INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND CYBERCRIME Volume 4, Issue 2/2015 Scientific journal edited by Romanian Association for Information Security Assurance SITECH Publishing Craiova, 2015
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 © 2015 Editura Sitech Craiova All rights reserved. This book is protected by copyright. No part of this book may be reproduced in any form or by any means, including photocopying or utilized any information storage and retrieval system without written permission from the copyright owner. SITECH Publishing is part of the list of prestigious Romanian publishing houses recognized by CNATDCU, for Panel 4, which includes the fields: legal sciences, sociological sciences, political and administrative sciences, communication sciences, military sciences, information and public order, economics sciences and business administration, psychological sciences, education sciences, physical education and sport. Editura SITECH Craiova, România Aleea Teatrului, nr. 2, Bloc T1, parter Tel/Fax: +40.251.414.003 E-mail: [email protected] IJISC - International Journal of Information Security and Cybercrime is a peer-reviewed journal published by RAISA – Romanian Association for Information Security Assurance and indexed in international databases. The journal is edited by professors and experts from Department of Police and Behavioral Sciences from Police Faculty – “Alexandru Ioan Cuza” Police Academy, Department of Electronics Technology and Reliability from Faculty of Electronics, Telecommunications and Information Technology – University Politehnica of Bucharest and Service for Countering the Cyber Criminality from General Inspectorate of Romanian Police. The principal aim of IJISC is to bring together the latest research and development in information security and the latest methods to prevent and to combat the cybercrime phenomenon. ISSN: 2285-9225 DOI: 10.19107/IJISC Website: www.ijisc.com E-mail: [email protected]
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 JOURNAL EDITORIAL BOARD EDITORIAL COUNCIL CHAIRMAN Professor Ioan C. BACIVAROV, PhD University Politehnica of Bucharest, Romania EDITOR-IN-CHIEF Assistant Professor Ioan-Cosmin MIHAI, PhD “A.I. Cuza” Police Academy, Romania EXECUTIVE EDITOR Dipl.-Ing. Gabriel-Marius PETRICĂ University Politehnica of Bucharest, Romania SCIENTIFIC BOARD Professor Emeritus Alessandro BIROLINI, PhD Professor Angelica BACIVAROV, PhD ETH Zurich, Switzerland University Politehnica of Bucharest, Romania Professor Ion BICĂ, PhD Lecturer Ray GENOE, PhD Military Technical Academy, Romania University College of Dublin, Ireland Associate Professor Nicolae GHINEA, PhD Professor Fabrice GUERIN, PhD “A.I. Cuza” Police Academy, Romania ISTIA, University of Angers, France Associate Professor K. JAISHANKAR, PhD Professor Klara KEREZSI, PhD Manonmaniam Sundaranar University, India National University of Public Service, Hungary Lecturer NhienAn LEKHAC, PhD Professor David NACCACHE, PhD University College of Dublin, Ireland Paris II Panthéon-Assas University, France Professor Gheorghe POPA, PhD Professor Daniela-Elena POPESCU, PhD “A.I. Cuza” Police Academy, Romania University of Oradea, Romania Professor Ștefan PRUNĂ, PhD Professor Ion ROCEANU, PhD “A.I. Cuza” Police Academy, Romania National Defense University “Carol I”, Romania Professor Sandeep TIWARI, PhD Researcher Fergus TOOLAN, PhD Amity University, India University College Dublin, Ireland Professor George ȚICAL, PhD Professor Ton van der WIELE, PhD National College for Home Affairs, Romania Erasmus University Rotterdam, Netherlands
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 JOURNAL EDITORIAL BOARD ASSOCIATE EDITORS Laurențiu GIUREA, PhD Jorge Luis Gando LEAL, PhD “A.I. Cuza” Police Academy, Romania University of Barcelona, Spain Cezar Marius PANTEA, PhD Joshua Del PINO “A.I. Cuza” Police Academy, Romania Shimane Prefectural Education Division, Japan Gheorghe POPESCU, PhD Pradeep Kumar SINGH, PhD “A.I. Cuza” Police Academy, Romania Amity University, India Paulo Miguel Relogio de SOUSA Marin-Claudiu ȚUPULAN, PhD Ministry of Economy, Portugal “A.I. Cuza” Police Academy, Romania EDITORS Eugeniu-Ciprian CONSTANTIN, PhD Mihail-Petrică MARCOCI, PhD “A.I. Cuza” Police Academy, Romania “A.I. Cuza” Police Academy, Romania George PANFIL, PhD Cezar PEȚA, PhD “A.I. Cuza” Police Academy, Romania “A.I. Cuza” Police Academy, Romania Cristian-Eduard ȘTEFAN, PhD Oana-Mihaela VIȘAN, PhD “A.I. Cuza” Police Academy, Romania “A.I. Cuza” Police Academy, Romania GRAPHICS EDITOR Adrian-Constantin ROȘOAIA The content of this journal does not reflect the official opinion of RAISA - Romanian Association for Information Security Assurance or its partners. Responsibility for the information and opinions expressed in articles or reviews lies entirely with the author(s).
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 ABSTRACTING AND INDEXING IJISC – International Journal of Information Security and Cybercrime is indexed in the following international databases: EBSCOhost Index Copernicus www.ebscohost.com en.indexcopernicus.com Google Scholar Crossref scholar.google.ro www.crossref.org CiteFactor Global Impact Factor www.citefactor.org globalimpactfactor.com Impact Factor OCLC WorldCat www.impactfactor.pl www.worldcat.org HeinOnline Academia.edu home.wshein.com www.academia.edu Mendeley ResearchGate www.mendeley.com www.researchgate.net MIAR SCIPIO miar.ub.edu www.scipio.ro
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 PARTNERS IJISC publishes high quality articles and delivers this research to the widest possible audience. We achieve this by working closely with our partners and authors in order to provide publishing services that support their research needs. We would like to thank the following partners for their commitment to our mission and their ongoing support of IJISC – International Journal of Information Security and Cybercrime. RedHost Web hosting solutions Website: www.redhost.ro MicoStyle Web design & development Website: www.micostyle.ro Crossref Not-for-profit organization for scholarly publishing Website: www.crossref.org Plagiat System for preventing plagiarism Website: www.sistemantiplagiat.ro Sitech Publishing & printing house Website: www.sitech.ro
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Table of Contents SECTION I: ADVANCES IN INFORMATION SECURITY RESEARCH Importance of Operating Systems Type in Computer Forensics ............................. 9 Hüseyin ÇAKIR, Mehmet Serkan KILIÇ Digital Forensics: Current Scenario and Future Challenges................................. 21 Sonal LAKADE Ransomware - an Emerging Threat ....................................................................... 27 Cristian PASCARIU, Ionuț-Daniel BARBU SECTION II: STUDIES AND ANALYSIS OF CYBERCRIME PHENOMENON The Challenges to Enforcement of Cyber-Crimes Laws and Policy...................... 33 Ajayi EFG Identity Crime: Deliberating on Remedies for the Victim..................................... 49 Eric HOLM Cybercrime Prevention in Online Transaction Using Biometric Access Control.. 61 Chinedu J. NWOYE SECTION III: CYBER-ATTACKS EVOLUTION AND CYBERCRIME TRENDS Infection Vectors - Risk Factors for Financial Transactions.................................. 73 Mircea Constantin ŞCHEAU, Liviu ARSENE, Gerald DINCĂ Cyber Laundering: Understanding the Trends and Typologies ............................ 86 Muhammad Subtain RAZA SECTION IV: INTERVIEWS WITH EXPERTS Interview with Ms. Daria CATALUI...................................................................... 91 Ioan-Cosmin MIHAI
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 SECTION V: BOOKS REVIEWS AND CONFERENCES ANALYSIS European Cooperation in Combating Cybercrime Conference ............................ 99 Alexandru Dena A Central European Public-Private Dialogue Platform ...................................... 101 Laurent CHRZANOVSKI BlackHat USA 2015 .............................................................................................. 103 Ionuţ-Daniel BARBU OWASP EEE Bucharest 2015 ............................................................................... 104 Cristian PASCARIU “Challenges and Strategies in Cybersecurity” Book Review............................... 105 Ioan C. BACIVAROV
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Importance of Operating Systems Type in Computer Forensics Hüseyin ÇAKIR, Mehmet Serkan KILIÇ IT Institute, Gazi University, Ankara, Turkey [email protected], [email protected] Abstract This article works on determining the effect of operating systems on Computer forensic especially in nowadays that the need for Computer forensic is increasing due to the increase in cybercrimes. Suited to the purpose of the study and methods of interview, 15 people with minimum of 4 years of experience in informatics have been interviewed, in addition, the reports of court experts from cases which are continuing in Ankara administration of Justice and domestic and foreign sources have been analyzed technically. With the outcome of the analysis, it has been observed that the studies and investigations are prepared according to an operating system, software or a certain device because of the commercial concerns or habits, for this reason it appears that it would be helpful to make an academic study in; sessions, workshops, seminars about gathering electronic evidences. Article studies the identification of differences and similarities between the operating systems and its effects on forensic studies with 5 headings and subheadings. According to the study, non-existence of a standard Computer forensic process and the need for different specialties are discovered, for this reason it is assessed that the Computer forensic experts need to specialize in sub- specializations especially related to operating systems. Index terms: computer forensic, cybercrimes, electronic evidence, evidence collection, operating systems References: [1]. D.S. Jadhav and S.K. Patil, The Study Of Computer Investigation Methods: Computer Forensics, The International Journal Of Advanced Research In Technology, Vol. 2, Issue.1, pp. 9-17, 2012. [2]. A. Ho and S. Li, Forensic Authentication of Digital Audio and Video Files\"in Handbook of Digital Forensics of Multimedia Data and Devices, Chichester, UK: John Wiley IEEE Press, 2015, pp.133-184. [3]. D. Comer, “Introduction and Overview” in Operating System Design: The Xinu Approach, 2th ed. NW: CRC Press, 2015, pp. 3-15. [4]. M.İ. Öztürk, Bilişim Cihazlarındaki Sayısal Delillerin Tespiti ve Değerlendirilmesinde İş Akış Modelleri (Models Of Flowchart For Detecting And Evaluating Digital Evidences in IT Equipments), M.S. thesis, Health Sci. Inst., Ankara Univ., Ankara, Turkey, 2007. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.01 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [5]. B. Carrier, File System Forensic Analysis, 5th ed. NJ: Pearson Education Inc, 2007. [6]. Y. Uzunay, “Bilgisayar Ağlarına Yönelik Adli Bilişim” (Computer Forensics Intended for Computer Network) in Computer Forensics Workshop, İzmir Institute of Technology, İzmir, Turkey, 2005. [7]. AccessData, Windows OS Forensics Training Notes, unpublished. [8]. W.G. Kruse and J.G. Heiser, Computer Forensics – Incident Response Essentials, 14th ed. IN: Pearson Education Inc, 2010. [9]. M.K. Rogers, J. Goldman, R. Mislan, T. Wedge and S. Debrota Steve, Computer Forensics Field Triage Process Model, Journal of Digital Forensics, Security and Law, Vol.1 No.2, pp.9-38, 2006. [10]. T. Henkoğlu, Adli Bilişim, Dijital Delillerin Elde Edilmesi ve Analizi, 1st ed. Ankara: Pusula Yayıncılık, Turkey, 2011. [11]. M.B. Eryılmaz, Ceza Muhakemesi Hukuku Dersleri, 1st ed. Ankara: Polis Akademisi Yayınları, Turkey, 2012. [12]. D.S. Thomas and K.A. Forcht, Legal Methods of Using Computer forensics Techniques For Computer Crime Analysis and Investigation, Issues in Information Systems Journal, Vol.5 No:2, pp.692-698, 2004. [13]. B. Nelson, A. Phillips and C. Steuar, “Expert Testimony in Digital Investigations” in Guide to Computer Forensics and Investigations, 5th ed. USA: Cengage Learning, 2015, pp. 535-567. [14]. Adalet Bakanlığı, “Çalıştay Raporu”, Yargılamada Bilirkişilik Müessesesi Çalıştayı, (Workshop Of Expert Witnesses at Trial), Hakimevi, Ankara, Turkey, 2010. [15]. Y. Çiçek, “Bilirkişi Raporlarının Hazırlanması”, Kamulaştırma Bilirkişiliği Eğitimi Programı (Expert Witnesses at Expropriation Training Program),TMMOB Harita ve Kadastro Mühendisleri Odası, Ankara, Turkey, 2008. [16]. A. Karagülmez, Bilişim Suçlarında Delil Toplamayı Etkileyen Başlıca Konular, 2. Polis Bilişim Sempozyumu (2nd Police IT Symposium), Sheraton Hotel, Ankara, Turkey, 2005. [17]. H. Çakır and E. Sert, “Bilişim Suçları ve Delillendirme Süreci”, Örgütlü Suçlar ve Yeni Trendler. Uluslararası Terörizm ve Sınıraşan Suçlar Sempozyumu (International Terrorism and Transnational Crime Symposium), Antalya, Turkey, 2010. [18]. V. Bıçak, Suç Muhakemesi Hukuku, 1st ed. Ankara: Seçkin Yayınevi, Turkey, 2011. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.01 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Digital Forensics: Current Scenario and Future Challenges Sonal LAKADE Digital and Cyber Forensic Department, Institute of Forensic Science, Mumbai, Maharashtra, India [email protected] Abstract A major challenge to digital forensic analysis is the ongoing growth in the volume of data seized and presented for analysis. This is a result of the continuing development of storage technology, including increased storage capacity in consumer devices and cloud storage services, and an increase in the number of devices seized per case. The information technology is a double-edged sword, consistently presenting us with advantages and disadvantages. The increasing opportunities for knowledge gaining, high -productivities, efficiency and worldwide faster communications are the outcomes of cyber world. In other side, the various crimes emerging out of the internet are hacking, cyber terrorism, spamming, Trojan horse attacks, denial of service attacks, pornography, cyber stalking etc. However, the present article has the specific and minimum scope of focusing the issues in Cyber Stalking such as, integration of some definitions of cyber stalking, methods used to stalk the victim in online, stalkers' and victims' characteristics, magnitude of the problem in this information world, reason for stalking and in final to conclude with some suggestions for prevention of cyber stalking. On the whole, the aspiring aim of this article is to create a basic awareness on current situation and challenges. Index terms: victim, digital forensics, open source tools, proprietary tools References: [1]. T. Abraham, “Event sequence mining to develop profiles for computer forensic investigation purposes” in ACSW frontiers '06: proceedings of the 2006 Australasian workshops on grid computing and research; 2006. p. 145-53. [2]. R. Al-Zaidy, B.C.M. Fung, A.M. Youssef, F. Fortin, Mining criminal networks from unstructured text documents, Digit Investig 2012;8:147-60. [3]. M. Alzaabi, A. Jones, T.A. Martin, An ontology-based forensic analysis tool, Digit Forensics, Secur Law 2013;(2013 Conference Suppl.):121-135. [4]. D. Quick, K.R. Choo, Impacts of increasing volume of digital forensic data: A survey and future research challenges Digital Investigation 11 (2014) 273-294. [5]. S. Garfinkel , Digital forensics research: The next 10 years , Digital Investigation ( 2010 ) S64 -S73. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.02 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [6]. S. Garfinkel, D. Cox, Finding and archiving the internet footprint, February 9-11 [7]. 2009. M.M. Nasreldin, M. El-Hennawy, H.K. Aslan and A. El-Hennawy, IJCSI [8]. International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, [9]. January 2015. [10]. P.S. Bogawar, K.K. Bhoyar, Email Mining: A Review, IJCSI International Journal [11]. of Computer Science Issues, Vol. 9, Issue 1, No 1, 2012. [12]. P. Jungheum, C. Hyunji, L. Sangjin, Forensic analysis techniques for fragmented flash memory pages in smartphones, Digital Investigation 9 (2012) 109–118. L, Pan, L.M. Batten, Robust performance testing for digital forensic tools, Digital Investigation 6(2009). M. Meyers, M. Rogers, Computer forensics: the need for standardization and certification, International Journal of Digital Evidence 2004;3(2). J.T. McDonald, Y.C. Kim, A. Yasinsac, Software issues in digital forensics. SIGOPS Operating Systems Review 2008; 42(3):29-40. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.02 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Ransomware - an Emerging Threat Cristian PASCARIU, Ionuț-Daniel BARBU EUROQUALROM, University POLITEHNICA of Bucharest, Romania [email protected], [email protected] Abstract One of the most representative threats predicted for 2016 is Ransomware. This type of malware operates by restricting access to the data on an information system. The access is further regained after ransom is being paid by the affected entity to the malicious actors operating the ransomware. This article presents an overview of the threat and also both new and historical issues and functionalities. Furthermore it focuses on how ransomware works. Index terms: ransomware, cryptoviral, RaaS, Hidden Tear, encryption, Tor References: [1]. Team Register. (2015, November 13). Ransomware-as-a-service surfaces, wants 10 percent profit cut [Online]. Available: http://www.theregister.co.uk/2015/11/ 13/ransomwareasaservice_surfaces_wants_10_percent_profit_cut/ [2]. Utku Sen. (2015, August 16). Hidden Tear [Online]. Available: https://github.com/ utkusen/hidden-tear [3]. Pierluigi Paganini. (2015, August 18). Hidden Tear Ransomware is now open Source and available on GitHub [Online]. Available: http://securityaffairs.co/ wordpress/39419/cyber-crime/ransomware-open-source.html [4]. Talos Group. (2015, April 27). Threat Spotlight: TeslaCrypt – Decrypt It Yourself [Online]. Available: http://blogs.cisco.com/security/talos/teslacrypt [5]. Fedor Sinitsyn. (2014, July 24). A new generation of Ransomware [Online]. Available: https://securelist.com/analysis/publications/64608/a-new-generation- of-ransomware/ [6]. Lucian Constantin. (2015, April 24). With Ransomware on the rise, cryptographers take it personally [Online]. Available: http://www.pcworld.com/article/2914692/ with-ransomware-on-the-rise-cryptographers-take-it-personally.html [7]. KeriLynn Engel. (2015, May 25). The Relentless Rise of Ransomware (and How to Beat It) [Online]. Available: http://www.whoishostingthis.com/blog/2015/05/ 25/ransomware/ [8]. Ian Barker. (2015, June). Ransomware sees 165 percent increase in 2015 [Online]. Available: http://betanews.com/2015/06/09/ransomware-sees-165-percent- increase-in-2015/ [9]. FBI. (2015, January 20). Ransomware on the Rise [Online]. Available: https://www.fbi.gov/news/stories/2015/january/ransomware-on-the-rise ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.03 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [10]. Alex Drozhzhin. (2015, July 14). TeslaCrypt 2.0 ransomware: stronger and more [11]. dangerous [Online]. Available: https://blog.kaspersky.com/teslacrypt-20- [12]. ransomware/9314/ Chip McSweeney. (2015, September 29). TESLACRYPT REVISED [Online]. [13]. Available: https://labs.opendns.com/2015/09/29/teslacrypt-revisited/ [14]. Richard Hummel. (2015, September 16). TeslaCrypt 2.0: Cyber Crime Malware [15]. Behavior, Capabilities and Communications [Online]. Available: [16]. http://www.isightpartners.com/2015/09/teslacrypt-2-0-cyber-crime-malware- behavior-capabilities-and-communications/ Trendmicro Team. Ransomware [Online]. Available: http://www.trendmicro.com/ vinfo/us/security/definition/Ransomware Kevin Savage, Peter Coogan, Hon Lau (2015, August 6). The evolution of ransomware [Online]. Available: http://www.symantec.com/content/en/us/ enterprise/media/security_response/whitepapers/the-evolution-of-ransomware.pdf Roland Dela Paz (2015, November 25). FAKBEN Team Ransomware Uses Open Source “Hidden Tear” Code [Online]. Available: https://blog. fortinet.com/post/fakben-team-ransomware-uses-open-source-hidden-tear-code Wikipedia. CryptoLocker [Online]. Available: https://en.wikipedia.org/wiki/ CryptoLocker ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.03 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 The Challenges to Enforcement of Cybercrimes Laws and Policy Ajayi EFG Insurance Institute of Uganda Kampala University, Uganda [email protected] Abstract Cybercrime, a concept which to date has defied a globally accepted definition appears to be the latest scourge plaguing man and same has occupied the cynosure of attention. The word “cybercrime” is on the lips of almost everyone involved in the use of the computer and Internet be it individual, corporate, organization, national, multinational or international. The attention accorded cybercrimes is not far-fetched, on one hand, it is partly rooted in its unavoidable nature as a result of the fact that telecommunications via the cyberspace, is the veritable means by which social interaction, global trade and commerce are transacted; and on the other, the economic losses to which all citizens are exposed whether now or in the nearest future. Aside economic losses, other consequences of cybercrimes includes but not limited to setback to the brand image and company reputation otherwise known as goodwill, loss of intellectual property and sensitive data, opportunity costs which includes but not limited to service and employment disruptions, penalties and compensatory payments to affected clienteles, contractual compensation for delays, cost of countermeasures and insurance, cost of mitigation strategies and recovery from cyber-attacks, the loss of trade and competitiveness, distortion of trade and job loss. This paper argues that it is not as if relevant laws and regulations are not in place because some advanced nations in the world have in one form or another, laws against cybercrimes, yet, the challenge of cybercrimes remains intractable and bewildering. As nations across the globe strives to curb cybercrimes through the instrumentality of the law, so are the cyber criminals devising new and sophisticated techniques to further their trade thereby rendering impotent, the extant legal measures. This Article intends to bring to the fore, a comprehensive account of why cybercrimes remains an albatross in order showcase the enormity of the challenge faced by humanity, in the hope that, when the extent of the problem is known, may be, a global solution would timeously be fashioned out, to stem the tide of cybercrimes. Index terms: cybercrimes, cyber criminals, challenges, enforcement, economic