measuring cybercrime pieter hartel. how? victim reporting initiatives »fbi internet criminal...
TRANSCRIPT
Measuring Cybercrime
Pieter Hartel
Cyber-crime Science2
How?
Victim reporting initiatives» FBI Internet Criminal Complaint Centre
Population and business surveys» CBS (Statistics Netherlands)
Technology based information» Verizon Risk team
Meta analyses» United Nations Office of Drugs & Crime
Police recorded crime statistics» Lecture 5
Cyber-crime Science3
Cyber-crime Science
Victim reporting initiatives
2012 was the 13th year Almost 300,000 complaints in 2012 500M$ loss 91% US, 1.4% CA, 0.14% NL Numerous investigations, arrests
4
[IC312] IC3. 2012 Internet Crime Report. Internet Crime Complaint center, Mar 2013. http://www.ic3.gov/media/annualreport/2012_IC3Report.pdf.
Cyber-crime Science
Method
5
Cyber-crime Science6
Complaint form
See https://complaint.ic3.gov/ Description of the actors
» Target Information (name, …)» Offender information (name, IP…)» Witnesses (name, …)» Local police office (name, …)
Description of the incident» Related to an online service? (mail, …)» Monetary Loss ($)» Means of payment (Cash, PayPal, …)
Cyber-crime Science
Frequently reported crimes
Complaint Female Male Total
Auto fraud 6,282 10,877 17,159
Real estate fraud 8,929 5,503 14,432
FBI impersonation email 5,911 8,230 14,141
Intimidation/extortion 5,134 3,190 8,324
Romance scams 2,549 1,927 4,476
Scareware/Randomware 644 1,325 1,969
Hit man 629 725 1,354
Total 30,078 31,777 61,855
7
Cyber-crime Science
Discussion
And the other 240,000 complaints? Is this the tip of the iceberg? How effective is case matching? How many arrests?
8
Cyber-crime Science9
Cyber-crime Science
Population and business surveys
2012 was the 5st year N=78,000, response 38% Uniform geographical distribution 95% confidence interval <2%
10
[CBS13] CBS. Veiligheidsmonitor 2012. Centraal Bureau voor de Statistiek, Den Haag, 2013. http://www.cbs.nl/nl-NL/menu/themas/veiligheid-recht/publicaties/publicaties/archief/2013/2013-veiligheidsmonitor-2012-pub.htm.
Cyber-crime Science
Method
Random sample from NL population 15+» First letter with link to online form» Second letter two weeks later with paper form» Phone reminder again two weeks later
11
Cyber-crime Science
Question 13: Hacking
During the last 12 MONTHS has it ever happened that somebody with malicious intent broke in or logged in on a computer, email account, website or profile site (e.g. Hyves, Facebook, Twitter) of your own of anyone else in your household?a) Someone broke in / logged in on a computer
b) Someone broke in / logged in on an email account
c) Someone broke in / logged in on a website
12
Cyber-crime Science
Victimization in NL
% of the population affected 2012
Property crime 13%
Vandalism 8%
Violent crime 3%
Traditional Crime 20%
Hacking 6%
Cyber bullying 3%
E-commerce fraud 3%
Identity theft 2%
Cyber crime 12%
13
Cyber-crime Science
Crime drops
14
[Far11] G. Farrell, A. Tseloni, J. Mailley, and N. Tilley. The crime drop and the security hypothesis. Journal of Research in Crime and Delinquency, 48(2):147-175, May 2011. http://dx.doi.org/10.1177/0022427810391539.
Cyber-crime Science
Discussion
Do the respondents understand the cyber questions?
Should the cyber questions be integrated?
15
Cyber-crime Science16
Cyber-crime Science
Technology based information
2013 was the 9th year 47,000 incidents Of which 621 confirmed data breaches
17
[Ver13] Verizon. Data Breach Investigations report. Verizon Risk Team, 2013. http://www.verizonenterprise.com/DBIR/2013/.
Cyber-crime Science
Method
19 partners First-hand forensic evidence Reviewed and validated
18
Cyber-crime Science19
Who?
Threat actor categories trend
N=621
Cyber-crime Science20
What?
Threat action categories
N=47626
Cyber-crime Science
Discovery
Late and by someone else!
21
Cyber-crime Science
Discussion
What does this say about the population? Why are incidents discovered so late and by
others?
22
Cyber-crime Science23
Cyber-crime Science
Meta analysis
1st year Global connectivity revolution Much of the Internet is privately owned
24
[UNO13] UNODC. Chapter 2 of Comprehensive Study on Cybercrime. United Nations Office on Drugs and Crime, Feb 2013. http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf.
Cyber-crime Science
Method
Surveys from 69 countries, 40 businesses, 16 universities, and 11 organizations
Caveat
25
Number of specialised police per 100,000Poli
ce r
ecor
ded
offe
nce
per
100,
000
Cyber-crime Science
Cybercrime is increasing
More in the news than homicide Law enforcement sees increasing trends Increasing use of ICT creates opportunity
» More suitable targets online» Few opportunities for guardianship» Reduced self control
26
Cyber-crime Science27
Compared to conventional crime%
res
pond
ents
rep
orti
ng
vict
imiz
atio
n in
last
yea
r, 2
011
or la
test
ava
ilab
le
Emailacc.hacked
Phish-ing
Iden-tity theft
Online creditcard fraud
Burg-lary
Rob-bery
Car theft
Cyber-crime Science
Conclusions
“Cyber” creates opportunity Cybercrime is increasing Measuring cybercrime correctly is hard
28