Cyber Crime and Cyber Terrorism Investigator's Handbook is a vital tool in the arsenal of today's computer programmers, students, and investigators. As computer networks become ubiquitous throughout the world, cyber crime, cyber terrorism, and cyber war have become some of the most concerning topics in today's security landscape. News stories about Stuxnet and PRISM have brought these activities into the public eye, and serve to show just how effective, controversial, and worrying these tactics can become. Cyber Crime and Cyber Terrorism Investigator's Handbook describes and analyzes many of the motivations, tools, and tactics behind cyber attacks and the defenses against them. With this book, you will learn about the technological and logistic framework of cyber crime, as well as the social and legal backgrounds of its prosecution and investigation. Whether you are a law enforcement professional, an IT specialist, a researcher, or a student, you will find valuable insight into the world of cyber crime and cyber warfare. Edited by experts in computer security, cyber investigations, and counter-terrorism, and with contributions from computer researchers, legal experts, and law enforcement professionals, Cyber Crime and Cyber Terrorism Investigator's Handbook will serve as your best reference to the modern world of cyber crime. - Written by experts in cyber crime, digital investigations, and counter-terrorism- Learn the motivations, tools, and tactics used by cyber-attackers, computer security professionals, and investigators- Keep up to date on current national and international law regarding cyber crime and cyber terrorism- See just how significant cyber crime has become, and how important cyber law enforcement is in the modern world
Front Cover 1
Cyber Crime and Cyber Terrorism Investigator’s Handbook 4
Copyright 5
Acknowledgments 6
Endorsements 8
Contents 10
Contributors 18
Author Biography 20
Foreword 22
Preface 24
Chapter 1: Cyberspace: The new frontier for policing? 26
The Shape of the Challenge 27
The Size of the Challenge 30
The Response 32
Conclusion 33
References 34
Chapter 2: Definitions of Cyber Terrorism 36
Introduction 36
The Confusion About Cyber Terrorism 36
Cyber Terrorism Definition 38
Has Cyber Terrorism ever Occurred? 41
Conclusions 41
References 41
Chapter 3: New and emerging threats of cyber crime and terrorism 44
Introduction 44
Some Historic Milestones 44
Cyber security lessons not learned from previous ICT innovation cycles 46
Organizational aspects not learned from previous ICT innovation cycles 48
Emerging threats 49
Conclusions 53
References 53
Chapter 4: Police investigation processes: practical tools and techniques for tackling cyber crimes 56
Introduction 56
Investigative Decision Making 57
Investigative Problem Solving 59
Developing Investigative Hypothesis 61
Investigative Innovation 62
Investigators Contact Management 63
Investigating Crime and Terror 64
Conclusion 66
References 67
Chapter 5: Cyber-specifications: capturing user requirements for cyber-security investigations 68
Introduction 68
User Requirements and the Need for a User-Centered Approach? 70
Balancing Technological and Human Capabilities 72
Conducting User Requirements Elicitation 76
Capturing and Communicating User Requirements 78
Conclusion 80
Acknowledgment 81
References 81
Chapter 6: High-tech investigations of cyber crime 84
Introduction 84
High-Tech Investigations and Forensics 84
Core Concepts of High-Tech Investigations 85
Digital Landscapes 86
The “Crime Scene” 86
Live and Online Data Capture 87
Offline (Dead) Data Capture 88
Verification of the Data 89
Reviewing the Requirements 89
Starting the Analysis 89
Signature Analysis 91
Filtering Evidence 91
Keyword Searching 92
Core Evidence 92
Windows LNK Files 93
Windows Prefetch Files 93
Windows Event Logs 94
Windows Registry 94
Restore Points 94
Case Study 94
Summary 95
References 95
Chapter 7: Seizing, imaging, and analyzing digital evidence: step-by-step guidelines 96
Introduction 96
Establishing Crime 96
Collecting Evidence for a Search Warrant 97
Reported by a Third Party 97
Identification of a Suspects Internet Protocol Address 97
IP Spoofing 98
Anonymizing Proxy Relay Services 98
Intrusion Detection Systems, Network Traffic and Firewall Logs 99
Interviews with Suspects 99
Analysis of Suspects Media 99
Doxing 99
Collecting Evidence 100
Seizing Equipment 100
Search for Written Passwords 101
Forensic Acquisition 102
Ram 102
Image 103
Forensic Analysis 103
Anti-forensics 104
RAM Analysis 104
Data Carving and Magic Values 105
Media Storage Forensics 105
The Structure and Format of a Hard Drive 105
Partitions 106
Master Boot Record 107
The VBR and BIOS parameter block 107
File System 107
File Table 107
Searching for Evidence 108
Keyword and Phrases Search 108
Recovering Deleted Information 108
Recovering Deleted Files and Folders 109
Recovering Deleted Partitions 109
Where Evidence Hides 109
Registry 109
Most Recently Used Lists 110
LastWrite Time 111
Hiberfil.sys 111
Pagefil.sys 111
System Volume Information Folders 112
Chapter Summary 113
References 113
Chapter 8: Digital forensics education, training and awareness 116
Introduction 116
Digital Forensics Laboratory Preparation and Training 118
Digital Anti Forensics Tools and Approaches 119
The Main Difficulties Faced by Law Enforcement Officers Fighting Cyber-Crime 121
Educational Provision for the Study of Computer Forensics 122
The CFM Methodology 124
Conclusions 124
References 125
Chapter 9: Understanding the situational awareness in cybercrimes: case studies 126
Introduction 126
Taxonomical Classification of Cybercrime/Cyberterrorism 128
Case Studies 130
Political/Publicity/Self-Actualization: The Case of the Syrian Electronic Army 131
Who Are They? 131
Political or Moral Hackers? 131
Methods: Phishing and DDoS 132
Who Have They Hacked to Date? 132
CNN 133
Angry Birds 133
Microsoft (January 2014) 134
Saudi Arabian Government Websites (January 2014) 134
Social Media Presence 134
The Case of Stuxnet 135
The Cyber-Attacks on Banks 136
On a Global Scale 136
In the UK 137
The Case of the Anonymous Attacks on Scientology 138
Self-Actualization: The Case of “Mafiaboy” 139
Strategic Responses to Cyber Attacks 140
Concluding Remarks 142
References 143
Chapter 10: Terrorist use of the internet 148
Terrorist Use of the Internet 148
Propaganda—Indoctrination—Recruitment 148
The Role of the Video 148
Online Forums—Blogs 149
Online Social Network Services 149
Radicalization Process on the Internet 150
Particular case: lone wolf 150
Information Sharing 151
Future Developments 152
Cyber Terrorism 152
Financing 153
Darknet 155
3D Printing 155
Full VPN 156
Conclusion 156
References 157
Chapter 11: ICT as a protection tool against child exploitation 158
Introduction 158
Key Issues and Challenges 159
Information Awareness and Better Education 160
Government Responsibilities and Legal Framework 161
Technical Issues and Challenges 161
A Case Study on Use of Technology and Proposed Methodology 161
Objectivity, Consistency and Credibility 163
A Systems Approach to Child Protection 164
Child-Centered Information Flows 164
CBCTResponse System 167
Conclusions 171
References 171
Chapter 12: Cybercrime classification and characteristics 174
Introduction 174
What is Cybercrime? 175
What are the Classifications and Types of Cybercrime? 179
Cybercrime Categories 181
Phishing 181
Spam 183
Hacking 183
Cyber Harassment or Bullying 184
Identity Theft 184
Plastic Card Fraud 185
Internet Auction Fraud 185
Cyber-Attack Methods and Tools 185
Conclusion 187
References 188
Chapter 13: Cyber terrorism: Case studies 190
Introduction 190
Case Studies—Activities In Cyberspace Attributed to Terrorist Organizations 191
Analysis of Capabilities 193
Technological Capabilities, Intelligence Guidance, and Operational Capacity 195
Technological Capabilities 195
Intelligence-Guided Capability 195
Operational Capability 196
Conclusion 197
References 199
Chapter 14: Social media and Big Data 200
Introduction 200
Big Data: The Asymmetric Distribution of Control Over Information and Possible Remedies 201
Big Data and Social Surveillance: Public and Private Interplay in Social Control 203
Array of Approved eSurveillance Legislation 204
Forced “On Call” Collaboration by Private Entities 206
Data Collection for Crime Prediction and Prevention 207
Legitimacy 207
Use of Private Sector Tools and Resources 208
The Role of the E.U. Reform on Data Protection in Limiting the Risks of Social Surveillance 209
Preserving the E.U. data protection standard in a globalized world 211
References 215
Chapter 15: Social media and its role for LEAs: Review and applications 222
Introduction 222
Features of Social Media Users and Use 225
Differences in Demographics Across Networks 225
Rationales for Social Media Use 225
Influences on Social Media Behaviors 226
Disclosure and Trustworthiness of Information 228
Relevance to LEAs 229
LEA Usage Scenarios for Social Media 229
Social Media in “Lone-Wolf” Scenarios for Early Assessment and Identification of Threats 231
Social Media-Based Approach in a Hostage Scenario 232
Organized Crime Social Media Data Analysis 233
Crowd-Sourcing with a Collective Intelligence Platform 234
Application of Social Media in Human Trafficking Scenarios 236
Public Engagement on Social Media 238
From Social Media to LEA Intelligence 239
Concluding Remarks 241
References 241
Chapter 16: The rise of cyber liability insurance 246
A Brief History of Insurance 246
Business Interruption Insurance 246
What is Cyber Liability? 247
First-Party Cyber Liability 248
Third-Party Cyber Liability 249
Cyber Risks—A Growing Concern 249
The Cyber Threat 250
A Changing Regulatory Landscape 251
ICO Notification 251
What Does Cyber Liability Insurance Cover? 252
Who Offers Cyber Liability Insurance and What Should Customers Look Out For? 253
Conclusion 254
Chapter 17: Responding to cyber crime and cyber terrorism—botnets an insidious threat 256
Introduction 256
A Botnet Roadmap 257
Primary Activities: 264
Support Activities: 264
Botnets How Do They Work. Network Topologies and Protocols 265
Case Study—Eurograbber (2012) 269
The Infection 270
The Money Theft 271
Case Study—ZeroAccess (2013) 272
Countermeasures for Fighting Botnets or Mitigating Botnets Effects 274
Conclusion and Future Trends (TOR, Mobile and Social Networks) 278
References 281
Chapter 18: Evolution of tetra through the integration with a number of communication platforms to support public protecti ... 284
Introduction 284
TETRA Technology 285
Current Trends of PPDR (i.e., TETRA) Technology 286
Technological and Economic Barriers and Issues 287
Progress Beyond the State-of-the-Art 288
Current PPDR Communication Network Architecture Landscape 288
State-of-the-Art on Mobile Communication Standard 290
General PMR standards 290
TETRAPOL 290
GSM 291
TETRA 291
Proposed PPDR Communication Network Architectural Solutions 292
TETRA over Mobile IP Network 292
Multi-technology communication mobile IP gateway (MIPGATE) 292
Multipath TCP 294
Security 294
TETRA over Mobile Ad-Hoc Network 295
TETRA over DVB-T/DTTV Network 296
Conclusion 297
References 298
Index 300
Cyberspace
The new frontier for policing?
Fraser Sampson
Abstract
This chapter contains an analysis of some of the practical legal challenges of so-called cyberspace and cybercrime/cyber-enabled crime. In particular, this chapter discusses the difficulties of concepts such as jurisdiction and the ability of domestic legal systems to accommodate the borderlessness of the Internet. This chapter considers the nature, size, shape, and scale of the challenge represented by cyberspace within the context of the UK Cyber Security Strategy and recent developments among public bodies to adapt. This chapter concludes by raising the growing dilemma presented by the need to balance security of citizens and their property within cyberspace against the regulated conduct of state agencies within that setting.
Keywords
Cyberspace
Cybercrime
Cyber-enabled crime
e-crime
Computer-enabled criminality
Cyber constables
Strategic Policing Requirement
Published in 2011, the UK Cyber Security Strategy states that:
Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society.
That the United Kingdom even has a cyber security strategy is telling. Governments and their agencies—not only in the United Kingdom but worldwide—have struggled to distinguish criminality that specifically relies on the use of the hyper-connectivity of global information technology from “ordinary” crime that is simply enabled by using information and communication technology. Despite legislative interventions such as the Council of Europe Convention on Cybercrime (for an analysis of which see Vatis, 2010, p. 207) in 2001, cyberspace remains a largely unregulated jurisdictional outpost.
The first piece of criminal legislation to address the use—or rather the misuse—of computers in the United Kingdom was enacted in 1990. The recital to the Computer Misuse Act 1990 states that it was an act “to make provision for securing computer material against unauthorized access or modification; and for connected purposes.” This narrow, pre-Internet focus was very much predicated on the concept of a computer as a functional box (or network of boxes) containing “material” that required protection (Sampson 1991a, p. 211). Although the Act addressed unauthorized access, the concept of causing a computer to perform a function in furtherance of other crimes was also a central part of the new legislation (Sampson, 1991b, p. 58) which, for the first time in the United Kingdom, sought to catch up with computer technology that was becoming part of people’s everyday lives—a race in which the legislative process did not stand a chance.
While the legislation was amended in 2006 with the introduction of a new criminal offence of unauthorized acts to impair the operation of a computer or program, etc., looking back through today’s digital prism, the legislation has a decidedly analog look to it. When the legislation came into force we had little idea of the impact the “information super-highway” would have on our everyday lives, still less the engrenage effect of social media.
