International Cooperation Working together to stop spam in

Download Report

Transcript International Cooperation Working together to stop spam in

Impact of Cybercrime and Cybersecurity on
the Education Community: Imperatives for
CERT Solutions
Prof. Oliver E. Osuagwu
D.Sc, FNCS, FCPN, FBCS, CITP, MACM, MIEEE
Department of Information Management Technology
Federal University of Technology, Owerri
IP Vice-President, Computer Professionals Registration Council of Nigeria (CPN)
Email: [email protected]. Tel: 0803-710-1792
Being Lecture Delivered at DBI/George Mason University Conference
on Cyber Security holding from 1-2 Nov. 2010
Organization of the presentation











Abstract
Introduction
Nature of Cybercrime in the cyberspace
Nations perpertrating and complaining of cybercrime
Corporate cyber-security concerns
Summary of Cybercrime classification
Demography and characteristics of Cyber Criminals
Security Measures in Place: Industry Security Initiatives For The
Cyber Space
Impact of cybercrime and cybersecurity on the education
community.
Towards finding solutions: the US-CERT initiative
Summary, conclusions and recommendations
abstract

This paper has painted a developing scenario of the evolution of
new type of war - the internet cybercrime - which is bound to cause
destruction of greater magnitude than the two past world wars!
Cybercrime is real. It is becoming more complex and continues to
wreck disastrous consequences for the global economy.
Cybercrime is now threatening the very existence of Information
Technology critical infrastructure, the greatest human innovation
after the industrial revolution. It is even causing near total
collapse of the education community, particularly in Nigeria, with
over 90% of criminals coming from this sector. Wrong value
system has been identified as key factor encouraging cybercrime
in Nigeria and the desire to get rich quick without working for it.
Cyber crime is complex and committed mostly from remote
locations making it difficult to police. The absence of enabling
law makes policing even more difficult.
abstract


This paper has proposed several recommendations including the
development and deployment of US-type CERT and the National Strategy
to Protect Critical Information Technology Infrastructure in the Cyberspace.
The National Orientation Agency should now shift focus to national reorientation of the psyche of the whole population and particularly the youths
in post-primary and tertiary institution and to partents, towards raising crop
of children with strong religious training, belief and trust in God as well as
the infusion of religious training in the curriculum of our educational system
at all levels. Cyber-security awareness training should now constitute part of
the school curriculum. Government-Private sector partnership should be
formed to develop appropriate strategies towards cyber crime monitoring,
control and prevention. This is the responsibility of all citizens government, private sector and individuals. The paper contends that if
action is not taken urgently, Nigeria will head towards self-destruct and the
African continent may turn out to become a desolate colony!.
KEY WORDS: cyberspace, cybercrime, e-commerce, computer crime, CERT
Introduction



Cyberspace refers to the interdependent
network of information technology components
that underpin many of our communications
technologies in place today
It is the nervous system of national and world
economy
We use cyberspace to exchange information,
buy and sell products and services, and enable
many online transactions across a wide range
of sectors, both nationally and internationally
Introduction



No nation can progress without the use of Information Technology
and the cyber space.
As A. M’bow, former UNESCO Scribe, rightly pointed out three
decades ago:

“Information Technology has opened up such tremendous
vista for modern societies that any failure to master it would
mean a life of permanent sub-ordination. For information
technology is more than a form of power, it is a power system.
The technology which it involves is not just one form of
technology among others but an ability to make use of other
techniques to give or refuse access to a whole range of
scientific data and knowledge and thus to design new models
of development”.[25].
Nigeria, nay, the African continent, cannot afford to be left behind.
Imperatives of cyberspace security and
protection


Therefore, it is imperative to secure
cyberspace since it is critical to the health of
the Nigerian and global economic system.

"Cybercrime”
encompasses
computer
viruses/malware, online credit card fraud,
online hacking, online harassment, online
identity theft, online scams, online sexual
predation and online phishing.
Cyber security


Cyber-security encompasses industry
and government defense strategies
adopted to curb cyber-criminality in
the super highway.
Cyber crime has dwarfed the
expectations of e-commerce as a
potential tool to improve Africa’s
national GDP, job creation and
elimination of mass poverty.
The Nature of Crime in the Cyber Space
The primary types of cybercrimes are data, network,
access, and other crimes
Cybercrimes under the title of data crimes include data
interception, data modification, and data theft. Data
interception is the interception of data in transmission
Data modification is the alteration, destruction, or
erasure of data
Data theft is the taking or copying of data, regardless of
whether it is protected by other laws such as US
copyright and privacy laws.

