Police Technical Approach to Cyber Threats

Similar documents
The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

The situation of threats in cyberspace in the first half of 2018

Cyber Intel within European Cybercrime Center Ops

COMPUTER FORENSICS (CFRS)

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Responding to Cybercrime:

INTERPOL For official use only. Fighting with friends

UNODC tackling cybercrime in support of a safe and secure AP-IS

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

INTERPOL s Role and Efforts in Combating Cybercrime. Dr. Madan M. Oberoi Director Cyber Innovation and Outreach

Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

PROJECT RESULTS Summary

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

The GenCyber Program. By Chris Ralph

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Policy recommendations. Technology fraud and online exploitation

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Legal, Ethical, and Professional Issues in Information Security

Criminal Justice Statistics on Cybercrime & Electronic Evidence

IP CHANGES IN THE THAI COMPUTER CRIME ACT. Cyber crime in Thailand Introduction & Overview

Call for Interest for the INTERPOL Digital Crime Centre 2 nd round (area of advanced technology required for the Malware/BotNet analysis)

CYBER SOLUTIONS & THREAT INTELLIGENCE

LIMITE EN COUNCIL OF THE EUROPEAN UNION. Brussels, 26 September 2008 (30.09) (OR. fr) 13567/08 LIMITE ENFOPOL 170 CRIMORG 150

A Criminal Intrudes into a Bank in Geneva Korean agents. Canadian agents make the arrest. Argentinian investigators. discover. attack came from Seoul

716 West Ave Austin, TX USA

CYBER SECURITY TRAINING

THE SOUTHEAST ASIA REGIONAL CENTRE FOR COUNTER-TERRORISM (SEARCCT)

Regional Seminar on Cyber Preparedness

Media Kit. California Cybersecurity Institute

JPCERT/CC Internet Threat Monitoring Report [July 1, September 30, 2016]

UNODC. International Cooperation and Assistance in Cybercrime Matters

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

WHO PROTECTS YOUR MAIL? MAILERS TECHNICAL ADVISORY COMMITTEE Guy Cottrell, Chief Postal Inspector

How do you decide what s best for you?

ITU/HIPPSA Technical Assistance on Cybercrime Law for the Republic of Rwanda, Kigali 11 th -12 th July 2013

A Multi-Stakeholder Approach in the Fight Against Cybercrime

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form BOSNIA AND HERZEGOVINA. Policy Target No. 1

UNODC/CCPCJ/EG.4/2017/CRP.1

ΚΕΝΤΡΟ ΜΕΛΕΤΩΝ ΑΣΦΑΛΕΙΑΣ CENTER FOR SECURITY STUDIES

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

INTERPOL s Role and Effort in Combating Cybercrime Kunwon YANG Assistant Director, DFL, IGCI

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Criminal Justice System s Intervention to Cybersecurity Threats: Panacea or Pandora's Box?

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

INDONESIA S PERSPECTIVE ON CYBER TERRORISM

Digital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James

The cost of cybercrime the benefits of cooperation

Way to new challenges

INTERPOL Capacity Building and Training Activities. Lili SUN Head of Training Unit Cybercrime Directorate June 15, 2017

15412/16 RR/dk 1 DGD 1C

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

Promoting Global Cybersecurity

Cybersecurity Overview

International Cooperation in Cybercrime Investigations

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

The Scenes of Cyber Crime

Cyber Security Development. Ghana in Perspective

(U) Cyber Threats to the Homeland

Cybercrime what is the hidden nature of digital criminal activities nowadays?

An overview of the CERT/CC and CSIRT Community

Heavy Vehicle Cyber Security Bulletin

22nd TF-CSIRT Meeting, Porto

THE TRIPWIRE NERC SOLUTION SUITE

Cybersecurity, safety and resilience - Airline perspective

Information Security Policies in Japan

ESSA Q INTEGRITY REPORT

IMPACT OF DRUGS AND SECURITY IN THE CARIBBEAN

Education Network Security

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

NSI. Suspicious Activity Reporting Line Officer Training

OAS Cybersecurity Capacity Building Efforts

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

MEETINGS OF MINISTERS OF JUSTICE OR OEA/Ser.K/XXXIV

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Defending Our Digital Density.

Legislative Council Panel on Security

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

The Cyber War on Small Business

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Donor Countries Security. Date

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

European Cybercrime Centre EUROPOL

Japan s Cyber Diplomacy

Legal Foundation and Enforcement: Promoting Cybersecurity

CIRT: Requirements and implementation

Training UNIFIED SECURITY. Signature based packet analysis

Detect Fraud & Financial Crime

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

This descriptive document is intended as the basis for creation of a functional specification for 2

DATA BREACH NUTS AND BOLTS

Project Vic

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Co-operation against cybercrime CSIRTs LE private sector

Transcription:

Police Technical Approach to Cyber Threats Jumpei Kawahara Director of High-Tech Crime Technology Division, National Police Agency, Japan