According to the UK’s 2011 Cyber Security Strategy, at the time of its publication 2 billion people were online and there were over 5 billion Internet-connected devices in existence. During that same year, the number of people being proceeded against for offences under the Computer Misuse Act 1991 in England and Wales, according to a document from the Ministry of Justice, was nine (Canham, 2012) with no people being proceeded against for the two offences under s.1(1) and s.1(3). Perhaps as surprisingly, the records from the Police National Legal Database (PNLD) used by all police forces in England and Wales for offence wordings, charging codes, and legal research show that during two weeks (chosen at random) in 2013 the Computer Misuse Act 1990 and its constituent parts were accessed as follows:
Between 4th and 10th March—907 times
Between 10th and 16th November—750 times
Reconciling these two data sets is difficult. While it is clear from the PNLD access data that law enforcement officials in England and Wales are still interrogating the 1990 legislation frequently (on average, around 825 times per week or 118 times per day or annually 42,900 times), the number of prosecutions for the correlative offences is vanishingly small. One of the many challenges with cybercrime and cyber-enabled criminality is establishing its size and shape.
The Shape of the Challenge
Just as the shape of our technology has changed beyond all recognition since 1990, so too has the shape of the challenge. The almost unconstrained development of Internet-based connectivity can be seen, on one hand, as a phenomenological emancipation of the masses, an extension of the Civil Data Movement and the citizens’ entitlement to publicly held data (see (Sampson and Kinnear, 2010). On the other hand, the empowerment it has given others (particularly sovereign states) to abuse cyberspace has been cast as representing the “end of privacy” prompting a petition to the United Nations for a “bill of digital rights.”
Steering a predictably middle course, the UK strategy sets out the key—and, it is submitted, most elusive—concept within the document: that of a “vibrant, resilient, and secure cyberspace.” The aspiration must surely be right but how can resilience and security be achieved within a vibrant space run by computers? In terms of both computers and our reliance upon them, we have moved so far from the original notion of boxes, functions, commands and programs, along with the consequences that can be brought about by their use, that a fundamental re-think is needed.
So what—and where—is cyberspace? Much has been written recently on the threat, risk and harm posed by “cybercrime,” “e-crime,” “cyber-enabled” criminality but the legislation has been left a long way behind. The EU has a substantial number of workstreams around its “Cybersecurity Strategy” and its own working definition of “cyberspace” though its own proposed Directive has no legal definition but rather one for Network and Information Security to match the agency established in 2004 with the same name. In the United Kingdom, a parliamentary question in 2012 asked the Secretary of State for Justice how many prosecutions there had been for “e-crime” in the past 5 years. In response, the Parliamentary Under Secretary of State gave statistics for ss 1(4), 2 and 3(5) of the Computer Misuse Act while the correlative Hansard entry uses the expression “cybercrime” in its heading.
Wherever it is, constitutional lawyers around the world have wrestled with the applicability of their countries’ legislation with the borderlessness of the virtual word of the Internet; the application of “analog” territorial laws to the indeterminable digital boundaries of the infinite global communications network is, it seems, proving to be too much for our conventional legal systems. Here is why.
When it comes to interpreting and applying law across our own administrative jurisdictional boundaries, an established body of internationally agreed principles, behavior, and jurisprudence has developed over time. Some attempts have been made to apply these legal norms to cyberspace. For example, the International Covenant on Civil and Political Rights sets out some key obligations of signatory states. In addition, activities executed within or via cyberspace should not be beyond the reach of other community protections such as those enshrined in the European Convention of Human Rights or the EU Charter of Fundamental Rights, particularly where issues such as online child sexual exploitation are involved. The first basic challenge that this brings however, is that of jurisdiction.
Cottim has identified five jurisdictional theories and approaches in this context, namely (Cottim A. 2010):
1. Territoriality theory: The theory that jurisdiction is determined by the place where the offence is committed, in whole or in part. This “territoriality theory” has its roots in the Westphalian Peace model of state sovereignty that has been in place since 1684 (see Beaulac, 2004, p. 181). This approach has at its heart the presumption that the State has sovereignty over the territory under discussion, a presumption that is manifestly and easily rebuttable in most “cyberspace” cases.
2. Nationality (or active personality) theory: Based primarily on the nationality of the person who committed the offence (see United States of America v. Jay Cohen; Docket No. 00-1574, 260 F.3d 68 (2d Cir., July 31, 2001) where World Sports Exchange, together with its President, were defendants in an FBI prosecution for conspiracy to use communications facilities to transmit wagers in interstate or foreign commerce. The defendants were charged with targeting customers in the United States inviting them to place bets...
Erscheint lt. Verlag | 16.7.2014 |
---|---|
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Informatik ► Theorie / Studium ► Kryptologie | |
ISBN-10 | 0-12-800811-3 / 0128008113 |
ISBN-13 | 978-0-12-800811-9 / 9780128008119 |
Haben Sie eine Frage zum Produkt? |
Größe: 6,4 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
Größe: 3,7 MB
Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM
Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine
Geräteliste und zusätzliche Hinweise
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich