Cybercrime & forensics

Earlier this week, myself and Tony (our lead developer) attended a talk at MMU Business School. The subject of the talk, Cybercrime & Forensics, presented by Denis Edgar-Nevill.

Denis summed up Cybercrime Forensics with a well-known anecdote:

If you can keep your head, when all around you are losing theirs, you don’t understand the situation.

For those unaware of the field, “Cybercrime Forensics is a continuously evolving discipline that addresses the increasing use of computer technology in criminal activity” (Source: Canterbury Christ Church University).

Zero-day vulnerabilities

During the talk Denis covered many topics, among which were ‘Zero-day vulnerabilities’. These are a type of subversion technique or exploit which has previously been unknown, i.e there are zero days between the vulnerability being made public and the first attack using said vulnerability.

It is widely accepted zero-day vulnerabilities are discovered and kept in a malicious individuals/groups arsenal of tools until such time the vulnerability can prove useful to them, knowing they have the upper-hand against those securing systems.

Unfortunately protecting against vulnerabilities that you were unaware of can be extremely difficult. However by continuous research and a working knowledge of previous exploits, security expert’s can improve their chances of keeping systems secure.

Here at Delineo we have a CPD programme in which one of my main areas of CPD work is to be on top of current threats and ways to thwart such security issues.

Dimensions of Cybercrime

For brevity let’s assume there are 3 dimensions to Cybercrime, which are the following:

  • Cybercrime Forensic Techniques and Skills
  • Practical Implementation
  • History of Cybercrime

These 3 dimensions bring together a wide array of distinct disciplines such as: computing, law, psychology, informatics, business and forensics. Due to the field bringing together such a range of diversity you need to be able to utilise each discipline and its application to your situation.

For example, you may have a hard-drive which contains inappropriate material, as a police expert in forensics, you begin examining the drive from top to bottom but cannot find anything because you were looking in the wrong type of place, your colleague who is also investigating the same case remembers the suspect has a safe in their home, under their stairs. Following this same trail of thought they begin to search for files beneath the surface, tucked away in commonly used but hidden places on the drive, hey presto you discover the evidence needed. By psychological assessment of a suspect you can effectively narrow your search and hone in on their personality traits for how they may have hidden data.

Examples of Cybercrime

Some examples of cybercrime and how it can merge with the physical world are below. These examples are real crimes which have happened and continue to be prevalent:

Car parks are increasingly using ANPR(Automatic Number Plate Recognition) cameras. Criminals have latched onto this idea and in the Midlands regional police forces noticed a technique where fake parking fine notices would be left on cars. These notices would claim that the car had overstayed it’s welcome and to visit the web address on the parking fine notice. This URL takes the victims to a website which triggered a virus download and infected the individuals machine. This crime uses the persons anger against them. Remember official documentation cannot always be taken at face value. Always try to verify a demand for money in several ways.

iTunes downloads for music along with other digital media are incredibly popular. Although other vendors offer online music downloads, Apple iTunes was the target for this crime. A criminal gang would buy a multitude of stolen credit cards and then proceed to download a track they had placed on iTunes. Why you ask, well to launder stolen money. By earning commission on the sale, money is then laundered through Apple Inc into the criminals accounts, with credit card companies and Apple losing out.

Tackling Cybercrime

In the UK there are various agencies, units and forces which deal with and process investigations into Cybercrime, they include:

If you have been a victim of Cybercrime please do report it to your local police station.