網路犯罪案例Cyber crime Case

Download Report

Transcript 網路犯罪案例Cyber crime Case

網路犯罪案例
Cyber crime Reconnaissance Case
Decision Group / CEO
張 侃 Casper Kan Chang
[email protected]
1
網際網路犯罪主要可分為二大類
Internet crime is divided into two major categories
以網路作為犯罪之場所
Any criminal acts dealing with computers
and networks
Ex: Release of Viruses & Worms, Invasion of
privacy, Cyber-spying, Hacking & Cyber warfare
Analysis Non散播病毐影響他人正常使用電腦網路,或取得、 Reconstruction Packet
刪除或變更他人的電腦資料或紀錄
不可還的原網路封包
以網路作為犯罪之客體
Traditional crimes conducted through
the Internet.
Ex: Credit card fraud, Identity theft, child
pornography, indecent chat-room behavior,
software & media piracy
利用網路傳遞色情資訊,從事賭博行為,侵
害著作權或商標權,販賣違禁物品
Network Packet
Reconstruction
可還原網路封包
2
常見網路詐騙犯罪型態及手法 1
Common Internet fraud behavior patterns and practices 1
行為態樣 Behaviorstate-like
具體手法 Specific practices
A. 網路購物詐欺
Online Shopping
Fraud
歹徒在網路上刊出非常低廉的商品誘使民眾匯款,再以劣品充數,
交易完成後即避不見面。
Gangsters published on the Internet at very low transfer of goods to trick
people into them, and then charge the number of bads, after completion
of the transaction would not even meet.
B. 網路交友詐欺
Internet Friend-Ship
Fraud
女性歹徒利用網路聊天室認識多名男性網友,假冒身份如偽稱某知
名大學研究生、課餘兼職拍攝廣告等,並將電視廣告模特兒照片寄
給對方,最後假藉理由向男性網友借錢,款項到手後不知去向。
Female criminals use the Internet chat room odd men netizens, fake
identity, said a well-known universities such as the pseudo-graduate
students, after-school part-time shooting advertising, fashion pictures
and television commercials to send each other, finally borrowed money
under the guise of reason to men, After the hand the money disappeared.
3
常見網路詐騙犯罪型態及手法 2
Common Internet fraud behavior patterns and practices 2
行為態樣 Behaviorstate-like
具體手法 Specific practices
C. 網路虛設行號詐欺
Dummy corporate
fraud
於網路上虛設高科技公司,以低價販賣高科技新產品,並在網站上
展示 MP3 隨身聽等產品,該公司及網站俟收到網友所寄購買產品
之款項後,公司便人去樓空,網站亦隨之關閉。
Fictitious high-tech companies on the web, to low-cost sale of high-tech
new products, And its Web site to display products such as MP3 players,
the company and Web site User upon receipt of payment by the Send to
purchase products, the company will be empty, the website has also
come close.
D. 網路假貨騙售詐欺
Fraudulent sale of
fake cheat
不法之徒常在網站、跳蚤市場上張貼販賣便宜的電腦燒錄器、行動
電話等二手貨或大補帖等物品,且通常以貨到收款方式交易,被害
人收到的物品常是有瑕疵或不堪使用的貨品或空白或已損壞的光碟
片。Criminals often on the site, posted on a flea market selling cheap
computer burner, Mobile phones and other second-hand goods, or
pirated software and other items, and usually to be paid goods
transactions, Of goods received by the victim is often defective or
unusable goods or blank or damaged discs.