1 Overview

(cases) Current Situation 140000 140,000 120000 100000 80000 60000 40000 20000 Others Illegal and harmful information Internet auction fraud Unauthorized access and virus Defamation and abuse Spam e-mails Fraud and fraudulent business 80,273 77,815 11259 3382 5905 3199 4619 4848 4803 10549 10807 11667 12099 12946 32982 29113 84,863 13217 3132 5950 6220 9425 10682 36237 118,100 14643 5080 6545 9550 9757 14185 58340 128,097 15822 4854 6274 7089 10398 16634 67026 0 2011 2012 2013 2014 H23 H24 H25 H26 2015 H27 Number of consultations on cybercrimes, etc. 2

Advantages of Police - Authority for investigation - Nationwide working units - Own technological capability 3

olice Organization for High-Tech Crime Technology National Police Agency High-Tech Crime Technology (HTCT) Div. Digital Forensic Center Cyber Force Center Technical Support Counter Cybercrime Cybercrime Div. Counter Cyber Attack Security Planning Div. Other crimes General Crimes Organized Crime Traffic Child Sexual Exploitation / Abuse etc. 1

Mission of HTCT Organization To provide technical expertise to tackle cyber threats Digital Forensics - analysis of evidence stored in digital devices - technical support for search, seizure, inspection, etc. Cyber Forces - 24/7 basis detection and analysis of suspicious traffic - cooperation with private sectors - malware analysis - incident response activity 2

2 Digital Forensics

Digital Forensics Extract Digital devices seized at crime scenes 0AF46ED3 9EF5300C 2FE567BB 9321E8A8 Visualize E-mails Accounts Address List etc. Electronic evidence Analyze Identification of criminals Proof of crimes Disclosing crime syndicate 4

Fundamentals of Digital Forensics Electronic evidence can be valuable based on: Correctness of Procedure Accuracy of Analysis Objective Verifiability 6

Organization for Digital Forensics National Police Agency Digital Forensics Center Highly advanced digital forensic analysis Regional Police Bureaus Prefectural Info-Communications Departments 3

Handling Broken Mobile Phone Transplant(1) Circuit Memory IC Broken smartphone Removed circuit 8

Handling Broken Mobile Phone Transplant(2) Removed circuit Memory IC ( stained ) restored the function by cleansing, reballing, etc. 1 Transplant into alternative device ( the same model as the broken one ) 2 Analysis! Alternative device 9

3 Cyber Forces

Cyber Forces Organization (CFs) - Nationwide technical task forces for counter cyber attacks CFs promote preventing cyber attacks and mitigating the damage in coordination with Critical Infrastructure providers, etc. N P A Cyber Force Center (CFC) - The headquarters 10

Real-time Detection Network System : sensor Darknet Observation Cyber Force Center file-sharing illegal network server file down illegal file Web Defacement Detection DoS Attack Observation P2P Network Observation 11

Suspicious Incoming Packets * ( packets per day per IP address ) * Captured by NPA s sensors 1200 1000 1119.1 800 600 400 0 773.0 684.9 534.2 448.2 2014 FH 2014 SH 2015 FH 2015 SH 2016 FH 12

Suspicious Scanning Activities Discovered(1) ( packets / day / IP address ) Linux-based Devices are drawing interest of attackers as hop points of attacks 2,000 sharp increase 0 Oct. 2015 - Sep. 2016 Captured packets destination port 23/TCP (telnet) CCTV (Webcam) NAS Digital video recorder 13

Suspicious Scanning Activities Discovered(2) ( packets / day / IP address ) Scanning Industrial Control Systems connected to the Internet are continuously exposed to scans 10 sharp increase continuous scans 0 Jan. 2016 - Jun. 2016 5007/TCP 443/TCP 102/TCP 22/TCP 179/TCP 5006/TCP 80/TCP Others scan scan Potential attackers Industrial control system Search engine on online devices 14

4 Our Efforts

Measures against Cyber Threats Suspicious traffic Cyber Force Center Analysis Information sharing with local CFs polices, private sectors, etc. Police-Industry Joint Drill Calling public attention to threats on the portal website @police ( http://www.npa.go.jp/cyberpolice/ ) 16

Malware Information Sharing Malware sample Malware Analysis Dynamic Analysis Static Analysis Results Information sharing Counter Cyber Attack Section of NPA Advanced Technology Industry Critical Infrastructure Anti Virus Vendors Managed Security Service Providers 15

International Cooperation Counter-Cybercrime Technology and Investigation Symposium (CTINS) for Police officers and technical officers in Asian & Pacific region 16 th CTINS - Discussions, Lectures & Hands-on Training Experts Meetings with digital forensics experts from foreign law enforcement agencies 17

Capacity Enhancement Educational Training at the National Police Academy for experts in digital forensics, etc. and for new employees Trainees learn programming, system management and digital forensics, etc. Nationwide Training Environment as the basis of remote training for nationwide CF members in terms of : - incident response - analysis of electronic evidences 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback