dopewarsonline
Transcrição
dopewarsonline
CYBERCRIME CYBERCRIME - THREATS, CHALLENGES AND LEGAL SOLUTIONS Macau, 13.February 2008 - 15. February 2008 Dr. Marco Gercke Lecturer at the University of Cologne, Germany CYBERCRIME FRAUD • „That‘s where the money is“ Page: 1 AUCTION FRAUD Picture removed in print version • Due to the possibilities of anonymous communication the internet is offering advantages for offenders • Due to the international dimension it is very difficult to prosecute those crimes CYBERCRIME Page: 2 FRAUD • Nigaria advance Fee 419 FRAUD Picture removed in print version • 419 Fraud • Named after the corresponding provision of the Nigeria Penal Code • Explanation: air crash, car accident tsunami/earthquake coup over-invoiced CYBERCRIME FRAUD • “Dialer” • Programs that change the settings for a modem dial-in connection • Instead of regular access numbers expensive premium-rate connections are installed • Often distributed by viruses CYBERCRIME Page: 3 DIALER Picture removed in print version Page: 4 ONLINE GAMES • Hugh interest in Online Games ONLINE GAMES (SECONDLIFE.COM) Picture removed in print version • Secondlife has more than 1.500.000 users • Companies like Microsoft and Nissan are present • Includes a virtual currency (L$ - Linden Dollar) • First US$ Millionaire “Anshe Chung” who earned 270.000.000 L$ by developing and selling “real estate” (FTD 28.11.2006) CYBERCRIME ONLINE GAMES • Increasing number of links between the virtual world and the real world Page: 5 TRADE WITH L$ (EBAY.COM) Picture removed in print version • L$ as well as SL-objects are offered on Ebay • First cases of “virtual theft” CYBERCRIME Page: 6 FRAUD • Auction Platforms are misused for committing crimes (eg. selling stolen goods) AUCTION FRAUD Picture removed in print version Various fraud activities • Selling goods that do not exist (“prepaid” system) • Buying goods without paying for them • Due to the importance of “ratings” closely connected to Identity Theft CYBERCRIME ACCOUNT TAKEOVER • Customer is receiving an e-mail • Request to verify his account by entering password • Password is transmitted to the perpetrator • Perpetrator is login and changes information (e.g. e-mail address and the password) to take over the control • Perpetrator offers items and requires prepay CYBERCRIME Page: 7 ACCOUNT TAKEOVER Picture removed in print version Page: 8 ONLINE CASINOS • Huge number of Online Casinos available GAMBLING Picture removed in print version • Internet Casinos are offering advantages for money laundering • No face-to-face identification possible • Some Casinos offer anonymous login (No registration necessary) • Anonymous Payment: Transfer via/to Prepaid Credit Cards / Western Union CYBERCRIME ONLINE CASINOS • Online gambling industry is growing fast Page: 9 GAMBLING (http://www.gamingpublic.com/) Picture removed in print version • Global revenues from online gambling could reach USD$16 billion in 2006 CYBERCRIME Page: 10 ID RELATED CRIMES • Hiding the identity is an essential element is criminal activities IDENTIFICATION DOCUMENT Picture removed in print version • Falsified Passports are not available for a broader public • Falsification of identities in the internet is still possible • Search engines can be used to find information that can be used to act under a false identity CYBERCRIME IDENTITY THEFT • Increasing number of reports about Identity theft in the US Page: 11 SOCIAL SECURITY NUMBER Picture removed in print version • Special risk related to single IDSystems • Social Security Number or one-card systems • Taking over a single ID can enable the offender to abuse the ID CYBERCRIME Page: 12 IDENTITY THEFT • Not only an Internet-related topic DUMPSTER DIVING Picture removed in print version • Current analysis proofs, that secret information are in many cases not shredded before the are thrown away CYBERCRIME FINANCIAL INSTITUTIONS • Legal approach in the fight against illegal Internet Gambling • Unlawful Internet Gambling and Enforcement Act • Criminalising the participation in Internet gambling activities • Tendency of criminalising acts of preparation CYBERCRIME Page: 13 SECTION 5363 Prohibition on acceptance of any financial instrument for unlawful Internet gambling No person engaged in the business of betting or wagering may knowingly accept, in connection with the participation of another person in unlawful Internet gambling 1) credit, or the proceeds of credit, extended to or on behalf of such other person (including credit extended through the use of a credit card); SECTION 5366 Criminal Penalties Whoever violates section 5363 shall be fined under title 18, or imprisoned for not more than 5 years, or both. Page: 14 IDENTITY THEFT & PHISHING • Increasing number of reports about Identity theft in the US PHISHING MAIL Picture removed in print version • SPAM related problem of “phishing” mails that does influence the acceptance of online banking • Majority of cases have an international dimension CYBERCRIME Page: 15 PHISHING - ORGANISED CRIME Phishing is happening on an organised crime level CYBERCRIME Page: 16 PHISHING - QUANTITY PHISHING SITES / MONTH (anti-phishing.org)) CYBERCRIME Page: 17 PHISHING Setting up a „fake“ web page Spoofing-Site CYBERCRIME Page: 18 SPOOFING • “Fake” Webpage looking exactly like the webpage of a legitimate company (eg. Financial Institution) SPOOFING WEB SITE Picture removed in print version • Nearly impossible for regular users to identify the fake background CYBERCRIME PHISHING • Phishing Networks are complex systems Page: 19 SPOOFING SITES (www.antiphishing.org) Picture removed in print version • Combination of fraud and money laundering • International dimension CYBERCRIME Page: 20 PHISHING Sending out phishing mails CYBERCRIME PHISHING • E-Mail looking like the e-mail from a legitimate company • In most cases financial institutions • Ordering the person who is receiving the e-mail to access a (Spoofing) Webpage and to enter certain sensible information (eg. passwords or credit card information) • Reason mentioned why certain information are necessary • In most cases combined with a threat (eg. bank account will be closed) CYBERCRIME Page: 21 PHISHING E-MAIL Picture removed in print version Page: 22 PHISHING Some victims answer and offer their secret data CYBERCRIME Page: 23 PHISHING Some victims answer and offer their secret data CYBERCRIME Financial Manager Page: 24 PHISHING JOB OFFER - FINANCIAL MANAGER • SPAM Mail with job offer Picture removed in print version • Offenders pretend to run a serious business company • Offer up to 10% for the transfer of incoming money via Western Union • System to circumvent the financial institutions technical protection systems CYBERCRIME Page: 25 PHISHING Financial Manager Financial Manager Offenders transfer money from the victims account to the FM CYBERCRIME Page: 26 PHISHING Financial Manager Offenders order the FM to transfer the money via Western Union CYBERCRIME Page: 27 PHISHING Focus of the Police CYBERCRIME Page: 28 IDENTITY THEFT & PHISHING • Missing protection is not limited to computer data DUMPSTER DIVING Picture removed in print version • Current analysis (Fellowes, DumpsterDiving-Study) proof that even businesses and private people that are protecting their computer systems are not properly deleting classic print documents CYBERCRIME COMPUTER SABOTAGE • Virus attacks Page: 29 VIRUS Picture removed in print version • Denial of Service (DoS) Attacks • A number of free software tools can be downloaded from the internet that enable even people without special technical knowledge to create viruses and start DoS Attacks CYBERCRIME Page: 30 COMPUTER SABOTAGE DENIAL OF SERVICE ATTACK Regular Access CYBERCRIME Page: 31 COMPUTER SABOTAGE DENIAL OF SERVICE ATTACK Victim Regular Access CYBERCRIME Page: 32 DATA ESPIONAGE • Valuable and secret information are often stored without adequate protection KEYLOGGER (rsaunois.free.fr) Picture removed in print version • Lack of self-protection especially with regard to small businesses and private computer users • Development of protection-plans is inadequate (eg. change of hard-drive without deleting sensible information in advance) CYBERCRIME DATA ESPIONAGE • Apart from hardware tools there are a number of software-based keylogger solutions Page: 33 KEYLOGGER (ikitek) Picture removed in print version • Unlike the hardware solutions most software based keylogger tools can be detected by anti-spyware tools CYBERCRIME Page: 34 EXCERPT Use of keylogger by law enforcement • Reports that the FBI is already using a keylogger for investigation purposed • German Federal Prosecution requested permission to secretly install an investigation software • Federal Court refused the request with regard to the missing legal basis Magic Lantern (20.11.2001, msnbc.com) The FBI is developing software capable