You are on page 1of 87

Cybercrime: issues, problems & prevention

Growth of Internet Vulnerability of Information Systems Legal Problems Forensic Issues MLA Cyber -Fraud

Your needed - data requested
From: john.henderson@fbi.gov

“I am pleased to inform you that your application is approved. Please fill out this form to confirm your identity"
Provide your full name, address, character reference, bank and credit card number (include valid & expiration date via our secure auto-reply.

Introduction
1. Evolving role of serious criminal networks
exploitation of opportunities in the ecommerce/new economy environment increased organization and sophistication. Rapid development of WAP, digital technologies & e-commerce in Asia via expansion of the internet & other forms of connectivity. Lack of knowledge about offender prevalence & victim behaviour: survey & other measures imprecise. Crucial role of public education & training & retaining of LEA specialists. The need for greater collaborative regional MLA in criminal matters.

2.

3. 4. 5.

E-commerce - novel & global

& methods .Introduction: Trends • Cyber crime shifting towards “profitable” activities • Infringing activities increasingly coordinated and transacted in cyber communities & markets • However. ‘addresses’ • Capitalization means perpetrator has more at risk • Disruption through targeted actions. these communities and markets are uniquely vulnerable • Communication and marketing require consistency of handles. criminal. or technological • Private sector response: proactively gather intelligence using new tech. civil.

S.U. Patriot Act .

Areas for Focus Public Awareness of IT Security Cooperation & Partnerships with Business & NGO Circles Privacy & Unauthorized Computer Access Victim reporting behaviour Illegal & Harmful Content Internet Fraud Terrorism & Serious Criminal Networks Continuous Training & Retention of Agents .

0 . The intent is to trespass digitally and to gain secure information or illegal access. Hackers enjoy the mental challenge of deciphering computer programs but are not necessarily malicious.3. persons who purposefully set out to circumvent computer security or passwords.Hackers & Crackers A hacker is anyone who enjoys exploring hardware and software architecture & stretching the capabilities of a program or computer. The New Hacker’s Dictionary V3. Hackers coined the term cracker to denote criminal hackers.

ASEAN LDC ’s : Laos. Japan. Taiwan. .57M access to web at home . Singapore.33 M on-line or 5-6% of households but 25% by 2006: 200 million internet users [15% pop. [Neilsons/Netrating 2002] HK. Mynamar & Viet Nam internet access is less than 1-2% of population. & Korea internet access already between 40-60+% of households.Internet Growth in Asia PRC: 2002 . Cambodia.] & 500 million mobile/land phones.

China Internet Growth 1997-2002 50 45 40 35 30 25 20 15 10 5 0 1997 1998 1999 2000 2001 2002 users hosts .

5 2000 22.099 265.4 Computer Host (M) 16.54 127.2 1997 0.8 2001 33.Table 1 –CNNIC Statistics on the Development of China’s Internet (1997 to 2002) Year Internet User (M) June 2002 45.5 (Source: CNNIC) .300 143.9 3.146 “WWW” Website 293.13 “.7 12.319 277.299 4.799 1999 8.5 8.50 48.62 0.747 18.597.153 351 1998 2.396 5.576.100 7.CN” Domain Name 126.10 0.695 15.500 25.066 1.213 Total Bandwidth (M) 10.92 122.405 2.

CNCERT/CC CodeRed .

.CNCERT/CC CodeRed and Nimda in China • • • More than 60.000(Nimda) infections per day Damage : many networks congested.000 CodeRed infections during Aug.000(CodeRed) and 60. applications interrupted. 9 More than 15. 22 to Sep. backdoor installed.

650.000 victims.000 servers infected in China & the worm tried to connect with IRC servers MSBlast • More than 2.CNCERT/CC Deloder & MSBlast • Deloder • First discovered in CERNET of China • More than 40. 120.000 in China (main land) • Network congested. user access delayed. DDOS effects • .

or emails) .CNCERT/CC New Features of today’s Internet Worms • • • • • • • • • Large scale Internet Worms appears more frequently VERY quick propagation speed Cause severe network congestion ‘Blended’ attack method Worm driven DDoS Usually install backdoors Control the infected computers via IRC servers Large number of infected computers Propagate independently (do not depend on files.