losses. References: ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.04 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [1]. M. McGuire and Samantha Dowling, Cyber-crime: A review of the evidence Summary of key findings and implications Home Office, Research Report 75, Home Office, United Kingdom, October 2013. [2]. Electronic Communications and Trans-actions Amendment Bill, South Africa, 2012. [3]. Centre for Strategic and International Studies (CSIS): Net Losses - Estimating the global cost of cybercrime. Economic impact of cybercrime II, p.1, June 2014. [4]. J. Hawes, 2013 An Epic Year for data breaches with over 800 Million records lost, Naked Security, February 19, 2014. [5]. P. Paganini, Cost of cybercrimes, InfoSec Institute, 2013. [6]. C. Weiping, C. Wingyan, C. Hsinchun, and C. Shihchieh, An International Perspective on Fighting Cybercrime,ISI'03 Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics, 2003. [7]. Cybercrime (2015, May 18), [Online]. Available: www.ictparliamnet.org/ legislationlibrary/Cybercrime.html [8]. N. Cowdery, Emerging Trends in Cyber Crime, 13th Annual Conference - New Technologies in Crime and Prosecution: Challenges and Opportunities, International Association of Prosecutors, Singapore, 2008. [9]. Georgia Tech Information Security Centre, Emerging Cyber Threats Report for 2009, 2008. [10]. Cybersecurity Strategy (2015, May 19), [Online]. Available: https://ccdcoe.org/ sites/.../files/.../APEC-020823-CyberSecurityStrategy [11]. ITU Telecommunication Development Sector, Understanding Cybercrime: A Guide for Developing Countries, 2009. [12]. N. Cowdery, Emerging Trends in Cyber Crime, 13th Annual Conference – New Technologies in Crime and Prosecution: Challenges and Opportunities, International Association of Prosecutors, Singapore, 2008. [13]. Leflar, Jurisdiction and Conflict of Laws, pp. 223, 2010. [14]. U. Sieber, Memorandum On A European Penal Code, in Juris-tenzeitung, 1997. [15]. M.F. Miquelon-Weismann, The Convention on Cybercrime: A Harmonized International Penal Law: What Prospects for Procedural Due Process?, J Marshal J Computer & Info L, 2005. [16]. *** Criminal Code Law of Australia [17]. *** Computer Misuse Act 1990 Laws of United Kingdom [18]. *** Police and Justice Act 2006 Laws of United Kingdom [19]. *** Electronic Communications and Transactions Amendment Bill, 2012 South Africa [20]. *** Austrian Extradition and Legal Assistance Act [21]. *** Brazilian Constitution of 1988 [22]. *** Criminal procedure code of the Republic of Belarus [23]. *** Code of criminal procedure (legislative part), France [24]. *** Basic Law for the Federal Republic of Germany [25]. *** Law of Extradition Japan [26]. *** Charter of fundamental rights and freedoms [27]. *** Geneva Conventions ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.04 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [28]. *** The Convention Against Torture and Other Cruel, Inhuman or Degrading Treatment or The Convention for the Protection of Cultural Property in the Event [29]. of an Armed Conflict The U.N. Convention Against Corruption [30]. Alade v Alemuloke. (1988) 1 N. W. L. R. (pt. 69) 207 [31]. Cheng v Governor of Pentonville Prison (1973) A.C. 931, 945 H.L [32]. Madukolu & Ors. V Mkemdilim (1962) 1 All N. L. R. 587 [33]. Matter of Doherty, 599 F. Supp 270 (SDNY 1984) [34]. Oloba v. Akereja (1962) 1 All N. L. R. 587 [35]. Othman (Abu Qatada) v. United Kingdom 8139/09 (2012) ECHR 56 [36]. Quinn v Robinson 783 F.2d 776 (9th Cir. 1971) [37]. R v Governor of Brixton Prison, Ex Parte Schtraks (1964) AC 556, at 583 HL [38]. Re Ezeta, 62 F. 972, at 978 (ND Cal) [39]. Schtraks v Government of Israel (1964) AC 556, 582-584 [40]. Soering V. The United Kingdom (1989) EHRC UAC V Mc Foy (1962) AC 152 ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.04 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Identity Crime: Deliberating on Remedies for the Victim Eric HOLM Federation Business, Federation University Australia, Mount Helen, Australia [email protected] Abstract This paper explores the challenges faced by victims of identity crime following their victimization. It considers the impact of the crime on the victim and the many costs of the crime to them. The paper highlights the complicated pathways the victim faces to recovery and the aspects of reparation that fall short of supporting the many types of harm this crime causes victims. Lastly the paper postulates as to ways to avoid victimization and contemplates the issues pertaining to accuracy of data for the policy responses to identity crime. Index terms: identity theft, identification information, victims of identity theft, victims of identity fraud. References: [1]. K. P. Mueller. (2015, January 29). Bamboozled: Don’t let thieves snatch your tax refund [Online] Available: http://www.nj.com/business/index.ssf/2015/ 01/bamboozled_dont_let_thieves_snatch_your_tax_refund.html [2]. W. Goucher, “Being a cybercrime victim,” Computer Fraud & Security., vol. 2010, pp. 16-18. Jun. 2010. [3]. J. Benner, B. Givens and E. Mierzwinski, (2000, May 1). Nowhere to turn: Speak out on identity theft – A survey of Identity Theft Victims and Recommendations for Reform [Online]. Available: http://www.privacyrights.org/ar/idtheft2000.htm [4]. K. Turville, S.Firmin, J. Yearwood and C. Miller, “Understanding Victims of Identity Theft: A Grounded Theory Approach,” 5th Conference on Qualitative Research in Information Technology, Brisbane, Qld, 2010. p.3. [5]. G. R. Newman and M. M. McNally (2005). Identity Theft Literature Review [Online]. Available: https://www.ncjrs.gov/pdffiles1/nij/grants/210459.pdf [6]. M. Barnett, (2010), The Consumer Identity Theft Protection Manual [Online] Available: http://www.businessidtheft.org/Education/WhyBusinessIDTheft/tabid/ 85/Default.aspx [7]. R. Brody, “Phishing, Pharming and Identity theft,” Academy of Accounting and Financial Studies Journal., vol. 11, no. 3. p. 54, 2007. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [8]. K. Turville, and J. Yearwood, C. Miller, “Understanding Victims of Identity Theft: Preliminary Insights,” in Cybercrime and Trustworthy Computing Workshop.,Ballarat, Vic, 2010, p.67. [9]. C. Bunton, \"Corporate ID theft – is your company vulnerable?,\" Strategic Direction., vol. 21, no. 2, p. 4. Feb. 2005. [10]. M. Fullbright. (2014, March 3). Business Identity Theft [Online]. Available: http://www.slideshare.net/bluesme/business-credit-reports [11]. Equifax. (2015). A Lasting impact: The Emotional Toll of Identity Theft [Online] Available: http://www.equifax.com/assets/PSOL/15-9814_psol_emotionalToll_ wp.pdf [12]. T. Sharp, A. Shreve-Neiger, W. Fremouw, J. Kane, and S. Hutton, “Exploring the psychological and somatic impact of identity theft,” Journal of Forensic Science, vol. 49, no. 1, pp. 131-136, Jan. 2004. [13]. M J. Sirgy, D. Lee and J. Bae, “Developing a Measure of Internet Well-Being: Nomological (Predictive) Validation,” vol. 78. No. 2. pp. 205-249. Sep. 2006. [14]. E. Shoudt, “Comment: Identity Theft: Victims “Cry out” for Reform,” American University Law Review, vol. 52, no. 1, pp.339-392. Oct. 2002. [15]. TRW, Inc v Andrews, 534 U.S. 19, 24, 2001. [16]. H. Copes, K. Kerley, H. Rodney and J. Kane, “Differentiating identity theft: An exploratory study of victims using a national victimisation survey,” Journal of Criminal Justice., vol. 38, Sep. 2010, p. 1048, doi:10.1016/j.jcrimjus.2010.07.007. [17]. R. Clarke, “Privacy as a Means of Engendering Trust in Cyberspace Commerce,” University of New South Wales Law Journal., vol. 24, no. 1, pp. 290-297. Mar. 2001. [18]. M. J. Sirgy and D. Lee, “Macro Measures of Consumer Well-Being: A Critical Analysis and a Research Agenda,” in 29th Annual Macro Marketing Conference, Vancouver, British Columbia, 2004, p. 132. [19]. G. Goodrich, G. “Identity theft awareness in North Central West Virginia” Master’s thesis, Marshall University, Huntington, WV, 2003. [20]. H. Copes, K. Kerley, H. Rodney and J. Kane, “Differentiating identity theft: An exploratory study of victims using a national victimisation survey,” Journal of Criminal Justice., vol. 38, Sep. 2010, p. 1049, doi:10.1016/j.jcrimjus.2010.07.007. [21]. D. W. Yang and B. M. Hoffstadt, “Countering the cybercrime threat,” American Criminal Law Review., vol. 43, no. 2, pp. 201–215, 2006. [22]. W. Goucher, “Being a cybercrime victim,” Computer Fraud & Security., vol. 2010, p. 17. Jun. 2010. [23]. W. G. Skogan (1992. Contacts between Police and Public: Findings from the 1992 British Crime Survey [Online] Available: http://www.skogan.org/files/Contact_ Between_Police_Public_Hors_134.pdf [24]. P. L. Leoni, “Regulatory Practices and the Impossibility to Extract Truthful Risk Information,” International Journal of Business., vol.15, no. 3, p.271, 2010. [25]. Florida Legal Centre. (2000). Florida’s Identity Theft Victim Kit [Online] Available: http://myfloridalegal.com/idkitprintable.pdf ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [26]. Symantec. (2012, August 4). Norton Cybercrime Report: The Human Impact, Whom victims of cybercrime contact [Online]. Available: http://www.symantec.com/content/en/us/home_homeoffice/media/pdf/cybercrime _report/Norton_USA-Human%20Impact-A4_Aug4-2.pdf [27]. Australian Bureau of Statistics. (2012, April 18). Snapshot of Personal Fraud [Online] Available: http://www.abs.gov.au/ausstats/[email protected]/Lookup/65767D57E 11FC149CA2579E40012057F?opendocument [28]. C. DiGangi. (2013, December 31). These identity theft statistics are even scarier than you’d expect [Online] Available: http://www.dailyfinance.com/2013/12/31/ scariest-identity-theft-statistics/ [29]. C. Carcach. (1997, March) Reporting Crime to the Police [Online] Available: http://aic.gov.au/media_library/publications/tandi_pdf/tandi068.pdf [30]. J.Zhang, R. Berthier, W. Rhee, M. Bailey, P. Pal, F. Jahanian and W. H Saunders, “Safeguarding Academic Accounts and Resources with the University Credential Abuse Auditing System,” in International Conference on Dependable Systems and Networks., Boston, Massachusetts, 2012, p.7. [31]. K. Anderson, “Who Are the Victims of Identity Theft? The Effect of Demographics,” Journal of Public Policy & Marketing., vol. 25, 2006. [32]. E. Shoudt, “Comment: Identity Theft: Victims “Cry out” for Reform,” American University Law Review, vol. 52, no. 1, pp.358, 2002. [33]. Australian Law Reform Commission. (2008, August 12). You’re your Information: Australian Privacy Law and Practice (ALRC Report 108) [Online] Available: http://www.alrc.gov.au/publications/12.