E-Book, Englisch, 306 Seiten
Akhgar / Staniforth / Bosco Cyber Crime and Cyber Terrorism Investigator's Handbook
1. Auflage 2014
ISBN: 978-0-12-800811-9
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
E-Book, Englisch, 306 Seiten
ISBN: 978-0-12-800811-9
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark
Cyber Crime and Cyber Terrorism Investigator's Handbook is a vital tool in the arsenal of today's computer programmers, students, and investigators. As computer networks become ubiquitous throughout the world, cyber crime, cyber terrorism, and cyber war have become some of the most concerning topics in today's security landscape. News stories about Stuxnet and PRISM have brought these activities into the public eye, and serve to show just how effective, controversial, and worrying these tactics can become. Cyber Crime and Cyber Terrorism Investigator's Handbook describes and analyzes many of the motivations, tools, and tactics behind cyber attacks and the defenses against them. With this book, you will learn about the technological and logistic framework of cyber crime, as well as the social and legal backgrounds of its prosecution and investigation. Whether you are a law enforcement professional, an IT specialist, a researcher, or a student, you will find valuable insight into the world of cyber crime and cyber warfare. Edited by experts in computer security, cyber investigations, and counter-terrorism, and with contributions from computer researchers, legal experts, and law enforcement professionals, Cyber Crime and Cyber Terrorism Investigator's Handbook will serve as your best reference to the modern world of cyber crime. - Written by experts in cyber crime, digital investigations, and counter-terrorism - Learn the motivations, tools, and tactics used by cyber-attackers, computer security professionals, and investigators - Keep up to date on current national and international law regarding cyber crime and cyber terrorism - See just how significant cyber crime has become, and how important cyber law enforcement is in the modern world
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Cyber Crime and Cyber Terrorism Investigator’s Handbook;4
3;Copyright;5
4;Acknowledgments;6
5;Endorsements;8
6;Contents;10
7;Contributors;18
8;Author Biography;20
9;Foreword;22
10;Preface;24
11;Chapter 1: Cyberspace: The new frontier for policing? ;26
11.1;The Shape of the Challenge;27
11.2;The Size of the Challenge;30
11.3;The Response;32
11.4;Conclusion;33
11.5;References;34
12;Chapter 2: Definitions of Cyber Terrorism;36
12.1;Introduction;36
12.2;The Confusion About Cyber Terrorism;36
12.3;Cyber Terrorism Definition;38
12.4;Has Cyber Terrorism ever Occurred?;41
12.5;Conclusions;41
12.6;References;41
13;Chapter 3: New and emerging threats of cyber crime and terrorism;44
13.1;Introduction;44
13.2;Some Historic Milestones;44
13.3;Cyber security lessons not learned from previous ICT innovation cycles;46
13.4;Organizational aspects not learned from previous ICT innovation cycles;48
13.5;Emerging threats;49
13.6;Conclusions;53
13.7;References;53
14;Chapter 4: Police investigation processes: practical tools and techniques for tackling cyber crimes ;56
14.1;Introduction;56
14.2;Investigative Decision Making;57
14.3;Investigative Problem Solving;59
14.4;Developing Investigative Hypothesis;61
14.5;Investigative Innovation;62
14.6;Investigators Contact Management;63
14.7;Investigating Crime and Terror;64
14.8;Conclusion;66
14.9;References;67
15;Chapter 5: Cyber-specifications: capturing user requirements for cyber-security investigations;68
15.1;Introduction;68
15.2;User Requirements and the Need for a User-Centered Approach?;70
15.3;Balancing Technological and Human Capabilities;72
15.4;Conducting User Requirements Elicitation;76
15.5;Capturing and Communicating User Requirements;78
15.6;Conclusion;80
15.7;Acknowledgment;81
15.8;References;81
16;Chapter 6: High-tech investigations of cyber crime;84
16.1;Introduction;84
16.2;High-Tech Investigations and Forensics;84
16.3;Core Concepts of High-Tech Investigations;85
16.4;Digital Landscapes;86
16.5;The “Crime Scene”;86
16.5.1;Live and Online Data Capture;87
16.5.2;Offline (Dead) Data Capture;88
16.5.3;Verification of the Data;89
16.6;Reviewing the Requirements;89
16.7;Starting the Analysis;89
16.7.1;Signature Analysis;91
16.7.2;Filtering Evidence;91
16.7.3;Keyword Searching;92
