Embed Size (px)
DESCRIPTION
Overview of Cybersecurity & Cybercrime. Eng. J N Kariuki BSc( Eng ) LLM CEng REng MIET FIEK MKIM Commmunications Secretary, National Communication Secretariat. National Communication Secretariat. Section 84 KIC Act,Cap411A,Laws of Kenya - PowerPoint PPT Presentation
Citation preview
22/04/2023 1
Overview of Cybersecurity & Cybercrime
Eng. J N KariukiBSc(Eng) LLM CEng REng MIET FIEK MKIM
Commmunications Secretary,National Communication Secretariat
22/04/2023 2
National Communication Secretariat
• Section 84 KIC Act,Cap411A,Laws of Kenya • Function : advise Govt. on communication
policy
22/04/2023 3
Summary
• Abstract• Why worry about Cybersecurity• Vulnerabilities• Cybersecurity, Cybercrime• Examples • Privacy
22/04/2023 4
Why worry about Cybersecurity
• Societal benefits of ICTs• New opportunities for growth, prosperity and
creation of wealth• Shift from industrial to digital economy with
many e-applications e-health, e-money e.g. M-PESA, e-government, etc
22/04/2023 5
Vulnerabilities
• Greater capacity of ICT,greater vulnerability• Is Kenya protected from cyber attacks?• Many OFC e.g. TEAMS,SEACOM,EASSy,LION
etc.• Internet Usage increasing
22/04/2023 6
22/04/2023 7
INTERNET STATISTICSwww.internetworldstats.com
• Kenya. ,int users.(17.38m-2011)(17.38%) in last quarter),subs 6.15m (13.48%)• Mobile 28.08million(5.89%)
22/04/2023 8
Cybersecuritysimplified def.
“the prevention of damage to , unauthorised use of ,exploitation of , and if needed the restoration of electronic information and communication systems, and the information they contain , in order to strengthen the confidentiality , integrity and availability of these systems”
22/04/2023 9
CYBERSPACEthe apparent, or virtual-
location within which electronic activities are
undertaken
22/04/2023 10
CYBERSPACE …..cont’d
• Laws relating to evidence, contract, defamation, intellectual property have all a role to play, as do provisions of criminal law
22/04/2023 11
Cyber crime
• Ordinary crime committed by computer• Computer crime versus internet crime– Computer crime (includes internet crime also
called cyber crime)
22/04/2023 12
INVOLVEMENT OF COMPUTER SYSTEMS IN COMMISSION OF CRIMES
• As target of the offence• The tool used in the offence• May contain evidence of the offence
22/04/2023 13
Denial of Service Attacks
• Technique used that overwhelms the resource of target computer which results in the denial of service to other computers
• Distributed DoS: Use of numerous computers to attack target computer from numerous launch points
WEBSITE DEFACING
• Damaging contents of websites
• Motives: • Personal grudge; e.g., dismissed employee• Asserting political belief; e.g., affixing cannabis
leaves on the website of a court
22/04/2023 14
WEBSITE DEFACING
• Damaging contents of websites
• Motives: • Personal grudge; e.g., dismissed employee• Asserting political belief; e.g., affixing cannabis
leaves on the website of a court
22/04/2023 15
22/04/2023 16
22/04/2023 17
2010 Child abuse Data
• Domains 1,351(Reduced due to int.effort to stop them)
• URLs 16,739 location of providers.(42% North america,41% Europe,17% Asia)
22/04/2023 18
Child online Protection
• http://www.itu.int/dms_pub/itu-d/opb/ind/D-IND-COP.01-11-2010-PDF-E.pdf
• Takedown of Child porn sites
COMPUTER PORNOGRAPHY
• What may be freely available in some jurisdictions, may be objectionable in others
• International consensus that ‘child pornography’ must be banned
• Pseudo-photographs – digitally modified images depicting child in a sexual activity
• Grooming or child luring online
22/04/2023 19
22/04/2023 20
Critical Infrastructure vital element of national security.: massive impact on the economy
• The US Government has divided the critical infrastructure into the following segments: information and
• communications, electric power, transportation, oil and gas, banking and finance, water, emergency services
• and government (including the military).
22/04/2023 21
CII attackstuxnet-1st attack on Scada
• In 2010, Stuxnet virus attack on control system of Iranian Nuclear reactor– Stuxnet is for sabotage-manipulates equipment to
behave erratically while reporting “normal” to operators of system.
– In May,21,2011 cyber attack on defence contractor Lockheed Martin which compromised RSA securID tokens. Intention: to compromise customer,program or personal data.