• • • • Increasing rate of network connectivity and integration Increase in the number of identified vulnerabilities Inability for network administrator to maintain adequately “patched” networks and systems Rapid global proliferation of malicious software  Development of intelligent malicious software designed to elude detection by anti-virus software  Rapid emergence of malicious software variants .Online availability of source code  Potential to render affected systems vulnerable to other exploits .

000 victim systems in several minutes .Financial Impact of Computer Viruses and Worms “Code writers of a handful of about 225 viruses worldwide have been caught — and only because they made mistakes that exposed their identities.” USA Today SLAMMER WORM Exploited SQL Server vulnerability Infected over 50.

Online availability of source code  Potential to render affected systems vulnerable to other exploits .Computer and Network Attack Trends • Increasing rate of network connectivity and integration • Increase in the number of identified vulnerabilities • Inability for network administrator to maintain adequately “patched” networks and systems • Rapid global proliferation of malicious software  Development of intelligent malicious software designed to elude detection by anti-virus software  Rapid emergence of malicious software variants .

Computer and Network Attack Trends • Automated computer and network attack capabilities allow remote initiation of attacks to be directed on any computer or network on the Internet  Denial of Service (DoS)  Distributed Denial of Service (DDoS)  Automated ‘Bot’ Networks • New “intelligent” automated tools are and designed to provide increased anonymity making it more difficult to identify the actual source of the attack • Computer and Network Attacks used as a predicate to facilitate other criminal activity  Competitive advantage  Extortion .

It could also have a chilling effect on the underground hacker community. The swift investigation and hints from authorities that they are hot on the trail of the SoBig. security experts say.5 billion in damage to North American companies. who is scheduled to begin his senior year at Hopkins High School in Hopkins today. was arrested last week by FBI agents tracking him for several weeks. . travel systems and businesses. TruSecure says. Blaster and other computer attacks in August caused an estimated $3. The 18-year-old.F virus creator are encouraging signs for computer crime investigators after years of frustration and digital dead ends. the worst month ever. which has long operated without fear of prosecution.“Blaster” Worm Investigation Jeffrey Lee Parson was caught with gumshoe guile and a high-tech paper trail of his own doing. Businesses and consumers increasingly are victims of more virulent viruses and worms as the USA relies more on technology to power energy.

Reality: The Exploit Process Security Researchers Discover vulnerabilities Exploit Coders Reverse-engineer patches & post exploit code to the Web Worm Builders Hack together worms with posted exploit code & worm toolkits Working with law enforcement agencies Assisting with technical forensics work Two arrests around the Blaster worm What Microsoft is doing Collaborating to fix vulnerabilities Disclosing responsibly Building community consensus that disclosure is not good Reaching out Results: Fewer researchers disclosing irresponsibly. continuing to improve More industry experts are speaking out against exploit code .

A Criminal Intrudes into a Bank in Vancouver Canadian investigators discover attack came from computer in Buenos Aires Korean agents discover attack came from Bangkok Brazilian investigators discover attack came from Seoul Thai agents make the arrest .

.

.

Legal issues .April 1999 by sending obscene unsolicited emails plus in two cases threats of rape via a “free-mail” service from an ISP in Colorado. Most evidence was obtained from a US ISP & the forensic examination of the computer. Offences took place January .hacker” guilty of criminal intimidation & criminal damage.super. .did the use of automated mailing effect “intent”? Was “criminal damage” a viable charge for “flooding” victim’s mailboxes.Case #1 Hacker: Cyber-stalker 1 year sentence for “a.