16.8;Core Evidence;92
16.8.1;Windows LNK Files;93
16.8.2;Windows Prefetch Files;93
16.8.3;Windows Event Logs;94
16.8.4;Windows Registry;94
16.8.5;Restore Points;94
16.9;Case Study;94
16.10;Summary;95
16.11;References;95
17;Chapter 7: Seizing, imaging, and analyzing digital evidence: step-by-step guidelines ;96
17.1;Introduction;96
17.2;Establishing Crime;96
17.3;Collecting Evidence for a Search Warrant;97
17.4;Reported by a Third Party;97
17.5;Identification of a Suspects Internet Protocol Address;97
17.6;IP Spoofing;98
17.7;Anonymizing Proxy Relay Services;98
17.8;Intrusion Detection Systems, Network Traffic and Firewall Logs;99
17.9;Interviews with Suspects;99
17.10;Analysis of Suspects Media;99
17.11;Doxing;99
17.12;Collecting Evidence;100
17.13;Seizing Equipment;100
17.14;Search for Written Passwords;101
17.15;Forensic Acquisition;102
17.16;Ram;102
17.17;Image;103
17.18;Forensic Analysis;103
17.19;Anti-forensics;104
17.20;RAM Analysis;104
17.21;Data Carving and Magic Values;105
17.22;Media Storage Forensics;105
17.22.1;The Structure and Format of a Hard Drive;105
17.23;Partitions;106
17.24;Master Boot Record;107
17.25;The VBR and BIOS parameter block;107
17.26;File System;107
17.27;File Table;107
17.28;Searching for Evidence;108
17.29;Keyword and Phrases Search;108
17.30;Recovering Deleted Information;108
17.31;Recovering Deleted Files and Folders;109
17.32;Recovering Deleted Partitions;109
17.33;Where Evidence Hides;109
17.34;Registry;109
17.35;Most Recently Used Lists;110
17.36;LastWrite Time;111
17.37;Hiberfil.sys;111
17.38;Pagefil.sys;111
17.39;System Volume Information Folders;112
17.40;Chapter Summary;113
17.41;References;113
18;Chapter 8: Digital forensics education, training and awareness;116
18.1;Introduction;116
18.2;Digital Forensics Laboratory Preparation and Training;118
18.3;Digital Anti Forensics Tools and Approaches;119
18.4;The Main Difficulties Faced by Law Enforcement Officers Fighting Cyber-Crime;121
18.5;Educational Provision for the Study of Computer Forensics;122
18.6;The CFM Methodology;124
18.7;Conclusions;124
18.8;References;125
19;Chapter 9: Understanding the situational awareness in cybercrimes: case studies ;126
19.1;Introduction;126
19.2;Taxonomical Classification of Cybercrime/Cyberterrorism;128
19.3;Case Studies;130
19.4;Political/Publicity/Self-Actualization: The Case of the Syrian Electronic Army;131
19.4.1;Who Are They?;131
19.4.2;Political or Moral Hackers?;131
19.5;Methods: Phishing and DDoS;132
19.6;Who Have They Hacked to Date?;132
19.6.1;CNN;133
19.6.2;Angry Birds;133
19.6.3;Microsoft (January 2014);134
19.7;Saudi Arabian Government Websites (January 2014);134
19.8;Social Media Presence;134
19.9;The Case of Stuxnet;135
19.10;The Cyber-Attacks on Banks;136
19.10.1;On a Global Scale;136
19.10.2;In the UK;137
19.11;The Case of the Anonymous Attacks on Scientology;138
19.12;Self-Actualization: The Case of “Mafiaboy”;139
19.13;Strategic Responses to Cyber Attacks;140
19.14;Concluding Remarks;142
19.15;References;143
20;Chapter 10: Terrorist use of the internet;148
20.1;Terrorist Use of the Internet;148
20.2;Propaganda—Indoctrination—Recruitment;148
20.3;The Role of the Video;148
20.4;Online Forums—Blogs;149
20.5;Online Social Network Services;149
20.6;Radicalization Process on the Internet;150
20.7;Particular case: lone wolf;150
20.8;Information Sharing;151
20.9;Future Developments;152
20.9.1;Cyber Terrorism;152
20.9.2;Financing;153
20.9.3;Darknet;155
20.9.4;3D Printing;155
20.9.5;Full VPN;156
20.10;Conclusion;156
20.11;References;157
21;Chapter 11: ICT as a protection tool against child exploitation;158
21.1;Introduction;158
21.2; Key Issues and Challenges;159
21.3;Information Awareness and Better Education;160
21.4;Government Responsibilities and Legal Framework;161
21.5;Technical Issues and Challenges;161
21.5.1;A Case Study on Use of Technology and Proposed Methodology;161
21.5.2;Objectivity, Consistency and Credibility;163
21.5.3;A Systems Approach to Child Protection;164
21.6;Child-Centered Information Flows;164
21.7;CBCTResponse System;167
21.8;Conclusions;171
21.9;References;171
22;Chapter 12: Cybercrime classification and characteristics;174
22.1;Introduction;174
22.2;What is Cybercrime?;175
22.3;What are the Classifications and Types of Cybercrime?;179
22.4;Cybercrime Categories;181
22.4.1;Phishing;181
22.4.2;Spam;183
22.4.3;Hacking;183
