crime csc 301 fall 2016 howard rosenthalcsc301csudhfall2016.weebly.com/uploads/2/2/7/6/... · the...
TRANSCRIPT
CrimeCSC301Fall2016
HowardRosenthal
LessonGoals� Understandwhatcomputercrimeis� Understandtheoriginsofhackingandhowithasevolvedovertime
� Understandidentitytheftandmethodstodetectandavoidit
� Understandingthelawsoftheworld-wide-web
2
Introduc>on
� Criminalshavealwaysexistedandtheycommitcrimesforavarietyofreasons� Economicgain� Spying� Terrorism� Industrialespionage� Personalrevenge� Politicalgain� Mischiefandvandalism
� Alloftheabovecanbedonefromabasementtoday,oftenwithgreatanonymity
� WiththeWWWcrimesnoweasilycrossnationalboundaries� Differentcountriesmayhavecompletelydifferentlawsandpenalties� Someusesofcomputers(pornography,blasphemy,libel)mayornot
becrimesindifferentcountries,andmayincurcompletelydifferentpenalties
3
4
TheThreePhasesofHacking(1)� Hackinghasevolvedfromitsearliestdays,whereitwasatermforacomputerenthusiasttotoday’shackingwhichismaliciousandpotentiallyextremelydangerous
� Phase1:TheJoyofProgramming(1960sand1970s)� AtthistimetheworldwasnotconnectedviatheInternet� Hackerswereexpertenthusiastswhowroteinterestingand
provocativecode� Theyweremostinterestedinseeingwhattheycoulddowith
computers,frommainframesdowntothefirstprogrammablecalculators
� Theywantedtoextendtheirknowledgeandthecapabilitiesofthecomputers
� Typicallytheyweresanctionedasgraduatestudentsorresearchersatcorporationsorforthegovernment
� Theywereknownnotjustfortheircreativity,butinmanycasesfornotbeingextremelycarefulintestingtheircode� Thustheoriginalquote“Hehackedsomethingtogether”
5
TheThreePhasesofHacking(2)� Phase2:TheStartofMaliciousProgrammingandTheft(1970s-1990s)� Conditions
� Computersgrewbeyondthemainframetoencompassmini-computersandthenpersonalcomputers� Therewasagrowthinbusiness-to-businessconnectivity
� Computersmovedfromworktoalsoencompassthehome� Athomenetworkingwasstillverylimited–theyusedaphoneconnection–andpersonalbusinesssuchasbankingwasn’ton-line
� YoumightaccessanencyclopediaordictionarybyloadingupaCD� GrowthofIllegalActivities
� Growthofmischiefandmaliciousness� Computervirusesstartedappearing
� Oftenspreadindocuments� Spyingstartedtotakeoff� Bankingcrimesexpanded
� Muchofthecrimeinvolvedinternalemployeeswhoeitherstoleorspied� Interestingly,manyhackerswereeventuallyhiredbythe
governmentandindustrytodevelopdefensesagainsthacking
6
TheThreePhasesofHacking(3)� Phase3:ComputerHackingintheAgeoftheInternetandWorldWideWeb
(1990s-present)� Conditions
� EveryoneisnowconnectedtotheInternetthroughtheircomputers,phones,televisionsandmanyotherdevices
� CommerceisnowconductedontheInternetbyeveryone� Banking� Shopping� Billpaying� Christmascards
� Largeamountsofvaluablepersonalinformationisavailableatsocialmedia,aswellasgovernmentandprivateindustrysites
� Thenetworksarealleasilyaccessible� GPSbecomesubiquitous,andmovesfrommilitaryluxurytopersonalnecessity� Infrastructureincludingwaterandpowerareconnectedtothenetwork,andare
potentiallysubjecttocompletedestructionwithoutapersoneverleavingthecomfortoftheirseat
� Militarysystemsbecomefullyintegratedandnetworked� Livesaresavedandlostbasedonthenetworksortheirpenetration� Networkplanningandallocationbecomesathirdpillarofbattlefieldplanningalong
withmaneuverandlogistics� Armiescannolongerfightwithouttheirnetworks
� Example–Friendvs.Foeidentification� Militaryoftenreliesoncommercialcommunications,includingcommercialsatellitesfor
routine,yetcritical,activities7
TheThreePhasesofHacking(4)� Phase3:ComputerHackingintheAgeoftheInternetandWorld
WideWeb(1990s-present)(cont.)� Criminalactivityexplodes
� Thehackersareoftenone(ormore)stepsaheadoftheprovidersandcustomers� Hackersdividedbetweenteenpranksters,professionalcriminalsand
governmentorterroristoperatives� Copyrighttheftofelectroniccontentincludingmoviesandmusic,sometimesby
professionals,othertimesbygroupsofstudents� Thepotentialfinancial,politicalormilitaryrewardsforasuccessfulhackare
tremendous� Weseeeverythingfrompolitical(WikiLeaks)toeconomic(theftofcreditcards
ashappenedtoTarget)toespionage(Snowden)torevenge(Sonyhade-mailsofmanyofitshighprofilestarsstolen)
� Companieshavehadtoshutdownorlimitaccesstotheirnetworksviaseverefirewallsandotherrestrictions� Companiesmayscanallincominge-mail,deleteattachments,etc.
� DenialofServiceattacksfloodcompaniesorentirenetworkswithdatafromdifficulttotraceanonymoussources
� Enticement� Youaresentane-mailaskingyoutoclickonalinkthatmayperform
mischief(sendane-mailtoeveryoneinyouraddressbook)orsomethingmoremaliciousthatdisablesyourcomputeruntilyoupayaransom
8
Hack>vismandPoli>calHacking� Thereisadifferencebetweenpositivepoliticalactivitiesandthosethatmay
beillegal� Legalactivities
� Expositionofyouropinions� Advertising� Fundraising� Publicationofinformationobtainedlegally
� Illegalactivities� Writingorgraffitionanotherwebsite� Disablinganothercompany’sorperson’swebsite� Anyformofillegaltheftoffundsorinformation(note:youneedawarrantto
accessinformation)� Somecountiesarefarmorerestrictivethanothersintheareaofpolitical
activity� Criticismofthegovernmentorgovernmentofficialsisacrimeinsome
countries
9
ProfessionalHacking
� Sometimesthebestpeopletotestasystemarehackers� Manycompaniesandgovernmentagencieshirehackerstofind
vulnerabilitiesintheirsystems� HackerOneisareputablebug-bounty-as-a-servicefirm
� TheDoDhassetupaHackthePentagonpilotprogramwithinlimitsrightnow,runbyHackerOne� Mustregister
� EligibleparticipantsmustbeaU.S.person,andmustnotbeontheU.S.TreasuryDepartment'sSpeciallyDesignatedNationalslistofpeopleandorganizationsengagedinterrorism,drugtraffickingandothercrimes.
� Somehackersworkbenevolently� Theygivethesoftwarecompanyalimitedchancetofixthesecurity
flaworbugbeforepublicizingit� Feelthiscreateshighermotivationtofixaproblemwithinaspecified
timeframe
10
HackingAsForeignPolicyandasaMilitaryWeapon
� Governmentstodayareexploringeachother’swebdefenses� RussiahasdisablednetworksinGeorgiaandtheUkrainebefore
invasions� ChinahasusedtheInternetforextensiveindustrialespionage� TheUnitedStatesandIsraelcreatedtheStuxnetvirustoinfectIranian
centrifuges� Thisvirushas“escaped”andisnowinfectingotherindustrialsystems
� TracesofRussiansnoopingcanbefoundacrossourentirepowergrid� WhiletheDoDismoreproactive,otherU.S.agenciesdesignedtheir
sitesoriginallyformoretransparencyandarenowplayingcatch-up� AirTrafficcontrollersdidn’tevenneedtologontotheirsystemswith
ausernameandpasswordaslateas2011� Therearenosecuritystandardsatthistimeforautomateddriving� Cellphonesystemsarestillwaitingforthefirstmajorhackingattack
11
TechnologyExcursion-Stuxnet
12
HackingandtheLaw
� ComputerFraudandAbuseActof1984(amended1989,1994,1996,2001,2002(inthePatriotAct),and2008(bytheIdentityTheftEnforcementandRestitutionAct)� Coversareasunderfederaljurisdictionincluding
� Federalcomputersystems� Financialsystems� Interstateorinternationalcommerceorcommunications� Internetactivity� Cellphones
� Madeitillegalto� Accessanycomputerwithoutpermission� Impairgovernmentoperations,transportation,infrastructure,etc.inanyway� Damageordestroyanyelectronicinformationincludingviacomputerviruses� Initiatedenialofservice� Commitfraud–includingidentitytheft� Disclosepasswords
� Penaltiesaresevere� Upto10yearsforafirstoffensepluscompensationandpenaltiesforalldamage
13