Computer Crime? ᾿Old Wine in New Bottles῀ (sic) Internet Deception & Fraud Child Pornography Intellectual Property Theft On-line shopping (consumer fraud) Attacks on Computer Networks Computerized Evidence .

copyright breaches etc.Major Areas of Cybercrime Forgery. cyber-stalking On-line Gaming/Betting Theft of Internet & Telephone services IP offences: illegal software. illegal interception & ID Theft Payment card fraud & e-funds transfer fraud Pornography/Child Pornography. Auction House & Catalogue Fraud Cyber-Vandalism & Service Denial Consumer Fraud & Direct Sales (virtual ᾿snake oils῀) Commercial/Corporate Espionage On-line Securities Fraud .

Cybercrime:Types of Attacks Denial of Service E-mail bombs Dictionary attack Trojan horse Password ‘phishing’ aka ‘fishing’ Web & Site Cloning aka hijacking Worms Sniffers Social engineering Fraud .

criminal opportunist or a teenage hacker but all need investigation.Risks Offenders attack remotely & anonymously. . Viruses. Anonymity & ‘safe havens’ make locating & identification of offenders difficult. denial of service attacks & other criminal activity usually involve multiple jurisdictions & rarely are all elements of the offence present in a single country. “Digital footprints” & other evidence are ephemeral compels fast collection & preservation. intelligence agency. Any attack/intrusion could be from a terrorist. Action & motives not self-defining .triage not apparent.

narcotics & other drugs. underground banks. Vice: pornography & prostitution Protection & debt collection Advance Fee Frauds & various deceptions/”cons” Corruption & Bribery: public & private actors Money laundering: remittance agencies. 4. bank and securities instruments. Gaming: SP betting. 5.Criminal Networks & IT crime 1. tax receipts/exemption certificates. . debit-card transfers. loan-sharking. (disc) stampers. payment card Counterfeiting 2. customs avoidance. Smuggling: . 6. arms. “bata ficha” business. 8. IP & copyright infringement. Forgery & Counterfeiting: ID documents. 3. 7. endangered species.human. fraud. precursors.

Computer crime in Hong Kong 1995-2002 400 350 300 250 200 150 100 50 0 1995 1997 1999 2001 Deception Criminal Damage Unauthorized access E-Theft (&others) .

2 %575 1002 005.4 rednU s noitagits %76 etaR htworG lau .Cybercrime in China 1998-2001 8991 +001 -9991 004 %003 0002 007.

8 4.0 0.0 n/a 17.0 - Notes: * new questions to the IBCVS protocol.1 0. 1 = was crime reported to the HKP.0 4.0 100.3 5. Survey by HKU SSRC/Centre of Criminology by CATI in July 2003 – completed responses n =612.5 0.2 0.1 5.1 35.0 45.0 7.7 1.0 75.2 16.1 0.6 N 29 12 3 2 35 7 31 1 2 72 28 28 47 21 23 1 102 15 13 222 N Reported 27 9 3 1 14 1 14 1 1 2 13 2 n/a 4 0 25 n/a 8 % Reported1 93.0 n/a 61.7 3.5 2.0 46.0 14.3 11.4 3.0 0.0 100.0 40.6 7.0 50.Prevalence of crimes against Hong Kong business in 2002 % Burglary Vandalism Vehicle theft Theft from Vehicle Customer theft Employer theft Theft by outsiders Robbery Assault All Standard Crime Bribery Extortion/Protection Cybercrime* IP infringement* Employee fraud Employee card fraud* Fraud by outsider Card fraud by outsider* Other crimes All Crimes 4.0 50.7 2.6 4. .7 2. and 28% of all telephone contacts.0 24.

forensic examinations. Proposing changes in laws & policies 5. Intelligence management.Development of Hong Kong Police TCD Computer Crime Section (CCS) 1993 . Broadening the investigation capability within HKP 3. Developing accredited computer forensics 4. &support to Force-wide investigation & scenes of crime. & liaison with industry & professional associations 7. CCS role: investigations & HKP strategy against computer crime :1.CI & 3 teams: Computer crime investigations. Liaison & international law enforcement cooperation . Maintaining a professional investigation capability 2. Prevention & education 6.

