Kriminalitet  u  kibernetskom  prostoru  

Suvremene  oblike  

ì  

Igor  Bernik,  Univerza  v  Mariboru,  Fakulteta  za  varnostne  vede  

Informacijska  ili  kibernetska  sigurnost    
evolucija  ili  revolucija    
ì  Revolucija  infrastrukture   ì  Eksplozija  podataka   ì  Stalno  uključen,  stalno  priključen  u  kibernetski  prostor   ì  Buduče  financije  -­‐  cash  ili  e-­‐payment,  subs@tu@?   ì  Nove,  strože  regulacije  i  standardi   ì  Više  interneta  –  zemlja  nije  jedna,  zemlja  je  više?   ì  Novi  modeli  iden@tete  i  poverenja?  (new  iden@ty  and  

trust  models)  

 medžunarodna  usaglašenost   ì  Izvršioci  kibernetskog  kriminala.  mo@vi.Kibernetski  kriminalitet     u  modernom  svjetu     ì  Ins@tucije  i  zakonodaja.  klasifikacija   izvršioca   djela   ì  Kiberne@čka  infrastruktura  za  vršenje  različi@h  krivičnih   ì  Zaš@ta  sistema  od  napada   ì  Novi  pojavni  oblici  kibernetskog  kriminaliteta   ì  Strah  pred  kibernetskim  kriminalitetom   ì  Istraživanje  kibernetskog  kriminaliteta     .

. abuse. child pornograpy. Cybercrime is the use of information technology to carry criminal acts. etc.). Ø  For most of criminal acts conducted in cyberspace we use ’classic legislation’ (theft.Introduction of topic Ø  What do we understand as cybercrime Ø  What is particularly ‘cyber’ about it? Ø  We belive: Criminal acts is punishable by law.

Awareness of cybercrime and fear of it are therefore related to the user’s knowledge about cyber threats lurking in cyberspace.Awareness and Fear Ø  It’s all about a personal perception of the threat of cybercrimes. . Ø  How users conduct themselves in cyberspace depends on how well they are informed about its. Ø  Decreasing fear of cybercrime can only be achieved by educating users of the cyberspace.

users should be informed about all its various types.: Ø web defacement Ø unauthorized network access. e. cyber-stalking.g. common and continuous at all level of society. . Informing and educating about the dangers of cybercrime must become widespread.What now? Ø  To reduce fear of cyber crime and rise awareness of cybercrime problem. Internet fraud Ø identity theft Ø child pornography Ø interception and fabrication of e-mails Ø theft of passwords etc.

thus making you vulnerable to manipulation and/or identity theft. to reduce endangerment and avoid possible consequences.). Some applications enable theft of personal or business data. ü  Be aware that your personal data can be used to profile your activities. .Guidelines To ensure protection against cyber criminals. ü  Be careful which data and software application you load onto your computer or mobile device. ü  Try to check the identity of anyone who wishes to acquire your personal data. it is important to adhere to the following basic guidelines: ü  Be careful when opening links received by e-mail (Trojan horse malware. phishing etc.

choose “strong” passwords. ü  Protect your passwords. cont.Guidelines. and take notice of anyone who is shoulder surfing while you type them in. common and continuous at all level of society. Informing and educating about the dangers of cyber crime must become widespread. ü  Most importantly: use your common sense. ü  Make sure that your anti-virus program is regularly updated and that a firewall is installed. and will not be afraid of it. . ü  Periodically change your passwords. Users will know how to use this technology rationally and responsible.

Conclusion Ø  Users are relatively well informed about the various types of cybercrime. but the public is more aware of threats exposed by the news media. . Ø  Better security and thus greater safety can only be ensured. if users conduct themselves responsibly in cyberspace. than of those from which they should truly protect themselves. Lack of understanding translates into inadequate security.

 SAD.  položaj  malih  zemalja   ì  Medžunarodna  zakonodavstvo..  odbrana   ì  Poli@čko  i  ideološko  mo@virane  grupe     .  propaganda   ì  Uloga  organizacija  i  industrijska  špijunaža   ì  Uloga  država  v  informacijskem  bojevanju.  Rusija.  Kineska.   asimetrična.Informacijska  i  kibernetska  borba     poznato  ili  novo  dogadganje     ì  Informacije  i  kibernetski  prostor..  borba.  snaga  informacija  i   informacijski  konflikt   ì  Tehnike.  .  izvršioci  i  žrtve  informacijske  borbe   ì  Državno  izvajanje  informacijske  borbe.  ak@vna  borba.  informacijske  operacije.   Izrael.  špijunaža.

physical impact .ICT and Internet Crucial operations Daily work Business Cyber crime Information warfare Economic loss.

EU NATO United Nations Information Warfare EUROPOL INTERPOL Council of Europe International war operations .

state. organizational and NGOs. Right information are basic capital of arganization!? Military. Asimetric warfare. .Information warfare Information warfare = warfare for information power.