SummaryofCFAAProvisions(a)Whoever—(1)havingknowinglyaccessedacomputerwithoutauthorizationorexceedingauthorizedaccess,andbymeansofsuchconducthavingobtainedinformationthathasbeendeterminedbytheUnitedStatesGovernmentpursuanttoanExecutiveorderorstatutetorequireprotectionagainstunauthorizeddisclosureforreasonsofnationaldefenseorforeignrelations,oranyrestricteddata,asdefinedinparagraphy.ofsection11oftheAtomicEnergyActof1954,withreasontobelievethatsuchinformationsoobtainedcouldbeusedtotheinjuryoftheUnitedStates,ortotheadvantageofanyforeignnationwillfullycommunicates,delivers,transmits,orcausestobecommunicated,delivered,ortransmitted,orattemptstocommunicate,deliver,transmitorcausetobecommunicated,delivered,ortransmittedthesametoanypersonnotentitledtoreceiveit,orwillfullyretainsthesameandfailstodeliverittotheofficeroremployeeoftheUnitedStatesentitledtoreceiveit;(2)intentionallyaccessesacomputerwithoutauthorizationorexceedsauthorizedaccess,andtherebyobtains—(A)informationcontainedinafinancialrecordofafinancialinstitution,orofacardissuerasdefinedinsection1602(n)[1]oftitle15,orcontainedinafileofaconsumerreportingagencyonaconsumer,assuchtermsaredefinedintheFairCreditReportingAct(15U.S.C.1681etseq.);(B)informationfromanydepartmentoragencyoftheUnitedStates;or(C)informationfromanyprotectedcomputer;(3)intentionally,withoutauthorizationtoaccessanynonpubliccomputerofadepartmentoragencyoftheUnitedStates,accessessuchacomputerofthatdepartmentoragencythatisexclusivelyfortheuseoftheGovernmentoftheUnitedStatesor,inthecaseofacomputernotexclusivelyforsuchuse,isusedbyorfortheGovernmentoftheUnitedStatesandsuchconductaffectsthatusebyorfortheGovernmentoftheUnitedStates;(4)knowinglyandwithintenttodefraud,accessesaprotectedcomputerwithoutauthorization,orexceedsauthorizedaccess,andbymeansofsuchconductfurtherstheintendedfraudandobtainsanythingofvalue,unlesstheobjectofthefraudandthethingobtainedconsistsonlyoftheuseofthecomputerandthevalueofsuchuseisnotmorethan$5,000inany1-yearperiod;(5)(A)knowinglycausesthetransmissionofaprogram,information,code,orcommand,andasaresultofsuchconduct,intentionallycausesdamagewithoutauthorization,toaprotectedcomputer;(B)intentionallyaccessesaprotectedcomputerwithoutauthorization,andasaresultofsuchconduct,recklesslycausesdamage;or(C)intentionallyaccessesaprotectedcomputerwithoutauthorization,andasaresultofsuchconduct,causesdamageandloss.(6)knowinglyandwithintenttodefraudtraffics(asdefinedinsection1029)inanypasswordorsimilarinformationthroughwhichacomputermaybeaccessedwithoutauthorization,if—(A)suchtraffickingaffectsinterstateorforeigncommerce;or(B)suchcomputerisusedbyorfortheGovernmentoftheUnitedStates;(7)withintenttoextortfromanypersonanymoneyorotherthingofvalue,transmitsininterstateorforeigncommerceanycommunicationcontainingany—(A)threattocausedamagetoaprotectedcomputer;(B)threattoobtaininformationfromaprotectedcomputerwithoutauthorizationorinexcessofauthorizationortoimpairtheconfidentialityofinformationobtainedfromaprotectedcomputerwithoutauthorizationorbyexceedingauthorizedaccess;or(C)demandorrequestformoneyorotherthingofvalueinrelationtodamagetoaprotectedcomputer,wheresuchdamagewascausedtofacilitatetheextortion
14
HowareHackersCaught
� Learntothinklikeahacker� Readthehackernewsletters� Lookatthehackerwebsitesandchatsites
� Rememberthecourtdoesallow“freespeech”discussionofillegalacts
� Employhackers� Setupstingsknownashoneypotstolureinhackers
� Thentrackeverythingtheydo
� Trackallpotentiale-mailbeingusedtohack
15
WhatIsComputerForensics(1)� Computerforensicsistheapplicationofinvestigationandanalysistechniquestogatherandpreserveevidencefromaparticularcomputingdeviceinawaythatissuitableforpresentationinacourtoflaw.� Thegoalofcomputerforensicsistoperformastructuredinvestigationwhilemaintainingadocumentedchainofevidencetofindoutexactlywhathappenedonacomputingdeviceandwhowasresponsibleforit.
