尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

cybercrime landscape for moldova

Download as PPTX, PDF
moldovaictsummit2016
moldovaictsummit2016

This document discusses the evolution of trust-based collaboration to combat cybercrime. It begins by describing how attacks typically occur and the advantages attackers have over responders by moving faster and without legal constraints. It then explains how responders can still monitor internet traffic and work to mitigate attacks. Currently, most effective intervention relies on trust-based collaboration between private and public sector through information sharing. However, this model does not scale well. The document proposes further evolving collaboration to public-private partnerships and finding ways to accelerate legal processes to match the fast pace of attacks and internet.

Technology
1 of 17
Cybercrime Landscape Today: Evolution of trust Alexandra Kulikova Global Stakeholder Engagement Manager Eastern Europe and Central Asia, ICANN 27-28 April 2016 | ICT Summit | Chisinau, Moldova
| 2 Agenda • Online Crime Landscape • Myths and Realities • How we conduct investigations today • Evolution of trust-based collaboration
| 3 Setting Context… User receives spam with malicious attachment Malicious attachment self-installs, connects to criminal host to download malware installer Malware installer downloads attack-specific malware Attacks ensue: Phishing Data Theft Ransomware Account theft… Chronology of a typical attack
| 4 Attackers operate at Internet pace: Botnets Hour 0 Botnet building begins: Malware infected computers are enlisted into botnet Botnet operator leases botnet for criminal use attack begins Hours 1-12 Botnet activity disrupted Day 1+… Victims notify local LE of fraud/loss Weeks later… Months later… LE obtains local jurisdiction court order LE obtains MLATs for multi- jurisdiction interdiction Private sector actors identify botnet, investigate, initiate containment Pre-Attack Botnet operator registers domain names for command and control host names Consumers affected by botnet facilitated crimes Private sector actors work with LE, service providers to disrupt or dismantle botnet
| 5 Attackers operate at Internet pace: Phishing Hours 0-1 Phisher registers email domain name Phisher posts phishing site Phisher begins email campaign Hours 1-12 Consumer receives phishing email Private sector actors identify phish, investigate, initiate mitigation Day 1+… Victims notify local LE of fraud/loss Weeks later… Months later… LE obtains local jurisdiction court order Order served, prosecution commences Phishing site disabled Private sector actors work with Service providers to suspend phishing email domain names, remove phishing site content…
| 6 Debunking popular myth… Attackers aren’t smarter than responders. They are able to move faster than responders, more economically, and act unencumbered by law, jurisdiction, contract, interpretation.
| 7 The advantages are staked in favor of attackers Attackers create their own attack infrastructure on infected or compromised devices or servers Attackers compromise legitimate infrastructures to operate covertly or to encumber investigations Attackers don’t need approval, permission, budgets, licenses, or court orders
| 8 Do Responders Have Any Advantages? Yes… Criminals must use the same hosts, networks address spaces, and same name resolution to reach and victimize users
| 9 Investigators can see what targeted users see • We can • Monitor, intercept or redirect traffic • Reverse engineer malicious code • Block addresses or services • Remove harmful content • Disconnect hosts • Suspend name resolution • Such interventions are common • Mitigation or prosecution is less so…
| 10 What Hinders Mitigation or Prosecution? JURISDICTION What is the prevailing jurisdiction of content hosting, DNS hosting, domain registration, alleged perpetrators? LAW Is this a criminal activity in all relevant jurisdictions? CONTRACT, INTERPRETATION Is a contracted party in breach of an obligation? According to whose interpretation?
| 11 Intervention Today: Trust-based Collaboration Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools • Private- and public sector investigators cooperate 24x7 using trusted communications channels • Information sharing • Malware, phishing, spam samples • Host names, URLs, addresses, geo-location • Activities of persons of interest (e.g., social media posts) • Points of contact (targets, victims, operators, investigators) • Coordination or hand off • Mitigating DDoS by squelching sources • Providing evidence of AUP violation to operator for action
| 12 Trust is Earned Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools • New participants earn nominations from existing members and are vetted prior to admission • Personal references, • Prior collaboration and • Reputation • Individuals put own reputation and membership at risk when they nominate • Strict codes of conduct • Self-policing model
| 13 Is trust-based collaboration effective? Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools Yes. It reduces the attack surface in several ways: • Sharing “data feeds” forms the bases for blocklisting • Sharing malware samples expedites remediation • Sharing intelligence improves dossiers on suspected criminal actors • Reduces time from threat identification to containment or mitigation • Gives participating law enforcement agents insights other than direct complaints BUT… it scales poorly and is not a “universal” solution
| 14 Evolution of trust: Evolution to public private trust partnerships Trust based collaboration community Call a party you trust Use trusted third party intermediary programs to allow responders to keep pace with criminal actors Public private trust partherships
| 15 Challenges for formal Public-Private Partnerships Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools We still need to accelerate due process to Internet pace
| 16 Evolution of trust: a wish list Real-time due process? Public private trust partherships Trust based collaboration community Call a party you trust
| 17 Thank you! Alexandra.kulikova@icann.org

Recommended

Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
blogzilla
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime Investigations
Dr. Prashant Vats
 
Cyber crime faizan project
Cyber crime faizan projectCyber crime faizan project
Cyber crime faizan project
Syed Bokhari
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
prashant3535
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
Cybercrime by Suphiyaan
Cybercrime by SuphiyaanCybercrime by Suphiyaan
Cybercrime by Suphiyaan
Suphiyaan Sutar
 

Recommended

Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
blogzilla
 
Obstacles to Cybercrime Investigations
Obstacles to Cybercrime InvestigationsObstacles to Cybercrime Investigations
Obstacles to Cybercrime Investigations
Dr. Prashant Vats
 
Cyber crime faizan project
Cyber crime faizan projectCyber crime faizan project
Cyber crime faizan project
Syed Bokhari
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
prashant3535
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
Cybercrime by Suphiyaan
Cybercrime by SuphiyaanCybercrime by Suphiyaan
Cybercrime by Suphiyaan
Suphiyaan Sutar
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
blogzilla
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunities
Freedom House
 
Chapter 3 ethics and privacy
Chapter 3 ethics and privacyChapter 3 ethics and privacy
Chapter 3 ethics and privacy
mrzapper
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
Dhrumil Panchal
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
NEW LAW COLLEGE PUNE
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
blogzilla
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
Laguna State Polytechnic University
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information Technology
Laguna State Polytechnic University
 
Cyber crimes publicspeaking
Cyber crimes publicspeakingCyber crimes publicspeaking
Cyber crimes publicspeaking
Adarsh
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
Filmon Habtemichael Tesfai
 
Internet governance
Internet governanceInternet governance
Internet governance
Ghazala Ajami
 
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
Boston Global Forum
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
Boston Global Forum
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
patelripal99
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
Cyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandanCyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandan
SVS College
 
CTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario ManiewiczCTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario Maniewicz
Commonwealth Telecommunications Organisation
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
Neeraj Aarora
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
spkiely
 
Retele sociale
Retele socialeRetele sociale
Retele socialedoinanenescu
 
Violenta sociala si familiala 2
Violenta sociala si familiala 2Violenta sociala si familiala 2
Violenta sociala si familiala 2
Biblioteci Bihorene
 

More Related Content

What's hot

Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
blogzilla
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
Jacqueline Fick
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunities
Freedom House
 
Chapter 3 ethics and privacy
Chapter 3 ethics and privacyChapter 3 ethics and privacy
Chapter 3 ethics and privacy
mrzapper
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
Dhrumil Panchal
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
NEW LAW COLLEGE PUNE
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
blogzilla
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
Laguna State Polytechnic University
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information Technology
Laguna State Polytechnic University
 
Cyber crimes publicspeaking
Cyber crimes publicspeakingCyber crimes publicspeaking
Cyber crimes publicspeaking
Adarsh
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
Filmon Habtemichael Tesfai
 
Internet governance
Internet governanceInternet governance
Internet governance
Ghazala Ajami
 
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
Boston Global Forum
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
Boston Global Forum
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
patelripal99
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
Cyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandanCyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandan
SVS College
 
CTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario ManiewiczCTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario Maniewicz
Commonwealth Telecommunications Organisation
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
Neeraj Aarora
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
spkiely
 