4
常見網路詐騙犯罪型態及手法 3
Common Internet fraud behavior patterns and practices 3
行為態樣 Behaviorstate-like
具體手法 Specific practices
E. 網路銀行轉帳詐欺
Internet bank transfer
fraud
歹徒在報紙刊登廣告或散發傳單,宣稱可幫助民眾貸款、加盟、購
買法拍物等,要求被害人先行至其指定銀行開戶,存入相當之權利
金或保證金,並設定電話語音約定轉帳帳戶(網路銀行服務及語音
查詢帳戶餘額),然後歹徒再要求被害人提供語音查詢餘額密碼及
身分證件、地址等相關資料以便確認,利用電話語音轉帳功能(網
路電子交易)將被害人之存款轉帳領走。
Advertising or distributing leaflets, claiming to help people loans, to
require the victim prior to their designated bank accounts, rights to
payment or deposit a considerable margin, the Internet electronic
transactions will be the victim of deposit transfers led away.
F. 網路信用卡詐欺
Internet credit card
fraud
利用信用卡公司在網路上登載檢測偽卡程式,輸入一組正確信用卡
卡號,程式卡產生數千至數萬個信用卡卡號,歹徒再利用所產生之
卡號非法上網購物消費。The use of credit card companies posted on
the Internet test Weika program, enter a credit card number correctly, the
program generated several thousand to tens of thousands of card credit
card numbers, criminals re-use card numbers generated by the illegal
5
online shopping and spending.
常見網路詐騙犯罪型態及手法 4
Common Internet fraud behavior patterns and practices 4
行為態樣 Behaviorstate-like
具體手法 Specific practices
G. 冒牌銀行網路詐欺
Counterfeit Internet
banking fraud
拷貝網路銀行網站的網頁,假冒該銀行之名提供「儲蓄存款」、功
能,讓使用者誤上冒牌的網路銀行,洩漏個人身份證件或銀行帳號
及密碼等重要資料,再進行盜領。Copies of Internet Banking site's
pages, counterfeiting the name of the bank to provide savings feature,
allowing users to error on the fake Internet banking, resulting in leakage
of personal identity documents or bank account numbers and passwords
and other important information, a further type of crime.
H. 網路金光黨詐欺
Internet Conman
fraud
網路上以「大家來賺錢,這是真的,不是騙人的」標題,在討論群
組張貼郵遞名單信件,信中列有五人姓名及地址,指示網友寄給名
單上五人各一百元。On the Internet for "everyone to make money, this
is true, is not deceptive," the title in the discussion group mailing list
posting the letter, the letter listed the names and addresses of five
persons, instructions sent to the list of User and one each in five people
hundred dollars.
6
常見網路詐騙犯罪型態及手法 5
Common Internet fraud behavior patterns and practices 5
行為態樣 Behaviorstate-like
具體手法 Specific practices
I. 信用卡詐欺
Credit Card Fraud
被害人利用信用卡在電腦網路上購物消費,致信用卡卡號遭到網路
駭客入侵攔截,繼而被冒用盜刷。
Victims using their credit cards on your computer online shopping and
spending, credit card number has been caused by internet hackers to
intercept and then being falsely fraudulent.
J. 金融卡匯款方式詐
欺
歹徒利用網路,以超低價價格販售賣相良好之商品,要求以金融卡
轉帳方式購買,,按照其指示操作後,轉帳成功的金額往往數十倍
於原來之費用。
Criminals use the Internet to ultra-low prices to sell merchandise will
sell well to require transfer of the financial cards are purchased, in
accordance with its instructions, after the successful transfer payments
are often dozens of times in the original expenses.
7
A.
網路購物詐欺手法及案例 1-1
Online Shopping Fraud
8
A.
網路購物詐欺手法及案例 1-2
Online Shopping Fraud
假借東森購物免付費顯示電話、雅虎奇摩購物等方式通知 民眾,稱原承辦人誤
將退款設為分期扣款或被害人先前交易錯誤,誤將退款設為分期扣款等將使權利
受損,即向民眾要求需至提款機操作變更,解除分期付款扣款; 俟民眾受騙上
當後,再以「金融監督管理委員會」名義表示帳戶已遭歹徒利用洗錢,需匯「金
融安全帳戶」,以免遭凍結帳戶,誘騙被害人將存款解除,改存入前述 詐騙之
「金融安全帳戶」。
Swindle, said Eastern Shopping and Yahoo Auctions Payment Error
Information to the public, claiming a refund of the original
contractors mistakenly set the previous trading installment deductions
or victim error, mistake a refund will set phases such as the right to
charge damaged, it tells the people to the ATM was required to operate
changes, lifting hire charge; as soon as the public deceived again
after the "Financial Supervisory Commission," said the account has
been criminal to use the name of money laundering, must sink
"financial security account" to avoid being the freezing of accounts,
lured victims of the deposit removed, changed into the aforementioned
fraud of "financial security accounts."