� Itisthepracticeofcollecting,analyzingandreportingondigitaldatainawaythatislegallyadmissible.Itcanbeusedinthedetectionandpreventionofcrimeandinanydisputewhereevidenceisstoreddigitally.
16
WhatIsComputerForensics(2)� Keytechniquesinclude
� Cross-driveanalysis� Atechniquethatcorrelatesinformationfoundonmultiplediskdrives.Theprocess,
stillbeingresearched,canbeusedtoidentifysocialnetworksandtoperformanomalydetection
� Liveanalysis� Theexaminationofcomputersfromwithintheoperatingsystemusingcustom
forensicsorexistingsystemadministrationtoolstoextractevidence� Usefulwhendealingwithencryptingfilesystems,forexample,wheretheencryption
keysmaybecollectedand,insomeinstances,thelogicalharddrivevolumemaybeimaged(knownasaliveacquisition)beforethecomputerisshutdown
� Deletedfilerecovery� Acommontechniqueusedincomputerforensicsistherecoveryofdeletedfiles.
Modernforensicsoftwarehavetheirowntoolsforrecoveringorcarvingoutdeleteddata
� Thisispossiblesincemostmodernoperatingsystemsandfilesystemsdonotalwayserasephysicalfiledata,allowinginvestigatorstoreconstructitfromthephysicaldisksectors
� Stochasticforensics� Advancedmathematicaltoolsusedtoanalyzefordatatheft
� Steganography� Theprocessofanalyzingimageryforhiddendata.Oftenusedtodiscoverchild
pornography
17
Viola>onofTermsofUse–IsitACrime?� Mostwebsiteshaveatermsofusepolicythatyouimplicitlyorexplicitlyagreeto
� Ingeneralitmaybeacontractviolationtoviolatethetermsofuse,butcourtshaveruledthatitisnotacriminaloffense� Whataboutsomeonewholiesabouthisage?� Whataboutbullying?
� Whiletheabovecasesmaynotbeprosecutedunderviolationofpolicyrulestheyareprosecutableunderrulescontrollingrelationshipswithminorsandwithgenerallawsregardingbullyingandharassment
18
19
WhatisIden>tyTheS?� Identitytheftoccurswhenonepersonsuccessfullyrepresentsthemselvesasanother
person,whetherforfinancialgain,orforsomeother,usuallycriminalpurpose� Directtheftfromaccounts� Creditcardmisrepresentation� Loanfraud� Benefitsclaims� Falseincometaxfilingsandrefundcollection
� Todayweareespeciallyvulnerablebecauseweinteractwithsystemsthroughaseriesofnumbersorcodes,oftenwithoutdirectphysicalandverifiableidentification� SocialSecuritynumbers� Driver’slicensenumbers� Passportnumbers� Creditcardnumbers� Accountnumbers� Employeenumbers� Loannumbers� Utilitynumbers
� Ifsomeonestealsyouridentitybigproblemscanensue� Falseclaimsandliens� Lawsuitsformoney� Impacttocreditratingthatmightbehardtoclearevenafterevidenceispresented� Canevenbemisidentifiedasacriminal
20
HowIsIden>tyTheSAchieved� Thievescanusemanydifferentmethodstostealyouridentity
� Fraudulentspamaskingyoutoconfirmanidentitybyenteringallkindsofinformation-Phishing� Thesiteoftenlookslegitimate,butoftenhasastrangeURL
� Threateningmessagesorphonecalls� PersonsoftenclaimtobefromtheIRS
� Infectingyourcomputerandthenrecordingyourkeystrokesasyouconnect,viauserIDandpasswordtoasecuresite
� Stealingfromsupposedlysecuresitesthathaveyourinformation� Federalgovernment’sOfficeofPersonnelManagement(OPM)washackedand
allsecurityrelatedinformationwasstolenfromgovernmentandcontractorpersonnel
� Storeshavehadtheircreditcardtransactiondatabaseshacked� Scannersincludeskimmersthatreadandreportonyourtransactiontoan
alternatelocation–commonatgasstationsandtoalesserextentatgrocerystores
� Sometimespeopleuseplainoldphysicaltheft� Mostplacesdon’taskforIDs,andoftennotevenforsignatures,when
usingcreditcardsinordertoavoidcustomerinconvenience
21
SomeResponsesToIden>tyTheS� Authenticatingwebsites
� Browsers,e-mailvendorsandsearchengineshelpauthenticatewebsites� Thirdpartytoolscanalsobeused� IfsitestracetotheBahamas,Nigeria,orRomania,asexamples,beespeciallycautious
� Authenticatingcustomers� Manysitesnowrequiredualauthentication(i.e.respondingtoasecondarytextmessage,respondingto
asecretquestion,etc.beforeallowingaccesstoasiteormoreespeciallytomakechangestoyourpersonaldata
� Manycreditcardcompanieswantyoutoinformthemwhenyoutravel,especiallywhenyoutravelabroad
� Creditcardcompaniesmonitorcardsforanysuspiciousactivityandwillcallyoutoverifytransactions� ThirdPartyTransactions
� PayPalservesasanintermediarysothatyoudon’thavetoshareyourcreditcardnumberwithanunknownthirdparty–greatforpersontopersonsales
� Newtechnologies� Creditcardchipsremovethe“raised”creditcardnumbers,andaresaferthanstrips,althoughmost
chipcardsalsoincludestrips� Notifyingcustomers
� Companiesandeventhegovernmentarerequiredtonotifycustomersasquicklyaspossibleofthedetectionofsecuritybreaches
� IdentityMonitoring� Manypeoplepayaservicetomonitorforidentitytheft–LifeLock� Thesecompaniespromiseassistanceinrepairinganybreach–oftenupto$1Mininsurance
� IndemnificationofCustomers� Mostcreditcardcompanies,stores,etc.willnotpenalizetheircustomersforclearcaseswhereacredit
cardhasbeenstolen
22
Biometrics
� Biometricsareusedtoidentifyuniquecharacteristicsaboutaperson� Fingerprints� Voiceprints� Retinalpatterns� DNA
� Somecellphonesalreadyusefingerprinttechnologytohelpgainaccesstoaphone
� Defense/securityagenciesincludebiometricsaspartofthesecurityprotocolsforaccesstocertaintypesofinformation
� Itisexpectedthateventuallycreditcards,orothernon-physicalmethods,willemploybiometricstoaidinidentification
� Butasisalwaysthecase,criminalsmayfindwaysaroundthesemeasures� Ifyouhackthedatabaseholdingthefingerprintrecordsyoucould
changeorcorruptit� Thenthereisthemovieversionwhereyoujustcutofftheperson’s
fingers
23
24
Na>onalLawsandtheWWW� Nationsaretryingtokeeptheirlawsuptodatewithrapidlychangingtechnologies� Nationsoftenhavelawsthatdifferintermsoflegalityand/orseriousnessof
punishment� Intellectualproperty� Gambling� Libel� Privacy� Spam� Advertising
� Canpeopleinonecountrywhereanactislegalbepunishediftheyvisitanothercountrywheretheactisillegal� Thisoftenhappensincasesinvolvingpoliticalfreespeech
� Francebanshatespeech–i.e.NaziMemorabilia� Libellawsvarygreatlybetweencountries–somecountriesbananycriticismofthehead
ofstate� Somecountriesdon’tallowadvertisingofcertainproducts–whathappenswhentheyare
advertisedontheweb� ThingsthatareconsideredpornographicintheU.S.arenotconsideredsoinmany
Europeancountries
25
Poten>alApproachesToWebGovernance
� Internationalagreements� Allowsforgeneralgovernanceofsuchthingsasurldistribution,etc.� Workswellwhenthereisacommonagreementabouttheillegality� Butwhathappenswhenlet’ssay,athirdworldcountrydoesn’thave
lawstoenforcegenerallyagreedtoprinciplesoncyberfraudortheft’� Authoritytoprevententry
� Allowsacountrytoblocksites,servicesorparticularmaterialtomaintainconformancewiththeirownlaws
� Ofcoursethisopensupthewebtocensorshipbydifferentcountriesinordertohidelegitimatenewsorotherinformation
� Somecountriesmaybecomehavensforhackers,thievesorterrorists� Becominganinternationallawyerinthisfieldmaybeanothergood
careerchoice� Allisnothopelessaswedohaveinternationaltreatiesgoverningthe
seasandgoverningspace
26
FinalExercise� WhatelementswouldyouputintoaninternationalagreementgoverningtheWWW?
� Howwouldyoudefinetherulesforeachofthoseelements?
� TrytodothisfromtheviewpointnotjustoftheU.S.butofothernationsaswell.
27
TheSplitOnInterna>onalTelecommunica>onsAgreements
28
SignatoriesoftheFinalActs:89
AFGHANISTAN(signed) ALBANIE ALGÉRIE
(signed) ALLEMAGNE ANDORRE ANGOLA(signed)
ARABIESAOUDITE(signed)
ARGENTINE(signed) ARMÉNIE AUSTRALIE
AUTRICHE AZERBAÏDJAN(signed)
BAHREÏN(signed)
BANGLADESH(signed)
BARBADE(signed) BÉLARUS BELGIQUE BELIZE
(signed)BÉNIN(signed)
BHOUTAN(signed)
BOTSWANA(signed)
BRÉSIL(signed)
BRUNÉIDARUSSALAM
(signed)BULGARIE
BURKINAFASO(signed)
BURUNDI(signed)
CAMBODGE(signed) CANADA CAP-VERT
(signed)RÉPUBLIQUE
CENTRAFRICAINE(signed)
CHILI CHINE(signed) CHYPRE COLOMBIE COMORES
(signed)RÉPUBLIQUEDU CONGO
(signed)
RÉPUBLIQUEDE CORÉE(signed)
COSTA RICA CÔTE D'IVOIRE(signed) CROATIE
CUBA(signed) DANEMARK DJIBOUTI
(signed)RÉPUBLIQUE
DOMINICAINE(signed)EGYPTE(signed)
ELSALVADOR
(signed)
EMIRATSARABES
UNIS(signed)
ESPAGNE ESTONIE ETATS-UNIS
FÉDÉRATIONDE RUSSIE(signed)
FINLANDE FRANCE GABON(signed) GAMBIE GÉORGIE GHANA
(signed) GRÈCE GUATEMALA(signed)
GUYANA(signed)
HAÏTI(signed) HONGRIE INDE INDONÉSIE
(signed)
RÉPUBLIQUEISLAMIQUE
D'IRAN(signed)
IRAQ(signed) IRLANDE ISRAËL ITALIE JAMAÏQUE
(signed)
JAPON JORDANIE(signed)
KAZAKHSTAN(signed) KENYA KOWEÏT
(signed)LESOTHO(signed) LETTONIE LIBAN
(signed)LIBÉRIA(signed)
LIBYE(signed)
LIECHTENSTEIN LITUANIE LUXEMBOURG MALAISIE(signed) MALAWI MALI
(signed) MALTE MAROC(signed)
ILESMARSHALL
MAURICE(signed)
MEXIQUE(signed) MOLDOVA MONGOLIE MONTÉNÉGRO MOZAMBIQUE
(signed)NAMIBIE(signed)
NEPAL(signed)
NIGER(signed)
NIGÉRIA(signed) NORVÈGE
NOUVELLE-ZÉLANDE
OMAN(signed)
OUGANDA(signed)
OUZBÉKISTAN(signed)
PANAMA(signed)
PAPOUASIE-NOUVELLE-
GUINÉE(signed)
PARAGUAY(signed) PAYS-BAS PÉROU PHILIPPINES
POLOGNE PORTUGAL QATAR(signed)
KIRGHIZISTAN(signed) SLOVAQUIE RÉPUBLIQUE
TCHÈQUEROYAUME-
UNIRWANDA(signed)
SAINTE-LUCIE(signed)
SÉNÉGAL(signed)
SERBIESIERRALEONE(signed)
SINGAPOUR(signed) SLOVÉNIE SOMALIE
(signed)SOUDAN(signed)
SOUDAN DUSUD(signed)
SRI LANKA(signed)
RÉPUBLIQUESUDAFRICAINE
(signed)SUÈDE
SUISSE SWAZILAND(signed)
TANZANIE(signed)
THAÏLANDE(signed)
TOGO(signed)
TRINITÉ-ET-TOBAGO(signed)
TUNISIE(signed) TURQUIE(signed) UKRAINE
(signed)URUGUAY(signed)
VENEZUELA(signed)
VIET NAM(signed)
YÉMEN(signed)
ZIMBABWE(signed)