What's hot (20)

Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
The State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunitiesThe State Department and Net Freedom: A year of great challenges & opportunities
The State Department and Net Freedom: A year of great challenges & opportunities
 
Chapter 3 ethics and privacy
Chapter 3 ethics and privacyChapter 3 ethics and privacy
Chapter 3 ethics and privacy
 
Traditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer CrimeTraditional Problems Associated with Computer Crime
Traditional Problems Associated with Computer Crime
 
Cyber crimes
Cyber crimesCyber crimes
Cyber crimes
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
 
Ethical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on ComputingEthical Issues and Relevant Laws on Computing
Ethical Issues and Relevant Laws on Computing
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information Technology
 
Cyber crimes publicspeaking
Cyber crimes publicspeakingCyber crimes publicspeaking
Cyber crimes publicspeaking
 
Mis chapter 9
Mis chapter 9Mis chapter 9
Mis chapter 9
 
Internet governance
Internet governanceInternet governance
Internet governance
 
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. Reef
 
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...
 
Introduction to cybercrime
Introduction to cybercrimeIntroduction to cybercrime
Introduction to cybercrime
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
 
Cyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandanCyer crimes and cyber laws b.v.raghunandan
Cyer crimes and cyber laws b.v.raghunandan
 
CTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario ManiewiczCTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario Maniewicz
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
 

Viewers also liked

Violenta sociala si familiala 2
Violenta sociala si familiala 2Violenta sociala si familiala 2
Violenta sociala si familiala 2
Biblioteci Bihorene
 
Genericul şi specificul crimelor cibernetice în republica moldova
Genericul şi specificul crimelor cibernetice în republica moldovaGenericul şi specificul crimelor cibernetice în republica moldova
Genericul şi specificul crimelor cibernetice în republica moldova
moldovaictsummit2016
 
Centrul pentru combaterea crimelor informatice
Centrul pentru combaterea crimelor informaticeCentrul pentru combaterea crimelor informatice
Centrul pentru combaterea crimelor informatice
moldovaictsummit2016
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
S.E. CTS CERT-GOV-MD
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
moldovaictsummit2016
 

Viewers also liked (6)

Retele sociale
Retele socialeRetele sociale
Retele sociale
 
Violenta sociala si familiala 2
Violenta sociala si familiala 2Violenta sociala si familiala 2
Violenta sociala si familiala 2
 
Genericul şi specificul crimelor cibernetice în republica moldova
Genericul şi specificul crimelor cibernetice în republica moldovaGenericul şi specificul crimelor cibernetice în republica moldova
Genericul şi specificul crimelor cibernetice în republica moldova
 
Centrul pentru combaterea crimelor informatice
Centrul pentru combaterea crimelor informaticeCentrul pentru combaterea crimelor informatice
Centrul pentru combaterea crimelor informatice
 
Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 

Similar to cybercrime landscape for moldova

Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
Recorded Future
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
shreemala1
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
parveen837153
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Javier Vargas
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
Expeed Software
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
Anpumathews
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Accellis Technology Group
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
David Sweigert
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Open Analytics
 
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert SystemsWebinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
Legal Services National Technology Assistance Project (LSNTAP)
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
SohamChakraborty61
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
sidraasif9090
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
taufiq463421
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
Tommy Zul Hidayat
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
taufiq463421
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 

Similar to cybercrime landscape for moldova (20)

Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank7 mike-steenberg-carlos-lopera-us-bank
7 mike-steenberg-carlos-lopera-us-bank
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
Knowing your Enemies - Leveraging Data Analysis to Expose Phishing Patterns A...
 