9
B. 網路詐欺案例 1-1
Internet fraud Case
一名馬來西亞籍的華裔賴姓女子,涉嫌與奈及利亞籍男友利用網路詐騙台
灣女子。刑事局國際科與馬國警方合作,日前逮捕賴姓女子並追緝共犯
A Malaysian woman of Chinese origin Ms. Lai in connection with a
Nigerian boyfriend, used the Internet to defraud Taiwanese woman CIB
International Council of Scientific Cooperation with Malaysia arrested by
the police and looking for an accomplice Ms. Lai
10
B. 網路詐欺案例 1-2
Internet fraud Case
台北縣警方今年5月間接獲一名女子檢舉,指稱一名在英國倫敦工作的網
友,聲稱寄送內有英鎊現金的包裹要給她,因未申報而遭馬國海關查扣,
需付稅金後始得放行,請求女子將錢匯至馬國海關處。這名女子不疑有他,
連續匯款兩次共計2358美元,但遲未收到包裹,始知受騙。
Taipei County police received an indirect May this year, a woman
accused, Alleged that a work of netizens in London, claiming that there
are pounds in cash to send parcels to give her, Who were failing to
declare the Malaysian Customs and Excise Department seized, pay a
tax before it may be released upon the request woman will remit money
to the Malaysian Customs and Excise Department. The woman did not
suspected him, a total of 2358 U.S. dollars two consecutive remittances,
but has not received the latest package, Found out deceived.
11
網路性侵案件!
Network of sexual assault cases!
07年網路性侵案件: 一天1.5件。12-18歲少年占六成多。
2009年06月10日蘋果日報 台灣 台北 市
Network of sexual assault cases in 2007: Daily average 1.5 case.
12-18 year-olds accounted for more than 60%.
June 10, 2009 Apple Daily Taipei Taiwan
12
禽獸不如
Is truly pathetic and inferior to animals
台北市兩名一瘦一胖的嫌犯,去年七月起,涉嫌在網路上約女網友開轟趴,等女網友赴約後將
對方帶到汽車旅館,誘騙對方進浴室洗澡,再要求發生性關係,女網友不願配合,即遭掌摑強
姦得逞 ,警方昨逮捕兩嫌,發現受害多達十多人。
Taipei two suspects a thin one fat, begin July 2008 , Suspected on the Internet to invite Female net
friend to participate in party , Female net friend to meet this woman after the other into the Motel,
Trick the other into the bathroom taking a bath, and then require a sexual relationship, The victim is
unwilling to cooperate, that is, to succeed by slapping rape, the police yesterday arrested two suspected
and found that as many as a dozen people injured.
被害人不甘受辱向警方報案,警方根據網路位址清查,並前往汽車旅館調閱車號,昨循線逮捕
兩嫌。警方追查發現,兩嫌去年七月開始犯案,每次都由葉嫌以「小豬」、「出來玩」等暱稱,
在奇摩即時通及豆豆聊天室等網站向女網友搭訕,葉嫌坦承犯案十多起、周嫌則供稱五、六起,
警方正追查其他共犯。
Humiliation of victims unwilling to report to the police, the police inventory of network address and
went to the motel access to number, yesterday arrested two suspected through the line. The police
traced the two began to commit crimes too 2008 July for each pig by Ye too to come out to play other
nickname, the yahoo messange and Peas chat rooms and other websites to Nvwang You strike up,
leaves from more than 10 suspected offender admits , Zhou said the suspect are for five or six, the
police are tracing the other accomplices.
