DFS101: 1.2 Intro to Cybercrime and Networks

[upbeat music] Welcome back everyone. I wanted to start this course off by just giving a brief overview of what exactly is cybercrime. So before we actually start investigating digital crime or cyber crime, we need to have a good idea of what cybercrime actually is.

So whenever we start talking about what cybercrime is, in 2017, the definition of cybercrime will greatly vary depending on which country you're in, which jurisdiction you're in, how your country's culture thinks about computers and how they use computers. So whenever we're talking about definitions, definitions really matter on your jurisdiction and how your government sees computers and sees computer crime. So I’m gonna give some very basic general definitions that I think most people can agree on, but everything really depends on your country and your culture, how your culture uses the Internet and treats cybercrime.

So first off what is cybercrime? We can say that cybercrime is crime conducted via the Internet or some computer network. Now most cyber crime happens online because you just have massive amounts of computers connected together, and they can communicate with each other real-time.

That means that anyone in any other Internet connected place can connect to and communicate with computers in your country or your jurisdiction. Whenever we’re talking about cybercrime there's usually a focus on the connection between systems. So we have two systems, two or more systems talking together and again all of this can be done in real-time.

So imagine you might be connecting this K-MOOC or you might be connecting to Facebook. Well, where is the K Mooc server located? Probably located in Korea.

So if you're taking this course outside of Korea, you're actually connecting into another country to be able to download these videos. If you're connecting from within Korea, then you're connecting maybe to another city or another location to be able to download this content. If you think about Facebook, Facebook is hosted in the United States with servers all over the world, and you are connecting to those other countries or those other jurisdictions in real-time.

I mean as fast as you want, you can basically connect them. So we focus on, whenever talking about cyber crimes, connections between systems. and there's usually or almost always some type of connection going on between these two systems.

Very often these connections are global. Just like K-MOOC, just like Facebook, you're going to be connecting to, most of the time, another country. Your traffic will go through another country even if you're me making a connection that might even be local.

There's always some sort of global connections, and will talk more about what globalization means or what these connecting to other countries means in terms of cybercrime in a later video. Cybercrime, we're dealing with some type of connection. Okay?

Now it's a little bit different than computer crime. Because with cybercrime, we’re focused mostly on the connections. With computer crime, we’re focused on the computer as either a tool or a victim.

Now whenever the computer is a victim of cyber crime, or of a digital crime, most likely it's because somebody connected in from the Internet or some other network, connected to it and made it a victim either by stealing a database or just stealing information but those computers could also be used as tools in cybercrime. So if I can take over your computer, for example, if I just sit down at your computer, use that computer to try to hack into a bank, then I have taken over your computer to commit crime. So I’m using your computer as a tool in crime.

So with cybercrime, again we're focusing mostly on connections between systems. With computer crime, we’re focused on the system. Investigating the system itself.

So the computer, the phone, possibly the cloud even though it's a kind of a mix between cybercrime and computer crime. Now this all brings us to network connections. So how do these computers actually talk to each other?

We don't have time to go into all of how the Internet networks work, I wish we did, but very basically, devices talk to each other over the Internet using TCP/IP protocol. You can think of a protocol just like a language. So if two computers want to talk to each other, they have to speak the same language to be able to communicate and pass information.

And the protocol that we use for the Internet is TCP IP. Each computer using TCP/IP needs a unique Internet protocol address or an IP address to talk to other computers online. This IP address, you can think of kind of like a phone number.

If you have a cell phone, you have your individual phone number for your cell phone, your friend has their unique phone number, and if you dial that phone number, you get your friend or you get your phone. A computer also has this unique number that’s used to communicate with it. So if I want to talk to your computer.

I just need to know your IP address and I can connect to your computer more or less directly. The local Internet service provider provides IP addresses to these users. Your Internet service provider, for example in Korea it would be like SK telecom, Olleh, any of the big service providers where you would get Internet for your phone, most of the cases, you can also get Internet at your house from the same providers, they, those companies are providing an IP address to you.

a public IP address to you. And that's what lets you get online. Now, in your home you probably have some sort of Wi-Fi access point.

And maybe even the company gave it to you whenever you signed up for Internet. That Wi-Fi access point is getting a public IP address from the company, the service provider, and all of your devices can connect to your own local network. Now there's a difference between public IP address and the private IP address which is on your local network.

We’ll talk a little bit more about the different IP addresses in the future. Connection. so when a device is put online, anyone in the world can connect to that IP address.

So once you connect your computer to the Internet, everyone that's also connected to the Internet can connect to your computer. And a lot of people don't realize that. So your home router, anyone can potentially find that IP address and try to make connections to your house or to your smart TV or your smart computer, or whatever devices you have online.

