Title: Maarten J' Kleintjes National Manager Electronic Crime Laboratory New Zealand Police sherlock'holmes
1Maarten J. KleintjesNational Manager Electronic
Crime Laboratory / New Zealand Policesherlock.ho
lmes_at_e-crime.govt.nz
- The Electronic Armed Hold-up
- FMOA Meeting - Auckland
- 26 May 2006
2Disclaimer
- Off the record
- Private details are changed
- Expressed views my own
- Could be disturbing
3On the menu today.
- Police e-Crime Lab
- e-holdup/ e-extortion
- How does it work
- Phishing, Keystroke loggers, Trojan horses
- Getting the money out of NZ
- Solutions to stop it
4E-Crime Laboratory
5Related Offences.
Old crime in new bottles
- Drugs/ P-Labs
- Homicides
- National security
- Sexual - Indecency
- Fraud/ Burglary/ Theft
- Computer/ Cyber Crime
6Year 2004 results.
- 1150 Cases/ 16300 exhibits
7Exponential increase
8Cybercrime
- The computer has become an integral part of
our way of life. However, as our dependency on
technology increases, so to does our
vulnerability.
9Armed hold-up.
Have been around ever since there were weapons
..and money
10e-Hold-up.
Give me the scarf and no one gets hurt...
11e-Hold-up.
Why bother with sawn-off shotguns, masks and
getaway cars..
12e-Hold-up.
If you can do it from the comfort of your own
home..
from anywhere in the world..
13Why are we targeted
- Were generally nice people who are very trusting
14Why are we targeted
- Were generally nice people who are very trusting
- Purpose of the Internet to share data
- Internet Banking system open to attack
- Thats where the money is
15How do they getinto our bank accounts.
- Keystroke loggers
- Trojan Horses (BankAsh-A)
- DTMF decoders
- Phishing/Spy ware
- ATM skimming
16Phishing.
- The act of extracting secret data through
cleverly designed hoax web sites - Starts with spoofed email
- 15 emails are phishing attempts
- 17,877 attacks January 2006
17(No Transcript)
18Spoofed verification page.
19Real site.
20Spoofed site.
21Phishing.
- Data goes to a compromised host somewhere in the
world - http//pakuranga.rotary.org.nz
- JPMorgan/Paraparaumu
22Spy ware.
- Usernames/ passwords
- Websites visited
- Text typed in
23(No Transcript)
24(No Transcript)
25ATM skimming
- Captures the card details
- PIN obtained through
- Pin hole camera
- Shoulder surfing
- Binoculars
- Money obtained overseas
26Skimmer Example 1
Europe, 2003
27Skimmer Example 2
28White label ATMs
Genuine ATM
Recovered ATM shells
Dismantled signage
29Pin Hole Camera
Actual ATM
False Panel with camera
Camera oversees PIN Pad
UK, 2003
30Pin hole Camera
Pin hole Camera
Battery Pack
Antenna
Europe, 2003
31How do they getthe money out of NZ.
- Mules
- Employment scams
- Plasma TVs/ Travel Tour Guide
- e-Commerce
- On-line auctions
- Hotels/Motels
- Bookings
- Money order (Western Union/e-payment)
32Dominion Post.
33Why do we need to fix it
- The future is digital without a doubt
- New e-services in the future
- Restore confidence in online services
- Prevent Identity Fraud and Crime
- Be one step ahead
34What can Police do.
- Real time e-counter attack
- Shutting down sites
- Follow the money trail
- Prosecute
- Educate
35What can users do.
- Maintain a secure PC
- Firewall
- Anti virus/spyware
- msn Phishing filters
- Auto update OS
- www.netsafe.org.nz
36What can Banks do.
- Improve online security (2 factor ID)
- Restore and build confidence
- Mandatory in US end 2006
- ASB/ BankDirect/BNZ/ HSBC/ RaboBank
- No privacy without security
372 factor identification
- Based on something you know and something you
have - One time password generator
- Entrust card
- Digipass
38Do I use Internet Banking?
- Yes
- Just work around keystroke loggers
- Password anger
- Type in dangerously
- Delete d
- Delete ously
- Logger shows dangerouslyltdelgtltdelgt
39Who will survive the online age
- Businesses who can positively identify customers
- Customers who can positively identify businesses
40Thank you.Are there any questions ?...
Electronic Crime Laboratory sherlock.holmes_at_e-cri
me.govt.nz