13
駭客蘇柏榕 替黑幫盜資料
Hacker Su Po-jung work for the underworld to steal data
中時電子報/蔡旻岳/台北報導 2007/09/22 China Times / Taipei / Choi Min-Yue
刑事局科技犯罪防制中心查出 ,在網路上暱稱「odin」的林姓高二生、以及暱稱
「cb」的蘇柏榕兩人,係以學術網路為骨幹,將跳板主機隱藏於台灣學術網路內,
並利用木馬程式、網站漏洞侵入各大知名網站非法取得資料後,存放在國外網站主
機,用以規避追查。其中xx電信公司用戶帳戶及密碼有兩百四十多萬筆遭竊,部分
網站則連程式都被搬走。
CIB Crime Prevention Center for Science and Technology have found that the Internet
nickname "odin" Lin, high-school sophomore, and the nickname "cb" two Su Po-jung, an
academic department as the backbone network will be a springboard for host hidden in
Taiwan Academic Network inside, and the use of Trojan horse programs, Web site
vulnerabilities well-known Web site illegally obtained large intrusive information, stored in
a foreign website host, to circumvent the tracing. Xx telecom companies in which the user
account and password with more than 2.4 million pens stolen, some websites have even the
programs are removed.
Hacker
Su Po-jung
14
網路理財廣告詐貸銀行案 -1
Internet advertising bank loan fraud case
高雄市刑警大隊 2009年5月接獲多家銀行報案,指稱遭人持偽造文件向銀行申辦信
用貸款,造成銀行遭詐貸的鉅額損失。案經該大隊15分隊深入調查發現,以洪○○、
方○○等人共同基於牟取不法利益之犯意聯絡及行為分擔所籌組之詐欺集團,用國
內入口網站之免費網路空間張貼或貼紙廣告刊載『理財達人專辦信用貸款』、『小
額信用貸款』訊息等方式,招攬急需資金週轉之人頭客戶,由該集團成員偽變造財
稅、薪資等證明文件,美化貸款人之財力,並教唆指導人頭客戶持偽造文件向銀行
申辦信用貸款,使金融機構陷於錯誤而核准貸款,該集團則向人頭客戶收取高額手
續費牟取暴利
15
網路理財廣告詐貸銀行案 -2
Internet advertising bank loan fraud case
16
網際網路犯罪偵察要領
Cyber Crime Investigation Essentials
取得報案詳細資料
To obtain detailed information on reported
依案情內容申請技術支援
For technical support in accordance with the contents of the case
組成專案小組
An ad hoc group
17
網際網路犯罪情資蒐集
Cyber criminal intelligence collection
1. 收集電腦稽核紀錄 : IP, 帳號, 時間 等
2. 客戶登錄資料 : 帳號使用人, 姓名, 地址, 電話 等
3. 犯罪事實
1. Collection of computer audit records : Log, IP, User
account, time
2. Customer Login information : Account name and address
of telephone users
3. Corpus delicti
18
網際網路犯罪證據蒐集
Cyber crime, gathering of evidence
1. 由被害人及嫌犯電腦上取得資料, Log, 檔案, 紀錄 ... 等
2. 由業者提供的資料及紀錄 ... 等
3. 網路監聽
4. 由被害人提供網路封包還原
1. By the victims and suspects to obtain information on the
computer, Log, files, records, etc. ...