The Nature of Crime in the Cyber Space



Cybercrimes regarding network access includes
network interference and network sabotage.
Network interference is the impeding or
prevention of access of others.
The most common example of network
interference is a Distributed Denial of Service
(DDoS) attack that floods a web site or an
Internet Service Provider (ISP)
The Nature of Crime in the Cyber Space
DDoS attacks are frequently launched from
numerous computers that have been hacked to
obey the commands of the perpetrator
Network
sabotage is the modification or
destruction of a network or system. Network
sabotage frequently occurs with ghost accounts;
accounts not closed when an employee leaves a
company that can give a disgruntled employee a
back door into the network

The Nature of Crime in the Cyber Space


Cybercrimes include access crimes such
unauthorized access and virus dissemination.
as
For example, the U.S. DOJ reported on March 1, 2006
that a federal computer security specialist within the
Department of Education’s Office of Inspector General
installed software on the computer of a supervisor
enabling him to access its stored data at will. He later
used this privileged access to view email and other
electronic transactions of his supervisor then shared
the information with others in his office. The accused
pled guilty and was later sentenced to five years in
prison and fined $250,000
The Nature of Crime in the Cyber Space


Virus dissemination is the introduction of
software that is harmful to a system or data
therein.
In 2005, the U.S. DOJ reported that a 21-yearold male of Beaverton, Oregon used more than
20,000 infected computers he had infected with
a computer worm program to launch a DDoS
attack against eBay in 2003. The attack caused
a denial of service for legitimate users who
wanted to access eBay. The perpetrator,
awaiting sentencing could receive up to ten
years imprisonment, a $250,000 fine or twice
the
gross gain or loss, and three years
supervised release
The Nature of Crime in the Cyber Space



Data and other types Computer-related forgery
is the alternation of data with the intent to
represent it as authentic.
Computer-related fraud is the alteration of data
with the intent to derive economic benefit from
its misrepresentation
In February 2006, the U.S. DOJ reported that a
41-year-old male of Cleveland, Ohio obtained
stolen debit card account numbers, personal
identification numbers (PINs), and personal
identifier information of the true account
holders that he encoded on blank cards.
The Nature of Crime in the Cyber Space

He used the counterfeit debit cards to obtain
$384,000 in cash advances from ATM
machines in the greater Cleveland area over
a three-week period. The perpetrator
received a sentence of 32 months in prison,
three years of supervised release for bank
fraud and conspiracy, and ordered to pay
$300,749 restitution to the bank and $200 to
the Crime Victim’s Fund
TOP 10 NATIONS PERPETRATING AND COMPLAINING OF
CYBER CRIME
Corporate Security Concerns

Denis [30] had reported in her work
on
Cyber-crime’s Impact on the Work Place
that the top three computer security
concerns, as reported by respondents, were:


embezzlement 30% (92), (b) intrusion or
breach of computer systems 22% (67), and
(c) computer viruses and denial of service
attacks 11% (33).
These top three computer security concerns
reflect the thinking of 63% of the
organizations reporting. Figure 3 depicts in
ranking order all the variables identified.
Corporate Security Concerns
Summary of taxonomy of Cyber Crime





The above descriptive discussion on the types of cyber crime can be
summarized thus:
Hacking: This is a term used to describe illegal intrusion into a
computer system without the permission of the computer owner or
user for purposes of stealing valuable information of market value.
Denial of Service Attack: A criminal floods the bandwidth of the
victim’s network or fills his e-mail box with spam mail depriving him of
the services he is entitled to access or provide.
Virus Dissemination: This involves sending malicious software that
attaches itself to other software. Good examples of these include:
virus, worms, Trojan horse, Time bomb, Logic Bomb, Rabbit and
Bacterium etc.
Software Piracy: This involves the theft of software through the
illegal copying of genuine programs or the counterfeiting and
distribution of products intended to pass for the original. This can be
done in many ways such as via End user copying, Hard disk loading,
counterfeiting, illegal downloads from the internet.
Summary of taxonomy of cybercrime

