Upload
adila
View
28
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Cyberspace and the Police. Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan. Security Measures by Government. Basic IT Law (Jan. 2001) Electronic Government To be established by fiscal 2003 - PowerPoint PPT Presentation
Citation preview
Cyberspace and the Police
Mamoru TAKAHASHI
Head of Computer Forensic Center, Hi-tech Crime Technology Division
National Police Agency, Japan
Security Measures by Government
• Basic IT Law (Jan. 2001)• Electronic Government
– To be established by fiscal 2003
• IT Security Office at Cabinet Secretariat is in charge of Security Aspect– Action Plan on Building Infrastructure to Counter
Hackers and Other Cyber Threats (Jan. 21, 2000)– Special Action Plan on Fighting Cyber-terrorism against
Critical Infrastructure (Dec. 15, 2000)– How Government and the Private Sector Can Work
Together to Fight Cyber-terrorism (Oct. 2, 2001)
“Guidelines for IT Security Policy”
• Formulated in July 2000.
• Each ministry and agency in the government finished formulating its own policy by Dec. 2000.
• Contents– Physical security– Human security (Education, Training, Password
management)– Technical security– Operation
• Security Practices had Reviewed by Nov. 2002
NIRTNational Incident Response Team
• Established in April 2002, to react cyber attacks against e-government.
• It’s mission is to share information and make emergency responses to counter cyber terrorism
against e-government.
• This is one of our projects to prepare for establishment of e-government.
NPA Organization for Technical Support to Cyber Crime Investigations
H i- tec h C r ime T ec hno logic al S upport C enterC omputer F orens ic C enterE s tablis hed in A pr il 2000
C yber T error is m T ec hno logy O ffi c eC yber F orc e C enter
E s tablis hed in A pr il 2001
H i- tec h C r ime T ec hno logy D ivis ionE s tablis hed in A pr il 2000
Computer Forensics Center
Trends of Internet Usage in Japan
• Estimated 47.08 millions (2000), up 74% year over year.
• Estimated 87.2 millions (2005).
• Cf. Population :
126.9 millions (2000)0102030405060708090Millions
1997 1998 1999 2000 2005
2585
110
7997
176
83
179
262
116
299
415
247
110
357
35
484
44
55931
712
63
810
0
100200300400500600700800900
1995 1996 1997 1998 1999 2000 2001
Violation of the Unauthorized Computer Access Law
Crime against PC or electronic format
Internet Crime
Arrest Rate for Cyber Crime
A Pile of Hard Disks as Evidence
Framework Against Cyber Terrorism
Introduction Video
Intrusion Detection Network System
• Collects information real-time from police forces nationwide.
• Detects and analyzes incidents on the Internet.
• Shares the analysis with various organizations.
• Contact Point for other Organizations.
• 24/7 Monitoring
1st Quarterly Report
• 24/7 Cyber Force's watch activity– watching cyber attack attempts to the police fac
ilities nationwide
• Analysis of criminal and malicious activities on the Internet– based on data of the second quarter of FY2002
• First analysis of this kind in Japan– first ever analysis in Japan
Emanation Source
20.6%
18.8%
18.2%
7.2%
5.9%
4.9%
3.8%
3.6%
3.2%3.2%
10.5% Italy
US
J apan
China
S Korea
Israel
Dominica
Germany
Thailand
Canada
Others
Emanation source does not necessarily mean that the attacker(s) come from there.
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Korea
China
Japan
US
Italy
Ping probe Port scanAccess to backdoor Attack to DNSAttack to Web server DoS AttackOthers
Country Trend
Emanation source does not necessarily mean that the attacker(s) come from there.
Number of Attack
0
200
400
600
800
1000
1200
1400
1600
1800
2000
July August September1 5 10 15 20 251 5 10 15 20 25 1 5 10 15 20 25
Attack Method
27.2% 57.3%
0.8%2.1%
0.7%4.1%
7.8%
( )ICMP通信IPアト レ゙ス確認 ( )ポー トスキャン サー ハ 使゙用サーヒ ズの確認バックドア接続要求 DNSへの攻撃Webサーバへの攻撃 SDo攻撃その他
Ping probe Port ScanAccess to back door Attack to DNSAttack to Web Server Do S AttackOthers
Usage of the Analysis
• Public announcement– raising public awareness of security by providing data
through the Internet
• Strengthen relationship with critical infrastructure– promoting anti-cyber terrorism efforts
• Strengthen international cooperation– information sharing with foreign law enforcement
agencies
Future Work
• Timely information provision– Information provision through the NPA security portal
site (to be operational in March 2003)
• Continuous research on analysis method• Maximization of analysis value
– Promote information sharing among the industry, academia and the government (ex. Critical infrastructures, the Cabinet Secretariat, universities)
Conclusions
• Malicious Activities on the Net are Active• Meaningful Analysis Method of Net Activities
must be Devised• Crucial for the Police to have Technical Capability
to deal with Cyber Crime→• Closer Relationship between Government and
Industry is Crucial• Security Awareness is Necessary
Contact Information
Mamoru Takahashi
Head of Computer Forensic Center
Hi-tech Crime Technology Division
National Police Agency