2. Information provided by the industry, and records and so on ...
3. Interception
4. From the victims to restore the network packet
19
網際網路犯罪鑑識工具種類
Cyber crime forensics tools
Forensics tools
鑑識軟體
“Stop, look and listen” Forensics
software 離線封包鑑識還原軟體
Wired , HTTPS/SSL
and VOIP
Wireless
“Catch-it-as-you-can” forensics
systems 封包側錄還原鑑識設備
Off-Line packet
reconstruction
software
20
鑑識工具使用 Forensics Tool Use
數位證據的鑑識與採集無法透過人類的視覺直接辨識出來,如果沒
有適當的工具或軟體也是無法解析,運用適當的工具或軟體採集與
辨識數位證據,也是偵辦電腦網路犯罪案件必備的條件
Kam-digital intellectual and collection of evidence can not be humans
through direct identified intellectual vision out of future, without the right
tools or software are unable to resolve, using the right tools or software
acquisition and identified intellectual digital evidence, but also diligent in
Internet Highway necessary conditions for criminal cases
Forensics tools
鑑識軟體
由被害人及嫌犯電腦上取得資料, Log, 檔案, 紀錄 ... 等
Collection of computer audit records : Log, IP, User account,
time … …etc
21
網路鑑識工具使用 Cyber Forensics Tool Use
網路監聽
Wired , HTTPS/SSL
and VOIP
Wireless
Internet Interception
“Catch-it-as-you-can” forensics
systems 封包側錄還原鑑識設備
“Stop, look and listen” Forensics
software 離線封包鑑識還原軟體
還原已錄製完成網路封包
Reconstruction, The completion
of network packets have been
recorded
Off-Line packet
reconstruction
software
22
網路封包鑑識分析分類
Network packet forensics analysis categories
1. Viruses & Worms, Hacking
& Trojans ... ...
Analysis NonReconstruction Packet
病毐 駭客 木馬程式 … …
不可還的原網路封包
2. Email , Web Mail ,IM, FTP ,
Network Packet
Reconstruction
可還原網路封包
P2P, VoIP, Video Streaming ,
HTTP, Online Games, Telnet
電子郵件,網頁郵件,FTP,
P2P,VoIP,影音串流,網
頁瀏覽,線上遊戲,,
Telnet
23
提供全系列網路鑑識產品
Complete Solutions for Cyber Forensics
1.
2.
3.
4.
5.
6.
Wired packet reconstruction.
Wireless (802.11 a/b/g/n) packet reconstruction.
HTTPS/SSL interceptor..
VOIP packet reconstruction.
Off-line packet reconstruction software
Network packet forensics analysis training
For more information www.digi-forensics.com
24
網際網路封包鑑識分析教育訓練課程
Network Packet Forensics Analysis Training
The knowledge of network packet analysis is important for Forensics Investigator
and Lawful Enforcement Officer to carry out their daily duty. Network Packet
Forensics Analysis Training (NPFAT) provides useful and sufficient knowledge
required to analyse network packets. Trainee will be able to identify different
packet types according to different Internet Protocols such as packets containing a
specific Email (POP3, SMTP and IMAP), Web Mail (Yahoo Mail, Gmail,
Hotmail), Instant Messaging (Windows Live Messenger, Yahoo, ICQ etc.), FTP,
Telnet, HTTP and VOIP. Forensics investigation is also science and art.
網際網路封包鑑識分析教育訓練課程(NPFAT)提供所需知識來分析網際網
路封包。令學員將能夠識別不同類型的網路封包根據不同的Internet協議,如
電子郵件(POP3,SMTP和IMAP),網路郵件(雅虎郵件,Gmail,
Hotmail等),即時通(如Windows Live Messenger,雅虎,ICQ等),FTP,
遠程登錄,網頁瀏覽和VOIP。鑑識取證調查還技術兼具科學和藝術素養之
訓練課程。
Frankie Chan
Kok Liang
Phillip A Russo
25
Ing. Gustavo Presman
實績 Reference site in Taiwan
The Investigation Bureau of
Criminal Investigation Bureau
the Ministry of Justice
國家安全局 National Security Bureau
國防部 Ministry of National Defense,R.O.C
憲兵司令部 Military Police, R.O.C
海岸巡防署 Coast Guard Administration
國防大學 National Defense University
中央警察大學 Central Police University
26