100 gigabytes 2001 159 computer forensic examinations & 4. or 600 gigabytes of data on any networked computer.800 gigabytes 2002* 128 computer forensic examinations & 3.Operations TCD 67 officers in 3 sections: Operations.TCD . 2000 91 computer forensic examinations & 1.400 gigabytes . Forensic Investigations &. Intelligence & Support. Computer forensics capability in stand-alone computers & networks & support of a Computer Forensics Laboratory (2001) Examiners: at any one time 3-4 cases involving 'stand-alone' computers.

Internet Commerce Payment Trends Purchase/payment methods payment cards cash. cheques. orders Real 33% 67% Virtual 88% 12% Trends in payment behavior Point of Sale (POS) Remote Services (RS) 1996 67% 33% 2005 48% 52% .

Internet Services & Fraud Risk Service Adult Content (XXX) Online Services Direct Marketing – Other Direct Marketing – Catalogue Gaming Books Other Total % 50 19 11 10 5 3 2 100 .

Complexity .multiple jurisdictions & different criminal & procedural laws.Effects & Barriers 1. alteration of evidence. Need for transnational policing & co-ordination via strengthened international agencies e. 3. etc. 6. Inadequate or slow processes risks losing data & evidence: traffic & logs.. Local crimes increasingly have an international dimension & transnational crimes have a local. 4. Interpol & UNDCP . Multiple service providers usually involved. 5. Traditional International MLA procedure & methods 2.g. of cooperation are insufficient.

and disk sectors Evidence of computer files being modified e. Files.g. etc. 2001 . text. blackmail letters. deleted files. al. & search for patterns in both Chinese and English Different file types : spreadsheet. gaming records.Computer Crime Evidence Computers of suspects e.g.child pornography pictures renamed as a system file in the ΆWindowsᾼ directory (steganographic) Computers ᾿hacked῀ by unauthorized users DESK (Digital Evidence Search Kit) An example Cyber Crime Forensic Tool Lucas Hui et.

customers & complexity .More data. places.

establish & maintain 4.demand exceeds availability 3. Specialist (CERT/CART) dedicated units & regional ᾿Computer Forensic Laboratories ῀ . Standards .on line help 2.Forensic Solutions 1. Forensic Suites . Training .

Forensic Standards ῆ SWGDE ᾶ Scientific Working Group on Digital Evidence (US) ῆ DEG ᾶ Digital Evidence Group (UK) ῆ ENFSI ᾶ European Network of Forensic Science Institutes ῆ IOCE ᾶ International Organization on Computer Evidence ῆ G-8 High Tech Crime Working Group ῆ INTERPOL Forensic Science Symposium .

Forensics Examination Area .

the norm in 2002 .Evidence .

Sample DESK Search Screen Dump .

000 (USD) in exchange for information concerning security vulnerabilities of the organization’s enterprise computer systems .S. based Bloomberg LLP • Subjects sent e-mail messages to the CEO demanding approximately $200.Case: International Cyber Intrusion / Extortion • Unauthorized access gained to internal computer system at U.

Case:International Cyber Intrusion / Extortion • Bloomberg LLP CEO deposited approximately $200.S.000 (USD) in an offshore account and arranged a meeting with subjects at a location outside the U. • FBI in cooperation with international law enforcement partners conducted an operation to obtain additional evidence against the subjects .

S. Criminal Offenses: • Extortion • Interstate Threatening Communications • Unauthorized Computer Access • Required international investigative coordination between several countries to obtain evidence for prosecution in the United States .Case: International Cyber Intrusion / Extortion • Subjects arrested • Extradition process completed • U.

