3 CiberCrime Bernik

7/27/2019 3 CiberCrime Bernik

1/25

KriminalitetukibernetskomprostoruSuvremeneoblike

IgorBernik,UniverzavMariboru,Fakultetazavarnostnevede


2/25

Informacijskailikibernetskasigurnost

Revolucijainfrastrukture Eksplozijapodataka Stalnoukljuen,stalnoprikljuenukibernetskiprostor Buduefinancije-cashilie-payment,subs@tu@? Nove,stroeregulacijeistandardi Vieinternetazemljanijejedna,zemljajevie? Novimodeliiden@teteipoverenja?(newiden@tyand

trustmodels)

evolucijailirevolucija


3/25

Kibernetskikriminalitet

Ins@tucijeizakonodaja,medunarodnausaglaenost Izvriocikibernetskogkriminala,mo@vi,klasifikacijaizvrioca Kiberne@kainfrastrukturazavrenjerazlii@hkrivinih

djela

Za@tasistemaodnapada Novipojavnioblicikibernetskogkriminaliteta Strahpredkibernetskimkriminalitetom Istraivanjekibernetskogkriminaliteta

umodernomsvjetu


4/25

Introduction of topic

What do we understand as cybercrimeWhat is particularly cyber about it?We belive: Criminal acts is punishable by law.For most of criminal acts conducted in cyberspace

we use classic legislation (theft, abuse, childpornograpy, etc.).

Cybercrime is the use of information technologyto carry criminal acts.


5/25

Awareness and Fear

Its all about a personal perception of the threat ofcybercrimes.

Decreasing fear of cybercrime can only beachieved by educating users of the cyberspace.

How users conduct themselves in cyberspacedepends on how well they are informed about its.

Awareness of cybercrime and fear of it aretherefore related to the users knowledge aboutcyber threats lurking in cyberspace.


6/25

What now?

To reduce fear of cyber crime and rise awarenessof cybercrime problem, users should be informedabout all its various types, e.g.:web defacementunauthorized network access, cyber-stalking, Internetfraudidentity theftchild pornographyinterception and fabrication of e-mailstheft of passwords etc.

Informing and educating about the dangers ofcybercrime must become widespread, commonand continuous at all level of society.


7/25

Guidelines

To ensure protection against cyber criminals, toreduce endangerment and avoid possibleconsequences, it is important to adhere to thefollowing basic guidelines:

Be careful when opening links received by e-mail(Trojan horse malware, phishing etc.).Be aware that your personal data can be used to

profile your activities, thus making you vulnerable tomanipulation and/or identity theft.

Try to check the identity of anyone who wishes toacquire your personal data.Be careful which data and software application you

load onto your computer or mobile device. Someapplications enable theft of personal or

business data.


8/25

Guidelines, cont.

Make sure that your anti-virus program is regularlyupdated and that a firewall is installed.

Protect your passwords, and take notice of anyone whois shoulder surfing while you type them in.

Periodically change your passwords, choose strongpasswords.

Most importantly: use your common sense.Informing and educating about the dangers of cybercrime must become widespread, common andcontinuous at all level of society.

Users will know how to use this technology rationallyand responsible, and will not be afraid of it.


9/25

Conclusion

Users are relatively well informed about thevarious types of cybercrime, but the public is moreaware of threats exposed by the news media, than

of those from which they should truly protectthemselves.

Better security and thus greater safety can only beensured, if users conduct themselves responsibly

in cyberspace.

Lack of understanding translates into inadequatesecurity.


10/25

Informacijskaikibernetskaborba

Informacijeikibernetskiprostor,snagainformacijaiinformacijskikonflikt

Tehnike,izvriociirtveinformacijskeborbe Dravnoizvajanjeinformacijskeborbe,pijunaa,ak@vnaborba,

asimetrina,borba,informacijskeoperacije,propaganda

Ulogaorganizacijaiindustrijskapijunaa Ulogadravavinformacijskembojevanju;SAD,Kineska,Rusija,

Izrael,...poloajmalihzemalja

Medunarodnazakonodavstvo,odbrana Poli@koiideolokomo@viranegrupe

poznatoilinovodogadganje


11/25

ICT and Internet

Daily work

Crucial operations

Business

Cyber crime

Information warfare

Economic loss,

physical impact


12/25

EU

NATO

United Nations

INTERPOL

EUROPOL

Council of Europe

International war operations

Information Warfare


13/25

Information warfare

Information warfare = warfare for information power.

Right information are basic capital of arganization!?

Military, state, organizational and NGOs.

Asimetric warfare.


14/25

Nature of information warfare

STATE IW CORPORATE IW CIVIL IW

Espionage (Echelon) Harassment Cyber terrorismKinetic war (NCW, GIG) Industrial espionage Hacktivism

Information operations ECD

Propaganda Animal, environment

rights group


15/25

Information warfare leaders?

USA

World superpower, common cyber attacks,strong offensive and defensive information warfare techniques.

CHINA

Asymmetric warfare (information warfare centers).

RUSSIA

First information war (Estonia, Poland, Georgia).

NORTH KOREA

Low dependence on technology, selective internet traffic and strongdefense mechanisms.

SOME OTHERS?


16/25

Recommendations for counterfeiting

1. Information security politics should consider ISO standards.

2. Implementation of latest technology.

3. National strategy of information (cyber) security.

4. Mandatory information security standards for all organizations.

5. Safety classifications of valuable information.

6. International cooperation.


17/25

What needs to be done for improvement?

National level

1. Universal definition.

2. Definition of acceptable usage of ICT.

3. International harmonization.

4. Abolish legal constraints.

5. Trained law agencies.


18/25

Organizational level:

1. Business ethics.

2. Security awareness.

3. Data classification and personal limitation.

4. Risk management and uninterrupted business.

Further research: understanding, protection.


19/25

Kibernetskiterorizam

Kibernetksiterorizamiliklasikikibenetksikriminalitet Nivoikibernetskogterorizma,kibernetskiprostoriteroris@keakcije Izvriociklasikogkibernetskogkriminalitetaiteroris@ Riskmanagementnapodrojukibernetskogterorizma Posljedicekibernetskogterorizma,preven@vnemjere Mjerepro@vkibernetskimteroris@kimnapadima Ak@vnos@naravniorganizacija,drava,EU,NATO,

globalno

tajekibernetskoguterorizmu


20/25

Cyber Terrorism - facts

IS are a basic support element of every organizationalstructure - organizations cannot achieve their visionswithout them

Companies feels necessity of securing IS Protection; risk management system - allows us to know

our enemy

Threats to IS are multiple and constant. Reason forprotecting our IS is to defend it from external malware -one of those vicious attacks is also CT.


21/25

Cyber Terrorism sum

Definition: Cyber Terrorism is carefully planned,politically motivated attack on information,computer system, programs and data.

Cyber Terrorism causing fear, damage or evendeath using attack with the enterprise IS

influencing the (global) society and mediaattention.


22/25

Cannotcausedeathorinjury-indirectrisks.Consequencesandactsarethereforeindirect.

Computerscontrolcri@calinfrastructure:storageofvitalinforma@on-damageorlosscanleadtolossoflives(ex:

medicalenvironment).

Differencewithclassicformofterrorism:

HighlevelofcomputerknowledgeHighlevelofmo@va@on(possibilityofrecrui@nghackersforterroristneeds)

Differenceisalsoseenintheusageofcomputers-atthemomentcomputersareusedasasupportforplanningandexecu@ngclassicalterrorista`acks-thatwillchangeinthefuture.

Computers as weapon


23/25

Psychological Physical EconomicThemostexposedcriEcalareas:informa@onand

communica@ons,electricalnetwork,gasandoil

(storage,transport,extrac@on),bankingandfinances,transport,watersupplysystems,

governmentservices.Wemustphysicalseparate

criEcalISfrominternet.

Cyber Terrorism consequences


24/25

Countriesandorganiza@onsmusttakeproac@vemeasuramentsforprotec@ngISandcri@cal

infrastructurefromCT

Riskmanagementsystemisunavoidable(similarasclassicsystem-consequencesarethemost

importantfactor)

Decisionregardingtheformofprotec@onisdependentoneveryorganiza@onbyitself

Protection


25/25

Cyberterrorismis(s@ll)misunderstood. [email protected]@onsofterrorists

arebornininforma@onsociety.TheywillpossesknowledgeofICTandcombineitwithhighlevelofmo@va@on.

Damagecausedbythesea`ackscanbebigger. Highlevelofsafetycultureinorganiza@onsshowsusthattheyarewellprepared.

Cybercrimeandterrorismareunavoidablethreats.Whatcanwedo?

Preparebe`erprocessofrecoveryincaseofincident. Preven@veac@ons,educa@onandraisingsafetyculturewillleadstoimproving

informa@onsecurity.

Riskmanagementprocess-wemustknowourthreatstofightthem. Following trends of security and threat development is necessary

Conclusion

Documents

3 CiberCrime Bernik