraud. • SOLUTION: Register mobile phones so that it can be traced .

  28. UNSOLICITED COMMERCIAL EMAILS (SPAM) • Minimal costs • Response from internet users • Problems: • damaging consumer confidence • children being subjected to inappropriate material

  29. PHISHING AND PHARMING I • Phishing • attempts to obtain personal information, including financial account details • Pharming • attempts to redirect users to fradulent websites

  30. PHISHING AND PHARMING II • Means by which pharming can occur: • Static domain name spoofing: legitimate website slightly mis-spelt • Malicious software: redirecting users to fraudulent websites • Domain hijacking: legitimate website is hijacked and customers redirected to an illegitimate site • Domain Name Server ‘poisoning’: Local DNS servers poisoned to send user to wrong site

  31. Hacking Thai PM Twitter A/CDN3.10.2011 • Hacked on Sunday 2.10.2011 for 20minutes • Accused of incompetence

  32. PRIVACY “You have zero privacy ;get over it”, Scott McNealy, CEO,Sun Microsystems,1999 e.g. Passenger Name Record(PNR) data base used by airlines.Contains:full name, date of birth, home & work address, telephone number, email address, credit card details,IP address if booked online, names and phone numbers of emergency contacts

  33. PRIVACY CONCERNS IWikiLeaks and whistle-blowing, mobile phone • Data mining-tracking customer activities for future marketing purposes • Methods used to collect personal information • Electronic recording of ‘clickstream data’ at various levels: e.g., servers of access or content providers • Use of cookie: a record of information sent to a computer for identifying the computer for future visits to same website.

  34. PRIVACY CONCERNS II • sniffers – can be used to capture data being transmitted over the network • use of intelligent agents – to perform any assigned task, I.As. require sufficient information, including users’ profiles

  35. Loss of Data Losscan lead to ID theft and fraud on large scale • October 2007 HM Revenue & Customs lost details of 25million child benefit claimants stored in two unencrypted discs. Dept. of Transport lost 3million records of drivers • In US TSA lost a check-in computer with unencrypted data of 33,000 passengers • In June 2011,Apple & Google were questioned in US Senate over use of location data in their mobile handsets. Sony Network Playstation suffered a 70million member hack.

  36. Kenya Cybercrime legislation • The KICA,Cap411A,s.83U-s84H • Access,access with intent,access and interception,modification,denying access,damaging,disclosure of password, unlawful possession of data,fraud,tampering with source code, obscene info., fraudulent info, PROTECTED SYSTEMS s.83Q.

  37. Nobody is Safe 22.09.2011- Hacking of Core Security Technologies(Core Impact) Website Core Impact provides IT security testing  products and services It’s a BENCHMARK. e.g. Penetration Scans .Typical annual licence $30,000.00 6.9.2011 Hackers spied on approx.300,000 google internet users in Iran after stealing security certificates from a Dutch IT firm-stole passwords and obtain access to other social media.

  38. END Eng J N Kariuki BSc(Eng) LLM CEng REng MIET FIEK MKIM

More Related