Why is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital WorldWhy is Cybersecurity Important in the Digital World
Why is Cybersecurity Important in the Digital World
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your DataLaw Firm Cybersecurity: Practical Tips for Protecting Your Data
Law Firm Cybersecurity: Practical Tips for Protecting Your Data
 
FBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from RansomwareFBI Memo on How to Protect Yourself from Ransomware
FBI Memo on How to Protect Yourself from Ransomware
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert SystemsWebinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
Webinar Next Week: Beyond Online Intake: Looking at Triage and Expert Systems
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
 
Cyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensiveCyber Security Introduction project comprehensive
Cyber Security Introduction project comprehensive
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
Chapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networksChapter 3 security part i auditing operating systems and networks
Chapter 3 security part i auditing operating systems and networks
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes
 

More from moldovaictsummit2016

ghidul parintelui responsabil
ghidul parintelui responsabilghidul parintelui responsabil
ghidul parintelui responsabil
moldovaictsummit2016
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, prevention
moldovaictsummit2016
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
moldovaictsummit2016
 
Libertatea de exprimare si Informare online
Libertatea de exprimare si Informare onlineLibertatea de exprimare si Informare online
Libertatea de exprimare si Informare online
moldovaictsummit2016
 
Xenia Siminciuc
Xenia Siminciuc Xenia Siminciuc
Xenia Siminciuc
moldovaictsummit2016
 
Internetul-platforma multi participativa
Internetul-platforma multi participativaInternetul-platforma multi participativa
Internetul-platforma multi participativa
moldovaictsummit2016
 
Caracteristica serviciilor de acces la internet fix si mobil in RM
Caracteristica serviciilor de acces la internet fix si mobil in RMCaracteristica serviciilor de acces la internet fix si mobil in RM
Caracteristica serviciilor de acces la internet fix si mobil in RM
moldovaictsummit2016
 
ICT driven innovation for Public Service Moderniation
ICT driven innovation for Public Service ModerniationICT driven innovation for Public Service Moderniation
ICT driven innovation for Public Service Moderniation
moldovaictsummit2016
 
Greating from ICANN
Greating from ICANNGreating from ICANN
Greating from ICANN
moldovaictsummit2016
 
EMC avalability
EMC avalability EMC avalability
EMC avalability
moldovaictsummit2016
 
Cisco safe
Cisco safeCisco safe
Cisco safe
moldovaictsummit2016
 
EMC
EMCEMC
EMC
moldovaictsummit2016
 
Cisco byod
Cisco byodCisco byod
Cisco byod
moldovaictsummit2016
 
emc hyper converged
emc hyper convergedemc hyper converged
emc hyper converged
moldovaictsummit2016
 
cisco collaboration
cisco collaborationcisco collaboration
cisco collaboration
moldovaictsummit2016
 
Large company as another startup alexei gutaga
Large company as another startup alexei gutagaLarge company as another startup alexei gutaga
Large company as another startup alexei gutaga
moldovaictsummit2016
 
How to improve customer satisfaction while cutting on operational costs
How to improve customer satisfaction while cutting on operational costsHow to improve customer satisfaction while cutting on operational costs
How to improve customer satisfaction while cutting on operational costs
moldovaictsummit2016
 
Digitalization-Important trend for a qualitative Education
Digitalization-Important trend for a qualitative EducationDigitalization-Important trend for a qualitative Education
Digitalization-Important trend for a qualitative Education
moldovaictsummit2016
 
Informatizarea invatamintului
Informatizarea invatamintuluiInformatizarea invatamintului
Informatizarea invatamintului
moldovaictsummit2016
 

More from moldovaictsummit2016 (20)

ghidul parintelui responsabil
ghidul parintelui responsabilghidul parintelui responsabil
ghidul parintelui responsabil
 
Cyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, preventionCyberthreats: causes, consequences, prevention
Cyberthreats: causes, consequences, prevention
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
 
Libertatea de exprimare si Informare online
Libertatea de exprimare si Informare onlineLibertatea de exprimare si Informare online
Libertatea de exprimare si Informare online
 
Xenia Siminciuc
Xenia Siminciuc Xenia Siminciuc
Xenia Siminciuc
 
Internetul-platforma multi participativa
Internetul-platforma multi participativaInternetul-platforma multi participativa
Internetul-platforma multi participativa
 
Caracteristica serviciilor de acces la internet fix si mobil in RM
Caracteristica serviciilor de acces la internet fix si mobil in RMCaracteristica serviciilor de acces la internet fix si mobil in RM
Caracteristica serviciilor de acces la internet fix si mobil in RM
 
ICT driven innovation for Public Service Moderniation
ICT driven innovation for Public Service ModerniationICT driven innovation for Public Service Moderniation
ICT driven innovation for Public Service Moderniation
 
Greating from ICANN
Greating from ICANNGreating from ICANN
Greating from ICANN
 
EMC avalability
EMC avalability EMC avalability
EMC avalability
 
Cisco safe
Cisco safeCisco safe
Cisco safe
 
EMC
EMCEMC
EMC
 
Cisco byod
Cisco byodCisco byod
Cisco byod
 
emc hyper converged
emc hyper convergedemc hyper converged
emc hyper converged
 
cisco collaboration
cisco collaborationcisco collaboration
cisco collaboration
 
Large company as another startup alexei gutaga
Large company as another startup alexei gutagaLarge company as another startup alexei gutaga
Large company as another startup alexei gutaga
 
How to improve customer satisfaction while cutting on operational costs
How to improve customer satisfaction while cutting on operational costsHow to improve customer satisfaction while cutting on operational costs
How to improve customer satisfaction while cutting on operational costs
 
Digitalization-Important trend for a qualitative Education
Digitalization-Important trend for a qualitative EducationDigitalization-Important trend for a qualitative Education
Digitalization-Important trend for a qualitative Education
 
Informatizarea invatamintului
Informatizarea invatamintuluiInformatizarea invatamintului
Informatizarea invatamintului
 

Recently uploaded

Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
ThousandEyes
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
UiPathCommunity
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
ScyllaDB
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google CloudRadically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
ScyllaDB
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
ScyllaDB
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
ScyllaDB
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Automation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI AutomationAutomation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI Automation
UiPathCommunity
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
ScyllaDB
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 

Recently uploaded (20)

Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Introduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER WebinarIntroduction to ThousandEyes AMER Webinar
Introduction to ThousandEyes AMER Webinar
 
Day 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data ManipulationDay 4 - Excel Automation and Data Manipulation
Day 4 - Excel Automation and Data Manipulation
 
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time MLMongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
MongoDB vs ScyllaDB: Tractian’s Experience with Real-Time ML
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google CloudRadically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
Radically Outperforming DynamoDB @ Digital Turbine with SADA and Google Cloud
 
ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024ThousandEyes New Product Features and Release Highlights: June 2024
ThousandEyes New Product Features and Release Highlights: June 2024
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
CTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database MigrationCTO Insights: Steering a High-Stakes Database Migration
CTO Insights: Steering a High-Stakes Database Migration
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Real-Time Persisted Events at Supercell
Real-Time Persisted Events at SupercellReal-Time Persisted Events at Supercell
Real-Time Persisted Events at Supercell
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Automation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI AutomationAutomation Student Developers Session 3: Introduction to UI Automation
Automation Student Developers Session 3: Introduction to UI Automation
 
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State StoreElasticity vs. State? Exploring Kafka Streams Cassandra State Store
Elasticity vs. State? Exploring Kafka Streams Cassandra State Store
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to SuccessDynamoDB to ScyllaDB: Technical Comparison and the Path to Success
DynamoDB to ScyllaDB: Technical Comparison and the Path to Success
 