The sentence. . Department of Justice Kazakhstan Hacker Sentenced to Four Years Prison for Breaking into Bloomberg Systems and Attempting Extortion. imposed by United States District Judge KIMBA M. was sentenced today in Manhattan federal court to over four years (51 months) in prison following his conviction on extortion and computer hacking charges. WOOD is amongst the longest ever imposed for a computer intrusion charge. The United States Attorney for the Southern District of New York and the Assistant Director In Charge of the New York Field Office of the FBI." a Kazakhstan citizen. announced that OLEG ZEZEV.Case: International Cyber Intrusion / Extortion Press Release For Immediate Release July 1. a/k/a "Alex. 2003 U.S.

More nations in 24/7 network & support for regional capability Public education & Cyber-ethics Procedural Laws & protocols that allow: Real Time Collection & Tracing of Communications Disclosure & Production & Preservation of Stored Data Shared intelligence Extradition & fast MLA Target training & equip police & courts Partnerships with private industry & civil society Outreach to victims .Basics Required Criminalize Conduct & Establish Common Legal Regime Support & ratification of international treaties Improve formal & informal cooperation at national. regional & global levels & expedite International MLA.

Germany. traceability of communications:-Recommendations for Tracing Networked Communications Across National Borders῀ 24/7 Points of Contact . France. Russia. Japan. UK & USA Lyon Group : Senior Experts Group on Transnational Organized Crime & Subgroup on High-Tech Crime 1997 Principles & Action Plan to Combat HighTech Crime 1999 Principles on Trans-border Access to Stored Computer Data Drafting work on data preservation & retention.Responses: G8 & Cyber Crime G8: Canada. Italy.

Proliferation of Cybercrime Special Units. Palermo (Dec.Global Responses to Cyber Crime 1. HK (March 2002) Conferences stress: Data Retention & Preservation Threat Assessment & Prevention Protection of E-Commerce & User Authentication LEA training & international collaboration 5. Tokyo (May 2001). Paris (May 2000). 2000). 2001 Council of Europe Cybercrime Convention . Government-Industry Cooperation 4. consumer & industry activities 3. Increased international training & other assistance 2.

1997 Ten Principles: Development of comprehensive substantive and procedural computer crimes laws around the world – so that there are no safe havens. Training and dedication of resources. Protocols for expedited international cooperation both on a procedural and operational level .Washington Communiqué December 10.

Washington Communiqué Review legal systems Take steps to increase training and resources Develop solutions for data preservation and access to data Develop expedited procedures for obtaining traffic data across international borders and passing data internationally Designate 24/7 Points of Contact .

g8j-i.ca/english/doc2 .Principles on Trans-border Access to Stored Computer Data Countries should develop means for timely preservation of data Countries should establish procedures for expedited data sharing (MLAT) Countries agree to allow transborder access to data when: the data is publicly available. or the legal custodian of the data has consented Principles Available at: www.

g8j-i.Principles on the Availability of Data Essential to Protecting Public Safety Countries’ policies should recognize the role that data retention plays in protecting public safety Countries must strike a balance between this need and the protection of privacy and needs of industry Checklist of the most important log files Available at: www.ca/english/doc3 .

24/7 Contacts For International High-Tech Crime Operational Network of High-Tech Experts to Assist in International Criminal Investigations Single POC for each country 24/7 availability “Fast freeze” capability to preserve traffic and other stored data Can provide other assistance in tracing communications in fast moving cases Expanded from original 8 to 35 countries .