%20Identity%20Theft/what-identity-theft [34]. L. D. Roberts, D. Indermaur and C. Spiranovic, “Fear of Cyber-Identity Theft and Related Fraudulent Activity,” Psychiatry, Psychology and Law., vol. 20, no. 3, p.316. May, 2012. [35]. Identity Theft Resource Center. (2008). Identity Theft: The Aftermath 2008 [Online] Available: http://www.idtheftcenter.org/images/surveys_studies/ Aftermath2008.pdf. [36]. R. T. Mercuri, “Scoping identity theft,” Communications of the ACM, vol. 49, pp. 17-21, May 2006, doi=10.1145/1125944.1125961 [37]. L. Langton, M. Planty and US Department of Justice (2008, Dec.). Victims of Identity Theft, 2008 [Online] Available: http://bjs.ojp.usdoj.gov/content/ pub/pdf/vit08.pdf [38]. B. Wright, “Internet break-ins: new legal liability,” Computer Law & Security Review., vol. 20, no. 3, p. 171, 2004. [39]. E. Fuchs. (2013, December 13). Identity theft now costs far more than all other property crimes COMBINED [Online] Available: http://www.businessinsider.com .au/bureau-of-justice-statistics-identity-theft-report-2013-12 [40]. Australian Government, Attorney-General’s Department. (2014, October 21). Identity crime in Australia [Online] Available: https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Pages/Trends-in- Identity-Crime.aspx ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [41]. M. Perl, “It’s Not Always about the Money: Why the State Identity Theft Laws Fail to Adequately Address Criminal Record Identity Theft,” Journal of Criminal Law and Criminology, vol. 94, no. 1. Fall. 2003, pp.169-208. [42]. S. Hindujaa and J. Patchin, “Personal information of adolescents on the Internet: A quantitative content analysis of MySpace,” Journal of Adolescence, vol. 31, Jan. 2008, pp. 125-146, doi:10.1016/j.adolescence.2007.05.004. [43]. E. Holm, “Social Networking, the Catalyst for Identity Thefts in the Digital Society,” International Journal on Advances in Life Sciences, vol. 6, no. 3&4, Dec. 2014. pp. 157-163. [44]. H. Jelicic, D. Bobek, E. Phelps, and R. Lerner, “Using positive youth development to predict contribution and risk behaviors in early adolescence: Findings from the first two waves of the 4-H Study of Positive Youth Development,” International Journal of Behavioral Development, vol. 31, May. 2007, pp. 263–273, doi: 10.1177/0165025407076439. [45]. J. Huang, D. Jacobs, D. Derevensky, J. Gupta, R, and T. Paskus, “Gambling and health risk behaviors among US college student-athletes: Findings from a national study,” Journal of Adolescent Health., vol. 40, May. 2007, pp. 390-397, doi:10.1016/j.jadohealth.2006.11.146. [46]. H. Copes, K. Kerley, H. Rodney and J. Kane, “Differentiating identity theft: An exploratory study of victims using a national victimisation survey,” Journal of Criminal Justice., vol. 38, Sep. 2010, p. 1050, doi:10.1016/j.jcrimjus.2010.07.007. [47]. S. Livingstone and E. Helsper, “Parental mediation and children’s Internet use,” Journal of Broadcasting and Electronic Media., vol. 52, pp. 581–599, Dec. 2008, doi: 10.1080/08838150802437396. [48]. Elsevier, “Fraud complaints down, but still high,” Computer Fraud & Security., vol. 2011, no. 3, p.20 Apr. 2011, doi.org/10.1016/S1361-3723(11)70033-1. [49]. Parliamentary Joint Committee on the Australian Crime Commission. (2007) Inquiry into the Future Impact of Serious and Organized Crime on Australian society [Online] Available: http://www.aph.gov.au/Senate/Committee/acc_ctte/ completed_inquiries/2004-07/organised_crime/report/report.pdf [50]. Criminal Code Act 1995 (Cth) div 375.2(1)(a). [51]. Criminal Code Act 1995 (Cth) div 375.2(1)(b). [52]. Criminal Code Act 1995 (Cth) div 375.1. [53]. Pub. L. 110-326, title II, Sept. 26, 2008, 122 Stat. 3560. [54]. Victims of Crime. (2015). Victims of crime: compensation and counselling [Online] Available: http://victimsofcrime.com.au/. [55]. E. A. Fattah, “Victimology: Past, present and future,” Criminologie, vol.33, no.1, pp. 17–46, 2000, doi: 10.7202/004720ar. [56]. K. Turville, J. Yearwood and C.Miller, “Understanding Victims of Identity Theft: Preliminary Insights,” in Cybercrime and Trustworthy Computing Workshop.,Ballarat, Vic, 2010, p.63. [57]. T. Moore, R. Clayton and R. Anderson, “The Economics of Online Crime,” Journal of Economic Perspectives, vol. 23 no. 3, pp.3-20, Jun.2009. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [58]. United States Court of Appeals, Ninth Circuit. Adelaide ANDREWS, Plaintiff- Appellant, v. TRW INC., Defendant-Appellee. No. 98-56624. [59]. K. Turville, S.Firmin, J. Yearwood and C.Miller, “Understanding Victims of Identity Theft: A Grounded Theory Approach,” 5th Conference on Qualitative Research in Information Technology, Brisbane., Qld, 2010. p.5. [60]. W. Goucher, “Being a cybercrime victim,” Computer Fraud & Security., vol. 2010, p. 16. Jun. 2010. [61]. L. Roberts. (2008, October 6). Cyber-victimisation in Australia: extent, impact on individuals and responses [Online] Available: http://www.utas.edu.au/__data/ assets/pdf_file/0004/293773/Briefing_Paper_No_6.pdf [62]. A. Mefford, “Lex Informatica: Foundations of Law on the Internet,” Indiana Journal of Global Legal Studies., vol. 5, no. 1, p. 211. Fall. 1997. [63]. D.J. Svantesson, “The Relation between Public International Law and Private International Law in the Internet Context,” in Australasian Law Teachers Association Conference, Hamilton, New Zealand, 2005, p.160. [64]. J.A. Conser and G.D. Russell, Law enforcement in the United States, Aspen Gaithersburg, MD: Aspen Publishers 2000. [65]. R.S Groover, “Overcoming obstacles: preparing for computer-related crime,” FBI Law Enforcement Bulletin, vol.65, no 8, pp 8-10, Aug. 1996. [66]. D. B. Hollis, “An e-SOS for Cyberspace,” Harvard International Law Journal., vol. 52, no.2, p. 405. Summer, 2011. [67]. N. Archer, S. Sproule, Y. Yuan, K. Guo and J. Xiang, Identity Theft and Fraud Evaluating and Managing Risk. Ottawa, Canada: University of Ottawa Press, 2012, p. 107. [68]. R. Anderson, C. Barton C, R. Bohme, R. Clayton, M. J. van Eeten, M. Levi M, T. Moore and S. Savage, “Measuring the cost of cybercrime,” in Workshop on the Economics of Information Security., Berlin, Germany, 2012, pp.1-31, [Online] Available: http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf [69]. D. S. Wall, “Cybercrime, media and insecurity: The shaping of public perceptions of cybercrime,” International Review of Law, Computers and Technology., vol. 22, no. 1-2, pp. 45–63. Apr. 2008, doi:10.1080/13600860801924907. [70]. I. Bernik, “Cybercrime: The Cost of Investments into Protection,” Journal of Criminal Justice & Security., vol. 6, no. 2, p. 105. Feb. 2014. [71]. Australian Federal Police. (2015) Identity Crime [Online]. Available:http://www.afp.gov.au/policing/fraud/identity-crime#q7 [72]. Veda. (2013) What should I do if I think my identity has been stolen [Online] Available: https://www.veda.com.au/yourcreditandidentity/protect/what-should-i- do-if-i-think-my-identity-has-been-stolen [73]. Veda. (2013) What is identity theft? [Online] Available: https://www.veda.com.au/yourcreditandidentity/protect/what-is-identity-theft [74]. Veda. (2013) How can I check my credit history [Online] Available: https://www.veda.com.au/yourcreditandidentity/tips-mythbusters/faqs/how-can-i- check-my-credit-history ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [75]. I. Bernik, “Cybercrime: The Cost of Investments into Protection,” Journal of Criminal Justice & Security., vol. 6, no. 2, p. 111. Feb. 2014. [76]. P. Räsänen, A. Kouvo, “Linked or divided by the web? Internet and sociability in four European countries,” Information, Communication & Society, vol.10, no. 2, pp. 219–241. Apr. 2007, doi:10.1080/13691180701307461. [77]. D.B Weber, “The Cybernetic Sea: Australia’s Approach to the Wave of Cybercrime, QUT Law Review, Vol. 14, no.2. p.71. 2014. [78]. G.R. Newman, “Policy thoughts on “bounded rationality of identity thieves,” Criminology & Public Policy, vol. 8, no. 2. pp. 271–278. Jun. 2009, doi: 10.1111/j.1745-9133.2009.00562.x. [79]. W. Ahmad, “Is Credit Card Fraud a Real Crime? Does it really Cripple the E- Commerce Sector of E-Business?” in International Conference on Management of e-commerce and e-government, Jianxi, China Oct. 2008 p.367. [80]. A. Asllani, “Privacy Concerns in Higher Education: Traditional Versus Online Education,” International Journal of Computer Science and Information Security., vol.10, no.2, pp. 6- 9, 2012. [81]. I. Bernik, “Cybercrime: The Cost of Investments into Protection,” Journal of Criminal Justice & Security., vol. 6, no. 2, p. 113, 2014. [82]. E. Shoudt, “Comment: Identity Theft: Victims “Cry out” for Reform,” American University Law Review, vol. 52, no. 1, p.366, 2002. [83]. Australian Government. ACORN: Australian Cybercrime Online Reporting Network [Online] Available:http://www.acorn.gov.au/ [84]. Australian Government. (2013, August 20). National Plan to Combat Cybercrime [Online] Available: http://www.ag.gov.au/CrimeAndCorruption/Cybercrime/ Documents/National%20Plan%20to%20Combat%20Cybercrime.pdf [85]. Commission of the European Communities (1988, June 7). Green Paper on Copyright and the Challenge of Technology – Copyright Issues Requiring Immediate Action [Online] Available: http://aei.pitt.edu/1209/1/COM_ %2888%29_172_final.pdf [86]. Federal Trade Commission. (2014, September). A CAN-SPAM Informant Reward System: A Report to Congress [Online] Available: https://www.ftc.gov/reports/can- spam-informant-reward-system-federal-trade-commission-report-congress [87]. Austrac (2015). The document verification service and individual customer and beneficial owner [Online] Available: http://www.austrac.gov.au/document- verification-service-and-individual-customer-and-beneficial-owner-identification [88]. E. Holm, “Responding to identity crime on the Internet,” International Journal of Cyber-Security and Digital Forensics., vol. 1, no. 2, pp. 67-74. Jun. 2012. [89]. S. N. Bridgett, “Classifying Crime Victim Restitution: The Theoretical Arguments and Practical Consequences of Labelling Restitution as either a Criminal or Civil Law Concept,” Lewis & Clark Law Review, vol. 18, no. 3, p. 804. Oct. 2014. [90]. B.N. Shephard, “Classifying Crime Victim Restitution: The Theoretical Arguments and Practical Consequences of Labelling Restitution as either a Criminal or Civil Law Concept,” Lewis & Clark Law Review., vol. 18, no. 3, p. 826. 2014. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [91]. I. Bernik, “Cybercrime: The Cost of Investments into Protection,” Journal of Criminal Justice & Security., vol. 6, no. 2, p. 109. Feb. 2014. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.05 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Cybercrime Prevention in Online Transaction Using Biometric Access Control Chinedu J. NWOYE School of Science & Technology, National Open University of Nigeria, Enugu, Nigeria [email protected] Abstract Cybercrime is a recognized international problem that is a major security issue for anyone who manages, owns, uses or accesses computer systems linked to the internet. The yearly cybercrime cost in the United States is over 300 million and rising. The crucial security mission is access control to systems to keep out identity thieves. However, with the rise of identity theft it has become more difficult to prevent unauthorized access to information resources. Methods of positively verifying and authenticating people may mitigate the current identity theft crisis. The development of information technology in online transaction model provides efficiency for account holder to do online transaction. In this situation, technology plays important role in providing consumer identity protection. However, the cases of online transaction scams have been on the increase. Perpetrators access consumer’s account and do online transaction illegally. Identity theft is one of the fastest growing types of cybercrime. Using biometric such as fingerprint technology is very important to protect consumer identity during online transaction. This paper focuses on customer identity theft protection in online transaction through biometric technology application. The result shows that the biometrics technology can be applied in the cyberspace to authenticate genuine customers only. Index terms: authentication, biometric access control, cybercrime, fingerprint, identity theft, online-transaction References: [1]. C. Easttom and D.J. Taylor, “Computer Crime, Investigation and the Law,” in Course Technology. Boston, 2011, pp.3. [2]. T. Krone, High Tech Crime Brief. Australia: Australian Institute of Criminology, Canberra, 2005. [3]. J.M. Collins, Preventing Identity Theft in Your Business, How to Protect Your Business, Customers, and Employees, New Jersey: John Wiley & Sons, Inc. 2005, pp.5. [4]. N. Archer, Consumer identity theft prevention and identity fraud detection behaviours, Journal of Financial Crime, Vol. 19, 2011, Iss: 1 pp. 20 – 36. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.06 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [5]. A. Davidson, The Law of Electronic Commerce. Sydney, Cambridge University Press, 2009. [6]. Biometric are key for secure banking. [Online] Available: www. biometricupdate.com/201308/biometric-are-key-for-secure-banking [7]. D.I. Bainbridge, Introduction to Information Technology Law. England: Pearson Longman, sixth edition, 2008, pp. 504. [8]. K. Jain and F. Farrokhnia, Unsupervised Texture Segmentation Using Gabor Filters, Computer Journal of Pattern Recognition, vol. 24, no. 12, 1991, pp. 167- 186. [9]. M. Olalere, Automatic Offline Signature Verification System, Journal of Science, Technology and Mathematics Education, Vol. (7) 2, 2011, pp 100-108. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.06 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Infection Vectors - Risk Factors for Financial Transactions Mircea Constantin ŞCHEAU1, Liviu ARSENE2, Gerald DINCĂ3 1BCR, Romania, 2Bitdefender, Romania, 3ARB, Romania [email protected], [email protected], [email protected] Abstract With the proliferation of internet-enabled services and data availability, cyberattacks have become in the past decade. Relying on various techniques to either penetrate critical network infrastructures or deliver malicious payloads to unsuspecting victims, the main motivation behind most attacks is not just money but information. From banks to vendors and end users, the communication and transmission medium used for implementing safe transactions has become both complex and more prone to intrusions. Index terms: malware, infection vector, vulnerabilities, financial institution, browser Bibliography: [1]. Bitdefender, (2015, 09 July), Un nou val de mesaje ce conțin un virus bancar vizează clienții băncilor din România, [Online]. Available: http://www.bitdefender.ro/news/un-nou-val-de-mesaje-ce-contin-un-virus-bancar- vizeaza-clientii-bancilor-din-romania-3058.html [2]. Federal Bureau of Investigation, Financial Services Information Sharing and Analysis Center (FS-ISAC), Internet Crime Complaint Center (IC3), Fraud Alert - Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud, 2012, [Online]. Available: http://www.ic3.gov/ media/2012/FraudAlertFinancialInstitutionEmployeeCredentialsTargeted.pdf [3]. FISMA, Annual Report to Congress: Federal Information Security Management Act, 2013, [Online]. Available: https://www.whitehouse.gov/sites/default/files/ omb/assets/egov_docs/fy_2013_fisma_report_05.01.2014.pdf [4]. Kaspersky, (2015, February 18), Carbanak APT The Great Robbery, [Online]. Available: http://krebsonsecurity.com/wp-content/uploads/2015/02/Carbanak_ APT_eng.pdf [5]. Kaspersky, (2015, February 21), Carbanak APT The Great Bank Robbery, [Online]. Available: http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna- cdn.com/files/2015/02/ Carbanak_APT_eng.pdf ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.07 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [6]. Limburger, Bedrijfsspionage bij DSM via usb-sticks, 2012, [Online]. Available: http://www.limburger.nl/article/20120707/REGIONIEUWS01/120709723 [7]. NIST, Framework for Improving Critical Infrastructure Cybersecurity, 2014, [Online]. Available: http://www.nist.gov/cyberframework/ [8]. PCI Security Standards Council, Payment Card Industry (PCI) Data Security Standard, 2015, [Online]. Available: https://www.pcisecuritystandards.org/ documents/PCI_DSS_v3.pdf [9]. Ponemon Institute, The Challenge of Preventing Browser-Borne Malware, 2015, [Online]. Available: http://learn.spikes.com/rs/spikessecurity/images/Ponemon- Spikes-Report.pdf [10]. Radicati Group Inc, E-mail Statistics Report, 2015, [Online]. Available: http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report -2015-2019-Executive-Summary.pdf [11]. SANS, Security Spending and Preparedness in the Financial Sector: A SANS Survey, 2015, [Online]. Available: https://www.sans.org/reading-room/ whitepapers/analyst/security-spending-preparedness-financial-sector-survey- 36032 [12]. SANS, Critical Security Controls for Effective Cyber Defense, [Online]. Available: https://www.sans.org/critical-security-controls/ [13]. The Intercept, Secret Malware in European Union Attack Linked to U.S. and British Intelligence, 2014, [Online]. Available: https://firstlook.org/theintercept /2014/11/ 24/secret-regin-malware-belgacom-nsa-gchq/ [14]. Trend Micro Incorporated, Russian Underground 101, 2012, [Online]. Available: http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white- papers/wp-russian-underground-101.pdf [15]. Verizon, 2015 Data Breach Investigations Report, 2015, [Online]. Available: http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigation- report-2015_en_xg.pdf [16]. Wired, (2015, February 16), Suite of Sophisticated Nation-State Attack Tools Found With Connection to Stuxnet, [Online]. Available: http://www.wired.com/2015/02/ kapersky-discovers-equation-group/ [17]. Romanian National Computer Security Incident Response Team, Security Reports, [Online]. Available: http://www.cert.ro ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.07 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Cyber Laundering: Understanding the Trends and Typologies Muhammad Subtain RAZA Institute of Bankers, Pakistan [email protected] Abstract The advancement in ICT has revolutionized the products/services of both the financial and non-banking financial businesses. But cyber launderers are also exploiting the virtue of internet by laundering their illicit money. The main goal of this paper is to explain the trends and typologies involved in cyber laundering. It consists of four parts. The first part signifies the importance of ICT and definitions of money laundering & cyber laundering. The second part explains different internet based techniques generally adopted by cyber launderers. It is based on the information available from articles, papers, government reports and other sources. The third part highlights some cybercrime happenings. The last part suggests possible counter measures to combat cyber laundering. Index terms: cyber laundering, cybercrime, online payment References: [1]. Avira, Phishing Spam and Malware Statistics, 2011, [Online]. Available: http://techblog.avira.com/2011/03/12/phishing-spam-and-malware-statistics-for- february-2011/en/ [2]. Commtouch Reports, 2015 [Online]. Available: http://www.commtouch.com/ download/1679 [3]. ***, Cyber Laundering: The Risks to Online Banking and Ecommerce Companies, 2008. [4]. B.J. Koops, R. Leenes, Identity Theft, Identity Fraud and/or Identity-related Crime, 2015, [Online]. Available: http://www.fidis.net/fileadmin/fidis/publications/2006/ DuD09_2006_553.pdf [5]. Facebook Statistics, 2011, [Online]. Available: http://www.facebook.com/press/ info.php?statistics [6]. FATF Report, Virtual Currencies Key Definitions and Potential AML/CFT Risks, 2014. [7]. FATF-GAFI, Money Laundering Using New Payment Methods, 2010. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.08 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 [8]. W. Filipkowski, Cyber Laundering: An Analysis of Typology and Techniques, International Journal of Criminal Justice Sciences. Vol. 3 Issue 1 2008 3 (1) pp. 15–27. [9]. Money Mule, (2015, March), [Online]. Available: http://www. banksafeonline.org.uk/moneymule_explained.html [10]. Botnet Operations, (2015, March), [Online]. Available: http://www.v3.co.uk/ vnunet/news/2144375/botnet-operation-ruled-million [11]. M. Jacobson, Terrorist Financing and the Internet, Studies in Conflict & Terrorism, 33:4, 353 – 363, 2013. [12]. Journal of Money Laundering Control, 10(2), 140156, 2014. [13]. M 86 Security (White Paper), Cybercriminals Target Online Banking Customers, 2010. [14]. Microsoft Security Intelligence Report, Volume 9, 2010, [Online]. Available: http://www.microsoft.com/security/sir/ [15]. Money Laundering, International Conference, 2002, [Online]. Available: http://www.antimoneylaundering.ukf.net/papers/solicitor.html [16]. MONEYVAL, Criminal money flow on internet: methods, trends and multi- stakeholder counteraction, 2012. [17]. OECD, Malicious Software (Malware) – A security threat to the Internet Economy, 2007, [Online]. Available: http://www.oecd.org/dataoecd/53/34/40724457.pdf [18]. R. McCusker, Underground Banking: Legitimate Remittance Network or Money Laundering System?, Crime And Justice International 21(89), 4, 2005. [19]. Solicitor General Canada, Electronic Money Laundering: An Environmental Scan, 2008. [20]. Sophos Security Threat Report 2010, [Online]. Available: http://www.sophos.com/ security/topic/security-report-2010.html [21]. Security Trends, 2015, [Online]. Available: http://www.sonicwall.com/downloads/ SB_Security_Trends_US.pdf [22]. S.J. Weaver, Modern Day Money Laundering: Does the Solution Exist in An Expansive System of Monitoring & Record Keeping Regulations?, 24 Ann. Rev. Banking & Fin. L., pp. 443-444, 2005. [23]. V.M. Leong, Chasing dirty money: domestic and international measures against money laundering, 2007. ISSN: 2285-9225 DOI: 10.19107/IJISC.2015.02.08 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Interview with Ms. Daria CATALUI Ms. Daria CATALUI is currently dealing with Network and Information Security in Education, stakeholder management and outreach strategies @ENISA. Her work focuses on communicating towards the end user. Graduate in public policy from the University of Bucharest, further advanced academic qualifications in education: global education, virtual learning, youth studies; security: security studies, information security, data communication; trainer. Her professional background includes working with the EC and the CoE on youth and educational policies, social entrepreneurship and community development initiatives. During the past years she has been working and learning from skilled professionals @Chelgate consultancy @IER & ANPCDEFP public administrations @CTR & EYF volunteering. For current work you may consult www.cybersecuritymonth.eu and ENISA’s Education reports. 1. You are currently dealing with Network and Information Security in Education at The European Union Agency for Network and Information Security (ENISA). Can you tell us about the role of ENISA in education in the field of cybersecurity? Indeed, and thank you for the invitation to write about ENISA’s work in the International Journal of Information Security and Cybercrime. It is very important for us to reach a large audience with our work and now at the beginning of 2016 we may develop on many reports freshly published on our website, www.enisa.europa.eu. Education is an essential element since through our work we support in developing capabilities of technical teams and not only. At ENISA we deal with education in a lifelong learning context, encouraging professionals from different walks of life to update their skills in cybersecurity, Network and information security- NIS, data protection, incident handling, cloud computing, assessing the threat landscape and mitigation techniques. In this sense we develop a quiz that may be accessed here https://cybersecuritymonth.eu/references/quiz-demonstration/intro. 