22/04/2023 22
PAYLOAD VIRUS
• Viruses delivered as blended threat– (spam message directs user to a malicious website
which then results in a virus being downloaded to the users computer e.g e-cards)
22/04/2023 23
MALICIOUS CODE-VIRUSES,WORMS and TROJANS
Computer code written with sole intent to:-cause damage to an equipmentSteal information- personal or business
Serious financial and security threate.g. Melissa virus,1999.
WORMS AND TROJANS
• Worms• similar to viruses; but multiply without human
interaction
• Trojan• innocent-looking program that contains hidden
functions
22/04/2023 24
22/04/2023 25
BOTNET
Groups of “zombied” computers remotely controlled by hackers,even though the owners are unaware of it.These zombies do malicious things like forward spam,viruses,worms or gang up together to do outright attacks against targeted computer systems.
CYBER-TERRORISM
“concerted, sophisticated attacks on networks”
(Yasin, 1999)
22/04/2023 26
CYBER-TERRORISM“ … the convergence of terrorism and
cyberspace. It is generally understood to mean unlawful attacks and threats of attacks against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political and social objectives.”
(Denning, 2000)
22/04/2023 27
Forms of cyber-terrorist attacks
• access to the military computer systems resulting in missile launches
• access a manufacturing facility and alter formula used to produce drug or other product to render products lethal
22/04/2023 28
22/04/2023 29
Intercepting a Mobile Phone
• Mobile phones lock on to the most powerful cellular radio signals– Establish pico-cell– Handset responds to the ‘rogue’ pico-cell– Pico cell harvests the data which is analysed for
account hacking and ID fraud.– SOLUTION: Register mobile phones so that it can
be traced .
UNSOLICITED COMMERCIAL EMAILS (SPAM)
• Minimal costs • Response from internet users• Problems:• damaging consumer confidence• children being subjected to inappropriate
material
22/04/2023 30
PHISHING AND PHARMING I
• Phishing
• attempts to obtain personal information, including financial account details
• Pharming• attempts to redirect users to fradulent websites
22/04/2023 31
PHISHING AND PHARMING II
• Means by which pharming can occur:• Static domain name spoofing: legitimate website
slightly mis-spelt• Malicious software: redirecting users to
fraudulent websites• Domain hijacking: legitimate website is hijacked
and customers redirected to an illegitimate site• Domain Name Server ‘poisoning’: Local DNS
servers poisoned to send user to wrong site
22/04/2023 32
22/04/2023 33
Hacking Thai PM Twitter A/CDN3.10.2011
• Hacked on Sunday 2.10.2011 for 20minutes• Accused of incompetence
22/04/2023 34
PRIVACY
“You have zero privacy ;get over it”, Scott McNealy, CEO,Sun Microsystems,1999
e.g. Passenger Name Record(PNR) data base used by airlines.Contains:full name, date of birth, home & work address, telephone number, email address, credit card details,IP address if booked online, names and phone numbers of emergency contacts
22/04/2023 35
PRIVACY CONCERNS IWikiLeaks and whistle-blowing, mobile phone
• Data mining-tracking customer activities for future marketing purposes
• Methods used to collect personal information– Electronic recording of ‘clickstream data’ at
various levels: e.g., servers of access or content providers
– Use of cookie: a record of information sent to a computer for identifying the computer for future visits to same website.
22/04/2023 36
PRIVACY CONCERNS II
• sniffers – can be used to capture data being transmitted over the network
• use of intelligent agents – to perform any assigned task, I.As. require sufficient information, including users’ profiles
22/04/2023 37
Loss of Data Losscan lead to ID theft and fraud on large scale
• October 2007 HM Revenue & Customs lost details of 25million child benefit claimants stored in two unencrypted discs. Dept. of Transport lost 3million records of drivers
• In US TSA lost a check-in computer with unencrypted data of 33,000 passengers
• In June 2011,Apple & Google were questioned in US Senate over use of location data in their mobile handsets. Sony Network Playstation suffered a 70million member hack.
22/04/2023 38
Kenya Cybercrime legislation
• The KICA,Cap411A,s.83U-s84H• Access,access with intent,access and
interception,modification,denying access,damaging,disclosure of password, unlawful possession of data,fraud,tampering with source code, obscene info., fraudulent info, PROTECTED SYSTEMS s.83Q.
22/04/2023 39
Nobody is Safe
22.09.2011- Hacking of Core Security Technologies(Core Impact) WebsiteCore Impact provides IT security testing products and services It’s a BENCHMARK.e.g. Penetration Scans .Typical annual licence $30,000.00 6.9.2011 Hackers spied on approx.300,000 google internet users in Iran after stealing security certificates from a Dutch IT firm-stole passwords and obtain access to other social media.
22/04/2023 40
END
Eng J N Kariuki BSc(Eng) LLM CEng REng MIET FIEK MKIM
