 This week we're talking about the international nature of cybercrime. In past weeks you've learned about different types of cybercrime and how they worked, how criminals used technology to commit crime. This week we're talking about how criminals connect or work with different countries or criminals around the world to be able to commit crime. So, in this lesson so far I think you've seen that cybercrime is global. Computers all over the world can connect to each other very easily, very quickly, and criminals are using that to be able to commit crime at a global scale. So, in this case whenever we're using technology even domestic crimes tend to have some sort of international component. So if I'm committing a crime in the country that I'm resident in and the victim is also resident in that country we tend to see that services outside of that country are also used in the committing of that crime. So consider for example email chat servers hosted in another country. The victim and the criminal might be in the same country but they've used an email service for example in the US or in another country. Botnets especially, I believe we've talked about botnets already. Botnets essentially take over computers from many different countries and then remote control all of those computers for one specific task normally. In that case there might be hundreds of countries involved in that cybercrime are part of that botnet. The other aspect of cybercrime being global is that everything is real time. With technology we have instantaneous communications. Think about Facebook or Twitter. We can communicate with our friends anywhere in the world in real time. Cyber criminals also take advantage of that and connect to other criminal networks or their victims or whoever they want to connect to other services anywhere in the world also in real time. This makes it especially difficult for law enforcement because one criminal based in one jurisdiction could be accessing many different jurisdictions and committing crimes in real time for long periods of time before they're detected and before we can actually respond. Another big issue with cybercrime internationally speaking is anonymity. For example positive attribution is extremely difficult with international crime or cybercrime in general. Trying to attribute some action to a specific actor becomes very very hard whenever you're connecting or anyone in the world that's connected to the internet could be making that connection. Part of the reason is the way that the internet is set up is completely distributed. We're not really sure who is connecting to us at all times. That makes it very difficult for investigations because even if we get an IP address we can't always attribute it to the person doing the action. To talk a little bit more about networking and IP addresses think about your local area network. Something in your house for example you might have a router and you might have a couple home computers or phones connected to that router. They can all talk to each other even if you don't have the internet. They can connect through this home wireless router and still communicate with each other. That also means that if someone else got on your home network they could also connect to your devices and attack them or network with them or whatever they want to do. So these local area networks are things like homes, schools, businesses all tend to have their own local area networks and then they connect to the internet and that connects them to other local area networks. These other local area networks could be anywhere else in the world. Then we have national services which are basically government services that are provided only nationally or national service providers. So our ISPs in the country they are running national networks and they control the communications essentially between local area networks and national scale in the country. Then we have global services and that's where basically IP version 4, IP version 6 addressing as long as a computer in any other country as long as there's some sort of physical connection between them in some way and there's an addressing system to be able to connect to them then we can connect to that computer globally. Now these global services they aren't... they are regulated by some organizations they try to do things like standardization but there's no one government overseeing the way that these things act essentially just the way that they communicate. So what we have is computers or devices all over the world with an assigned address that anyone can connect to and that can connect to basically anyone on the internet and we don't necessarily know who's behind that or what's behind that. We might not even necessarily be able to place where that's located because like we've talked about before they could go through other computers to do their communication. There's also somewhat a disconnect between domain names and IP addresses. So for example if you type in www.halim.ac.kr AC.kr looks like it's going to be a university in Korea. However that domain name could point to any IP address in the world. It might not necessarily be pointing to Korea it could be pointing to the US or Russia or wherever else and humans use these domain names to connect to resources online but that doesn't necessarily mean that they're in the country that we think they are and all of these have implications for the way that cyber criminals actually conduct or commit cyber crimes. So talking about some types of cyber crimes that are extremely common going into the international aspects a little bit more than we have before. First off basic fraud. Whenever we're talking about basic fraud especially in Korea these frauds are usually very very simple like online auction fraud where I want to buy something so I send the money to you but you never send me the product. This is in Korea at least considered a cyber crime because it was committed mostly online especially with bank transfers and things like that but I didn't receive my package so it's considered fraudulent. In these types of cases they're usually moderate to low in organization it's usually maybe one or two people they're not extremely organized they're stealing small amounts of money but it still affects a lot of people because you can do it very very quickly and even though it's small amounts of money make a lot of money relatively quickly so law enforcement in Korea focus on these kind of small frauds quite a bit in other countries not so much especially if the amounts are low and we'll talk about that in a second they're very often domestic so in this case the criminal and the victim tend to be in the same country for smaller frauds both the victim and attacker are likely in the same country and some components may still be international so even if the suspect and the victim are both in the same country they might be using Gmail which may be hosted in the US but in that case we still have an international component if we want to actually investigate that case using email most of the time because of the difficulties in international cooperation or the time that it takes to request and receive these emails from other countries we tend to save those for the last if we can't find any other information then we'll go for for example emails from other countries more on an international scale so small frauds for example basic fraud you might have a couple servers or email servers located in other countries but for advanced fraud you're talking a lot of different countries involved and a lot of different services involved from many different places in these cases advanced fraud there's a more complicated setup there's usually a lot more organization a lot more initial investment in infrastructure and setup costs advanced frauds and a lot more planning that goes into it so higher level of organization we're looking at fraud groups now we're looking potentially at organized criminals rather than just one or two people by themselves and more often international targeting so these organized groups because they have presumably a few more resources and a little bit more knowledge they can also target internationally a little bit more effectively that's not in the victims jurisdiction they're in basically two different countries and you might have infrastructure technology being used in other countries as well so this very quickly becomes a huge challenge for law enforcement because the two countries if they want to solve this crime where the victim is and where the criminal is they have to work together and there might be several countries in the middle of that as well so cyber crime becomes very easy to be international almost everything we do normally goes outside of the jurisdiction of our local police which means most types of cyber crime even if they have an international component it just makes it very very difficult for these countries to start to communicate and work together so aside from frauds we also have botnets there's lots of different ways a user might be joined to a botnet I won't go into the technical details but just think about the international implications of that if I release for example a virus that attacks windows 10 that virus could potentially infect millions of computers all around the world in that case if I'm located for example in Korea and I control a botnet that has potentially hundreds of other countries involved in it how should an investigator or a victim in some country complain to their local police officers and how would those police actually investigate me it becomes very very difficult to essentially trace back to the actual suspect when we're dealing with large scale botnets again botnets probably also run by at least an organized criminal or kind of a criminal providing a service usually we want to create usually criminals want to create botnets for things like distributed denial of service for things like spamming sending spam emails where they would make money off of sniffing network traffic so if your computer is infected the criminal might want to steal your network traffic and sell the information that they get from that key logging same thing spreading new malware so they could potentially take over your computer and use your computer to send viruses or other things to other people's computers as well ad manipulation so they might use the botnet to make your computer look like it's clicking on an ad and then they make the money off of that ad click manipulating online polls so recently there's been quite a few cases where people have tried to use botnets to manipulate online voting systems for presidential elections or whatever in several different countries and of course identity theft so again taking the information from that computer and getting the identity of that user and usually selling it online again that could potentially involve millions of people all over the world so for example if the criminal was in Korea and I was attacking or the person who had their computer infected by the botnet was in the UK how does that person in the UK go about making a claim they would have to go to their local police their local police would have to open a case and then investigate this whole botnet to try to bring it back to Korea and then the UK police would have to work with Korea to apprehend the suspect it's a very long very very difficult process but for the criminal side it's relatively easy something else I've worked on before are chip and pin card skimmers so this is for example whenever you're going to a pay system at a supermarket or whatever and you use your chip and pin card you have to put your card in and then put in your pin number to do the transaction people are creating chip and pin card skimmers where whenever you put in your card there's essentially a computer inside of it listening for your card information whenever you put your pin number in it takes all of that information and sends it to a server somewhere so what this looks like in terms of international cooperation is one criminal might have an idea or they might design this chip and pin card skimmer they are based in let's say country A they might hire a group in country B to actually develop or actually produce the card skimmer so we have country A who designed it we have country A country B who is actually creating the skimming device and maybe country B hires another country another group in country C to actually place the skimmers around grocery stores or whatever the issue here is obvious we have multiple countries involved the actual mastermind let's say is in country A and that's basically the person that we really want to stop however it's most likely the people in country C that will get arrested because we can see them doing something illegal it takes a lot of cooperation and a lot of communication for the countries to actually work together to find out who the person in country A is and actually make the police officers in all the countries cooperate with each other so this is very very easy to do actually it's very easy to talk to somebody else and say hey I have this idea you pay me for the idea and then you can take it but it's very difficult for police then to go from the committing of the crime in one country and tracing it all the way back through basically the design process to find the originator of the idea that becomes very very difficult so when talking about the international nature of cyber crime basically we're talking about communication and anonymity technology makes global communication and coordination much much easier so with technology now criminals can communicate in real time very easily and share information about what they want to do, make plans very very quickly law enforcement or governments on the other hand have to go through formal processes they each have their own jurisdiction their own national legislation and for those countries to work together it becomes very very bureaucratic and difficult to do so we have one group that's very dynamic can change very quickly can make new ideas really quickly and the police or law enforcement who are trying to stop them that have this kind of slow process to go through but that process also ensures that they're going through a process and hopefully ensuring justice is served so the motivations of actors finally first off normally criminal interactions almost always involve some sort of money motivator so money, criminals, small to large sums, drive efficient global collaboration groups will get together and work with each other even if they don't like each other because they know that they're going to make a lot of money either there's one large compromise, one large crime that they might commit to get a bunch of money at one time and then divide it they work together very efficiently to steal very small amounts of money from lots of different places which adds up very quickly law enforcement on the other hand to investigate those crimes also costs money so it's very difficult for law enforcement to be able to investigate for example someone stealing one dollar if you steal one dollar from one victim we can't really open a case because even just the police officer listening you talking about your one dollar costs the government or the state more than one dollar just for listening services so police tend to focus on large sums that make the investigation worth it which means these kind of one dollar or twenty dollars or less or sometimes even three hundred dollars or less cases don't usually first off get reported and second don't get investigated very effectively because it's too expensive to do those investigations in Korea that's a little bit different because Korea has a lot of cyber crime investigators they have at least the ability to put the manpower there to investigate these smaller cases a little bit more effectively than many other countries and politics so first off governments are mostly of course influenced by their national but also international politics so if two countries are not getting politically along very well then they also won't be able to investigate with each other very well usually so politics really dictates what we can investigate and what countries can cooperate with each other whereas criminals you might have some politics between criminal organizations but whenever it comes again to money they usually set politics aside pretty well so they can both make money kind of like businesses the exceptions to those of course are cyber warfare and hacktivism related things where we're looking more for either government sponsored attacks or kind of these activists essentially that are doing it for their cause so whenever we're talking about international nature of cyber crime just know that everything is real time and very difficult for us to track down where the criminals are and actually attribute who they are effectively we'll talk a little bit more about that in the next presentation