1 / 22

CYCO and MELANI – SwiNOG Meeting 2007

CYCO and MELANI – SwiNOG Meeting 2007. Marc Henauer Head of Unit MELANI/Cybercrime marc.henauer@fedpol.admin.ch. SCOCI – KOBIK – CYCO. MoU between Cantons and Federation Proportional Distribution of Costs Competences stay the same. Clients: Police, Justice, ISP, Public.

tristram
Download Presentation

CYCO and MELANI – SwiNOG Meeting 2007

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CYCO and MELANI – SwiNOG Meeting 2007 Marc Henauer Head of Unit MELANI/Cybercrime marc.henauer@fedpol.admin.ch

  2. SCOCI – KOBIK – CYCO • MoU between Cantons and Federation • Proportional Distribution of Costs • Competences stay the same • Clients: Police, Justice, ISP, Public • Open-Up Synergies

  3. Organisation Organisation KSBS KKJPD KKPKS fedpol Governing Board CYCO fedpol DAP CYCO Monitoring OSINT Clearing /Analysis MELANI

  4. How does Cyco work ? • 1) Reception, Viewing, Securing and first Analysis of an Anouncement • 2) Active Research = Monitoring In both cases CYCO produces a file, showing criminal intent and sends it to the judicial authorities of the cantons.

  5. fedpol KKPKS KSBS KKJPD Mission Governing Board Means Internet CLEMONA Lawyers, Developers, Network Specialists, Police, Journalist, IT-Security Experts,…. Services Announcements Monitoring Criminal Files Products Prevention, Analysis Clients Cantons Federation FL Interpol Public

  6. High Resonance

  7. Example - Grooming

  8. www.heil-helvetia.ch

  9. What is getting reported?

  10. CYCO Cases 2006

  11. Does it Work ? • ~ 90% Investigation are opened and a • house search is made. • ~ 80% Illegal material is seized. • Problems: Time, Cybercafé, Chat • ~ 85% Lead to a conviction • Problems: Chat, Intent

  12. So Below the line… • 400 – 600 Announcements per Month • Clear Necessity for an active Monitoring • Clients are Happy – But also Demanding • Key to Success • Motivated Team • Cooperation • Innovation

  13. MELANI

  14. MELANI – A PPP for the Protection of the NCII • MELANI – Melde- und Analysestelle Informationssicherung • Situation and intelligence centre of the Federal Government for the protection of the critical information infrastructure • Provides operators of critical infrastructures, such as • energy suppliers • banks • telcos • and so forth... • with information and resources coming from • intelligence • law enforcement • national CERT (Computer Emergency Response Team)

  15. MELANI: Functionalities – Co-operation Partners • Intelligence–Service for Analysis and Prevention (SAP) with the Federal Office of Police (fedpol) • cybercrime (Cybercrime Co-ordination Unit, CYCO) • politically motivated hacking and national security • well established co-operation with the private sector • CERT– Swiss Education & Research Network (SWITCH) • experience in running a CERT • access to the world-wide network of CERTs (FIRST, ...) • Supervision–Federal Strategy Unit for IT (FSUIT) • active in CIIP since 1997 • relations to relevant CIIP organisations abroad

  16. MELANI: Organizational Model MELANI FSUIT fedpol Head MELANIRuedi Rytz SWITCH Information Head Situation Centre Marc Henauer Head SWITCH-CERT Serge Droz MELANI Analyst Scientific Staff

  17. MELANI-Network: National Contact Point Switzerland World-Wide Co-operation Federal Office for Information Security (BSI) National Infrastructure Security Co-ordination Centre (CPNI) Department of Homeland Security (DHS) CIIP-Network / Policy Makers (FSUIT) Intelligence(fedpol: SAP) „Club de Berne“ Intelligence Community MELANI Operators of Critical Infrastructures High Tech Crime UnitsEuropol, Interpol Cyber Crime Convention (Council of Europe) High-Tech Crime (fedpol: CYCO) European Government CERTs (EGC)Task Force CSIRT (TF-CSIRT)Forum of Incident Response and Security Teams (FIRST) CERT (SWITCH)

  18. Services for MELANI open • Daily business • Announcement of warnings, and information („tips“) in „appropriate form“ (language D, F, I, technical details) • Publication of material for incident prevention (e.g. good practices e.g. for e-banking, operating systems, …) • Possibility to report incidents and attacks • In case of an incident • Hints on problem resolution • Expert advice on law enforcement www.melani.admin.ch

  19. Closed Constituency (Mai 2007) • Critical Infrastructure # Companies • Telecommunications: 5 • Energy Supply: 4 • Finance: 12 • Transportation: 2 • Health Care: 1 • Public Administration: 4 • Total: 28 (~ 70 people)

  20. Services for the CC - Example: Espionage – Trojan Horse • Seemingly useful program containing hidden functions. • Such functions can be used for the purpose of espionage, for the remote control of the PC, for sending spam, and so forth. • Trojan horses may find their way to the PC by • „voluntary“ installation • exploiting vulnerabilities

  21. Warning for the Closed Constituency • As an example, the warning of January 2007 • The advisory contains pieces of information on detected attack vectors. • System administrators may use them in order to verify whether they are affected.

  22. MELANI-Net: Incident handling Adding comments incl. file attachments Description of the incident (Visibilty depends on the user) Comments

More Related