2. Do you think that cyber-security strategies should focus also on education as part of the overall strategy? As an European broker of best practices ENISA is promoting cybersecurity education as part of cyber-security strategies developed by different member states actors. Moreover, ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world on the website. This information is based on publicly available material, and consulting the documents one may see that education is already an integral part of many strategies. Interactive map here: https://www.enisa. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 europa.eu/activities/Resilience-and-CIIP/…/national-cyber-securi ty-strategies-in-the- world. 3. How do you see the role of academic environment in cybersecurity? Does ENISA have plans to involve university professors in scientific research projects? The academic stakeholders have an important role in developing the knowledge in NIS. With the help of the ENISA-NLO network we disseminate and consult many of them for our projects. In 2014 we have developed an interactive Education map where we list courses from different providers for a good overview of what happens in Europe in the sector. Interactive map here: https://cybersecuritymonth.eu/references/universi ties. 4. How important is Public Private Partnerships in information security education? Public Private Partnerships-PPPs in NIS are recommended to advance the approach “doing more, with less resources”. We published a report with recommendations in this sense that all point to the usefulness of PPPs. This report focuses on the brokerage of best practices between the public and private sectors aimed at all members of the Network and Information Security Education community in Europe. ENISA is committed to taking the lead in encouraging the exchange of NIS best practices and it follows a strong community-building process for NIS Education stakeholders. In this report we recommend reading the case studies with special attention to the methods used to build partnerships, the approach to working together and setting the right metrics. The case studies include: CISCO’s networking Academy dedicated to professionals; Cybersecurity education in Finland describing academic programmes from universities and the link to the national cybersecurity strategy; The US National Cyber Security alliance and their approach on working together for achieving common results; Trend Micro’s Internet Safety for Kids and Families Programme that shows the commitment towards community education; Intel’s training programme and their integrating approach on education. The recommendations mention: 1. EU and national policy makers should ensure that current education approaches are enhanced by a set of actions to improve cybersecurity know- how in the whole of society, and security should be incorporated as a supporting theme that plays throughout the computing curriculum; 2. Schools and institutes offering higher education should ensure that research and education programmes holistically integrate the perspectives of technology, information, and organizations, business and people; 3. Educators should consider deploying a blended learning model, which combines classroom instruction with online curricula, interactive tools, hands-on activities and online assessments to provide immediate feedback; 4. Find better ways of working directly with the community in creative ways, advocacy work and empowering the users; 5. Use as a case study the Finnish model of Triple Helix Cooperation: business, academia and public authorities. Overall stepping up the European and national effort on networks and information security education and training are the main priorities! More for the report here: ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 www.enisa.europa.eu/activities/stakeholder-relations/…/public-private-partnerships-in- network-and-information-security-education. 5. European Cyber Security Month is a project started by ENISA 3 years ago. Last year ENISA succeeded to involve 30 countries in this project, including Romania. How ENISA will support this project in the future? The European Cyber security Month is an EU advocacy campaign that promotes cyber security among citizens and advocates seeking to change the perception of cyber- threats by promoting education, sharing of good practices and competitions in data and information security. ENISA, the European Commission and partners from public private organizations deploy the campaign every October month. It has a dedicated website on www.cybersecuritymonth.eu. The engagement model that ENISA uses is depicted in the graphic below. It represents the stakeholders that are involved in the ECSM and the way the Agency implements the brokerage role. ENISA Engagement Model Indeed in 2014 we had 30 countries involved and in 2015 there were 32 countries, including active organizations from Romania that were supported by CERT-RO. For example the highlights that we can report are the following: In total there were 242 activities encoded in the official calendar from public and private stakeholders in 32 countries. The NIS Education Map registered an increase of courses registered, currently with 417 courses in 22 countries. The outreach on social media on the 1st of October alone, was 718,967 accounts reached. Number of visitors for www.cybersecuritymonth.eu peaked in October with 52,574 page views, with 71% corresponding to new visitors from all around Europe. Numerous trainings for multipliers and online calls for coordinators were supported by ENISA. The kick-off event had a global partnership organized in the presence of ITU Secretary General, general deployment with partners from the United States ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 (such as NCSAM and DHS), and coordinators from Member States, all supported by ENISA and European Commission DG Connect. ENISA is committed to continue in 2016 and 2017 supporting the European Cyber Security Month and will encourage the active involvement of member states organizations in the coordination and deployment. From the deployment of the 2015 edition, the following should be emphasized regarding outcomes: 1. Member States and EU partner countries are interested in working in partnership on cyber security education. The number of countries involved reached a stable dimension with a tendency for steady growth. With this edition the maturity level was successfully attained, furthermore there is work to be followed to increase the content distribution and content co- ownership between MS’ organizations with the support of ENISA. 2. The European Commission, other EU bodies such as EESC, Agencies continued to get involved and maintain their participation at high level. The campaign created a good environment for European but also international cooperation for cyber security PPPs. 3. The community building process around the campaign is an important win. The EC, MSs and ENISA may choose to further develop this aspect and extend its use to content distribution on cyber security education and more. The European Cyber Security Month had developed a model of engagement that makes possible a multi-stakeholder governance approach, main benefits being reaching to a large number of European citizens through numerous activities organized by stakeholders. ECSM will be further developed following its basic principles, namely: Support the multi-stakeholder governance approach; Encourage common public-private activities; Assess the impact of activities, optimizing and adapting to new challenges. It is about “Building together a joint EU advocacy campaign on Cyber Security topics!”. 6. Nowadays, many social networks and websites have implemented tracking techniques. How important is the awareness of the existence of the online tracking ecosystem? Users should be aware of it in order to take informed decisions. ENISA has published a study in the area of Privacy Enhancing Technologies for the protection of online privacy (online privacy tools) with two main objectives: a) to define the current level of information and guidance that is provided to the general public and b) to provide a proposal for an assessment model for online privacy tools that could bring more assurance in their use, supporting their wider adoption by internet and mobile users. More here: www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/priva cy-tools-for-the-general-public. Also another recommendation for the readers is the solution developed by CNIL in France “Cookieviz”, more here www.cnil.fr/vos- droits/vos-traces/les-cookies/telechargez-cookieviz/. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 ECSM by numbers 7. What solutions ENISA has for raising the awareness in cybersecurity field? How important is social media in this domain? Most important is the training material that ENISA developed (video herewww.enisa.europa.eu/activities/cert/media/multimedia/enisa-csirts-training), Euro pean Cyber Security Month and the information brief in all EU languages https://cybersecuritymonth.eu/press-campaign-toolbox/ecsm-material/tips-and-advice. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 We form communities of multipliers and work with them in order to disseminate the good practices and the new developments information in NIS. 8. Lately, the number of cyber-attacks has increased in Europe. How do you think these attacks will evolve next years? To reply to this question I will mention a flagship report that ENISA is publishing annually, namely “The Threat Landscape report” (www.enisa.europa.eu/media/press- releases/enisa-draws-the-cyber-threat-landscape-2014). In 2014, major changes were observed in top threats: an increased complexity of attacks, successful attacks on vital security functions of the internet, but also successful internationally coordinated operations of law enforcement and security vendors. Many of the changes in cyber threats can be attributed exactly to this coordination and the mobilization of the cyber community. However, the evidence indicates that the future cyber threat landscapes will maintain high dynamics. 