The device's security settings determine how the device responds to different connections. So if I connected to your TV and I tell it to change the channel or to turn on the camera or whatever, if your TV is not configured securely and it allows those connections from the Internet in, then I might actually be able to connect to your TV and turn on your camera on the TV. So that's actually a big problem right now.

Programs running on your computer can open holes. So think of the connection kind of like a wall. And every program we run on the computer can potentially open up a different part of the wall.

For a example, smart TVs for example. Whenever they want to connect to the Internet, they might open up some different holes on your, on this wall, that can let connections come in and out. And that can make your entire network a little bit less secure, because of those default settings that most people don't change, there's a lot of security risk in people trying to connect in.

So if I can randomly scan your home, I can find all of the open holes in the wall and then try to make connections to them. Attackers can use these holes to try to gain full access inside your computer or inside your local network. If they can connect into you, then they can take advantage of software vulnerabilities or bad configuration or no security and take over your internal network.

And then either use your computer to do something bad or just steal your information. Keeping software updated really helps to close vulnerabilities. So most people don't really update windows very often.

they almost never update their wireless router, they don't usually updates much software. But if you keep the latest or the most updated software on your computers, that helps in reducing most of the security vulnerabilities that you're likely to find. Not everything.

you can't reduce all vulnerability. You can't remove all vulnerabilities, but you can definitely reduce them by keeping your software up-to-date. That includes your phone.

So make sure your phone always has the latest software installed. Cybercrime comes in many forms. We’re talking about making connections, and these always connected networks really help to really help cybercrime work because these connections can be made cybercrime comes in many forms.

The majority of cybercrime is financially motivated in some way. Anyone who's doing cybercrime, that's doing it let’s say full time or as a profession is trying to make money. And because of the way that networks work, the way the Internet works, a lot of cyber crimes are very profitable.

And because of that, organized crime is really starting to do a lot more cybercrime, or have a lot more business in cybercrime. Attackers may try to steal data or information stored on a computer. You think what good is information stored on the computer.

Well, if you hack into a business and you steal their business secrets, maybe they make all of their money from those business secrets. And if they sell them to a competitor, or they sell them to somebody else, they can make a lot of money from selling it, but they can also put this group out of business. So there's a lot of different types of crime that can happen from those situations.

If you think about your own personal computer or your phone, what information do you have on your phone or personal computer that you might not want other people to know about? Think about chats. Maybe you talked bad about a friend you don't want your friend to know that you said something bad about them.

But if somebody can steal your chats, they know that you said something bad about somebody else or maybe you sent a bad picture or something like that, then they can use that information against you and say, pay me money or I’ll share this information with your friends or your family. This is a big problem in Korea right now. Where people are sharing usually naked or sexy pictures or videos.

And then people are recording those, and using that against the person later to ask for money. Otherwise they'll share those pictures with your friends and family coworkers, whatever. It’s a big problem in Korea, but it's really happening worldwide.

This is not a new type of crime, but it is enabled by network connections. We can now do things much faster, much more efficiently. So this type of crime works pretty well although the police now are starting to crack down on it a little bit more.

So data information stored on the computer is very valuable. Even though we don't individually think that our data is very valuable, it is. And criminals know this.

That's why they want to sniff, capture everything that a person is doing. That way they can sell that information to other providers. Steal data information transferred over a network.

So any information you transfer over a network, is also potentially valuable, because it could be secrets, it could be credit card numbers, it could be bank accounts, it could be passwords, could be a lot of things. And all of those are valuable to someone. Now one password might only be worth one or two cents, but if you have millions of passwords that's quite a lot of money.

And take control of devices and use their resources to do whatever the attacker wants. So this is extremely common. If we can take over a computer system, we can control it to do whatever we want.

That includes hacking or denial of service attacks against governments or whatever. So if we can put a virus on everyone's computer, then we can control everyone's computer to tell it to do denial of service against government agency. And then the attacker who actually did this, it's very hard to find them because it looks like that it's all of these peoples computers that are attacking.

So we can use people's computers to basically do crime to try to hide where we're coming from. And that's very common. Another extremely common thing that people do with somebody's computer whenever it’s taken over, is to send spam email for money.

So if you've ever received an email that says you’ve won $1 million or whatever, you just have to send us some money, or, yeah. You guys probably know what spam is by now. I'm sure you’ve received a lot.

If we can take over people's computers, then we can send spam email through their computers and send a lot more spam without getting caught. And spam makes a lot of people or a lot of spammers quite a bit of money if they do it properly. Most cybercrime in Korea, most cyber crimes in Korea, are online fraud related.