22.4.4;Cyber Harassment or Bullying;184
22.4.5;Identity Theft;184
22.4.6;Plastic Card Fraud;185
22.4.7;Internet Auction Fraud;185
22.5;Cyber-Attack Methods and Tools;185
22.6;Conclusion;187
22.7;References;188
23;Chapter 13: Cyber terrorism: Case studies;190
23.1;Introduction;190
23.2;Case Studies—Activities In Cyberspace Attributed to Terrorist Organizations;191
23.3;Analysis of Capabilities;193
23.4;Technological Capabilities, Intelligence Guidance, and Operational Capacity;195
23.4.1;Technological Capabilities;195
23.4.2;Intelligence-Guided Capability;195
23.4.3;Operational Capability;196
23.5;Conclusion;197
23.6;References;199
24;Chapter 14: Social media and Big Data;200
24.1;Introduction;200
24.2;Big Data: The Asymmetric Distribution of Control Over Information and Possible Remedies;201
24.3;Big Data and Social Surveillance: Public and Private Interplay in Social Control;203
24.3.1;Array of Approved eSurveillance Legislation;204
24.3.2;Forced “On Call” Collaboration by Private Entities;206
24.3.2.1;Data Collection for Crime Prediction and Prevention;207
24.3.2.2;Legitimacy;207
24.3.3;Use of Private Sector Tools and Resources;208
24.4;The Role of the E.U. Reform on Data Protection in Limiting the Risks of Social Surveillance;209
24.5;Preserving the E.U. data protection standard in a globalized world;211
24.6;References;215
25;Chapter 15: Social media and its role for LEAs: Review and applications ;222
25.1;Introduction;222
25.2;Features of Social Media Users and Use;225
25.2.1;Differences in Demographics Across Networks;225
25.2.2;Rationales for Social Media Use;225
25.2.3;Influences on Social Media Behaviors;226
25.2.4;Disclosure and Trustworthiness of Information;228
25.2.5;Relevance to LEAs;229
25.3;LEA Usage Scenarios for Social Media;229
25.3.1;Social Media in “Lone-Wolf” Scenarios for Early Assessment and Identification of Threats;231
25.3.2;Social Media-Based Approach in a Hostage Scenario;232
25.3.3;Organized Crime Social Media Data Analysis;233
25.3.4;Crowd-Sourcing with a Collective Intelligence Platform;234
25.3.5;Application of Social Media in Human Trafficking Scenarios;236
25.3.6;Public Engagement on Social Media;238
25.3.7;From Social Media to LEA Intelligence;239
25.4;Concluding Remarks;241
25.5;References;241
26;Chapter 16: The rise of cyber liability insurance;246
26.1;A Brief History of Insurance;246
26.2;Business Interruption Insurance;246
26.3;What is Cyber Liability?;247
26.3.1;First-Party Cyber Liability;248
26.3.2;Third-Party Cyber Liability;249
26.4;Cyber Risks—A Growing Concern;249
26.5;The Cyber Threat;250
26.6;A Changing Regulatory Landscape;251
26.7;ICO Notification;251
26.8;What Does Cyber Liability Insurance Cover?;252
26.9;Who Offers Cyber Liability Insurance and What Should Customers Look Out For?;253
26.10;Conclusion;254
27;Chapter 17: Responding to cyber crime and cyber terrorism—botnets an insidious threat;256
27.1;Introduction;256
27.2;A Botnet Roadmap;257
27.2.1;Primary Activities:;264
27.2.2;Support Activities:;264
27.3;Botnets How Do They Work. Network Topologies and Protocols;265
27.4;Case Study—Eurograbber (2012);269
27.4.1;The Infection;270
27.4.2;The Money Theft;271
27.5;Case Study—ZeroAccess (2013);272
27.6;Countermeasures for Fighting Botnets or Mitigating Botnets Effects;274
27.7;Conclusion and Future Trends (TOR, Mobile and Social Networks);278
27.8;References;281
28;Chapter 18: Evolution of tetra through the integration with a number of communication platforms to support public protecti ...;284
28.1;Introduction;284
28.1.1;TETRA Technology;285
28.1.2;Current Trends of PPDR (i.e., TETRA) Technology;286
28.2;Technological and Economic Barriers and Issues;287
28.3;Progress Beyond the State-of-the-Art;288
28.3.1;Current PPDR Communication Network Architecture Landscape;288
28.3.2;State-of-the-Art on Mobile Communication Standard;290
28.3.2.1;General PMR standards;290
28.3.2.2;TETRAPOL;290
28.3.2.3;GSM;291
28.3.2.4;TETRA;291
28.4;Proposed PPDR Communication Network Architectural Solutions;292
28.4.1;TETRA over Mobile IP Network;292
28.4.1.1;Multi-technology communication mobile IP gateway (MIPGATE);292
28.4.1.2;Multipath TCP;294
28.4.1.3;Security;294
28.4.2;TETRA over Mobile Ad-Hoc Network;295
28.4.3;TETRA over DVB-T/DTTV Network;296
28.5;Conclusion;297
28.6;References;298
29;Index;300
Chapter 1 Cyberspace
The new frontier for policing?
Fraser Sampson Abstract