Law Enforcement 24/7 Network (May. 2003) .

htm Substantive Criminal Law • • • • • • • • • • • • Illegal Access Illegal Interception Data Interference System Interference Misuse of Devices (computer viruses etc.) Forgery & Fraud Child Pornography Copyright Infringements Expedited preservation of stored computer data Production Orders Search & seizure of stored computer data Real-time collection of computer data Procedural Law .Convention on Cyber Crime http://conventions.coe.int/treaty/en/projets/finalcybercrime.

int/treaty/en/projets/finalcybercrime.htm International Cooperation • Extradition • Spontaneous Information • Expedited Preservation of Stored Computer Data • Expedited Disclosure of Preserved Traffic Data • Accessing of Stored Computer Data • Trans-border Access to Stored Computer Data with Consent or Where Publicly Available • Real-time Collection of Traffic Data • Interception of Content Data • 24/7 Network .Convention on Cyber Crime http://conventions.coe.

which is usually accomplished by mass e-mail or the targeting of a specific interest group” Visa Risk 2001 .CYBER FRAUD . The internet is a low -cost. efficient way for scamsters to contact victims” Ed Perkins Consumer Advocate for American Society of Travel Agents “Fraud by the internet can be easily and cheaply committed since all that is required is a creditable Web site and marketing.E Fraud “Internet Frauds are the same old frauds under a new medium.

Begun usually with small investments & small returns which gradually advance with promises of higher returns. “Planting” need not be a typical “pyramid selling” scheme but involves enticement to invest in various businesses often with associated “elaborate” corporate documentation & web-sites. Seizure of $3. The scheme relies on new members & little or no genuine business eventually leading to loss.Case #3: “Cash Planting” Fraud Schemes Three males & 3 females arrested for conspiracy to fraud & breaches of the Prohibition of Pyramid Selling Ordinance.6 M disbursed in 86 bank accounts & $5 M in property. .

Large-scale attacks on online companies • Increasing frequency of denial of service attacks • Large-scale online crimes involve breaches of security of commercial web sites • Criminals gain access to credit card numbers & personal records of hundreds of consumers .

It’s all about camouflage in cyber space .

Threat Assessment & Corporate Responses Has your organization experienced an unauthorized use of a computer system? Yes No Don’t know 1996 40% 38% 21% 2000 70% 18% 11% 2002 76% 16% 8% If you experienced an intrusion(s) within the last 12 months.5% 2000 85% 44% 26% 20% 2002 90% 53% 24% 21% . what action was taken? Fixed/Patched Problem Reported to LEA Did Not Report to LEA Civil Action Considered 1996 47% 22% 18% 10.

Threat Assessment & Corporate Responses Why not report the intrusion to law enforcement? 1996 2000 negative publicity competitors advantage not aware of need to report civil remedy or internal action 73% 72% 51% 60% 52% 38% 12% 57% .

419’s & bogus investment Pyramid schemes Fraudulent Internet Banking sites Credit card account number generators Problems: Enhanced Account Security Password security Cookies & on-line profiling .E-frauds “Pump & Dump” Advance fee.

(Source: CCB August 2001) .Case #2: Deception via Computer Network 22 import companies across Asia-Pacific & Europe made payments to a HK company from $US2.738 to $US352.300 for purchase of electronic components not delivered.300 [$HK 6.2M].victims never met the offenders. Complaints were made to HKP or via INTERPOL. The importers were asked to make advance payments to designated bank accounts & the proceeds withdrawn by cheque or ATM by 2 male HK residents. Companies seeking products were targeted via there web-sites or post eauctions & invited to purchase cheaper products via e-mail or fax from a HK “virtual company”. Total loss $US 791. All transactions were conducted by fax & e-mail: ie B2B transactions . Six computers & over 30 telephone SIM cards used to contact victims helped provide the evidence for the arrest of the offenders.

taking advantage of weaknesses in MLA.New Fraud Trends Criminal gang involvement in external fraud on financial institutions by use of stolen cheques & falsified ID More “international criminals” traveling to commit major fraud . More ingenious methods for altering cheques & negotiables including digital removal/alteration of payee & amount etc. Fraud control weakened by flatter management structures & fewer middle management controls Fraud (especially internal) risk increased because of motivations arising from gambling losses Fraud losses are increasingly occurring off-shore KPMG ANZ Fraud Survey 2002 .

Account Generator .

Internet Access Services Information Adult Services Work-At-Home Advance Fee Loan Credit Card Offers Opportunities/Franchises 2001 70% 9% 9% 2% 2% 2% 2% 1% .Top Internet Frauds Top Scams Online Auctions General Merchandise Sales Nigerian money offers Computer Equipment/Soft.5% N/A 1999 87% 7% N/A 1.2% N/A N/A .5% 2000 78% 10% 1 1% 3% 1% 3%.5% .2% 9% . 2% .3% 2% .

/Soft. Internet Services Adult Services Work-At-Home Advance Fee Loans Credit Card Offers Opport/Franchises 2001 $411 $730 $5957 $1048 $535 $209 $121 $1121 $309 $10147 2000 $326 $784 $3000 $724 $631 $310 $145 $881 $138 N/A 1999 $284 $465 $0 $580 $438 N/A $383 N/A N/A N/A .Average Loss in Top Fraud Categories 19992001 Top Scams Online Auctions Merchandise Sales Nigerian Money Offers Computer Equip.

Methods of Contacting Victims US Internet Fraud 1999-2001 Contact 1999 2000 % % Web 90 84 Email 9 12 Newsgroup 1 4 Print 1 0 All 100% 100% 2001 % 83 15 1 1 100% .

Li & Hu are arrested for 7 counts of theft of this kind.Case #4 Net-citizens Trap Two cyber-café patrons colluded to cheat money out of other net surfers. then pages Li. On the excuse of poor reception. the male accomplice. Li. Hu waits outside in a taxi & they both flee with the phone. who then borrows the victim’s phone. Hu. Li asks if she can leave the Cinema to improve reception. a female. becomes acquainted with a male in a chat room & arranges to meet him at a Cinema. (Source: New Daily 5/8/01) .

US National Fraud Information Center & Internet Fraud Watch .the basic scams Cramming Internet Services PBX Phone Scams Bogus Invoices Advertising Materials Online Auction Sales Nigerian Money Offers Fax Fraud Pager Scams Calling Card Charges Paper Pirates & Toner Phoners Slamming Charitable Solicitations Loan Scams Pay-Per-Call Scams Prize Promotions .

Common types of fraud utilize e-mail. often pyramid schemes or chain letters. Most common consumer complaints involve online auctions. Common vendor complaints involve the use of stolen credit cards for purchase on-line .Victims & Offenders: Online Shopping Many crimes involving the Internet are economic & the majority involve consumer fraud.often among the most expensive. Victims may not be aware of the loss until weeks after. .

Crime Prevention Crime follows opportunity: there are four basic inter-related criteria relevant to reducing risks of crime . .their convergence in time and space enables crime: The presence of motivated offenders Resources in social (criminal networks) and technical capital The availability of attractive or available targets Absence or in-capability of guardians.

Physical precautions: monitoring vendors & visitors around the organization's premises & in cyberspace. procedures for data control & training of staff on security awareness & the classification of material. Information systems: security precautions strengthened by updating licensed software & data is encrypted when passed over the Internet. . Safeguards at off-site venues such as outside meetings & trade-shows where the use of laptops is commonplace.Crime Prevention .Specific Administrative precautions: information control & access to security system.

352.300 for purchase of electronics not delivered. All transactions were conducted by fax & e-mail: ie B2B . The importers were asked to make advance payments to designated bank accounts & the proceeds withdrawn by cheque or ATM by 2 male HK residents. Complaints were made to HKP via INTERPOL. .victims never met the offenders.2 M]. Total loss $US 791. Six computers & over 30 telephone SIM cards used to contact victims helped provide the evidence for the arrest of the offenders.Case #2: Deception via Computer Network 22 import companies across Asia-Pacific & Europe made payments to a HK company of $US2.738 . Companies seeking products were targeted via there web-sites or post e-auctions & invited to purchase cheaper products via e-mail or fax from a HK “virtual company”.300 [$HK 6.

PR China State policy ᾿ the net is to be tightly controlled and strictly regulated to forestall against any inappropriate and nonapproved use of the Internet῀ Jiang Zeming: Use law to protect and promote the healthy development of the internet. . China Police Daily. 2001. online. July 12.

• • [Changchun Jilin Ribao in Chinese 27 Dec 02. violence.000 yuan in fines.997 ISPs. cultural. The operations cracked 495 criminal cases of various types.daily newspaper Jilin Provincial CPC Committee] . and levied 700.Case #7: Jilin Rectifies Internet Market • • • April. and telecommunications jointly inspected 5. online businesses and non-business & Internet-related units. and 123 units were closed. and gambling sites were deleted from the Internet.December 2002. Jilin Province launched special unified operations on eight occasions against harmful information carried on the Internet. 856 ISPs and Internet bars that failed safety requirements and spread harmful information were compelled to conduct rectification. and two websites with conspicuous problems were forced to suspend business for rectification. In addition. 389 unlawfully-run Internet-related units were subject to administrative discipline. 3. websites. Public security. 12 were criminal cases and 483 were administrative: seized 153 computers.663 items jeopardizing national security & social stability: pornography.

Case #8: Guangxi Rectifies Cultural Markets
• Guangxi Cultural, Police, Industry, and Commerce Organs Personnel have searched 1,362 Internet bars and dealt with 365 illegally operated bars. • They checked 2,805 video leasing and distributing shops, and banned 165 illegal operators, confiscating 611,950 pirated discs.
[Nanning Guangxi Zhengfa Bao in Chinese, 18 Dec 02, p1]

• An overseas student used the Internet Website of the Beijing Procuratorate, to report corruption of CHENG Shaozhi Deputy Director of Henan Oil Prospecting Bureau, for accepting USD 107,867 in bribes. The Official was sentenced to 11 years prisonment.
[Guangzhou Yangcheng Wanbao in Chinese, 3 Jan 03,pA1]

First PRC Internet Gambling Case
Ma Long peng was expelled from computer school Heilong Jiang University & established a Computer Gambling “Central Station” in Shenyang. With 2 others set up a branch in Chifeng, Liaoning were they were eventually arrested. Operating by TV link to computers & phones a large number of individual accounts were set up & bets between 10-10,000 RMB on a dice game taken. Profits of 400-500,000 RMB per month realised. Pay outs were limited to 100,000 RMB & the service attracted widespread interest leading to their arrest.
(source: China News Net 4/20/01)

CNNIC user statistics
•Internet is popular and allows for free information flow abroad. •State concerned with cultural pollution and political subversion. •Internet users are younger: under 18 from 2.4% in 1999 to 16.3% in mid-2002 •A lowering of the education level of Internet users. •Education viewed as related to moral development. A less educated Internet population may result in more crime &victimisation on the net.

PRC Criminal Code: Article 287
Instrument of crime

᾿ Whoever uses computers to commit the crimes such as financial fraud, theft, embezzlement, misappropriation of public funds and theft of State secrets shall be convicted and punished in accordance with the relevant provision of this Law.῀

0 SP3 20+ services changed to be off by default Service install in a secure state Secure by Deployment     New patch management tools and process 7 Microsoft Official Curriculum courses available Official security configuration guides Security consulting services Communications      Writing Secure Code 2.Microsoft Security Framework Secure by Design      Secure by Default  Mandatory training Built threat models Conducted code reviews and penetration testing Used automated code tools Redesigned architecture   Win Server 2003 has 60% less attack surface area by default compared to Windows NT 4.0 White papers Configuration guides Consumer bulletins Training and educationGlobal security push .

Developing accredited computer forensics 4.Development of Hong Kong Police TCD HKP strategy against computer crime :1. Proposing changes in laws & policies 5. Maintaining a professional investigation capability 2. Broadening the investigation capability within HKP 3. Prevention & education 6. & liaison with industry & professional associations 7. Liaison & international law enforcement cooperation . Intelligence management.