High-Tech Crime Countermeasures
Download
Report
Transcript High-Tech Crime Countermeasures
High-Tech Crime
Countermeasures
Ko IKAI
High-Tech Crime Technology Division
National Police Agency, JAPAN
Agenda
State of High-Tech Crime
Countermeasures
Framework
Facilities and Equipment
Human Resources
Training
Challenges
State of High-Tech Crime
Basic Statistics
56,453,000(44% of whole nation) use
Internet in Japan
15,962,000 use broadband connection
48% of households have Internet
connection (except by cell phones)
Estimation on Feb. 30, 2003, Internet White Paper 2003
(Internet Association Japan)
Intrusive Activities
2000
Detected by 57 IDS installed in police organizations
1800
1600
1400
1200
1000
800
600
400
200
0
Apr, 2003
May, 2003
Jun, 2003
Breakdown of Intrusive
Activities
0.2%
0.2%
3.1%
3.0%
37.9%
1.6%
Infection attempt by worms
Port scan
ICMP related activity
Backdoor connection attempt
Intrusion attempt into WWW server
Denial of service attack
Others
53.9%
Based on 119,822 detections
between Apr. 1 and Jun. 30, 2003
Complaints
25,000
19,329
20,000
17,277
15,000
11,135
10,000
5,000
2,965
0
1999
2000
2001
2002
Breakdown of Complaints
20%
21%
Internet Auctions
Fraud & Sharp Business
Defamation
Illegal & Harmful Contents
Spam E-mails
6%
Illegal network access, Virus
17%
Others
11%
Based on 19,329 complaints in 2002
12%
13%
Arrests
Violation of the Unauthorized Computer Access Law
Crime against Computer/Data
Internet Crime
1200
1039
51
1000
810
800
559
600
400
415
262
200
0
958
44
299
179
83
116
1997
1998
35
63
31
357
110
30
712
484
247
1999
2000
2001
2002
Breakdown of Arrests
1999
2000
2001
2002
-
31
35
51
+ 16
110
44
63
30
-33
98
33
48
18
-30
Illegal production/Destruction
of electro-magnetic date
5
9
11
8
-3
O bstruction of business by
destroying computer
7
2
4
4
0
247
484
712
958
+ 246
U nauthorized Computer Access
Crime against Computer/Data
Computer Fraud
Internet Crime
Child Prostitution
0
Child Pornography
9
Fraud
9
8
113
121
117
128
245
268
140
408
+ 151
+ 12
+ 163
23
53
103
112
+9
Distribution of O bscene O bject
147
154
103
109
+6
V iolation of juv enile protection
ordinance
4
2
10
70
+ 60
Intimidation
4
17
40
33
-7
Infringement of Copyright
21
29
28
31
+3
Defamation
12
30
42
27
- 15
O thers
27
78
141
168
+ 27
357
559
810
1,039
+ 229
Total
Countermeasures
Framework
Facilities and Equipment
Human Resources
Training
Framework
Police System in Japan
National Police Agency(NPA)
National governmental organization
Duty: supervision and planning related to
national law and budget
Prefectural Police Forces(PPF)
Local governmental organization
Duty: actual police operation
National Efforts
High-Tech Crime Technology Division
(HTCTD) since 1999
Unauthorized Computer Access Law
Official notice of high-tech crime
countermeasures to PPFs
Official notice of cyber-terror
countermeasures to PPFs
Subsidy for PPFs
National Center of Computer
Forensics(NCCF)
Part of HTCTD
Technical core of high-tech crime
countermeasures
Dealing with extremely difficult
evidences
Cyber Force Center(CFC)
Part of HTCTD
Established in 2001
Focusing on protection against cyber
attacks to critical infrastructure entities
24/7/365 watch and warning
Information hub for computer network
security
Local Efforts
Establishment of High-Tech Crime Task
Forces(HTCTF)
High-tech crime reporting point
Establishment of Cyber-Terror Task
Forces
Employment of people with IT skills as
special investigators or IT security
advisors
Facilities and Equipment
Cost Overview
NCCF
Initial: 15.3 million USD
Maintenance: 1 million USD
CFC
Initial: 53.5 million USD
Maintenance: 13 million USD
(1 USD = 120 JPY)
Facilities
NCCF
National-owned building
5 floors, 1500 sq. meters
(approx. 15000 sq. feet)
CFC
Private-owned building (rented)
8 floors, 4500 sq. meters
Equipments in NCCF
Massive log analysis system
Password analysis system
Credit card analysis system
Virtual Internet environment
X-ray inspection system
Clean room
Various softwares
Honey pot
Equipments in CFC
24/7/365 watch and warning center
Honey pot
Distributed IDS
R&D environment
Simulation environment
Training environment
Equipments in HTCTD HQ
WWW server (@police)
http://www.cyberpolice.go.jp/
Cybercrime Technical Information
Network System(CTINS)
Purpose: information sharing among 10
cybercrime law enforcement units in Asia
China; Hong Kong, China; India;
Indonesia; Korea; Malaysia; Philippines;
Singapore; Thai; and Japan
Human Resources
Wanted People
NCCF
CFC
People with EXTREME expertise on
computer forensics
People with computer/network security
expertise
Dynamic employment is difficult in
Japan
Base of Human Resources
4,000 info-communication specialists
inside police organization
They have built and maintained police
communication infrastructure for 49
years
It WAS able to pick-up necessary talent
People from Private Sector
Contractor
Maintainer of equipments
R&D staffs
Hiring
Some local HTCTFs hires experts as special
investigator or IT security advisor
Current State
NCCF
CFC
12 officials (forensic experts)
5 contractors (experiment staffs)
18 officials (computer/network security specialists)
10 contractors (R&D staffs)
HTCTD HQ
18 officials (chief and administrative staffs)
Training
Training program
National Police Academy
Training program by private sector
High-tech crime technology course
Cyber-terror technology course
Specially designed by various venders
International conference
OJT in foreign law enforcements
FBI, Secret Service, NHTCU(UK)
Challenges
Company secrets
Dominant system vendor
Cell phone vender
Personnel circulation
Co-ordination with security community
FIRST, National CERT, NIRT
Questions?
Thank you!
Contact:
Ko Ikai, [email protected]
Toshihiko Kamon, [email protected]