This chapter contains an analysis of some of the practical legal challenges of so-called cyberspace and cybercrime/cyber-enabled crime. In particular, this chapter discusses the difficulties of concepts such as jurisdiction and the ability of domestic legal systems to accommodate the borderlessness of the Internet. This chapter considers the nature, size, shape, and scale of the challenge represented by cyberspace within the context of the UK Cyber Security Strategy and recent developments among public bodies to adapt. This chapter concludes by raising the growing dilemma presented by the need to balance security of citizens and their property within cyberspace against the regulated conduct of state agencies within that setting. Keywords Cyberspace Cybercrime Cyber-enabled crime e-crime Computer-enabled criminality Cyber constables Strategic Policing Requirement Published in 2011, the UK Cyber Security Strategy states that: Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society. That the United Kingdom even has a cyber security strategy is telling. Governments and their agencies—not only in the United Kingdom but worldwide—have struggled to distinguish criminality that specifically relies on the use of the hyper-connectivity of global information technology from “ordinary” crime that is simply enabled by using information and communication technology. Despite legislative interventions such as the Council of Europe Convention on Cybercrime (for an analysis of which see Vatis, 2010, p. 207) in 2001, cyberspace remains a largely unregulated jurisdictional outpost. The first piece of criminal legislation to address the use—or rather the misuse—of computers in the United Kingdom was enacted in 1990. The recital to the Computer Misuse Act 1990 states that it was an act “to make provision for securing computer material against unauthorized access or modification; and for connected purposes.” This narrow, pre-Internet focus was very much predicated on the concept of a computer as a functional box (or network of boxes) containing “material” that required protection (Sampson 1991a, p. 211). Although the Act addressed unauthorized access, the concept of causing a computer to perform a function in furtherance of other crimes was also a central part of the new legislation (Sampson, 1991b, p. 58) which, for the first time in the United Kingdom, sought to catch up with computer technology that was becoming part of people’s everyday lives—a race in which the legislative process did not stand a chance. While the legislation was amended in 2006 with the introduction of a new criminal offence of unauthorized acts to impair the operation of a computer or program, etc., looking back through today’s digital prism, the legislation has a decidedly analog look to it. When the legislation came into force we had little idea of the impact the “information super-highway” would have on our everyday lives, still less the engrenage effect of social media. According to the UK’s 2011 Cyber Security Strategy, at the time of its publication 2 billion people were online and there were over 5 billion Internet-connected devices in existence. During that same year, the number of people being proceeded against for offences under the Computer Misuse Act 1991 in England and Wales, according to a document from the Ministry of Justice, was nine (Canham, 2012) with no people being proceeded against for the two offences under s.1(1) and s.1(3). Perhaps as surprisingly, the records from the Police National Legal Database (PNLD) used by all police forces in England and Wales for offence wordings, charging codes, and legal research show that during two weeks (chosen at random) in 2013 the Computer Misuse Act 1990 and its constituent parts were accessed as follows: Between 4th and 10th March—907 times Between 10th and 16th November—750 times Reconciling these two data sets is difficult. While it is clear from the PNLD access data that law enforcement officials in England and Wales are still interrogating the 1990 legislation frequently (on average, around 825 times per week or 118 times per day or annually 42,900 times), the number of prosecutions for the correlative offences is vanishingly small. One of the many challenges with cybercrime and cyber-enabled criminality is establishing its size and shape. The Shape of the Challenge
Just as the shape of our technology has changed beyond all recognition since 1990, so too has the shape of the challenge. The almost unconstrained development of Internet-based connectivity can be seen, on one hand, as a phenomenological emancipation of the masses, an extension of the Civil Data Movement and the citizens’ entitlement to publicly held data (see (Sampson and Kinnear, 2010). On the other hand, the empowerment it has given others (particularly sovereign states) to abuse cyberspace has been cast as representing the “end of privacy” prompting a petition to the United Nations for a “bill of digital rights.” Steering a predictably middle course, the UK strategy sets out the key—and, it is submitted, most elusive—concept within the document: that of a “vibrant, resilient, and secure cyberspace.” The aspiration must surely be right but how can resilience and security be achieved within a vibrant space run by computers? In terms of both computers and our reliance upon them, we have moved so far from the original notion of boxes, functions, commands and programs, along with the consequences that can be brought about by their use, that a fundamental re-think is needed. So what—and where—is cyberspace? Much has been written recently on the threat, risk and harm posed by “cybercrime,” “e-crime,” “cyber-enabled” criminality but the legislation has been left a long way behind. The EU has a substantial number of workstreams around its “Cybersecurity Strategy” and its own working definition of “cyberspace” though its own proposed Directive has no legal definition but rather one for Network and Information Security to match the agency established in 2004 with the same name. In the United Kingdom, a parliamentary question in 2012 asked the Secretary of State for Justice how many prosecutions there had been for “e-crime” in the past 5 years. In response, the Parliamentary Under Secretary of State gave statistics for ss 1(4), 2 and 3(5) of the Computer Misuse Act while the correlative Hansard entry uses the expression “cybercrime” in its heading. Wherever it is, constitutional lawyers around the world have wrestled with the applicability of their countries’ legislation with the borderlessness of the virtual word of the Internet; the application of “analog” territorial laws to the indeterminable digital boundaries of the infinite global communications network is, it seems, proving to be too much for our conventional legal systems. Here is why. When it comes to interpreting and applying law across our own administrative jurisdictional boundaries, an established body of internationally agreed principles, behavior, and jurisprudence has developed over time. Some attempts have been made to apply these legal norms to cyberspace. For example, the International Covenant on Civil and Political Rights sets out some key obligations of signatory states. In addition, activities executed within or via cyberspace should not be beyond the reach of other community protections such as those enshrined in the European Convention of Human Rights or the EU Charter of Fundamental Rights, particularly where issues such as online child sexual exploitation are involved. The first basic challenge that this brings however, is that of jurisdiction. Cottim has identified five jurisdictional theories and approaches in this context, namely (Cottim A. 2010): 1. Territoriality theory: The theory that jurisdiction is determined by the place where the offence is committed, in whole or in part. This “territoriality theory” has its roots in the Westphalian Peace model of state sovereignty that has been in place since 1684 (see Beaulac, 2004, p. 181). This approach has at its heart the presumption that the State has sovereignty over the territory under discussion, a presumption that is manifestly and easily rebuttable in most “cyberspace” cases. 2. Nationality (or active personality) theory: Based primarily on the nationality of the person who committed the offence (see United States of America v. Jay Cohen; Docket No. 00-1574, 260 F.3d 68 (2d Cir., July 31, 2001) where World Sports Exchange, together with its President, were defendants in an FBI prosecution for conspiracy to use communications facilities to transmit wagers in interstate or foreign commerce. The defendants were charged with targeting customers in the United States inviting them to place bets...
