High-Tech Crime Countermeasures

Ko IKAIHigh-Tech Crime Technology Division

National Police Agency, JAPAN

Agenda State of High-Tech Crime Countermeasures

Framework Facilities and Equipment Human Resources Training

Challenges

State of High-Tech Crime

Basic Statistics 56,453,000(44% of whole nation)

use Internet in Japan 15,962,000 use broadband

connection 48% of households have Internet

connection (except by cell phones)

Estimation on Feb. 30, 2003, Internet White Paper 2003 (Internet Association Japan)

Intrusive Activities

0

200

400

600

800

1000

1200

1400

1600

1800

2000

Apr, 2003 May, 2003 J un, 2003

Detected by 57 IDS installed in police organizations

Breakdown of Intrusive Activities

Based on 119,822 detectionsbetween Apr. 1 and J un. 30, 2003

53.9%37.9%

0.2%3.1%

3.0%

1.6%0.2% Infection attempt by worms

Port scan

ICMP related activity

Backdoor connection attempt

Intrusion attempt into WWW server

Denial of service attack

Others

Complaints

2,965

11,135

17,277

19,329

0

5,000

10,000

15,000

20,000

25,000

1999 2000 2001 2002

Breakdown of Complaints

Based on 19,329 complaints in 2002

21%

17%

13%12%

11%

6%

20%Internet Auctions

Fraud & Sharp Business

Defamation

Illegal & Harmful Contents

Spam E-mails

Illegal network access, Virus

Others

Arrests

83 116247

484

712

958

179

110

30

63

299

44

51

35

31

0

200

400

600

800

1000

1200

1997 1998 1999 2000 2001 2002

Violation of the Unauthorized Computer Access LawCrime against Computer/ DataInternet Crime

262415 357

559

810

1039

Breakdown of Arrests－ 31 35 51 ＋ 16

110 44 63 30 -33

C omputer Fraud 98 33 48 18 -30

Illega l production/Destructionof electro-magnetic date

5 9 11 8 -3

O bstruction of business bydestroying computer

7 2 4 4 0

247 484 712 958 ＋ 246

C hild Prostitution 0 8 117 268 ＋ 151

C hild Pornography 9 113 128 140 ＋ 12

Fraud 23 53 103 112 ＋ 9

Distribution of O bscene O bject 147 154 103 109 ＋ 6

V iolation of juvenile protectionordinance

4 2 10 70 ＋ 60

Intimidation 4 17 40 33 － 7

Infringement of C opyright 21 29 28 31 ＋ 3

Defamation 12 30 42 27 － 15

O thers 27 78 141 168 ＋ 27

357 559 810 1,039 ＋ 229

408 ＋ 163

20021999

121

2000

245

2001

Total

Crime against Computer/Data

Internet Crime

Unauthorized Computer Access

9

Countermeasures

FrameworkFacilities and Equipment

Human ResourcesTraining

Framework

Police System in Japan National Police Agency(NPA)

National governmental organization Duty: supervision and planning

related to national law and budget Prefectural Police Forces(PPF)

Local governmental organization Duty: actual police operation

National Efforts High-Tech Crime Technology Division (HT

CTD) since 1999 Unauthorized Computer Access Law Official notice of high-tech crime counter

measures to PPFs Official notice of cyber-terror countermea

sures to PPFs Subsidy for PPFs

National Center of Computer Forensics(NCCF) Part of HTCTD Technical core of high-tech crime

countermeasures Dealing with extremely difficult

evidences

Cyber Force Center(CFC) Part of HTCTD Established in 2001 Focusing on protection against

cyber attacks to critical infrastructure entities

24/7/365 watch and warning Information hub for computer

network security

Local Efforts Establishment of High-Tech Crime

Task Forces(HTCTF) High-tech crime reporting point

Establishment of Cyber-Terror Task Forces

Employment of people with IT skills as special investigators or IT security advisors

Facilities and Equipment

Cost Overview NCCF

Initial: 15.3 million USD Maintenance: 1 million USD

CFC Initial: 53.5 million USD Maintenance: 13 million USD

(1 USD = 120 JPY)

Facilities NCCF

National-owned building 5 floors, 1500 sq. meters

(approx. 15000 sq. feet) CFC

Private-owned building (rented) 8 floors, 4500 sq. meters

Equipments in NCCF Massive log analysis system Password analysis system Credit card analysis system Virtual Internet environment X-ray inspection system Clean room Various softwares Honey pot

Equipments in CFC 24/7/365 watch and warning

center Honey pot

Distributed IDS R&D environment Simulation environment Training environment

Equipments in HTCTD HQ WWW server (@police)

http://www.cyberpolice.go.jp/ Cybercrime Technical Information Networ

k System(CTINS) Purpose: information sharing among 10 cyb

ercrime law enforcement units in Asia China; Hong Kong, China; India; Indonesia;

Korea; Malaysia; Philippines; Singapore; Thai; and Japan

Human Resources

Wanted People NCCF

People with EXTREME expertise on computer forensics

CFC People with computer/network

security expertise Dynamic employment is difficult in

Japan

Base of Human Resources 4,000 info-communication

specialists inside police organization

They have built and maintained police communication infrastructure for 49 years

It WAS able to pick-up necessary talent

People from Private Sector Contractor

Maintainer of equipments R&D staffs

Hiring Some local HTCTFs hires experts as special

investigator or IT security advisor

Current State NCCF

12 officials (forensic experts) 5 contractors (experiment staffs)

CFC 18 officials (computer/network security

specialists) 10 contractors (R&D staffs)

HTCTD HQ 18 officials (chief and administrative staffs)

Training

Training program National Police Academy

High-tech crime technology course Cyber-terror technology course

Training program by private sector Specially designed by various venders International conference

OJT in foreign law enforcements FBI, Secret Service, NHTCU(UK)

Challenges Company secrets

Dominant system vendor Cell phone vender

Personnel circulation Co-ordination with security

community FIRST, National CERT, NIRT

Questions?

Thank you!

Contact:Ko Ikai, kikai02@npa.go.jp

Toshihiko Kamon, tkamon97@npa.go.jp