overview of cybersecurity cybercrime n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Overview of Cybersecurity & Cybercrime PowerPoint Presentation
Download Presentation
Overview of Cybersecurity & Cybercrime

Loading in 2 Seconds...

play fullscreen
1 / 40

Overview of Cybersecurity & Cybercrime - PowerPoint PPT Presentation


  • 141 Views
  • Uploaded on

Overview of Cybersecurity & Cybercrime. Eng. J N Kariuki BSc( Eng ) LLM CEng REng MIET FIEK MKIM Commmunications Secretary, National Communication Secretariat. National Communication Secretariat. Section 84 KIC Act,Cap411A,Laws of Kenya

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Overview of Cybersecurity & Cybercrime' - indira-chan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
overview of cybersecurity cybercrime

Overview of Cybersecurity & Cybercrime

Eng. J N Kariuki

BSc(Eng) LLM CEng REng MIET FIEK MKIM

Commmunications Secretary,

National Communication Secretariat

national communication secretariat
National Communication Secretariat
  • Section 84 KIC Act,Cap411A,Laws of Kenya
  • Function : advise Govt. on communication policy
summary
Summary
  • Abstract
  • Why worry about Cybersecurity
  • Vulnerabilities
  • Cybersecurity, Cybercrime
  • Examples
  • Privacy
why worry about cybersecurity
Why worry about Cybersecurity
  • Societal benefits of ICTs
  • New opportunities for growth, prosperity and creation of wealth
  • Shift from industrial to digital economy with many e-applications e-health, e-money e.g. M-PESA, e-government, etc
vulnerabilities
Vulnerabilities
  • Greater capacity of ICT,greater vulnerability
  • Is Kenya protected from cyber attacks?
  • Many OFC e.g. TEAMS,SEACOM,EASSy,LION etc.
  • Internet Usage increasing
internet statistics www internetworldstats com
INTERNET STATISTICSwww.internetworldstats.com
  • Kenya. ,int users.(17.38m-2011)(17.38%) in last quarter),subs 6.15m (13.48%)
  • Mobile 28.08million(5.89%)
cybersecurity simplified def
Cybersecuritysimplified def.

“the prevention of damage to , unauthorised use of ,exploitation of , and if needed the restoration of electronic information and communication systems, and the information they contain , in order to strengthen the confidentiality , integrity and availability of these systems”

cyberspace cont d
CYBERSPACE …..cont’d
  • Laws relating to evidence, contract, defamation, intellectual property have all a role to play, as do provisions of criminal law
cyber crime
Cyber crime
  • Ordinary crime committed by computer
  • Computer crime versus internet crime
    • Computer crime (includes internet crime also called cyber crime)
involvement of computer systems in commission of crimes
INVOLVEMENT OF COMPUTER SYSTEMS IN COMMISSION OF CRIMES
  • As target of the offence
  • The tool used in the offence
  • May contain evidence of the offence
denial of service attacks
Denial of Service Attacks
  • Technique used that overwhelms the resource of target computer which results in the denial of service to other computers
  • Distributed DoS: Use of numerous computers to attack target computer from numerous launch points
website defacing
WEBSITE DEFACING
  • Damaging contents of websites
  • Motives:
    • Personal grudge; e.g., dismissed employee
    • Asserting political belief; e.g., affixing cannabis leaves on the website of a court
website defacing1
WEBSITE DEFACING
  • Damaging contents of websites
  • Motives:
    • Personal grudge; e.g., dismissed employee
    • Asserting political belief; e.g., affixing cannabis leaves on the website of a court
2010 child abuse data
2010 Child abuse Data
  • Domains 1,351(Reduced due to int.effort to stop them)
  • URLs 16,739 location of providers.(42% North america,41% Europe,17% Asia)
child online protection
Child online Protection
  • http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-COP.01-11-2010-PDF-E.pdf
  • Takedown of Child porn sites
computer pornography
COMPUTER PORNOGRAPHY
  • What may be freely available in some jurisdictions, may be objectionable in others
  • International consensus that ‘child pornography’ must be banned
  • Pseudo-photographs – digitally modified images depicting child in a sexual activity
  • Grooming or child luring online
critical infrastructure vital element of national security massive impact on the economy
Critical Infrastructurevital element of national security.: massive impact on the economy
  • The US Government has divided the critical infrastructure into the following segments: information and
  • communications, electric power, transportation, oil and gas, banking and finance, water, emergency services
  • and government (including the military).
cii attack stuxnet 1 st attack on scada
CII attackstuxnet-1st attack on Scada
  • In 2010, Stuxnet virus attack on control system of Iranian Nuclear reactor
    • Stuxnet is for sabotage-manipulates equipment to behave erratically while reporting “normal” to operators of system.
    • In May,21,2011 cyber attack on defence contractor Lockheed Martin which compromised RSA securID tokens. Intention: to compromise customer,program or personal data.
payload virus
PAYLOAD VIRUS
  • Viruses delivered as blended threat
    • (spam message directs user to a malicious website which then results in a virus being downloaded to the users computer e.g e-cards)
malicious code viruses worms and trojans
MALICIOUS CODE-VIRUSES,WORMS and TROJANS

Computer code written with sole intent to:-

cause damage to an equipment

Steal information- personal or business

Serious financial and security threat

e.g. Melissa virus,1999.

worms and trojans
WORMS AND TROJANS
  • Worms
    • similar to viruses; but multiply without human interaction
  • Trojan
    • innocent-looking program that contains hidden functions
botnet
BOTNET

Groups of “zombied” computers remotely controlled by hackers,even though the owners are unaware of it.These zombies do malicious things like forward spam,viruses,worms or gang up together to do outright attacks against targeted computer systems.

cyber terrorism
CYBER-TERRORISM

“concerted, sophisticated attacks on networks”

(Yasin, 1999)

cyber terrorism1
CYBER-TERRORISM

“ … the convergence of terrorism and cyberspace. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political and social objectives.”

(Denning, 2000)

forms of cyber terrorist attacks
Forms of cyber-terrorist attacks
  • access to the military computer systems resulting in missile launches
  • access a manufacturing facility and alter formula used to produce drug or other product to render products lethal
intercepting a mobile phone
Intercepting a Mobile Phone
  • Mobile phones lock on to the most powerful cellular radio signals
    • Establish pico-cell
    • Handset responds to the ‘rogue’ pico-cell
    • Pico cell harvests the data which is analysed for account hacking and ID fraud.
    • SOLUTION: Register mobile phones so that it can be traced .
unsolicited commercial emails spam
UNSOLICITED COMMERCIAL EMAILS (SPAM)
  • Minimal costs
  • Response from internet users
  • Problems:
    • damaging consumer confidence
    • children being subjected to inappropriate material
phishing and pharming i
PHISHING AND PHARMING I
  • Phishing
    • attempts to obtain personal information, including financial account details
  • Pharming
    • attempts to redirect users to fradulent websites
phishing and pharming ii
PHISHING AND PHARMING II
  • Means by which pharming can occur:
    • Static domain name spoofing: legitimate website slightly mis-spelt
    • Malicious software: redirecting users to fraudulent websites
    • Domain hijacking: legitimate website is hijacked and customers redirected to an illegitimate site
    • Domain Name Server ‘poisoning’: Local DNS servers poisoned to send user to wrong site
hacking thai pm twitter a c dn3 10 2011
Hacking Thai PM Twitter A/CDN3.10.2011
  • Hacked on Sunday 2.10.2011 for 20minutes
  • Accused of incompetence
privacy
PRIVACY

“You have zero privacy ;get over it”, Scott McNealy, CEO,Sun Microsystems,1999

e.g. Passenger Name Record(PNR) data base used by airlines.Contains:full name, date of birth, home & work address, telephone number, email address, credit card details,IP address if booked online, names and phone numbers of emergency contacts

privacy concerns i wikileaks and whistle blowing mobile phone
PRIVACY CONCERNS IWikiLeaks and whistle-blowing, mobile phone
  • Data mining-tracking customer activities for future marketing purposes
  • Methods used to collect personal information
    • Electronic recording of ‘clickstream data’ at various levels: e.g., servers of access or content providers
    • Use of cookie: a record of information sent to a computer for identifying the computer for future visits to same website.
privacy concerns ii
PRIVACY CONCERNS II
  • sniffers – can be used to capture data being transmitted over the network
  • use of intelligent agents – to perform any assigned task, I.As. require sufficient information, including users’ profiles
loss of data loss can lead to id theft and fraud on large scale
Loss of Data Losscan lead to ID theft and fraud on large scale
  • October 2007 HM Revenue & Customs lost details of 25million child benefit claimants stored in two unencrypted discs. Dept. of Transport lost 3million records of drivers
  • In US TSA lost a check-in computer with unencrypted data of 33,000 passengers
  • In June 2011,Apple & Google were questioned in US Senate over use of location data in their mobile handsets. Sony Network Playstation suffered a 70million member hack.
kenya cybercrime legislation
Kenya Cybercrime legislation
  • The KICA,Cap411A,s.83U-s84H
  • Access,access with intent,access and interception,modification,denying access,damaging,disclosure of password, unlawful possession of data,fraud,tampering with source code, obscene info., fraudulent info, PROTECTED SYSTEMS s.83Q.
nobody is safe
Nobody is Safe

22.09.2011- Hacking of Core Security Technologies(Core Impact) Website

Core Impact provides IT security testing  products and services It’s a BENCHMARK.

e.g. Penetration Scans .Typical annual licence $30,000.00

6.9.2011 Hackers spied on approx.300,000 google internet users in Iran after stealing security certificates from a Dutch IT firm-stole passwords and obtain access to other social media.

slide40
END

Eng J N Kariuki

BSc(Eng) LLM CEng REng MIET FIEK MKIM