of inserting a computer virus onto a suspect’s machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as “Magic Lantern“ enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files. CYBERCRIME DATA ESPIONAGE • Most cable networks are not protected against the interception of electromagnetic emissions Page: 35 INTERCEPTION Picture removed in print version • Use of wireless networks increases vulnerability CYBERCRIME Page: 36 DATA ESPIONAGE • Use of wireless networks increases vulnerability WIRELESS LAN Picture removed in print version CYBERCRIME DATA ESPIONAGE • Use of wireless networks increases vulnerability CYBERCRIME Page: 37 WIRELESS LAN Picture removed in print version Page: 38 DATA ESPIONAGE • Use of wireless networks increases vulnerability WIRELESS LAN Picture removed in print version CYBERCRIME ILLEGAL ACCESS • Phenomenon called “Hacking” Page: 39 HACKING Picture removed in print version • Entering a computer system without permission • In many cases the illegal access is only the preparation for further crimes such as data manipulation or data espionage • Number of attacks is a result of softwaretools that automatically detect and attack computer systems CYBERCRIME Page: 40 QUANTITY • Huge number of attacks are a result of automatic attacks HACKING Picture removed in print version • Software Tools available that automatically scan IP-address areas for unprotected computers (especially open ports) • It is possible to scan thousands of computer systems with a single computer • Average time until a computer is attacked for the first time after being connected to the internet: 30 seconds CYBERCRIME ILLEGAL ACCESS • Motivation varies • Financial interest • „Sport“ for the next generation of computer criminals CYBERCRIME Page: 41 HACKING Picture removed in print version Page: 42 ILLEGAL ACCESS Famous victims of hacking attacks: • • • • • • HACKING Picture removed in print version NASA (1992) CIA (1996) US Air Force (1996) US Department of Justice (1996) Pentagon (1998) German Government (2006) Source:http://en.wikipedia.org/wiki/Timeline_of_hacker_history CYBERCRIME ILLEGAL ACCESS Modus Operandi • Access to a computer/network from the inside Page: 43 System Professional attacks are always concentration on the identification of the weakest point in a system. Analyse methods include technical means as well “social engineering”. • Hacking attack from the outside Techniques • Social Engineering • Use of software devices to break the password protection • Use or malicious software (spyware, key-logger) to record passwords • Use of search-engines (“Google”) CYBERCRIME Page: 44 SOCIAL ENGINEERING • „Human Approach“ • In 1994, a French hacker contacted the FBI office in Washington, pretending to be an FBI representative who is working at the U.S. embassy in Paris. He persuaded the person in Washington to explain how to connect to the FBI's phone conferencing system. Then he ran up a $250,000 phone bill in seven months. SOCIAL ENGINEERING Social engineering is the term used to describe the utilization of human behaviour to breach security without the participant (or victim) even realizing that they have been manipulated. • Classic scam: Phoning CYBERCRIME WAR DRIVING • Unlike classic hacking “war driving” is not aiming for a certain victim but for any vulnerable system Page: 45 WAR DRIVING Picture removed in print version • searching for wireless networks by moving vehicles • „Useful“ to hide the identity of the acting person CYBERCRIME Page: 46 COPYRIGHT VIOLATIONS • Filesharing is very often based on Peerto-Peer (P2P) technology FILESHARING Picture removed in print version • Legal and Illegal use of P2P technology • Millions of files with copyright protected artwork are available for free download in Filesharing-Systems • Necessary is only a client (software) and internet access CYBERCRIME Page: 47 COPYRIGHT VIOLATIONS CNN (STAR WARS IN P2P) Artwork available: • Music (esp. but not only copyright protected work) • Movies (even before they were out in cinema) • Software (including serial numbers) The sixth and final installment of the "Star Wars" franchise was available for downloading on Elitetorrents.org more than six hours before it was released on theaters Thursday after midnight, according to a government statement released Wednesday.Within 24 hours, more than 10,000 copies of the "Star Wars" film had been swiped. Source: www.cnn.com CYBERCRIME Page: 48 SOFTWARE WITH SPYWARE Software related to spyware: • DivX Dope Wars • Grokster • Kazaa • Morpheus RadLight • EDonkey2000 • EDonkey2000 • LimeWire LIMEWIRE Picture removed in print version CYBERCRIME COPYRIGHT VIOLATIONS • Entertainment Industry developed a number of technical protection systems • Until now all systems could be circumvented • Especially with regard to CDs and DVDs • Software Tools are available that enable the user to circumvent technical copy protection on DVDs and CDs CYBERCRIME Page: 49 COPY TOOLS Picture removed in print version Page: 50 FILE SHARING FILESHARING Centralised Concepts (1st Generation Napster) Server hosting file list Users, up- and downloading files CYBERCRIME FILE SHARING Page: 51 FILESHARING Centralised Concepts (1st Generation Napster) No possibility of file exchance without server CYBERCRIME Page: 52 FILE SHARING FILESHARING Decentralised Concepts (Gnutella) User can take over server functions CYBERCRIME FILE SHARING Page: 53 FILESHARING 3rd Generation Users are offering Server-services enabling anonymous exchange CYBERCRIME Page: 54 COPYRIGHT VIOLATIONS Focus of criminal investigations • Users that are making files available • Downloader • Internet Service Provider ITUNES Movie removed in print version • Decisions of US Courts that the companies running FilesharingSystems can be responsible for copyright violations committed by their users forceD some Systems to stop their services CYBERCRIME Page: 55 CRIMINALISATION • Most legislations do not criminalise the pure download of copyright protected artwork • Excluding on a civil or criminal level • Practical problem is that most software products do not allow pure download CYBERCRIME Page: 56 ONLINE CASINOS • Huge number of Online Casinos available • Webpages are available from all over the world • A number of countries have strict regulations regarding gambling including criminal sanctions for illegal gambling • Difficult to control gambling in the internet • Difficulties regarding the jurisdiction GAMBLING Picture removed in print version CYBERCRIME PRONOGRAPHY • “Sex sells” Page: 57 SEXUAL RELATED CONTENT (Playboy) Picture removed in print version • Hugh number of sexual related business webpages • Supported by the possibilities of “anonymous” communication CYBERCRIME Page: 58 PORNOGRAPHY • Link lists available that lead to sexual related content LINK LIST Picture removed in print version • No access control that could exclude access of minors • Making pornographic material accessible without a proper access control is criminalised in some countries CYBERCRIME PORNOGRAPHY • Even regular search engines can be used to find pornographic material in the internet CYBERCRIME Page: 59 SEARCH ENGINES Picture removed in print version Page: 60 PORNOGRAPHY FILESHARING (Limewire) • Thousands of pornographic movies and pictures are available for free download in Filesharing-Systems • Current researches highlight, that pornographic material is among the most popular contents distributed via Filesharing-Systems CYBERCRIME CHILD PORNOGRAPHY • Closed IRC (Chat) Page: 61 CHAT Picture removed in print version • Password protected areas • Use of encryption technology • Very few information known • Accessible only for insider • Very difficult to intercept • Investigations are operated by specialists CYBERCRIME Page: 62 CHILD INCITEMENT Internet Chat is closely related offences: CHAT Picture removed in print version • Exchange of Child Pornography • Child Incitement • Paedophiles use the internet to get in contact with minors • Pretending to be minors as well • Offenders ask the minors for a meeting CYBERCRIME CYBER TERRORISM • No reports published about successful internet attacks from subversive groups • Risk of attacks against critical infrastructure) • Reason: Vulnerability of Information Technology • Possible Targets: Electricity Supply, Traffic Control, Economy in general CYBERCRIME Page: 63 2005 FBI ASS. DIRECTOR LOUIS REIGEL In December 2005 the Associated Press cites US FBI assistant director as stating that Al Qaeda and related terrorist networks are presently incapable of mounting cyberattacks that could damage US critical infrastructure. Page: 64 CYBER TERRORISM AL QAEDA TRAINING MANUAL • Various reports about activites of terrorist organisations in the internet “Using public sources openly and without resorting to illegal means, it is possible to gather at least 80% of all information required about the enemy” Main activities: • Research • Publishing Information (recruitment) • Communication between members of terrorist groups • Terrorist financing and money laundering • Committing Cybercrime (political motivated attacks) CYBERCRIME ORGANISATION Page: 65 ORGANISATION Picture removed in print version • Decentralised structure of subversive organisations is supported by decentralised structure of the internet • Lack of physical territory and infrastructure is compensated by network infrastructure (virtual territory) • Redundancy of the networks ensures the operability even if cells are uncovered • Flexibility of modern communication allows quick reconstruction of destroyed structures (Afghanistan) • International dimension of the internet allow the terrorists to play an international role CYBERCRIME Page: 66 COLLECTING INFORMATION • Internet is used as an information media by the subversive groups as well as by regular users MILITARY INFRASTRUCTURE Picture removed in print version • Search-engines and data-mining strategies are supporting terrorists in gathering information about possible targets and security measures • Additional Services (eg. Google Maps) can support the planning of attacks CYBERCRIME COLLECTING INFORMATION • Services like Google Earth were reported to be used in several attacks - among them attacks against British troops in Afghanistan and the planed attacks against an airport in the US CYBERCRIME Page: 67 Telegraph.co.uk (13.01.2007) Terrorists attacking British bases in Basra are using aerial footage displayed by the Google Earth internet tool to pinpoint their attacks, say Army intelligence sources.Documents seized during raids on the homes of insurgents last week uncovered print-outs from photographs taken from Google.The satellite photographs show in detail the buildings inside the bases and vulnerable areas such as tented accommodation, lavatory blocks and where lightly armoured Land Rovers are parked.Written on the back of one set of photographs taken of the Shatt al Arab Hotel, headquarters for the 1,000 men of the Staffordshire Regiment battle group, officers found the camp's precise longitude and latitude. "This is evidence as far as we are concerned for planning terrorist attacks," said an intelligence officer with the Royal Green Jackets battle group. "Who would otherwise have Google Earth imagery of one of our bases? Page: 68 COLLECTING INFORMATION • In the past secret information were accidentally published on websites TERRORIST HANDBOOK Picture removed in print version • Robots used by search-engines can lead the disclose of secret information • Handbooks on how to build explosives and construct chemical and even nuclear devices are available • Internet sources have been reported to be used by the offenders in a number of recent attacks CYBERCRIME COLLECTING INFORMATION • Information regarding the construction of weapons were available long time before the Internet was developed Page: 69 RAGNAR’S ENCYCLOPEDIA Bild wurde zur Speicheroptimierung entfernt • Ragnar‘s Action Encyclopaedia of Practical Knowledge and Proven Techniques • Approaches to criminalise the publication of information that can be used to CYBERCRIME Page: 70 USE AS FORUM • In 1998 only 12 out of 30 terrorist groups that were listed by the US State Department had Internet websites TERRORIST WEBSITE Picture removed in print version • By 2004 nearly all terrorist groups – among them Hamas and the Hisbollah – used websites to publish information about their organisation CYBERCRIME USE AS FORUM Advantages Page: 71 TERRORIST WEBSITE Picture removed in print version • Possibility of anonymous set-up of a webpage (free Webspace) • Potential number of Users • Worldwide access • Low costs for the production compared to press media • Interest of the media to use the internet as source for news coverage CYBERCRIME Page: 72 USE AS FORUM Content TERRORIST WEBSITE Picture removed in print version • Information (targeting donators) • Means of image building (videotaped execution of foreigners) • Disinformation CYBERCRIME RECRUITMENT • Internet offers the possibility of global recruitment Page: 73 RECRUITMENT Picture removed in print version • Data of users accessing information webpages of subversive groups are used by those groups to individually contact those users afterwards • Possibilities of interactive online interaction (Chat, Voice over IP) increased to possibilities of recruitment CYBERCRIME Page: 74 USE FOR COMMUNICATION Advantages: • Easy access (Internet Cafes, Wireless LAN, Mobile Internet Services) • Very little regulation (about not restriction with regard to the anonymous use of internet services in public internet cafes) • Very little control of law enforcement authorities • Means of anonymous communication • Speed of the information exchange PUBLIC TERMINAL Picture removed in print version CYBERCRIME USE FOR COMMUNICATION • Use of encryption technology and means of anonymous communication can seriously hinder investigations • The law enforcement agencies in majority of countries are not prepared for this challenge Page: 75 RESISTANCE AGAINST ATTACKS There is a physical argument that a 128 bit key is secure against brute force attack. It is argued that, by the laws of physics, in order to simply flip through the possible values for a 128-bit key one would need a device consuming at a minimum 10 gigawatts (about the equivalent of eight large, dedicated nuclear reactors) running continuously for 100 years. • Background for the current debate about new investigation instruments CYBERCRIME Page: 76 TERRORIST FINANCING • Most terrorist networks depend up to a large degree on donations • Internet supports the global fundraising • Information about accounts that can be used for donations are published throughout the internet • Specialised software tools and SPAMDatabases are used to identify potential supporters that should be contacted individually • Virtual currencies (e-gold) and online payment services (PayPal) can be used to hide the identity of the donators CYBERCRIME ME FINANCIAL ACTION TASK FORCE Bahrain, Saudi Arabia, Syria, Lebanon, Qatar, Kuwait, Tunisia, Jordan, Algeria, Morocco, Egypt, Oman, the United Arab Emirates and Yemen Page: 77 TERRORIST FINANCING • Terrorist financing = reverse money laundering • Money laundering: ML is concerned with laundering assets of illegal origin and bringing them back into legal economic circulation • Terrorist financing: TF is concerned with using legal assets for an illegal activity • Where did the money come from (ML) / Where did the money go (TF) • Means and methods to identify ML can not be transferred to TF detection • In addition there is a lack of international objective definition of the criteria of a terrorist CYBERCRIME Page: 78 HOW IT WORKS • Regular (fake) business is set up by supporters of subversive groups WEB SHOP Picture removed in print version • Shop offers goods for high prices • Donation buy an overpriced product to indirectly donate CYBERCRIME Page: 79 CONCLUSION • Terrorists use the Internet • The extend and intensity is (until now) staying below classic Cybercrime • Questionable if it is necessary to address the problem with new provisions CYBERCRIME Page: 80 MONEY LAUNDERING Money Launding in Cyberspace CYBERCRIME APPROACHES 1. Integrated Act • Money laundering as an essential part of a Cybercrime (phishing) • Intention of the money laundering activity is not only to disguise the origin of assets of a crime but to hide the identity of the offender Page: 81 MONEY LAUNDERING Picture removed in print version 2. Individual Act • Use of information technology within the money laundering scams CYBERCRIME Page: 82 ML STRATEGY • Avoid suspicious transaction detection MONEY LAUNDERING ML Picture removed in print version • Adopt common “behaviour” • “Hide in the crowd” to make the detection as difficult as possible CYBERCRIME ML STRATEGY • Avoid suspicious transaction detection • Monitoring / analysing the criteria set up • Develop systems to avoid detection CYBERCRIME Page: 83 SUSPICIOUS TRANSACTION REGIME Picture removed in print version suspicious not suspicious Page: 84 ML IN CYBERSPACE ONLINE BANKING • Financial Action Task Force identified numerous Money Laundering Activities that involve electronic payment systems and network technology Picture removed in print version • IT can especially help to improve the speed of transactions • IT is not only a benefit for money laundering activities but also for terrorist financing CYBERCRIME Page: 85 MONEY LAUNDERING CYBERCRIME V O ! ! Page: 86 MONEY LAUNDERING V O Integration ! Possibility to hide Identity ! FI Placement of the assets FI ! Layering of the assets CYBERCRIME PLACEMENT • The Internet offers no relevant advantages for the placement of cash Page: 87 WESTERN UNION Picture removed in print version • Classic Instruments are used such as Western Union • Internet related services can be used to circumvent tools to detect suspicious transaction CYBERCRIME Page: 88 ONLINE CASINOS • Huge number of Online Casinos available ONLINE CASINOS Picture removed in print version • Transfers to Online Casinos will in general be related to rather high amounts • Depending on the popularity of the provider, the location and the games, daily transfers of 10.000 USD are quite normal CYBERCRIME LAYERING / TRANSFER • Official and unofficial transfer systems Page: 89 HAWALA Picture removed in print version • Legal / Illegal or Formal / Informal • Money Wire Transfer is one of the easiest transfer methods • Online Transfer is a cost effective wire transfer instrument that offers flexibility and independence with regard to the place of action CYBERCRIME Page: 90 CIRCUMVENTION • Structured Payments (“Smurfing”) ONLINE TRANSFER Picture removed in print version Due to the comfortable functions of online banking systems structured payments can easily be automated • Use of Falsified Identities Synthetic Ids. Opening Accounts with false documents. Online banking is limiting the face-toface contact • Use of False Identities Voluntary cooperation of legitimate account holders as well as account takeover (“Phishing”) • Offshore Banks Countries with customer identity protection / restrictive bank regulations / not cooperating in ML investigations CYBERCRIME ONLINE BANKING • Money Wire Transfer is one of the easiest transfer methods • Problems of Online Banking with regard to a possible misuse for money laundering activities have been intensively discussed Page: 91 ONLINE BANKING Picture removed in print version • Key Problems are: • Ease of access through the internet • Depersonalisation (no face-to-face control) • Rapidity of online transactions CYBERCRIME Page: 92 LAYERING / INTEGRATION • Electronic Payment Systems can be used to disguising the origin of the assets VIRTUAL CURRENCY Picture removed in print version • Depending on the amount of money and the duration of the transfer EPS offer a number of advantages for money launderer CYBERCRIME VIRTUAL GOLD CURRENCY • Account-based electronic payment systems Page: 93 VIRTUAL CURRENCY Picture removed in print version • Identification requirements are rather weak - Some providers do even enable registration with nicknames • Fast worldwide person-to-person transfers • Can be combined with anonymous ATM cards CYBERCRIME Page: 94 PREPAID CREDIT CARDS • Person-to-Person transfer PRE-PAID CREDIT CARD Picture removed in print version • E-Commerce • Number of Providers offer in addition E-Gold / Western Union Services CYBERCRIME Page: 95 CASE STUDY Case Study 1: Money Laundering Scam involving Online Casinos and Auction Platforms CYBERCRIME Page: 96 MONEY LAUNDERING Offender who intends to launder money CYBERCRIME Page: 97 MONEY LAUNDERING Layering Onl. Casino CYBERCRIME Page: 98 MONEY LAUNDERING Virt. Currency Layering Onl. Casino CYBERCRIME Page: 99 MONEY LAUNDERING Auction PF Virt. Currency Layering Onl. Casino CYBERCRIME Page: 100 MONEY LAUNDERING Fin. Service Auction PF Virt. Currency Layering Onl. Casino CYBERCRIME Page: 101 CYBERCRIME CYBERCRIME - THREATS, CHALLENGES AND LEGAL SOLUTIONS Macau, 13.February 2008 - 15. February 2008 Dr. Marco Gercke Lecturer at the University of Cologne, Germany CYBERCRIME page: 1 NEW CHALLENGES • • • • • • • • Dependence of the society on information technology Availability and power of devices that can be used to commit a crime Number of available information in the internet Languages Missing control instruments International relation Speed of information exchange Speed of the technological development, power and vulnerability of devices • Anonymous communication • Deprivation of data/evidence CYBERCRIME page: 2 POSSIBILITIES • There are no doubts that the ongoing improvement of information technology enables the law enforcement agencies to carry out investigations that were not possible previously EXAMPLE CHILD PORNOGRAPHY Picture removed in print version • Automated search for key-words / hash-values • Great chance for public private partnership (Microsofts CETS) CYBERCRIME POSSIBILITIES • Apart from new instruments the ongoing technical development is going along with a number of challenges for law enforcement agencies. page: 3 EXAMPLE CHILD PORNOGRAPHY Picture removed in print version • Investigations can be more difficult or even impossible if the offender is just using some basic technical means • Challenges of fighting Cybercrime go way beyond that CYBERCRIME page: 4 RISK SOCIETY • Development towards and Information Society • Availability and extensive use of Information Technology Background Development of the Information Society is not limited to the highest developed countries. New high-tech products such as WMAX allow even less developed countries to catch up with regard to the technical infrastructure • Discussion about the possibilities of misusing the Information Technology has just started • Society is accepting a number of risks with regard to the Information Technology (insufficient protection of computer and password, open WLAN,..) CYBERCRIME DEPENDANCE • Major parts of the every day communication are already based on internet related services page: 5 Example (ISS) Picture removed in print version • Access to the WWW (world wide web) and the uses of e-mail are only two examples • In the near future voice-over-ip (VoIP) and the offer of multimedia content for sale will be available for more than a billion internet user • Network technology integrated in cars and buildings CYBERCRIME page: 6 DEPENDANCE • Threats of internet based attacks against critical infrastructure Example (Energy Infrastructure) Picture removed in print version • Electricity supply, Communication Infrastructure • Even military infrastructure is depending critical technology CYBERCRIME DEPENDANCE • Alternative Communication Systems that could be used in cases of emergency are not able to cover the necessary resources page: 7 Examples(Sasser) Example Picture removed in print version • Monoculture with regard to major technical components of computer systems, software and network technology A computer virus (Sasser), designed and programmed by a German student caused damage to business worldwide. A major Airline in the US had to cancel flights for hours because its computer system was affected. CYBERCRIME page: 8 AUTOMATE • Computer and Networks enable offenders to automate attacks Example (Hackerwatch.org) Picture removed in print version • Within minutes millions of spam mails can be send out without generating high costs - sending out one million regular letters would be very expensive and take days • Special software products enable automatic attacks against computer systems CYBERCRIME page: 9 AVAILABILITY OF DEVICES Examples • Internet connected devices as tool and target Misuse of open WLAN-Access Point to hide identity; Terrorists communication via VoIP using encryption technology; • The number of people who have access to the internet is still growing fast • New ways of access to networks are implemented (UMTS, WLAN,) • Capacity of Computers has increased (great potential) • Number of operations controlled by the use of networks increased CYBERCRIME page: 10 AVAILABILITY OF ACCESS • Numerous possibilities to get access to the network Example (Internet Cafe) Picture removed in print version • Regular Internet Connection • Mobile Data Services • Public Terminals • Wireless Access Points CYBERCRIME AVAILABILITY OF ACCESS • Use of wireless networks increases vulnerability page: 11 WLAN Picture removed in print version • Comfort vs. Security CYBERCRIME page: 12 AVAILABILITY OF ACCESS • Signals from the wireless LAN station can be received in a nearly uncontrollable distance of up to 100 meter WLAN Picture removed in print version CYBERCRIME AVAILABILITY OF ACCESS • Signals from the wireless LAN station can be received in a nearly uncontrollable distance of up to 100 meter CYBERCRIME page: 13 WLAN Picture removed in print version page: 14 AVAILABILITY OF ACCESS • Data transfered to and from the user can be intercepted as well WLAN Picture removed in print version CYBERCRIME AVAILABILITY OF INFORMATION • Secret Information are available in the Internet page: 15 Example (Sat. Picture) Picture removed in print version • Available especially through search engines • “Google hacking” CYBERCRIME page: 16 AVAILABILITY OF INFORMATION Services like Google Earth were reported to be used in several attacks: • In attacks against British troops in Afghanistan • In the planning of attacks against an airport in the US • In attacks against British troops in Iraq • In attacks against Israel Telegraph.co.uk (13.01.2007) Terrorists attacking British bases in Basra are using aerial footage displayed by the Google Earth internet tool to pinpoint their attacks, say Army intelligence sources.Documents seized during raids on the homes of insurgents last week uncovered print-outs from photographs taken from Google. Guardian (25.10.2007) Palestinian militants are using Google Earth to help plan their attacks on the Israeli military and other targets, the Guardian has learned. Members of the al-Aqsa Martyrs Brigade, a group aligned with the Fatah political party, say they use the popular internet mapping tool to help determine their targets for rocket strikes. CYBERCRIME AVAILABILITY OF INFORMATION • Robots used by Search-engines can lead the disclose of secret information • Handbooks on how to build explosives and construct chemical and even nuclear devices are available • Internet sources have been used by the offenders in a number of recent attacks CYBERCRIME page: 17 TERRORIST HANDBOOK Picture removed in print version page: 18 AVAILABILITY OF INFORMATION • Information regarding the construction of weapons were available long time before the Internet was developed RAGNAR’S ENCYCLOPEDIA Picture removed in print version • Ragnar‘s Action Encyclopaedia of Practical Knowledge and Proven Techniques • Approaches to criminalise the publication of information that can be used to CYBERCRIME AVAILABILITY OF INFORMATION • Information about system vulnerabilities are published on websites page: 19 Example (http:wslabi.com) Picture removed in print version • In addition these information are offered for sale by some businesses • Information can be used to increase security as well as to commit computerrelated offences CYBERCRIME page: 20 NUMBER OF SOURCES & USERS • The internet connects millions of people Examples Development of Internet User • Today more internet user in developing countries than in developed contries • A single attack can effects millions of systems • Millions of webpage offer information: Difficult to identify illegal information 1995: 45 Million 2000: 420 Million 2005: 1000 Million 2007: 1200 Million Source: ECIN.DE taking regard to eTForecast (2006) CYBERCRIME NUMBER OF SOURCES & USERS • Millions of webpage offer information: Difficult to identify illegal information page: 21 Example (www.skype.com) Picture removed in print version • Popular Services do often have millions of user CYBERCRIME page: 22 RESOURCES Botnets (www.shadowserver.org) • Current analysis proof that up to a quarter of all computer connected to the internet could be used by criminals as they belong to “botnets” Picture removed in print version Souce: BBC report “Criminals 'may overwhelm the web“ • Some analysis go even beyond that number CYBERCRIME page: 23 BOTNET Offender Direct attack goes along with the risc to be identified and has limited power Target CYBERCRIME page: 24 BOTNET Step 1: Sending out virus that is infecting computer and enables the offender to take over the control Offender CYBERCRIME page: 25 BOTNET Offender CYBERCRIME page: 26 BOTNET Step 2: Offer sends order to start the attack Offender Target CYBERCRIME BOTNET page: 27 Taking over control • Short term for Robot-Network User Bot. • Botnets are very powerful instruments Computer Power • Main use: SPAM, DoS . • Computers are in most cases infected by malicious software • Software is taking over part of the control CYBERCRIME page: 28 LANGUAGES • with regard to the observation of websites in Arabic language the missing knowledge about the language is often a critical point Example (www.aliazeera.net) Picture removed in print version CYBERCRIME MISSING CONTROL • Internet was developed as a military network • Consequences: Strategic and military aspects dominated the development of the technology - not the needs of a global mass communication network page: 29 Important Decentralised concept was a necessary element to protect the network against malfunctions caused attacks against single elements. Missing control instruments makes the implementation of investigation routines, that are necessary for a mass communication system difficult. • Resistant against nearly any form of centralised control CYBERCRIME page: 30 MISSING CONTROL Terrorist Communication CYBERCRIME page: 31 MISSING CONTROL Disconnected CYBERCRIME page: 32 MISSING CONTROL Alternative Route Alternative Route CYBERCRIME MISSING CONTROL Major consequences • Very few possibilities to protect a territory against attacks from the outside • Very few possibilities to disconnect a territory from internet services page: 33 Important Decentralised concept was a necessary element to protect the network against malfunctions caused attacks against single elements. Missing control instruments makes the implementation of investigation routines, that are necessary for a mass communication system difficult. Additional consequences • Independence of place of action an place of the result • International Dimension CYBERCRIME page: 34 MISSING CONTROL Protection can not stop any attack CYBERCRIME page: 35 INDEPENDENCE • With access to the Internet the offenders can act worldwide CYBERCRIME page: 36 INDEPENDENCE • Offenders can act from any place in the world Example Phishing Picture removed in print version • By choosing their place of action they can take into account the status criminalisation and the capabilities of the law enforcement authorities • “save havens” CYBERCRIME INTERNATIONAL DIMENSION • Network Protocol contains an automatic search procedure for the fastest connection page: 37 TRACING ROUTE Picture removed in print version • This leads in an nearly uncontrollable way to international dimensions within data exchange processes TCP-IP contains of two elements: TCP (Transfer Control Protocol) and IP (Internet Protocol) Real Routes of data exchanges can be traced back using tracing software such as “TraceRoute” CYBERCRIME page: 38 INTERNATIONAL DIMENSION Victim CYBERCRIME page: 39 INTERNATIONAL DIMENSION Victim Attacking Computer CYBERCRIME page: 40 INTERNATIONAL DIMENSION Victim Real Offender Attacking Computer CYBERCRIME page: 41 INTERNATIONAL DIMENSION Victim Attacking Computer CYBERCRIME Long lasting Investigations or delays can Hinder the identification page: 42 SPEED OF THE DEVELOPMENT Examples • The transfer of an E-Mail normally only takes seconds Many important traffic information are deleted within less than 1 hour. After 7 days investigations are in most cases only effective in countries with data retention. • Easy to remove or move information from one server to another • Key information that are necessary to identify an offender are often available only for a short period of time (eg. traffic data) • Independence between place of action an the result • Traditional investigation instruments are not able to catch up with the speed of the information exchange. CYBERCRIME page: 43 SPEED OF THE DEVELOPMENT Examples • Computer technology is becoming more and more complex The use of new, innovative data storage medias (mobile phones, digital camera, MP3player) led to a number of difficulties within search and seizure procedures in the past. • Development is continuing • Users are expecting “easy to use” software and hardware devices • Comfort vs. Security (Open systems) • Systems are becoming more and more powerful on the one hand side and vulnerable on the other hand side. • Monoculture with regard to the operation systems (Microsoft Windows). CYBERCRIME page: 44 DEPRIVATION DATA/EVIDENCE ENCRYPTION TECHNOLOGY (pgp.com) • Anonymous communication • Encryption • Steganography • Deletion of data CYBERCRIME ANONYMOUS COMMUNICATION • “Felt Anonymity” page: 45 Notice Anonymizer (www.anonymizer.com) Picture removed in print version • Key motivation especially with regard to crimes connected pornography • Technology available that can hinder law enforcement to trace back the route of an offender (eg. www.anon.de) • Benefit of Anonymous Communication vs. Effective Law Enforcement Similar problem with regard to the use of encryption software. Benefits for the Society vs. Effective Law Enforcement • Possibility to pretend to be some else (Remote Software) CYBERCRIME page: 46 ANONYMOUS COMMUNICATION Anonymous communication can be reached by: Example (Public Internet terminal) Picture removed in print version • Use of public terminals • Use of open wireless networks • Hacked (closed) networks CYBERCRIME page: 47 ANONYMOUS COMMUNICATION Offender Victim Last point in the row leads to the offender CYBERCRIME page: 48 ANONYMOUS COMMUNICATION Offender Last point in the row Victim CYBERCRIME page: 49 HOW IT WORKS - PROXY SERVER User with IP-Address 123.88.2.4 wants to secretly download from host with IP 201.77.8.24 abrufen 123.88.2.4 Host 201.77.8.24 Proxy Server 133.1.1.1 201.77.8.24 201.77.8.24 CYBERCRIME page: 50 HOW IT WORKS - PROXY SERVER User with IP-Address 123.88.2.4 wants to secretly download from host with IP 201.77.8.24 abrufen Host 201.77.8.24 Proxy Server 123.88.2.4 133.1.1.1 201.77.8.24 201.77.8.24 CYBERCRIME page: 51 HOW IT WORKS - TOR User with IP-Address 123.88.2.4 wants to secretly download from host with IP 201.77.8.24 abrufen 123.88.2.4 123.88.2.4 201.77.8.24 CYBERCRIME Host 201.77.8.24 A1 A2 A3 211.4.32.55 200.14.1.5 176.101.1.5 201.77.8.24 201.77.8.24 201.77.8.24 201.77.8.24 123.88.2.4 201.77.8.24 page: 52 HOW IT WORKS - TOR User with IP-Address 123.88.2.4 wants to secretly download from host with IP 201.77.8.24 abrufen 123.88.2.4 Content Host 201.77.8.24 A1 A2 A3 211.4.32.55 200.14.1.5 176.101.1.5 201.77.8.24 Content Content Content Content CYBERCRIME page: 53 HOW IT WORKS - TOR User with IP-Address 123.88.2.4 wants to secretly download from host with IP 201.77.8.24 abrufen 123.88.2.4 Content CYBERCRIME Host 201.77.8.24 A1 A2 A3 211.4.32.55 200.14.1.5 176.101.1.5 201.77.8.24 Content Content Content Content page: 54 ENCRYPTION • Encryption is the process of obscuring information to make it unreadable without special knowledge PGP Picture removed in print version • Encryption can be used to ensure secrecy • Encryption can be used to hide the fact that encrypted messages are exchanged • Encryption used by criminals can lead to difficulties collecting the necessary evidence CYBERCRIME BREAKING A KEY • Brute Force Attack: Method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys n order to decrypt a message page: 55 How long it takes to break a key Picture removed in print version • Gaps in the encryption software • Dictionary-based attack • Social Engineering • Classic search for hints • Need for legislative approaches? CYBERCRIME page: 56 GLOBAL PHENOMENON • Availability of encryption technology is a global challenge MICROSOFT BITLOCKER Picture removed in print version • Powerful software tool that enable are available on a large scale in the Internet • Some of the latest versions of operating systems contain encryption technology CYBERCRIME SOLUTION Technical solutions (with legal component) page: 57 MAGIC LANTERN Picture removed in print version • Magic Lantern (US) • Remote Forensic Software (Germany) Legal solution • Various restrictions on import/export and use of encryption technology • UK: Obligation to disclose password (Sec. 49 of the UK Investigatory Powers Act 2000) CYBERCRIME page: 58 STEGANOGRAPHY • Steganography is a technique used to hide information in some other information Steganography Picture removed in print version • Example: Hiding a message in picture • • Technique can be used to keep the fact that the exchange of encrypted messages is taking place secret CYBERCRIME DELETION • If files are deleted on a computer system the are often not removed from the storage media page: 59 Delete Files Picture removed in print version • In addition deleted files can be recovered by law enforcement agencies by using magnetic fragments left on the hard disk • Offenders using tools to securely delete files can hinder the recovery of deleted files CYBERCRIME page: 60 DELETION • Various software tools available that enable secure deletion by overwriting a file a number of times PGP Bild wurde zur Speicheroptimierung entfernt • Recovery is nearly impossible in these cases CYBERCRIME ANONYMOUS OS • If the offender uses an operating system that boots from a cd rom all temporary files are deleted after the end of use CYBERCRIME page: 61 ANONYM OS Picture removed in print version page: 62 CYBERCRIME CYBERCRIME - THREATS, CHALLENGES AND LEGAL SOLUTIONS Macau, 13.February 2008 - 15. February 2008 Dr. Marco Gercke Lecturer at the University of Cologne, Germany CYBERCRIME page: 1 LEGAL CHALLENGE • Adequate Instruments for Law Enforcement • Protection of the interest of the user • Adequate Criminalisation • No Over-Crimininalisation CYBERCRIME page: 2 CHALLENGE NATIONAL LAW CYBERCRIME page: 3 ELEMENTS IN THE FIGHT • Legislation / Law Enforcement • Technical Experience • Education of the Citizens to avoid victims CYBERCRIME page: 4 LAW ADJUSTMENT (GERMANY) 2000 1990 Adjust. Penal Law 1980 1970 Networks Tech. Development Hacking Recognised Offences Adjustment of the Law CYBERCRIME page: 5 LAW ADJUSTMENT 2000 Copyright Law 1990 Software Piracy 1980 1970 PC Networks Tech. Development CYBERCRIME Protection Hacking Recognised Offences Adjustment of the Law page: 6 LAW ADJUSTMENT 2000 1990 1980 1970 Responsibility Internet Illegal Contents Copyright Law Software Piracy Protection PC Networks Tech. Development Hacking Recognised Offences Adjustment of the Law CYBERCRIME LAW ADJUSTMENT page: 7 Challenge • To cut down the time between the recognition of crimes and the adjustment of law is the main challenge Law Adjustment • Challenge especially for the Continental European law systems that are not based on case law Tech. Development Recognised Crimes • Advantage for the more flexible AngloAmerican-System CYBERCRIME page: 8 LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL Religious Offences Computer Fraud CYBERCRIME page: 9 LEGAL SOLUTION Computer Fraud CYBERCRIME NATIONAL, REGIONAL, INTERNATIONAL Religious Offences page: 10 LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL International Solution CYBERCRIME LEGAL SOLUTION page: 11 NATIONAL, REGIONAL, INTERNATIONAL Fill existing gaps International Solution CYBERCRIME page: 12 INTERNATIONAL SOLUTION • Currently the Council of Europe Convention on Cybercrime is the only International Agreement that covers all relevant areas of Cybercrime Legislation (Substantive Criminal Law, Procedural Law, International Cooperation) • Intention: Harmonisation of selected aspects of Cybercrime legislation Art. 37 - Accession to the Convention After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers. • Open for non-members CYBERCRIME page: 13 SIGNATURES UNTIL 2007 DETAILS ABOUT SIGNATURES 43 States signed the Convention 185 (“Convention on Cybercrime”) until March 2006, among them are 4 Non-Members. Details are available unter www.coe.int Invited Invited CYBERCRIME page: 14 LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL Regional Solution CYBERCRIME REGIONAL SOLUTION • A number of regional initiatives page: 15 EU COUNTRIES Picture removed in print version • Examples for current developments are the European Union, Gulf Cooperation Council (GCC) • Advantage: Often comparable legal systems • Regional agreements can supplement international agreements CYBERCRIME page: 16 LEGAL SOLUTION NATIONAL, REGIONAL, INTERNATIONAL National Solution CYBERCRIME REGIONAL & NATIONAL Can regional an national solutions work? page: 17 EU COUNTRIES Picture removed in print version • One argument against regional and national solutions is the fact that the internet does not know any boarders and boundaries and therefore international solutions are necessary • International dimension requires harmonisation to effectively fight Cybercrime • It does not necessary exclude additional regional and national approaches CYBERCRIME page: 18 REGIONAL & NATIONAL • Geo-tracking enables to keep geographic borders in times of the Internet BORDER Picture removed in print version • It enables to exclude users with certain IP addresses from services • The fact that the possibility to circumvent virtual or real border exists does not mean that there are no borders CYBERCRIME page: 19 CONVENTION ON CYBERCRIME • The need for a harmonisation CYBERCRIME page: 20 NEED FOR HARMONISATION 1. Technical aspect: Investigations depend on international cooperation of investigation authorities 2. Legal aspect: Principle of National Sovereignty limits the possibilities of transnational investigations without international cooperation CYBERCRIME page: 21 CURRENT SITUATION • Legal Aspect Country with proper legislation CYBERCRIME Countries without proper legislation page: 22 CURRENT SITUATION Cooperation possible • Legal Aspect Cooperation impossible CYBERCRIME page: 23 REASON FOR THE DIFFICULTIES 1. Need of adequate provisions in the national law • Substantive Criminal Law and Procedural Law provisions are in most cases an essential requirement for national investigation (no crime - no investigation) • Substantive Criminal Law and Procedural Law provisions are in most cases an essential requirement for international cooperation (dual criminality) CYBERCRIME page: 24 INTERNATIONAL UNIFICATION • Attempts for improve the Fight against Cybercrime a number of International Organisation such as • OECD • G8 • UN • European Union • Council of Europe (CoE) • Until now the CoE Convention on Cybercrime is the only international legal framework with a broad approach CYBERCRIME page: 25 AIM OF THE CONVENTION • Legal Aspect CYBERCRIME Set of minimum standards page: 26 STRUCTURE • Section 1: Substantive criminal law • Section 2: Procedural law • Section 3: Jurisdiction • International cooperation • Additional protocol (xenophobic