Pornography: Pornographic tactics is used by many
advertisers to encourage customer’s access their
website. Publishing, transmission of any material in
electronic form which is lascivious or appeals to the
prurient interest (nude people having live sex) is an
offence is a serious crime in American Law (Section 67
of I.T. Act 2000). This has been included in the
Information Technology Bill and the Cybercrime Act
undergoing final reading in the Nigeria’s National
Assembly. It is a very powerful predator as it is used
as a tool to lure victims.
Summary of taxonomy of cybercrime




IRC Crime: IRC means Internet Relay Chat. IRC servers have
chat rooms in which people from anywhere in the world can come
together and chat with each other. Criminals use it for meeting
conspirators. Hackers use it for discussing their strategies and
sharing information on techniques. Pedophiles use chat rooms to
lure young children. Cyber Stalking is used to harass a woman via
her telephone number which may be given to others as if she
wants to befriend men.
Credit Card Fraud: If your electronic transactions are not
secured the credit card numbers can be stolen by the hackers who
can misuse this card by impersonating as the credit card owner.
These criminals can use Credit card skimmer or writer to make fake
credit cards with your information and use it to withdraw your
money from your accounts.
Net Extortion: This involves copying the company’s confidential
data in order to extort huge sum of money from the firm.
Phishing: Deployed to pull out confidential information from the
bank or financial institutions account holders by deceptive means.
Fig. 3a Countries with phishing sites
Source: eBay
Fig. 3b Ten Top Phishing Sites Hosting Countries
Summary of taxonomy of cybercrime




Spoofing: This involves getting one computer on a network to
pretend to have the identity of another computer, usually one with
special access privileges, so as to obtain access to the other
computers on the network.
Cyber Stalking: In this technique, lthe criminal follows the victim
by sending emails, entering the chat room frequently in order to
catch his victim.
Cyber Defamation: This involves the criminal sending emails
containing defamatory statements to all concerned of the victim or
posts the defamatory matters on a website. This is usually the style
deployed by disgruntled employees against their boss, ex-boy and girl
friends against each order or divorced wife against their ex-husbands.
Threatening: Criminals may send threatening email or contact y9ou
in a chat room. This is the tactics adopted by disgruntled enemies
against their boss, friend or official.
Summary of taxonomy of cybercrime


Salami Attack: In this technique, the criminal
makes insignificant changes in a manner that would
make his action unnoticeable. For example small
amount like N0.20 can be deducted from every N100
of your salary per month from the account of all the
customer of a bank and deposited in his private
account. Since the deductions are very small, it is
unlikely to be noticed by any bank custer and
accordingly reported. If he does for a long time
unnoticed, he will make millions without running into
the hands of the law.
Sale of Narcotics: Web sites abound which offer
sale and shipment of contraband drugs. They use
Stegnography for hiding the messages.
Summary of taxonomy of cybecrime


Nigeria’s own 419: This is a scam which starts
with a bulk mailing or bulk faxing of a buch of
identical letters to businessmen, professionals and
other persons who tend to be wealthy. The
greedy ones will fall prey to such dubious business
proposal and they will be heavily duped.
seller frauds is another distinct type of
cyber crime such as account take over via
phishing, fake Escrow sites, non-performance
transactions
(fake
listing),
fraudulent
misrepresentation
Demography and characteristics of Cyber
Criminals


According to recent study by ChiChao Lai et.al
[29]
the
demographic
characteristics
of
cybercriminals is revealing as well as disturbing
and calls for concerted effort by all to avoid an
impending catastrophe.
The report findings show that 81.1% were
male; 45.5% had some senior high school;
63.1% acted independently; 23.7% were
currently enrolled students; and 29.1%
were in the 18-23 age bracket, which was the
majority group.

For those enrolled student
suspects, the findings show
cybercrime
that the
percentage of junior high school and
senior high school student suspects
constituted 69.0% (2002), 76.1%
(2003) and 62.7% (2004) of cybercrime
suspects in their respective years. The high
rate shows that the number of currently
enrolled students suspected of involvement in
cybercrime is cause for concern
Those who fall prey or are perpetrators of
cybercrime.

The following group of people easily fall prey or
perpetrate cyber-criminality:
 Disgruntled employees
 Teenagers
 Political Hacktivist
 Professional Hackers
 Business Rival
 Ex-boy or Girl friend
 Divorced Husband or Wife
 Political enemies
 The victims are gullible, desperados and greedy
people, unskilled and inexperienced and
perhaps unlucky people too can fall victim.
Security Measures in Place: Industry CyberSecurity Initiatives For The Cyber Space:


Some Tested Palliative solutions in place
If correctly installed, the following technologies can help to block attacks





Firewalls are hardware/software devices that block certain
network traffic according to their security policy.
Software solutions exist to identify and remove malware and to
help manage spam email. Many must be paid for but free versions
are also available.
Authentication involves determining that a particular user is
authorized to use a particular computer. This can include simple
mechanisms such as passwords, to more complex methods using
biometric technology.
Hardware cryptography uses computer chips with
cryptographic capabilities intended to protect against arrange of
security threats.
Patches are programs designed by software manufacturers to fix
software security flaws. Patching is often installed automatically.
This reduces end-user participation and increases ease of use
Biometric Authentication Systems (BAS)


Biometric Authentication Systems
(BAS)
BAS refers to a sophisticated new
technology to reliably indicate whether
people are actually who they say they are
using traits unique to them. These traits
include
fingerprint
patterns,
the
arrangement of tissue in the eye’s iris, and
the timbre of a person’s voice.
BAS
BAS - CHARACTERISTICS OF AUTHENTICATION
Fig. 4: SAMPLES OF BIOMETRIC AUTHENTICATION
TECHNOLOGIES
Fig.5 EXAMPLES OF SMART CARDS
Fig. 6: PIN PADS
Intrusion detection and Prevention system in the market place



An intrusion detection system (IDS) is a device or
software application that monitors network and/or
system activities for malicious activities or policy
violations and produces reports to a Management
Station.
It s used to determine if a computer network or server
has experienced an unauthorized intrusion. Intrusions are
the activities that violate the security policy of system.
Intrusion Detection is the process used to identify
intrusions.
IDS inspects all inbound and outbound network activity
and identifies suspicious patterns that may indicate a
network or system attack from someone attempting to
break into or compromise a system.
Intrusion Prevention Systems

An Intrusion Prevention System is a module
added to a base Intrusion Detection System.
This module provides the ability to perform
specific
tasks
automatically.
An
IT
administrator can define the actions to be
taken by the IPS when the attack severity
reaches a pre-determined threshold. This
allows an IT administrator to specify that any
attack event at the denial of service (DoS)
level or greater will result in the source IP
address being filtered. The filter duration can
be set from 15 minutes to permanently.
Fig. 7. Example of Network-based IDS
monitoring
Intrusion Prevention Systems





The advantages to Intrusion Prevention Systems are
numerous:
- An attacker’s ability to attack the target network
can be automatically blocked any time 24x7.
- The filter duration can be specified so the attacker’s
IP address is not permanently blocked.
- Real-time email notification can be sent to the IT
administrator.
- The attacker’s Upstream Network Provider can be
notified immediately when an attack occurs.
Fig. 9: Example of Intrusion Prevention System
which can disconnect attackers automatically
Impact of cybercrime/security on the education
community



Cybercrime
impact
is
NEGATIVE
and
devastating!
The huge ill-gotten wealth realized by cyber
crime as generated negative psyche among the
student population and devotion to academic
work is no longer attractive. Why?
Because rogues and cybercriminals are turning
out to be millionaires overnight without
working hard.
Impact of cybercrime/security on the
education community