Nature of information warfare STATE IW CORPORATE IW CIVIL IW Espionage (Echelon) Kinetic war (NCW. environment rights group . GIG) Information operations Propaganda Harassment Industrial espionage Cyber terrorism Hacktivism ECD Animal.

strong offensive and defensive information warfare techniques. selective internet traffic and strong defense mechanisms. CHINA Asymmetric warfare (information warfare centers). NORTH KOREA Low dependence on technology. common cyber attacks. RUSSIA First information war (Estonia. Georgia).Information warfare leaders? USA World superpower. SOME OTHERS? . Poland.

6.Recommendations for counterfeiting 1. 5. . 2. Safety classifications of valuable information. 3. International cooperation. Mandatory information security standards for all organizations. Information security politics should consider ISO standards. Implementation of latest technology. National strategy of information (cyber) security. 4.

Definition of acceptable usage of ICT. Universal definition. 2. 5.What needs to be done for improvement? National level 1. . Abolish legal constraints. 4. Trained law agencies. International harmonization. 3.

Business ethics. 2. 4. . Data classification and personal limitation.Organizational level: 1. protection. Further research: understanding. Security awareness. 3. Risk management and uninterrupted business.

 EU.  kibernetski  prostor  i   teroris@čke  akcije   ì  Izvršioci  klasičkog  kibernetskog  kriminaliteta  i  teroris@   ì  »Risk  management«  na  področju  kibernetskog  terorizma   ì  Posljedice  kibernetskog  terorizma.   globalno   .  preven@vne  mjere   ì  Mjere  pro@v  kibernetskim  teroris@čkim  napadima   ì  Ak@vnos@  na  ravni  organizacija.  NATO.  država.Kibernetski  terorizam     šta  je  kibernetskog  u  terorizmu     ì  Kibernetksi  terorizam  ili  klasički  kibenetksi  kriminalitet   ì  Nivoi  kibernetskog  terorizma.

organizations cannot achieve their visions without them Ø  Companies feels necessity of securing IS Ø  Protection. Reason for protecting our IS is to defend it from external malware one of those vicious attacks is also CT.Cyber Terrorism .facts Ø  IS are a basic support element of every organizational structure . risk management system .allows us to know our enemy Ø  Threats to IS are multiple and constant. .

programs and data. computer system. Cyber Terrorism causing fear. politically motivated attack on information. damage or even death using attack with the enterprise IS influencing the (global) society and media attention.Cyber Terrorism – sum Ø  Definition: Cyber Terrorism is carefully planned. .

  Consequences  and  acts  are  therefore  indirect.   .Computers as weapon Can  not  cause  death  or  injury  -­‐  indirect  risks.   •  Computers  control  cri@cal  infrastructure:  storage  of  vital   informa@on-­‐damage  or  loss  can  lead  to  loss  of  lives  (ex:   medical  environment).   •  Difference  with  classic  form  of  terrorism:   •  High  level  of  computer  knowledge   •  High  level  of  mo@va@on  (possibility  of  recrui@ng  hackers   for  terrorist  needs)     Difference  is  also  seen  in  the  usage  of  computers  -­‐  at  the   moment  computers  are  used  as  a  support  for  planning  and   execu@ng  classical  terrorist  a`acks-­‐  that  will  change  in  the   future.

Cyber Terrorism – consequences ì  Psychological   ì  Physical   ì  Economic    The  most  exposed  criEcal  areas:  informa@on  and   communica@ons.     .  gas  and  oil   (storage.  transport.   government  services.  water  supply  systems.  banking  and   finances.  We  must  physical  separate   criEcal  IS  from  internet.  extrac@on).  transport.  electrical  network.

Protection ì  Countries  and  organiza@ons  must  take  proac@ve   measuraments  for  protec@ng  IS  and  cri@cal   infrastructure  from  CT   ì  Risk  management  system  is  unavoidable  (similar  as     classic  system  -­‐  consequences  are  the  most   important  factor)   dependent  on  every  organiza@on  by  itself   ì  Decision  regarding  the  form  of  protec@on  is   .

  Cybercrime  and  terrorism  are  unavoidable  threats.   Following  trends  of  security  and  threat  development  is  necessary.  educa@on  and  raising  safety  culture  will  leads  to  improving   informa@on  security.   Terrorist  ac@ons  in  cyber  world  can  become  more  oaen.  New  genera@ons  of  terrorists   are  born  in  informa@on  society.   High  level  of  safety  culture  in  organiza@ons  shows  us  that  they  are  well  prepared.  They  will  posses  knowledge  of  ICT  and  combine  it  with   high  level  of  mo@va@on.   Damage  caused  by  these  a`acks  can  be  bigger.   Risk  management  process  -­‐  we  must  know  our  threats  to  fight  them.  What  can  we  do?   ì  ì  ì  ì  Prepare  be`er  process  of  recovery  in  case  of  incident.   .   Preven@ve  ac@ons.Conclusion ì  ì  ì  ì  Cyber  terrorism  is  (s@ll)  misunderstood.

Sign up to vote on this title
UsefulNot useful