2014 can be characterized as the year of data breach. The massive data breaches identified massive attacks to main security functions of the Internet, demonstrating how effectively cyber threat agents abuse security weaknesses of businesses and governments. Main lessons learnt of the ETL highlight that “sloppiness” with regards to cyber security – is the number one reason for breaches accounting for 50% of the cases. Additionally, a positive development was reflected in the increase of both the quality and the quantity of the collected information, resulting in better threat assessment and more detailed material for end-users. The Emerging Technology that will impact the Threat landscape are: Cyber Physical Systems (CPS), Mobile and Cloud computing, Trust Infrastructure, Big Data, and Internet of Things. CPS – has an important impact within the protection of Critical Infrastructure Protection – represents a distinct opportunity creating competitive advantages for European industry and research. Furthermore in 2015 (report www.enisa.europa.eu/activities/…/enisa-threat- landscape/etl2015) edition of the cyber-threat landscape features a number of unique observations, the main one being the smooth advancement of maturity. As a matter cyber-space stakeholders have gone through varying degrees of further maturity. While the friendly agents – the good guys – have demonstrated increased cooperation and orchestrated reaction to cyber-threats, hostile agents – the bad guys – have advanced their malicious tools with obfuscation, stealthiness and striking power. On the defenders’ side, improvements have been achieved in coordinated campaigns to disturb operations of malicious infrastructures, strengthen the legal/governmental cyber-defense framework and develop more efficient products. To understand the broader context the table below with comparative data 2014vs 2015 is handy. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Overview and Comparison of Cyber-Threat Landscape I would like to end by giving the reader the channels that we use for sending updates and useful information, below. I wish you all a secure 2016! Website: www.enisa.europa.eu Twitter: @ENISA_eu @CyberSecMonth Interview made by Ioan-Cosmin MIHAI Vice President of RAISA ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 REDHOST WEBHOSTING, RESELLER AND DOMAINS REGISTRATION Reasons to choose RedHost: 10 years of activity SSD hosting 99.9% guarantee uptime Free domains on customers name Backup R1Soft (10 days) Unlimited traffic LiteSpeed (server web Pro) 30 days refund guarantee E-mail: [email protected] Website: www.redhost.ro The main topics of the conference are: Advances in cybersecurity research; Systems vulnerability analysis; Cyber risks management; Cyber-attacks development; Methods of preventing and combating cybercrime. CyberCon Romania Conference aims to encourage the exchange of ideas about the evolution of cyberspace, information security challenges and identify new facets of the phenomenon of cybercrime. The event provides an appropriate framework for communication on newest results of scientific research in cybersecurity. E-mail: [email protected] Website: www.cybercon.ro ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 European Cooperation in Combating Cybercrime Conference Alexandru Dena CJS - Center for Criminal Justice and Security Studies CJS - Centre for Studies of Justice and Security organized the conference European Cooperation in Combating Cybercrime in collaboration with CRPE - Romanian Centre for European Policies, INM – National Institute of Magistracy, NIJ - National Institute of Justice Bulgaria and DIICOT - Directorate for Investi- gation Organized Crime and Terrorism, on 8 December 2016. The conference was attended by representatives of Europol, Eurojust, DIICOT - Directorate for Investigation Organized Crime and Terrorism, IGPR - General Inspectorate of Romanian Police, CERT-RO - Romanian National Computer Security Incident Response Team, Cyberint, Police Academy “A.I.Cuza” representatives of foreign embassies in Romania and private cybersecurity service providers. The conference, held at the Hotel Intercontinental, received speeches from Chief Prosecutor Direction Daniel Horodniceanu - DIICOT, Ms. Cristina Schulman, Vice Chairman, Convention Committee on Cybercrime (T-CY), Ms. Daniela Buruiană, Eurojust - National Member for Romania, Mr. Alexander Seger, head of the Office for Combating Cybercrime Council of Europe - CPROC, Mr. Florin Cosmoiu, head of the National Center CYBERINT, Mr. Raymond Ijsselstijn, Europol - EC3 - European ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Cybercrime Centre, Mr. Mircea Grigoraș, deputy director of CERT-RO, a s well as Mr. Cătălin Coșoi, Chief Strategist Bitdefender. During this conference was launched the European Judicial Cooperation Project in Combating Cybercrime, September 2015 – June 2016. The objective of this project, co-funded by the European Union, is to support the development of a European area of justice based on mutual trust and cooperation in order to foster a common judicial culture in Europe to combat cybercrime. To this end, a target group consisted of 60 judges and prosecutors from two member states - Romania and Bulgaria - will benefit from training in this area. Coordinators of the project are CRPE - Romanian Center for European Policies, SJC - Centre for Studies of Justice and Security, INM - National Institute of Magistracy, NIJ - National Institute of Justice Bulgaria and DIOCT - Directorate for Investigating Organized Crime and Terrorism. The conference addressed issues such as cybercrime and the European Agenda for Security, the role of European institutions on cooperation and good practices, strengthening cooperation between public and private cyber security agencies, concerns and case studies regarding judicial cooperation in cybersecurity: electronic evidence, child pornography, virtual currencies. CJS – Center for Justice and Security Studies is an association that aims to promote dialogue, facilitate international cooperation and exchange of experience in criminal justice and security, functioning as an interface between experts, public institutions and stakeholders (http://cjs-org.eu/). Images Source: www.cjs-org.eu WWW.IJISC.COM ISSN: 2285-9225
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 A Central European Public-Private Dialogue Platform Laurent CHRZANOVSKI Swiss Webacademy The 3rd Edition of the Macro-regional Public-Private dialogue platform took place as the precedent ones, in Sibiu. It has been organized by the NGO \"Swiss Webacademy\", in collaboration with \"Security Brokers International\" and \"Agora IT Media Group\". As the 2015 edition, it was designed and built with the ITU/D Cybersecurity dpt., which granted the event a technical assistance consisting in bringing to Sibiu eight renowned public or private analysts from abroad (CH, IT, UKR, MD, FR, FI, BG, UK). The ITU itself, as each year, was represented at the highest level, this time by Mr Marco Obiso. The Congress and its parallel initiatives were placed under the aegis and the partnership of the Romanian Intelligence Services (SRI), the Romanian National Police (IGPR) as well as the Swiss Embassy in Romania. The event was realized and promoted in the frame of the ITU's Regional Initiative EUR4 – Building Confidence and security in the use of telecommunications/ICTs, and has been promoted among others by the CERT-RO and the ENISA media and social network channels. The objective of the Macro-regional Public-Private dialogue platform, backed by the ITU/D within its Regional Initiative EUR4 – Building Confidence and security in ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 the use of telecommunications/ICTs is to provide an opportunity for high-level international dialogue between users (decision-makers from public and private sector), governments, regulators, vendor-neutral analysts, academia and ITsec companies. The Sibiu event offers an ideal and informal neutral platform which main success through the years is to provide the perfect atmosphere for knowledge-sharing and human networking focused on the most important cybersecurity issues. The congress itself lasted 2 days (September 24-25); the first day hosted a plenary session with large timeslots for key-speakers and the second day was dedicated to more in-depth topics dealt into two parallel tracks. 53 speakers addressed to 280 participants from state institutions and private sector, representing 17 countries. The day before the congress (September 23) was dedicated to raising awareness about cyber security issues in society, according to the needs of four major categories of audience. The whole day offered a free seminar to non-technical CEOs and decision- makers from public and private sector, while the 700 seats main hall of the Culture House hosted 3 big shows of two hours each, organized by Swiss Webacademy, the Romanian National Police (departments specialized in prevention) and the Bitdefender team: for the schoolchildren (8-12 y.o.) with their teachers, for college teenagers with their teachers (13-17 y.o.) and, at the end, an \"adult evening\" for all citizens with several VIPs of the congress invited as special guest-speakers. As a whole, the four trainings gathered 1'090 participants, which sets a new Romanian record of audience for this field. The day after the congress (September 26) was dedicated to a specialists-only closed-door half-day discussion between specialists. Its aim was to draw some conclusions of the congress mainstream issues but above all, to check in a very opened and friendly atmosphere all the positive and negative aspects of the 3rd edition itself: what was good, what could be made better and what has to be changed. Images Source: www.cybersecurity-romania.ro ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 BlackHat USA 2015 Ionuţ-Daniel BARBU University Politehnica of Bucharest, Romania BlackHat USA 2015 was a six-day event that took place in Las Vegas, Nevada, USA. Romanian Association for Information Security Assurance was represented by Ionuț Daniel Barbu. This 18th occurrence of the conference contains a series of both technical and non-technical talks on various aspects of Information Security. This international event targeted the information security enthusiasts at various experience levels from security analysts and engineers to consultants and executives. Among the over 100 hundred talks it is worth highlighting the presence of Charlie MILLER and Chris VALASEK discussing the Remote Exploitation of an Unaltered Passenger Vehicle. Apart from this, the conference included interesting talks and subjects on malware, honeypots, hashing, online banking, threat intelligence, big data, vulnerabilities, security of mobile applications, intrusion detection systems, social engineering and much more. Needless to say, there was a large vendor area with interesting proof of concepts from Qualys, Cisco, RSA, HP Enterprise Security, F5, Imperva, PaloAlto, LogRhythm, Bit9+Carbon Black, Websense, Lockheed Martin, FireEye, Tenable, CloudPassage etc. Images Source: www.blackhat.com ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 OWASP EEE Bucharest 2015 Cristian PASCARIU Electronic Arts Romania OWASP’s freedom from commercial pressures allows the organization to provide unbiased, practical, cost-effective information about application security. This information is delivered through various methods one of them being events such as OWASP EEE Bucharest 2015. This has been a one-day Security and Hacking Conference with the purpose of raising awareness about application security and to bring high – quality content provided by renowned professional within the European Region. The subjects discussed among the agenda were SCADA, IoT, attacking vs. defending, cyber intelligence, malicious actors, and of course application security. In fact, it was the event where the OWASP TOP 10 Workshop Bucharest project was initiated. This was a hands-on approach towards analyzing vulnerabilities, discovering SQL injections, Cross-Site Scripting, Cross-Site Request Forgery. The congress itself lasted 2 days (September 24-25); the first day hosted a plenary session with large timeslots for key-speakers and the second day was dedicated to more in-depth topics dealt into two parallel tracks. 