cybercrime landscape for moldova

  • 1. Cybercrime Landscape Today: Evolution of trust Alexandra Kulikova Global Stakeholder Engagement Manager Eastern Europe and Central Asia, ICANN 27-28 April 2016 | ICT Summit | Chisinau, Moldova
  • 2. | 2 Agenda • Online Crime Landscape • Myths and Realities • How we conduct investigations today • Evolution of trust-based collaboration
  • 3. | 3 Setting Context… User receives spam with malicious attachment Malicious attachment self-installs, connects to criminal host to download malware installer Malware installer downloads attack-specific malware Attacks ensue: Phishing Data Theft Ransomware Account theft… Chronology of a typical attack
  • 4. | 4 Attackers operate at Internet pace: Botnets Hour 0 Botnet building begins: Malware infected computers are enlisted into botnet Botnet operator leases botnet for criminal use attack begins Hours 1-12 Botnet activity disrupted Day 1+… Victims notify local LE of fraud/loss Weeks later… Months later… LE obtains local jurisdiction court order LE obtains MLATs for multi- jurisdiction interdiction Private sector actors identify botnet, investigate, initiate containment Pre-Attack Botnet operator registers domain names for command and control host names Consumers affected by botnet facilitated crimes Private sector actors work with LE, service providers to disrupt or dismantle botnet
  • 5. | 5 Attackers operate at Internet pace: Phishing Hours 0-1 Phisher registers email domain name Phisher posts phishing site Phisher begins email campaign Hours 1-12 Consumer receives phishing email Private sector actors identify phish, investigate, initiate mitigation Day 1+… Victims notify local LE of fraud/loss Weeks later… Months later… LE obtains local jurisdiction court order Order served, prosecution commences Phishing site disabled Private sector actors work with Service providers to suspend phishing email domain names, remove phishing site content…
  • 6. | 6 Debunking popular myth… Attackers aren’t smarter than responders. They are able to move faster than responders, more economically, and act unencumbered by law, jurisdiction, contract, interpretation.
  • 7. | 7 The advantages are staked in favor of attackers Attackers create their own attack infrastructure on infected or compromised devices or servers Attackers compromise legitimate infrastructures to operate covertly or to encumber investigations Attackers don’t need approval, permission, budgets, licenses, or court orders
  • 8. | 8 Do Responders Have Any Advantages? Yes… Criminals must use the same hosts, networks address spaces, and same name resolution to reach and victimize users
  • 9. | 9 Investigators can see what targeted users see • We can • Monitor, intercept or redirect traffic • Reverse engineer malicious code • Block addresses or services • Remove harmful content • Disconnect hosts • Suspend name resolution • Such interventions are common • Mitigation or prosecution is less so…
  • 10. | 10 What Hinders Mitigation or Prosecution? JURISDICTION What is the prevailing jurisdiction of content hosting, DNS hosting, domain registration, alleged perpetrators? LAW Is this a criminal activity in all relevant jurisdictions? CONTRACT, INTERPRETATION Is a contracted party in breach of an obligation? According to whose interpretation?
  • 11. | 11 Intervention Today: Trust-based Collaboration Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools • Private- and public sector investigators cooperate 24x7 using trusted communications channels • Information sharing • Malware, phishing, spam samples • Host names, URLs, addresses, geo-location • Activities of persons of interest (e.g., social media posts) • Points of contact (targets, victims, operators, investigators) • Coordination or hand off • Mitigating DDoS by squelching sources • Providing evidence of AUP violation to operator for action
  • 12. | 12 Trust is Earned Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools • New participants earn nominations from existing members and are vetted prior to admission • Personal references, • Prior collaboration and • Reputation • Individuals put own reputation and membership at risk when they nominate • Strict codes of conduct • Self-policing model
  • 13. | 13 Is trust-based collaboration effective? Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools Yes. It reduces the attack surface in several ways: • Sharing “data feeds” forms the bases for blocklisting • Sharing malware samples expedites remediation • Sharing intelligence improves dossiers on suspected criminal actors • Reduces time from threat identification to containment or mitigation • Gives participating law enforcement agents insights other than direct complaints BUT… it scales poorly and is not a “universal” solution
  • 14. | 14 Evolution of trust: Evolution to public private trust partnerships Trust based collaboration community Call a party you trust Use trusted third party intermediary programs to allow responders to keep pace with criminal actors Public private trust partherships
  • 15. | 15 Challenges for formal Public-Private Partnerships Most harm occurs in first hours of attack Motive distinguishes the nature and objectives of attacks 3 Technology is motive agnostic: criminals, investigators, admins use the same tools We still need to accelerate due process to Internet pace
  • 16. | 16 Evolution of trust: a wish list Real-time due process? Public private trust partherships Trust based collaboration community Call a party you trust

Editor's Notes

  1. Use this slide for diagrams or other graphic elements.
  2. Use this slide for diagrams or other graphic elements.
  3. Summarize the three main points of your presentation here.
  4. Summarize the three main points of your presentation here.
  5. Summarize the three main points of your presentation here.
  6. Summarize the three main points of your presentation here.
  7. Use this slide for diagrams or other graphic elements.
  8. Summarize the three main points of your presentation here.
  9. Use this slide for diagrams or other graphic elements.
  10. You can adjust the email/web address to whichever email or web address is best suited to your presentation. This should be your final slide.
  翻译: