Stealing digital information Financial and personal perspective SUMMER SCHOOL 2014
Stealing information on the Internet is on the rise It might have negative effects on many aspects of our everyday life Online scammers find more and more sophisticated ways of frauds
Is it a big problem? Many companies underestimate their cyberadversaries capabilities and the strategic financial, reputational, and regulatory risks they pose. Companies are unknowingly increasing their digital attack vulnerabilities 2013 US State of Cybercrime Survey, by the Computer Security Institute
Phishing Type of an attack where the sender tries to trick the target into giving up sensitive information resulting in financial gain for the sender.
Spoofing Type of an attack in which the sender poses as somebody else. It can cover a wide range of tactics to make an e-mail look legitimate, e.g including using logos from the organization Phishers would use spoofing to create a fake e-mail. Spoofing is not intended to steal information (like in phishing), but to actually make you do something for them.
Theft of payment card information. Photocopying receipts or more advanced methods such as using a small electronic device (skimmer) to swipe and store hundreds of victims card numbers. Skimming
In the year of 2012, 82 brands were involved in Chinese phishing attacks. Top 10 brands. The distribution of main brands is showed as follows. CHINA
In the year of 2012, 130 Top-Level Domains were used in Chinese phishing attacks..com,.tk and.cc are the most three TLDs used and accounted for 57.2% of the total number. CHINA
ECUADOR The cyber crimes take place in Ecuador, and the number of virtual robberies reached one milion dollars according to the estimation of Fiscalia (Public Prosecutor's Office) only during the first term of 2011. On the national level, according to the numbers of Fiscalia, there were reported at least 800 cases of such crimes from January to August 2011. In Ecuador there were some emblematic cases, web site of the president, cloned credit cards that costed damage around US$ 6.000.000
ECUADOR Statistics of incidents of security and vulnerability
AFRICA According to Microsofts Security intelligence report on 2011 Most of the country with higher rate are from Africa Egypt settle a top worldwide with highest rate of infection Common problem and phishing were much higher than the worldwide average in Algeria and in Tunisia
AFRICA BSA (Business Software Alliance) found that the rate of piracy software in Algeria reached 84%; Egypt is the third for countries hosting phishing fraud with a total of 6,8% of worldwide phishing; Nigeria has been a king of email spam; Kenya has seen a sharp rise in hacking government sites.
POLAND Example of phishing:
POLAND Example of phishing: Allegro - an online auction website A false message was sent via email to the Internet users with the information about winning the contest and the request to send an email with the phone number. The style of the message was unprofessional and without Polish letters which should immediately raise the attention of the potential victim. However, the logos of Allegro, the United Nations and Facebook add to the credibility of the message. The address did not include any infected software so it was just a primitive attack with the purpose to obtain users phone numbers. Kaspersky Lab Polska stresses that the portal Allegro was not responsible for sending the message. Cyber criminal illegally used the logo of Allegro.
POLAND Example of spoofing:
POLAND Example of spoofing: The Prosecutor examined the case of impersonating Beata Kempa and sending fake emails. The email included the apparent announcement that the Member of Parliament is going to resign from candidating in the Parliamentary elections. A false messages were sent to National Press Agency from the address of Beata Kempa. Beata Kempa puts blame on the government and suggests that the security of the Parliament s mailboxes is not efficient. The experts think it is not the case of the insecurity. They suggested two scenarios. Either somebody broke into her mailbox or just spoofed, impersonating her email address, claims Piotr Konieczny, chief information security officer from niebezpiecznik.pl.
EU REGULATIONS AGAINST STEALING INFORMATION DIRECTIVE 2013/40/EU OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 12 August 2013 on attacks against information systems and replacing Council Framework Decision The main aims of the directive: Establishing minimum rules concerning the definition of criminal offences and sanctions in the area of attacks against information systems. Facilitating the prevention of such offences and to improve cooperation between judicial and other competent authorities.
How to protect ourselves? Install security and scanning software onto computer; Never provide personal information in response to an unsolicited request; Do not use name, date of birth, adress, or any other personal information for passwords; Review account statements regularly to ensure all charges are correct.
How to protect ourselves?