material) Not covered: • Responsibility of Internet Providers CYBERCRIME page: 27 SUBSTANTIVE CRIMINAL LAW Art. 2 - Illegal Access Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, the access to the whole or any part of a computer system without right. • Art. 1 Definition • Art. 2 Illegal Access • Art. 3 Illegal Interception • Art. 4 Data Interference • Art. 5 System Interference • Art. 6 Misuse of Devices • Art. 7 Computer-related Forgery • Art. 8 Computer-related Fraud • Art. 9 Offences related to Child Pornography • Art. 10 Offences related to Copyright Violations CYBERCRIME page: 28 SUBSTANTIVE CRIMINAL LAW • Art. 11 Attempt, aiding, abetting • Art. 12 Corporate Liability • Art. 13 Sanction an measures Art. 11 - Attempt, aiding and abetting Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2 through 10 of the present Convention with intent that such offence be committed. CYBERCRIME page: 29 PROCEDURAL LAW Art. 16 - Expedited preservation Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data, that has been stored by means of a computer system, in particular where there are grounds to believe that the computer data is particularly vulnerable to loss or modification. • Art. 14 Scope • Art. 15 Conditions, Safeguards • Art. 16 Expedited Preservation • Art. 17 Expedited Disclosure • Art. 18 Production Order • Art. 19 Search and Seizure • Art. 20 Real time Collection of Traffic Data • Art. 21 Real time Interception of Content Data • Art. 22 Jurisdiction CYBERCRIME page: 30 INTERNATIONAL COOPERATION • Art. 23 General principle • Art. 24 Extradition • Art. 25 General principle related to mutual assistance • Art. 26 Spontaneous Information • Art. 27 Absence of International Agreements • Art. 28 Confidentiality and limitations of use • Art. 29 Expedited preservation • Art. 30 Expedited disclosure • Art. 31 Access to stored computer data • Art. 32 Trans-border access to stored computer data CYBERCRIME page: 31 INTERNATIONAL COOPERATION • Art. 33 Real-time collection of traffic data • Art. 34 Interception of content data CYBERCRIME page: 32 24/7 NETWORK • Art. 35 24/7 Network Art. 35 - 24/7 Each Party shall designate a point of contact available on a twenty-four hour, seven- day-aweek basis, in order to ensure the provision of immediate assistance for the purpose of investigations or proceedings concerning criminal offences related to computer systems and data, or for the collection of evidence in electronic form of a criminal offence. [...] CYBERCRIME page: 33 NATURE (LEGAL) International Agreement Needs to be ratified an implemented to come into effect Binding only on a political level Various spaces for interpretation and restrictions CYBERCRIME page: 34 SIGNATURES UNTIL 2007 DETAILS ABOUT SIGNATURES 43 States signed the Convention 185 (“Convention on Cybercrime”) until March 2006, among them are 4 Non-Members. Details are available unter www.coe.int Invited Invited CYBERCRIME OPEN FOR NON-MEMBERS • 4 Non-Members were involved in the drafting of the convention and signed the convention • Convention is open for any non member • Costa Rica and Mexico were recently invited to access the Convention CYBERCRIME page: 35 Art. 37 - Accession to the Convention After the entry into force of this Convention, the Committee of Ministers of the Council of Europe, after consulting with and obtaining the unanimous consent of the Contracting States to the Convention, may invite any State which is not a member of the Council and which has not participated in its elaboration to accede to this Convention. The decision shall be taken by the majority provided for in Article 20.d. of the Statute of the Council of Europe and by the unanimous vote of the representatives of the Contracting States entitled to sit on the Committee of Ministers. page: 36 RATIFICATION CYBERCRIME page: 37 RATIFICATION Denmark Island Netherl. Norway Slovenia Estonia France Finland Lithuania Croatia Romania Hungary Ukraine US Cyprus Bosnia/HG Bulgaria Albania Macedonia Armenia Latvia CYBERCRIME page: 38 RATIFICATION Norway Netherl. Armenia Macedonia US Slovenia Cyprus France Finland Croatia Hungary Romania Denmark Ukraine Latvia Albania Estonia Lithuania Bulgaria Bosnia/HG Island 2002 2003 2004 2005 2006 CYBERCRIME 2007 page: 39 ! " # $ % & ' ! + ! ( ! " *% & "! ! ! ! ! ! )! ! ! " * ! *% ! ! + "# & ! ) " * - ! ! ! *% ! , ! ! ! *% " ! ! $ *% ) ! ) !*/ ! ! ) !*/ $ ! ! 1! ! ! ) $ ! ) & *% ! . ! " "# ! *% ! " " ! , ) *% ! $ *% ! ' ! " ! & 0 ! ! *% & 2! ! *% "! ! ) ) ! " # ! " ! ! ) ) ! ! *% ," " ! ! 3 ! ! *% # ) ! $& ! ! ! ! $ *% ) ! *% " ! " *% ! ! ! )! !*% ) !*/ ! ! ! ! ! ! *% ) !*/ " ! ) " & )! $ ! ! *% ! ! ! , ) *% ) ! 1 ) */ ! 5 + ! " 6 7 4 ! " ! ! 5 ) = % + + , ! ! " % 1 1 ) *% " " 3 3 ! ! ! *% ! ' ! ! 1 ! = ! ! "* ! ! ! 3 ). ! ! $ ) ! ! ! H ' ) - ! */ # ) - ! ! " ) * $ 4 * + 3 ! ) ! !*/ ) ! ) !*% */ ! ) ! . ! 1 # */ " ! & ! : */ C 4+ D ! ! A A 2 =, ! *% ! * ; 4 : B ' C>9D ! A0 ! ! */ ! , : B ' C>FD 9 $ *% ,! : B ' C89D G " 1 !*% ! ! */ ! : B ' C>8D 8 ! ) ! 1 ) : B ' C89D " ! ) *% & B C+ ! " ) ! *% # 8> 4 ! ! ) ! " */ " 1 A # :B ' E A 88FD E A + )! $ H D 2 ! */ *% . " ! ! ! ! ; " ! !*/ @>& ; % - ! ! */ ! " " *% 8<< = ) )! $ ! " ! ' ! ! *% + C>>D $ & ! ) !*/ ! */ # " ! ! " " 3 : */ $ *% 888& ) *% ? ! *% *% ; # !*% " " 8>8 7 1 *% " 4 89 ! ) = + & : */ ! */ 3 ! ) + !*% ! + !*% " " ! $ *% ! ' E * C6 ! */ ! *% ! E * ! # # ) = " *% > B 8 *% E 0 ," I + ! " ! ! ! " ! ! ! *% )! $ ! ! !,) ! = - ! ! *% & 3 ! + 2!*% ) @ " ! C % ! *% 88FD " " " ! !, ) ? ! ) ! ! & 2! J !" # $ % + &' ( ) " D K? ) " " " D K4 ! L ! = ! *% ) ! ! CD M ! "* L *% ! ) $ ," & ) ! ) */ ) 0 ! " ) ! ! M ) ! ! "* $ ! $ ) ! *% ! $ "* D K4 ! ! ! *% ! ! *% "* ) ) ! -" # )! ) ! ! ! $ + (( ! ) ! *% ! ! ! ! *% ! )) ( +&, ! L ! )! J "* ! ) C D )! ! *% & ) ! " $ ) ! !D K7 )! L ! = ! *% J * + + " ! ! ! 2 + ! ! , = * *% ! ! 1 ) ) !*% *% ! ! ! , ) ." # + ! ! ) " ! ! + ) " ! ! *% ! #! ! ) ! ! ) ! " ! ! ! ! ! ! /" # ! ! " ) !*% , % / ) 0 ! ! # ! 2 + ! ! / ) % 0 + ! ) ! " = ) !*% ) ! ! ) ) ( + " ! ! ! ! *% &, ! ! ) ! + " I " " ) !*% )! ! ; " ) !*% = ! ! B " 1" # % 0 + (( ( + " ! ! *% ) " ! *% ! ) !*% ! , "# ) ! *% 2" # 3( ) *% (* ) )( *% ) *% ( * ( ! ! ! ; ) ! *% ! ) " ! *% ! % % + D 2 " ) !*/ ! " ) " ! ! ) ! ) J *% $ *% $ *% *% J ! ! " ! B ) ! 9B& ! ! ! ) !*/ ; " I ) *% ) ) !*/ $ B 2 2 $ ! ! ! ) ! ! ! D !. ! ! B ! 9B& ) ! ! " 9B 2 + , ! ) !*/ *% ) = 0 % " *% ) ! *% B ! *% $ *% ! " ! B 9B " % ! ! ! # ) ) ! ! $ $ *% *% ! ) !*% " *% !*% ! + " I % " ) 4" # 5 ( ) ) % *% B ) + " ! ! ! *% , ) !*% *% ! ) *% - % $ ! ; + *% , " ! ! ) *% ! ) ," B 1" 6 + ! ! ! ! % $ *% % % $ ! - ! ) ," = *% ) ! 7" # % 6 + + " ! ! ! ! ) !*% , ! " ! ) "# J D 4 *% ) D 4 ! ! *% *% % ! " *% ) ! ) ! ! *% ),! ! . ! , ! 8" # % +&' ( + ) (+ % + % " ! ! ! ) !*% ! ! , D + D ) ) ) ) ! ! ! & $ ) ) D ) ! ) "# "# "# ) ) ) ) ) B ! & ! . % K ) " D ; " " ! ! = )! ) L = ,! ! = = ,! ! " " = ,! B > & & , ! = ) ! J " " !D ! G ) ) $ D ; = ) "# ) ) ) % & D + + ) ! " ! & !D 4 ) + ) J $ ) ! ! " ! ) = + ; % & % K L ! ! = < + " I B % , ! , ! " ) !9" # % +&' ( (+ : ( + ) (+ * &, ) ) ) ) ( + " ! ! ! ) !*% *% + ! ) ! */ ! *% " *% ; " 4 G E 8F " *% 6 2 , ! 2! + ! ' ! ! 4 2 ! =! *% " */ ! ) ! ! ! ! " + ) ) *% 2 " !*% + 2 #! ! + 4 3 A+ ! ! + " *% = ! ' ) % C + ! ! ! *% " ) ) !*% ! ! ! + " *% ' ! ' ! */ = ! */ ! ) ! ! ! = */ ! + 7 D *% 2 # 2 #! ! 7 " ) ) * 2! ! " ! ) !*% ! ) ! ) " ! ) " ! ! 4 3 =! *% */ A+ ! ! ) ! ! ; % + ! ! ( ! " I B ! " *% ," % + )! $ */ ! ! *% # !!" # * ! $ ! % + B & +) ) + " ! ! ! ! B ! B " ! ) !*% ! ! ) !*/ ! *% ! *% ! " ! ) ! ! ! ) !*% ! + " ! ! ! " B 9B FB >B 8B " ) !*% ! , 8 *% + " I B % ! ! ) ) !*/ , " ! ! !-" # ( ( ) ) ) (( (+ + * ( + " " ! ! " " ! ! ! ) !*/ *% ! " ! ! ),! " = * ! " J D + ! *% *% ! D 2 = ! 2# ! ! " & ! ! " B ! " ! + ! " - ! 4 ! " ! ! " !, G ),! " ,$ ) !*% ! !." # &' ( ! ) + " ! ," *% , ! !" ! ! B " ! ! " " % ! ) !*/ ! ! " ! " & ! ! ! . % ! !*% ! / !D 2 ! )) ( + " ! ) !*/ 2 B ! " B " ," " */ + ! ! " ! 1 ! *% B ) )! $ % ! " ! *% " )! )! $ ! " " */ ! */ ! +&, - $ + (( ' !/" # ; ) ()( ( &' ( + (( ( + ! ? !*% " ! ) " *% ! " " ? " *% ! DN ! ! ) ) !*/ !D N ! ) !*% ! B ! ) ! . ! + ) " I ) !*/ ! $ B1 " D : ) " ) !*/ ! " 2 ! B *% & ) !*/ D + B J ! " D2 B ! % " ! . ! ! ) !*/ ) !*/ ! ) !*/ + ! ," ! ! ) ! & B ! *% !)! 1 ) B ! *% + " */ " *% ! ) 2 ) ) " ! B ) B 1 ! "* ! ! *% % ! */ ),! ) ! $ :% $ =% ! ! 0 ! ) + ) ! ! */ 0 ! " I ! % ! */ + !1" # B ) &' ( 1 " ) ," ( * ) ( ! ! 1 ! */ " ? !*% *% ! 5 ! " " " ! !*% ! */ ! + !*% % C 89 D " + , ! ! " " ! 4 + ! C 8<<D 4 ! ) *% 6 : */ ; ! *% 5 ! ! 5 7 4 ! !, " ! % ! % " ) ! ! B + ! *% M " ! ! *% 2 % ! ) $ ! ! */ " ) ! ! % ) *% ( )! *% ! *% ! *% ! ! ! : 0 *% * ! + ? !*% ! , ! ( * &, = ) " : ) ) ) ) ) ( % + 6 + ( ) 1 " *% ) ( ! " " ! = ? ! = *% ," + " B ! $ "# " ) % ! " ! ! *% 1 + ! ) 8 ; *% !,) ! + ! ! " " % , *% !,) ! $ ! % = ! ) ) ! " < " ! ! ) ! ! ( !2" # ! " # = " + ! ! ) " ! " = ! *% ! G GB !4" # , ! 9B " ) " )* &, " *% + ) ) ) () " 6% ) ! *% " J ! & : ! + <B ! ! " ) ( * &, 2) D 2 ! "* " " " *% % ) ! ! *% " ) ! D2 " ) " *% )! "# 1 ! ! *% ) ! 9B GB ! ) ! *% ) ! * ) ! "* ) " * !7" # + ! ! + " ! ! D 2 ) ! ! ) ! D2 ) " J . ! !,) ! ) ! $ ! $ & ! "* "* . ! + ! " "* ! 9B GB + ) " ) = ) ) ) ! D *% ! 0 ! ! *% , M ! ," ) ! *% !8" # (+ ," , *% ! " 0 ) 1 ! ! ! ! $ *% ! ! ! "* ) (, ) ) ) ( % + ! ! "* )! ! *% "* & + ! #! ! 0 !D L ) $ "* & 2 ) ! " J "* D % K ) ) ! "* ) 6 + ( < ) ( " " ! ! J ! D 2 ) ) ! ! ! ! $ D 2 & $ ) + ! " ! ! " ! ! ! ) ) !,) ! ! ) ! ! $/ $ ) % ! ," */ ! B ! ! . ! ! ," ! ) ) ! = ! ) + " ! " ! ) ! ) " ) $ ! *% ! ! J D 2 ) $ D ' $ !D + ! " !. " ) D 3 ! G ! ) ! & ) ! ! & $ ," & ) " ! " ! ! ! * ) ! ) $ ) * $ " ) ! *% 9 # -9" # + = */ ! ) " % ) ) ) ( + * ( " ! "# . ! ! 9B ! ' ! ! $ " B " ! GB D ) ! + ) " B ! *% 6% " J #! ! = D ) = ! "* ( ! ! #! ! J ' ! ! *% #! ! . + 1 ! - ! ! ) . M " ! + ) " , ! ! ! ! ! */ #! ! ! ! *% ) " . = . " "* = ! ! " " ) ! ! ! *% G ! 9B GB -!" # + ) " &, ) ) ) ( * ( + + >) " ! ! ) !*/ D , !,) ! + ! ) B " ! "# !,) ! ! !, % " ! ) ! */ "# " ' ! " " ) J "# ! *% #! ! = . D ) = ! "* ( ! ! #! ! J ' ! "# ! *% #! ! . + 1 ! ! - ! " ) M + % " !,) ! ! ! 0 . " ! ! */ "# !, ! ! , ! B " , " ! ! " ! 0 "# . ! ! *% ! ! */ #! ! + !,) ! = . " ! ) ! "* " ) ! ! " ! ) G ! 9B GB +&, . = ! *% ) " 0 + --" # 0 + + ! ) !*% " *% D : ! ! ) ) !*% ) . " " D + ! ! ) ! + ! " " % % ) !*% ! ) ! GB ) ) !*% + = ! " " I I% ) ! &, ," - ! *% - ! = ! ! + ," - ! = =! + ! " *% & ! ! ) !*% ," . *% ) ! ! ! % ) ) !*% % ) ) !*% ! ! 6 ! *% M ) % & + " ! 9 ! " . + + !,) ! - ! 2 B J " % */ , B ! G B ! " I , + ! " ! " !D 2 B , ! " & D 2 ! " - ! - ! + # *% ! *% +&, ! + ( ( . -." # 2 / + + ( ( ! ! ! * (?+ % */ " ) ! + ) ! *% ! ) ," ) !*/ ! *% ! &, ! , ! ! ! */ ! ! # ! ! ! ! ) " */ ! " ! ! . ! ) ) !*% . -/" # : / " ) &, D ! I ) !*/ 1 = ! ) " " " + *% M = ) *% ) , ! " = ) ! 2 ! = ) !*/ ) !*/ ! ! + ! ! = = , ! ) G 2 + ! 2 = :B ! = ! GD # ! , I *% I% ! *% = 2 + ! ," = *% + = *% *% = *% *% " % ) !*/ ) ! " ! + *% 1 ! + = - ! % ! ! *% ! ) !*% " " % ! % ) !*/ ! ," *% ) ! ! ) !*/ = 1 ! + = *% ) 1 = - ! B *% */ = ! ! B ! 9 , " ) = ) !*/ *% = " "# B ," " M C?3 !, ! B *% + *% " B ! ," " = */ + *% = D ! " *% + ! " ! ! = ) *% < : ! = *% ! ) ! ! " ! ! ! ! + $ % " ! D + ! ! ! ! ) ! 1 ! % *% ! 0 % *% ) !*% + B + 2 *% F ! ) !*% 1 ! ! + + ! ) !*% ! % ! $ ! ! " ? ! ! ) @ . ! *% " *% " *% D ? ! $ + ! % " " " ) ! *% ! ! *% - ! ! = @ *% ! + " ! - ! = ! % ! . -1" # + 2 + ! " ! " 0 ( ( ! */ ! ) " * ( % : =, > @ 0 ! ," ) !*/ " ) ! ) !*% ! . ! ) + " ! FB ! - ! ! ! */ ! * ! + ) ! ! ) ) = ! */ ! = * *% D ! ! ) ! ! *% ! G ? " , + ) ! =, ! ) *% =, *% 0 ! " */ 1 ) ! 9B ! ! 1 ! 0 $ ) ! 0 ! *% ! " 1 ! 1 =, ! "# = ! 2 + " "# ! . ! ! *% C ! *% )! */ )= =, 0 ! " ! + ! % " = ! ! ) !*/ " B B ) ) !*% ! 9 M ! ) " ! ! *% ! =, $ ! ! *% ! )! ) % ) ) !*/ -2" # ; % */ &, =, ! ) !*% " ! ) !*% % ) !*% . ! ( ! ! */ ! " + " " *% + *% */ ) ! " ! ! ) */ ) * ) ) ! */ *% */ ! */ ) ! " " ! ! */ ! $ ! , ! ! - ! ) + ! ! ! " ) !*/ ) 2 + + + #" ! , 0 1 = - ! ! ) 1 ) ) ! */ */ + ) ! + + ) ! ? )! ) ! ! $ % ) *% ) ! + ! " . " 2 -4" # ) : + ) + ) ( - ! *% :% ( ) % ! " % + * ( ( !, =, ! ! ! + 8 ! *% ! =, ! ! 0 = ! = ! *% & ! ! ! % ! & + ) ! *% ? ! (0 + *% + 2 > ! 1 !D : ! + B = " D )) () +6* ( 0 " */ ! " + D ( ! *% " *% . % @ ! *% ) ! ! D ? ! ! $ + @ ! ! - ! + = ! % ! =, ! ) =! G ) 2# =, D ! ," ! ! */ ) + ) !*/ ! , ! ! ! ! = & ! 2 + ! = ! *% 2 ! " */ ! ! ! ! ) ! 2 + *% + I 1 ! */ ! ) ) ," ," ! )! " + ! =! ! ) 1 = ! *% ! % ) ? ! ) ! + ! " =, ! ) ) *% " ! % = ! - ! ! ! 1 ! 0 + . + ! */ !. # !D M ) ! C 4 " 2 + ) = ! *% D . ) $ ! ! + 0 + ! = ! 2+ ) ! , + " ) " + ) " 8 BG + 0 =, > 9B , ! F " ! ! < + J * 9 = ! + ! + ) !*/ ? !)! *% ! ! ? ! D % ! : 1 ! ! ! + ! *% $ *% "# ! + ) ! + ,! D D M " ) ) ! ! *% % ) ! , I I 1 ! ! ! ) + D ! ! */ ) ) ! % !*% ! ! ! *% !" ! 1 )D ) ! ! + ) ! *% ) ! " *% ! ) ! + + ? ! @ . -7" # : %) + ( &, ) - ! ! */ % % ) % D ? ! ) ! - ! ) D :% ) ! G M ! $ ! ) *% *% " */ ! 2 ! ! *% J ) *% ! $( -8" # + " *% ! + *% =, ! 0 % *% ) " *% ) $ ) ! ! */ ! ! ? % ! + " ! ) ) * B ) */ = 1 ! *% " ( &' ( ( + ) 1 $ *% +%+ ( , " ) ! + + " )! + ; ! 0 " " ! % */ ! ! ) *% +&, - ! ! ! *% 1! ) 1 2 2 + + B =, ! !, )! ! " < &, ! " = + ! " =! *% ? $/ 0 ! ) ) + ) ! *% % 3 ( * &, : ) 4 ) ) ) ( % 6 + ( < ) ( + ) $ ! . + " =, 0 * ) ! " ! % *% ; ! " *% ) ! D 2 B ! D 2 ) !*% " = # ) D 3 ) D 2 " ! ! 2 . ! ! ) ) + ) ) = *% ! =, *% % 1! % # = *% 0 ! ! ) $ ! *% ! " I ) ! ! *% $/ *% % ! 2# ! D ) !*/ , ! ! D 2 + ! " *% + ! *% ! ! " ) B " *% " ! *% *% ! " *% ) !*/ ! *% ) !*/ B ! ! " 9 " " *% + ! ! " = ! ! " 0 $ ! ! " ! & ) - ! *% % + !)! ! " *% & ! ! ) ; *% )! ! 1! " ! $ *% ! #" ! ," $ ! )D M + 1 ! " *% !)! J *% ! & $ */ ! ) " " *% & ! ) ! *% !D ) !*% & G *% . ! = ! J + ! & ! ! ! * 0 ! ! < M )! ! ) ) % + ! ! ) ! " *% + % ! ) + " " *% ! = ! ! # F M ! " *% ) ! " ) , % ) < ) ) % ! *% *% *% ! 2 . ! ! " # 1 ! % .9" # $ * ? &, : ) ) () ) () = ! ! 8B ! + ! ! ! *% ! % ! " 6% + " *% !,) ! ( * ) ( " ) ! ) ! ! ! *% ) )! ! " ) + )! ! "* " ! *% ) *% ) ! ) ! *% "* 1+ " "# 2 1 + ! *% " " B B J D ? ! ) !*% $ + ! D? ! ) !*% ! , ! ! + ! = & ! * 0 ! ! , " .!" # ; : < ! > ) ( * + + (( + ) ) ( " ! ) " ) + 6 + ( ! ) $ % ! ! ! " ! . ) ! 8B 2 + ) *% ! ! ! 1 " = D ! ," ! ) ! *% & 1 ! *% B , ) " " ) */ " D ! *% ! " *% ) J % B ! " .-" # ; + D 2! D D + (( + ( (% & B ) ) ( % 6 + ( ) (, + (( * ( > $ *% ) ) ! ! ) . " + ! ! $ *% ! 0 ) ! C) ! . $ "# : ! ," + $ " " 2 + + & "# ! ) (A + J $ )! ! .." # < > ! ) * ? % =, ! + = ) 0 ! ) ) ) ( ) $ ! . B ) =, I I1 ! 6% 1 ! ! */ ! ? */ ! !,) ! ,$ " + ! " ! =, $ 1 ," ! ) ./" # : 2 + ! > ! C % =, ) ! + &, ) ) ) ( ) + >) # $ " ! !,) ! 1 0 ! ) 5% .1" # ) !*/ ! ," 0 ! " */ 1 ! ! ! ! */ 67 ) -/D4 + F ! ! ," ) " */ ! ! . ! ! ) ! ) ) !*% ! ) =, ! G *% G - ! ) !*/ ! ! ) ! ! *% ! J D2 *% D2! " *% !D 2 ! ! #! ! & ! " ) ) */ ! ! 8B ! , ! B& ! $ *% " *% D ! ! ! I D ! + ! ? ! " ! ! = ) ! *% *% ! ! + " ! + & % ! *% ! ) + ) ) ! ) ) ! $( .2" # #! ! + + ! ! ( &' ( 5 (( ( ) 2 " * *% 1 % ! *% 2 " ? ! *% # ) ! *% ! *% " *% % @ 2 " *% " , - ! ! ! . ) ! ) ! *% ! " *% *% ! ) ! G )! B */ " ! *% " ! I 1 " = ) */ ) (, ? 2 . *% , " ! *% * " *% 2 1 &, " *% . I B " " " " ! ! .4" # *% = ! ! " *% ! ( ! % ! % # # A ! ! " ! % 1 B *% " , ! ! " # A *% 1 B " *% , % ? ! " *% ! - " . @ . ) ! .7" # + &, M . ) ! *% . ! *% " *% " *% ! % M ! ? ! ! *% ! *% @ " 2 " *% *% " *% M ! *% *% *% ) $ ) ! *% $ ) - . () &, ? ! . @ ) . ? ! ! *% @ ! *% ) ) ! *% @ .8" # % * ! " */ − 4 − 4 " *% ! " # ! = " *% 4 $ " ! = *% 89F C?3 :B GD& *% 2 =, 2 ! 1 + " A0 2 " *% * " ) ) $-I ! " *% # " ! *% ! + 3 " # ) % *% ," " 1 " % ) ! */ ) " A A * ) " ! *% */ ) 2 =, F *% */ *% D& ! " + A # + 898 C?3 B ! # ! + B 88D ? " ! + J 4 + ! A # + 8F> C?3 − : - ! ! , ? ! . , *% ," . ! *% = ! ! ) I I% ! " !, */ */ /9" # $ + &' ( M ) ! *% ) ! *% ! " *% ! *% ) ! B B <B = /!" # ! % , M " !, B8 " , *% ) ) " " */ */ 1 ! " ) ! B ! $ )! $ ) " , *% ! = ! *% % ! ) */ ! ! ) " " " */ */ " , % ! I I " % *% ) " FB ) ) - ! ! ) ! */ ! *% ) B " , ! ) " I =! : ! FB 8B ! -@ @ % ) ) ! , ! ! ," @ " ? ! . ! B 6 ( ; ! ) " ! ! I ! ! " ) ! = ! /-" # ( * ( M @ ) ! *% *% B G ) ! *% ! ) $ C D B B B B " /." # ( * 8B : ; + G B ? ! ) ; *% ) 1 ) ! *% " ! *% ? ! . % ! GB B <B 8B B G G B ! ) ) ! *% 2 ! *% $ ? ! @ ? " $ ) ) ! *% ? ! ! ) ) ! *% ! @ $ ) + ) " B B ( * ( " I ! ! *% " *% " C D " GB B B ) ) ( I@ ! *% " ) ! " G B ! ! ( ! ? ! I@ ) + ) ! " */ //" # ! " ) " " ( M 1 " + % % ! *% ! ? ! ! " ! ) ! */ + " C 4+ D 1 *% + ! # A *% " FB M A @ *% ! ! 1 G B " ! ! # # = ! # + % C 4+ D " *% + . ! ) G = ! ) ! 9 ! B A 1 + *% M ! " ? ! &, ) + *% ! , " , 2 + $ *% ) ! *% ! " *% & ! E ! ( I D 2 *% *% *% I% ! *% , ( ! ! *% ) * I C 4+ D 3 " " /2" # C 4+ D " + *% "# ! + ) ( ) , B + " *% # ! ! . ! ! ( ) # @ /1" # : # ! ! ! *% ! # ! / * *% " ! % ! ! !,) ! 1 + + ( I% ! = ! *% ) ! " " ! ) # ! ) " ! ) ) ! *% ! J ! ) D 2 #! ! ! ) " */ " )! ! . ! & ) !D 2 " " " , + ! ! *% " C 4+ D ! */ ! = ? " ! *% ) $ ) " $ # *% ! - *% ! " *% + ! ! B 2 + ) /4" # $ % */ % + ? ! = !,! ! > + M + ! "# 2 B B ) * ! + *% C 4+ D ) ! ) " " ) + ! + 1 ! C 4+ D ! # , ! ! 1 ) ! 9 ! ! # ! G , ! ) ! *% 0 ! ? ! $ , ) - " *% @ - . ! *% ) ! *% ? ! @ /7" # % + &, ? ! @ )! % " ! *% " ! ! 1 D3 *% " *% J & D . ) ! *% ! *% " *% % & !D 3 ! ) " ! D3 <B ! " ) */ ) ! ! *% " *% FB& ! *% G BJ C D C DG B G B D M ! " ) ! *% = " " 7 " !. ! *% ! *% $ ) ) 0 ! ? ! !- - = @ ! % " ! *% : " )# ) $ " ! *% *% )# = " ! ! *% ! " 1
Documentos relacionados
SoK: Automated Software Diversity
against a target, employing a wide range of low-level techniques. We present the ones that are most relevant to automated software diversity. 1) Information Leaks: Often, the attacker seeks to read...
Leia maisVolume IX - Symantec
For instance, variants of the Bancos2 and Banpaes3 password-stealing Trojans remained among the top 50 most reported malicious code samples this period. These crimeware threats can be used to steal...
Leia mais