So Korea has an extremely high number of white-collar crime, let’s say. The really violent crime in Korea is very low. But crime involving stealing money is very very high.

like extortion, just financial crime, hacking, things like that are relatively high. Especially auction fraud, in Korea, everyone probably knows that you can instantly transfer money between Korean banks. Even if the banks are different, you can still instantly transfer money.

This creates kind of a bad situation because, if you're trying to buy something online, most online sellers just want you to instantly transfer money directly to their bank account. And then they'll send you the package. But think about the risk of that.

You could send the money and then they don't have to send the package or they can send the wrong thing. What most countries do, because this system would not work in any other country. It can only work in Korea.

What most other countries do is have a third-party, a third-party hold the money, and then whenever you receive your package from the online auction or whatever it is, you confirm that the package is okay, and then this third-party will release the money. So basically there's a third-party controlling situation, so you don't have to trust somebody else. Because of instant transfers in Korea, a lot of money is stolen just from people trying to buy things online.

And it really only happens in Korea. It's partially a cultural thing going back. Skype and chat blackmail.

I've talked about this a little bit, somebody gets on KakaoTalk and says “hey would you like to chat with me? ” and then people do chat, and whoever they're chatting with, they get them to do something maybe sexy online, and then the person on the other end is recording everything. Now if I record you doing something sexy, then I can say pay me money otherwise I'll share this with all your friends and family and coworkers, and that can hurt your reputation.

So a lot of people pay a lot of money for that. The important thing here is don't share information that you don't want your friends and family to know about. Just don't do things that you wouldn't want your family to know you're doing.

And that will stop the crime. So all of those involve some type of connections online. Either a connection where there's an online auction and then transferring money over the Internet, or a connection through chat and then through Skype and recording and then sending emails or messages back.

So all of those involve some type of communication. Now the problem is, most of those also involve connections to other countries. So for example Skype is not based in Korea.

So if you're using Skype, Korean police officers trying to investigate Skype, it's very difficult. So many cyber crimes have an international component. Real-time connections across national borders, like I said Skype, it’s across national borders and it's a real-time connection.

Suspect victim servers maybe in the same country, suspect maybe in another country, the victim and the servers maybe in the same country, suspect and victim might be in the same country but a server is out side. So you might have 2 Koreans in Korea, a suspect and a victim, but then they might be using Gmail, which is based in the US. Suspect and victim and servers' all in different countries.

This is probably one of the most common ones is you have a suspect who’s trying to hack somebody based in Thailand China Vietnam wherever, and then they are trying to steal money from a Korean in Korea. And they're using an American server to be able to route their traffic or exchange messages or whatever. So you have at least three different countries involved.

And the suspect and the victim are in different locations. So it's very difficult to investigate these types of crimes. Police, the reason it's difficult is because police are limited by jurisdiction.

So law-enforcement have a certain jurisdiction that they have authority in. Korean national police for example, have authority in all of Korea. So if there's a police officer in Korea, they have authority to arrest somebody or do investigations in all of Korea.

Korean national police do not have any authority in South Africa, for example. So a Korean police officer cannot go to South Africa and arrest someone. They just don't have the authority to do any type of investigation in South Africa unless South Africa allows them to the South African government.

They cannot carry out an official investigation, they cannot make arrests, they cannot collect evidence outside of their jurisdiction. So what happens if you have a suspect in South Africa and a victim in Korea, then the two countries have to work together. The two governments have to work together.

And the two governments might not want to work together or maybe the amount of money wasn't enough to justify working together. So there's a lot of problems with international cooperation. Cross jurisdiction requires country cooperation.

So again, cybercrime is about connections. We often start with a victim, so somebody coming to us and saying you know somebody stole my information, my identity, somebody stole money, we want to examine all of the different connections that we can possibly find leading back to who the suspect is. For example look at the victim's device, look at where the money was transferred to, if money were stolen, follow money transfers, phone calls, SMS, all of those are connections that are made.

Just follow them back and we can try to lead back to the suspect. There are many types of individuals and organizations committing cybercrime. So many types of individuals and organizations comitting cybercrime from very unorganized, kind of low-level criminals, doing very small cyber crimes for maybe $20, 20,000 won or something like that, to very structured, very elite organized crime they're making millions if not billions of dollars per year off of cybercrime.

The motivations vary, but usually related to finances. Most cyber criminals again are trying to make money. Individuals have limited resources but a large reach.

So a single person can potentially compromise millions of devices online. Organized cybercrime has added, organized criminal organizations have added cybercrime as an integral part of their operations. They know that cybercrime makes a lot of money so they're trying to add that to all the other types of crime that they were doing.

So that's it for today. Next I'm going to talk about how to work cybersecurity. How to secure yourself and how cybersecurity actually works.

thank you very much. Cybercrime & Digital Forensics Investigation week1-2. Cybercrime and Networks Finished.