These students are aware that most rogues
have been made Traditional Rulers, given
ministerial appointments once huge sums of
money can be deposited into the campaign
accounts of prospective governors and
presidents-to-be.
They know that most of these side supporters
of policies who eventually get lucrative board
appointments, become commissioners and
ministers are indeed, to large extent, key
economic saboteurs mostly via cybercrime!
Impact of cybercrime/security on the
education community


the best option is not to continue bordering
themselves about higher education but to
seek quicker means of getting rich so that
they can be counted among those who
matter in society, drive on expensive cars
and own magnificent edifices which counts
for recognition!.
This is the inescapable dilemma for
Nigeria’s value system and a dangerous
reality for the Nigerian state!
Impact of cybercrime/security on the
education community



This negative psyche has lead the Nigerian
student to look for means of acquiring health
and if possible buy the certificates through
award of honorary Doctorate Degrees and
avoid the nauseating classroom hassle.
Cybercrime is a huge distraction for academic
pursuit and impacts negatively on the
production of real-bred professionals.
The academic community is in danger of
extinction! This is a serious national
dilemma!!
Impact of cybercrime/security on the
education community




Those who have made it through 419 have
escaped unhurt and are enjoying their
wealth.
The type of money that comes through cyber
crime is huge, sometimes in millions of US$.
These rogues use such money which have
spelt death sentence to most people who are
duped, to chase women, enjoy in expensive
hotels and suppress the poor in society.
They never care for any form of investment
to promote national gross domestic product!.
Impact of cybercrime/security on the education
community






A society populated by cybercriminals is doomed!
Cybercrime has made our children of school age no
longer interested in academic work.
They are looking for cheap and fast means of
becoming millionaires overnight.
Available statistics suggest that over 90% of those
involved in cyber crime are high school children and
undergraduates of tertiary institution. This is a true
reflection of the current Nigerian situation!
The
extended
consequences?
Kidnapping,
gansterism, theft of all kinds including cyber crime,
prostitution, pornography. No one is safe any longer.
Nigeria is now virtually ungovernable. It may be
worse soonest unless conserted effort is made to
avert the impending catastrophe.
Impact of cybercrime/security on the education
community





Cybercrime has eroded the enviable academic culture in
Nigerian post-primary and tertiary institutions.
Our educational institutions at both secondary and tertiary
levels are mere shadows of the glory of the past.
Quality and honest teachers have disappeared, academic
infrastructure and superstructure are gradually vanishing.
Quality education and quality graduates is the bedrock of
any nation which cannot be toyed with.
Something has to be done fast before our nation is totally
devastated! It can still be redeemed via concerted effort by
all citizens via a coalition of efforts to end the evil called
cybercrime.
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE



The cyberspace is the nervous and control
system of US economy and the global
community.
Cyberspace is composed of hundreds of
thousands of interconnected computers,
servers, routers, switches and fiber optics
cables that allow our critical infrastructures to
work
the health and good functioning of the
cyberspace if critical to national economy and
security.
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE



These computer networks also control physical objects
such as electrical transformers, trains, pipeline pumps,
chemical vats, radars and stock markets, all of which
exist beyond the cyberspace.
America is the heaviest user of the cyberspace and her
economy is fully dependent on the cyberspace
This explains why the US had put up a policy trust to
deal with the Protection of the Cyberspace and
the
National
Information
Technology
Infrastructure.
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE




CERT (short for US Computer Emergency Readiness
Team) is an outshoot of this policy
CERT is the operational arm of the National Cyber Security
Division (NCSD at the Department of Homeland
Security (DHS).
It is a public-private partnership located in the Washington
DC Metropolitan area.
It is the US Federal Government’s cornerstone for cyber
security coordination and preparedness, including
implementation of the National Strategy to Secure the
Cyberspace
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE

It identifies steps that state and
local
governments,
private
companies and organizations,
and individuals can take to
improve
collective
cybersecurity.
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE


CERT interacts with federal agencies,
industry and the research community,
state and local governments, and others
to disseminate reasoned and actionable
cyber security information to the public
CERT also provides a way for citizens,
businesses and other institutions to
communicate and coordinate directly with
the United States government about cyber
security.
TOWARDS FINDING SOLUTION – THE US CERT INITIATIVE


The National Strategy to Secure the
Cyberspace is part of US overall effort to protect
the Nation and constitutes an implementing
component of the National Strategy for
Homeland Security and is complemented by a
National Strategy for the Physical Protection
of Critical Infrastructure and Key Assets.
The reason adduced for this policy is not farfetched – securing the cyberspace is a difficult
strategic challenge that requires coordinated and
focused effort from the entire society.
Can Nigeria borrow a leaf from US-CERT
Initiative?