53 speakers addressed to 280 participants from state institutions and private sector, representing 17 countries. Images Source: https://www.owasp.org/index.php/Romania ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 “Challenges and Strategies in Cybersecurity” Book Review Prof. Ioan C. BACIVAROV, PhD EUROQUALROM Laboratory, Faculty of Electronics, Telecommunications and Information Technology, University Politehnica of Bucharest, Romania President of RAISA - Romanian Association for Information Security Assurance The book “Challenges and strategies in cybersecurity” (authors: Ioan-Cosmin MIHAI, Gabriel PETRICĂ, Costel CIUCHI, and Laurențiu GIUREA) aims to present the concept of cybersecurity and to propose strategies and solutions to ensure it. Cyberspace, characterized by the absence of borders and anonymity, has besides the obvious benefits, a number of threats, difficult to identify and counter, that can target the critical infrastructures of a state. In the context of the risks present in the online environment, both at individual and governmental level, with cross-border manifestation, ensuring cybersecurity - part of national security - gains accentuated importance, constituting a real challenge for all stakeholders. The book “Challenges and strategies in cybersecurity” is divided into seven chapters. Chapter I presents the basic concepts and principles on cybersecurity, the threats and risks in the virtual space and the IT infrastructure vulnerabilities. Romania’s Cybersecurity Strategy is analyzed, and it is emphasized the importance of developing ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 cooperation between the public, private and academic environments for cyberspace security purposes. There are described the roles of National Cybersecurity System and CERT structures, both in the public and private sector. Chapter II includes the study of virtual cyber-attacks. Attacks are categorized by cybercriminals target and access level to the cyber infrastructures. Special attention is paid to cybercriminals profile analysis. Various methods are proposed for prevention and the fight against cybercrime. Chapter III theme is security risk management, it presents risks and threats to information systems and risk analysis is conducted in the terms of quality and quantity. In the end, there is a comparative study of OCTAVE and NIST SP 800-30 methodologies, dedicated to risk management. Chapter IV largely analyses the encryption mechanisms, the process of authentication, the secure communication channels and virtual private networks. Chapter V addresses the practical aspects of the creation and use of digital certificates for signing and / or securing documents and communications. There are presented securing techniques for documents created within Microsoft Office productivity suite, PDF files, and messages sent by electronic mail. The last part of the chapter presents aspects related to securing websites and digital certificates installed on Web servers. Chapter VI presents digital rights management modes for different types of multimedia information: audio, video and eBooks. The end of this chapter provides digital rights management techniques on documents, ways to control or limit the access of users or groups of users to those documents. Chapter VII presents the structure of the information platform hosted on securitatea-cibernetica.ro. This portal aims to promote the scientific research results in the field of cybersecurity. The last chapter presents conclusions on threats specific to virtual environment and the importance of cooperation between the public, private and academic system to ensure the cybersecurity. Scientific research carried out for the realization of this book was made possible with support from RAISA - Romanian Association for Information Security Assurance. In terms of research methodology, both qualitative and quantitative methods were used. The methods used in qualitative research were participant observation, interviews, case studies, comparative studies and analysis of relevant bibliography. Quantitative research aimed to verify theories which were obtained through qualitative research methods, and used as methods experiments and surveys conducted on securitatea-cibernetica.ro platform. ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Author Guidelines As an author, you are kindly advised to follow the next instructions. Reading and understanding the requirements before submittal would ensure adherence to IJISC standards and would facilitate acceptance by the scientific reviewers. 1. Papers must be submitted in English, French or Romanian having an even number of pages (maximum 12 pages). At least 50% of the last page should be occupied by text. 2. For papers writing it is recommended the use the text processor Microsoft Word and one of the template models (found on www.ijisc.com/author- guidelines/). We will do the final formatting and all necessary format conversions of your paper. 3. The papers will be submitted using our online interface: www.ijisc.com/ paper-submission/. Please do not send your papers by e-mail! 4. The papers will be reviewed by two scientific reviewers, well-known in their domains of activity. Usually, it takes 1 to 3 months between the moment you finished your submission and a response is given by scientific reviewers. 5. The papers will be send back to the authors for corrections if: 1. The figures, pictures or tables are not contained in the text; 2. The reviewers require modifications or supplementary information. 6. The papers will be rejected if their scientific content is not adequate, if they don’t contain original elements and if they are not properly written in English, French or Romanian. 7. The bibliography must show the authors adequate documentation. At least 7-10 quality references should be cited. Citation standard is IEEE. Please read: www.ieee.org/documents/ieeecitationref.pdf 8. The whole responsibility for the calculation exactitude, experimental data, scientific affirmation and paper translation belongs to the authors. 9. The authors will declare on their own responsibility that the article or parts of it were not published before in others journals. 10. It is mandatory that the authors respect the Copyright Laws. An IJISC Copyright Form will have to accompany your submission. The signed copyright form has to be scanned and uploaded by using the online interface on the website. More information: www.ijisc.com/author-guidelines/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Review Policy The submitted papers are subject of a double blinded peer review process, in order to select for publishing the articles meeting the highest possible standards. IJISC reviewers are experts in the field of information security and cybercrime from academic police structures and university departments. In the reviewing process, the reviewers’ identities are not disclosed to the authors, nor are the authors’ identities disclosed to the reviewers. When a manuscript is submitted to IJISC, it is initially sent to Editorial Board for the primary evaluation in order to determine whether or not the paper fits the scope of the Journal. If the Editorial Board accept it, the paper then enters a blind reviewing process. In the reviewing process, the Editor-in-Chief sends the manuscript to two experts in the field, without the name of authors. The reviewers will consider the following evaluation criteria: The subject relevancy in the area of the journal topics; The quality of the scientific content; The accuracy of data, statistics and facts; The reasonable conclusions supported by the data; The correct use of the bibliographic references. After evaluation process, the reviewers must include observations and suggestions for papers improvement that are sent to the authors, without the names of the reviewers. Referees’ evaluations usually include an explicit recommendation of what to do with the paper. Most recommendations are along the lines of the following: To accept it; To accept it in the event that its authors improve it in certain ways; To reject it, but encourage revision and invite resubmission; To reject it. If the decisions of the two reviewers are not the same (accept/reject), the paper is sent to a third reviewer. If the suggestions of reviewers for improving the paper are rejected by the author, the chief editor invites the author to reply to reviewers with the respect of anonymity. Observing the dialog, the chief editor may send the paper to additional reviewers. The final decision for publication is done by the Editor-in-Chief based on the examination of reviewers and the scope of the Journal. The Editor-in-Chief is responsible for the quality and selection of manuscripts chosen to be published and the authors are always responsible for the content of each article. More information: www.ijisc.com/review-policy/ ISSN: 2285-9225 WWW.IJISC.COM
International Journal of Information Security and Cybercrime Vol. 4 Issue 2/2015 Romanian Association for Information Security Assurance RAISA - Romanian Association for Information Security Assurance is a professional, non-governmental, non-partisan political, nonprofit and public benefit association. RAISA AIM The aim of Romanian Association for Information Security Assurance is promoting and supporting information security activities in compliance with applicable laws. RAISA VISION The vision of the Association is to promote research and education in information security field and to contribute to the creation and dissemination of knowledge and technology in this domain. RAISA has a strong representation at the national level, bringing together professors and researchers from top universities and Romanian institutions, PhD, Master’s and license students, as well as companies in the IT segment. RAISA OBJECTIVES To achieve the stated purpose, Romanian Association for Information Security Assurance proposes the following objectives: Collaboration with the academic community from Romania or abroad in order to organize conferences, scientific seminars and workshops for presenting the development and implementation of effective measures to improve information security; Collaboration with research centers, associations and companies from Romania or abroad, to organize informative events in information technology security field; To perform specific programs for education and training of personnel involved in electronic information management (data processing, storage, security); To ensure the dissemination of notice relating to existing vulnerabilities and nationally and internationally newly identified threats; to provide solutions for data restoration and policies to prevent and combat incidents based on the information provided by suppliers of software solutions; To publish scientific journals for university staff, PhD students or Master's students, researchers, students and other professional categories in the field of information security and cybercrime; To grant awards, scholarships or sponsorships to people with outstanding merits in the field of information security. Website: www.raisa.org ISSN: 2285-9225 WWW.IJISC.COM
Search