I believe Nigeria can borrow a leaf from the US-CERT
initiative to solve her own cybercrime menace.
Although Nigeria is yet to make IT and the cyber
space the hub of business and economic activities,
yet she ranks third in the world of cyber crime
perpetrators!
What happens when she fully embraces IT as key
economic and development enabler? It will overtake
US in cybercrime perpetration and complaint!!
It is better to catch a dark goat before darkness
dawns.!! Cyber threats should therefore no longer be
treated with kid glove in Nigeria as this will spell doom
in due course.
Summary, Conclusions and
Recommendations




Cybercrime as assumed complex dimensions.
Critical infrastructure has been shot down
due to devastating cyber attacks.
The cyberspace is the nervous system of
world economy and any failure to secure it
will lead to world economic depression.
US organizations alone have estimated a
loss of over $67 billion in 2005.
Summary, conclusion and recommendation



Given the criticality of the cyberspace as tool for
world integration and economic enabler, I
recommend thus:
There is need for consistent training of the
Nigerian Police in Cyber Crime Prevention and
Forensic science for cyber crime policy and
control.
Development of national community education
and training targeted at school children and
senior communities.
Summary, conclusion and recommendation

Establishment of a centralized national
reporting centre such as the IC3 (Internet
Computer Crime Compaints Centre) in the
US which is managed by the FBI which is
online crime reporting centre and clearing
house for cyber crime. The IC3 plays a
pivotal role in detecting and reporting the
identity of cyber criminals and proving
information to victims of cyber crime.
Summary, conclusion and recommendation


Deployment of Biometrics and device
fingerprinting
supported
by
secure
gateways and quality encryption. This
strategy will assist in overcoming the
anonymity of a good deal of internet
activity and provide enhanced security.
There is urgent need to develop a single
national database to gather and compile
cybercrime data.
Summary, conclusion and recommendation

The National Assembly should consider
enacting a legislation that encourages
incident reporting while reducing the
risks associated with reporting and
provide policies that give stronger
sentences for those found guilty of
committing a cybercrime.
Summary, conclusion and recommendation


There is need to establish a partnership amongst
the academia, law enforcement to educate the
society on when and how to report cybercrime
incidents and cybercrime prevention.
Every organization should increase investment
information security to reduce the level
victimization to cybercrime. This is in addition
building computer infrastructure to prevent
minimize the impact of cybercrime.
in
of
to
or
Summary, conclusion and recommendation

Organizations
should
apply
proactive prevention measures
such
as
real-time
content
inspection, zero-hour vulnerability
protection, anti-crimeware, antispyware, anti-phishing, anti-virus
and URL filtering
Summary, conclusion and recommendation


The Federal Government should immediately
constitute CERT team in each sector and appoint a
learned Committee to write Nigeria’s Strategy for
protecting and securing the Cyberspace.
This committee should outline major actions and
initiatives for cyberspace security response such as
establishment of a public-private architecture for
responding to national-level cyber incidents,
provision of the tactical and strategic analysis of
cyber attacks and vulnerability assessments,
Summary, conclusion and recommendation


encouragement of a private sector
capability to share a synoptic view of the
health of cyber-space
expansion
of
Cyber
Warning
and
Information Network to support the role of
EFCC in coordinating crisis management for
cyberspace security
Summary, conclusion and recommendation

improvement of national incident
management and coordination
processes for voluntary
participation in enhancement of
public-private information sharing
involving cyber attacks, threats and
vulnerabilities.
Summary, conclusion and recommendation

For
individual
protection
against
cybercrime, each computer user must
create passwords that contain symbols and
a mix of capital and lowercase letters.
Passwords should be changed often. You
must log on to your account frequently to
ensure that there is no unusual activity.
Install firewall to protect your pc and
double-check to ensure that you configured
it properly and that the default password is
changed.
Summary, conclusion and recommendation

The PC user must keep operating
system up-to-date by installing new
security patches available from the
developer and use anti-virus software
and ensure it is updated frequently