How to Approach Cyber Crime

in

South Africa

7th Annual Leadership for Women in Law Enforcement Conference

Gold Reef City, Johannesburg

28 May 2014

Adv Jacqueline Fick

Executive: Cell C Forensic Services

2 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

AGENDA

• Cyber crime defined

• Some interesting statistics

• Current position in South Africa

- National Cyber Security Policy Framework

- Types of cyber crime in South Africa

- Why are we vulnerable?

- What we are doing right

• How to approach cyber crime investigations in South Africa: Phishing

- Phishing

- Sim swap fraud

- Relationship between phishing and SIM swap fraud

- Case study

- Investigative methodology

• Closing remarks

3 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CYBER CRIME DEFINED

• Cyber crime does not have a precise or universal definition and varies

between jurisdictions based on the perceptions of those involved:

- Norton Symantec: Any crime that is committed using a computer or

network, or hardware device. The computer or device may be the agent of

the crime, the facilitator of the crime, or the target of the crime

- Oxford Dictionaries: Crime conducted via the Internet or some other

computer network

- Wikipedia: Computer crime, or cybercrime, refers to any crime that

involves a computer and a network. The computer may have been used in

the commission of a crime, or it may be the target

- Electronic Communications and Transactions (ECT) Act, No. 25 of 2002

contains no definition

- ECT Amendment Bill: "cyber crime" means any criminal or other offence

that is facilitated by or involves the use of electronic communications or

information systems, including any device or the Internet or any one or

more of them..”

4 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

SOME INTERESTING STATISTICS

• According to Symantec’s 2013 Norton Report, cyber crime in South Africa

has collectively cost victims over R3.42 billion rand over the past 12 months.

It was also found that South Africa has the third-highest number of cyber

crime victims after Russia and China

• Areas of concern are mobile data and handling private information online. It

has been noted that cyber crime activity has made a large move towards

mobile platforms, but security and mobile security "IQ" has been left behind

and consumers are more vulnerable in these areas

• The US Federal Bureau of Investigations has flagged South Africa as the

sixth-most active cyber crime country

5 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CURRENT POSITION IN

SOUTH AFRICA

6 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CURRENT POSITION IN SOUTH AFRICA

• South Africa is the second most targeted country globally when it comes to

phishing attacks (Drew van Vuuren, CEO of information security and privacy

practice, 4Di Privaca)

• Compare this statement to:

- How many law enforcement officials have received basic cyber training?

- How many cyber specialists are there in law enforcement?

• Honeynet Project

- Research shows that the average time spent in a cyber investigation was

approximately 34 hours per person to investigate an incident that took an

intruder about half an hour to complete. That's about a 60:1 ratio!

(http://www.honeynet.org/challenge/results/)

7 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

TYPES OF CYBER CRIME IN SOUTH AFRICA

• Denial of service, economic fraud and the

theft of confidential information were cited

as the main concerns for South Africa

• The top cyber services targeted are internet

banking, ecommerce sites and social media

sites

• Criminals are typically after logon

credentials, bank or credit card information

and other personally identifiable information

• The most common attack methods are still

phishing, the abuse of system privileges and

malicious code infections

(2012/13 The South African Cyber Threat Barometer)

• Section 86 and 87 of the ECT Act

8 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

WHY ARE WE VULNERABLE?

The common top cyber vulnerabilities are:

• Inadequate maintenance, monitoring and analysis of

security audit logs

• Weak application software security

• Poor control of administrator privileges

• Inadequate account monitoring and control

• Inadequate hardware/software configurations

• The internal monitoring of suspicious transactions

and the general use of internal and 3rd party fraud

detection mechanisms are still the most effective

means of detecting cyber crime

(2012/2013 The South African Cyber Threat Barometer)

• This applies to computers and handheld devices

The cybercrime world

is like an arms race:

cybercriminals pursue

a course of action until

the defenders work

out how to combat it,

at which point the

cybercriminals change

tack.

(The current state of

cybercrime 2014: Global

Malware Outlook April

2014)

9 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

WHAT WE ARE DOING RIGHT

South Africa is moving in the right direction:

• ECT Act and the ECT Amendment Act

• More effective public private partnerships

• Sharing of intelligence

• International cooperation and recognition

• Cyber Security Policy Framework

10 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

NATIONAL CYBER SECURITY POLICY FRAMEWORK

(2012/2013 The South African Cyber Threat Barometer)

11 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

HOW TO APPROACH CYBER CRIME IN SOUTH AFRICA:

PHISHING

12 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

PHISHING

• Phishing is a technique used to gain personal information for purposes of

identity theft, using fraudulent e-mail messages that appear to come from

legitimate businesses. These authentic-looking messages are designed to

fool recipients into divulging personal data such as account numbers and

passwords, credit card numbers and other personal information

• Phishers also use spam, fake web sites, computer malware and other

techniques to trick people into divulging sensitive information

• It is easier to hack a user than a computer

• Once the phishers have captured enough information from a victim, they

either use the stolen information to defraud a victim, or sell it on the black

market for a profit

13 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

SIM SWAP FRAUD

• SIM swap fraud is a type of spear phishing (i.e. targeted) attack

• It is committed when a fraudster convinces a victim’s mobile network operator

to transfer a victim’s cellular number (MSISDN) to a SIM in the possession of

the fraudster

• Details are obtained through phishing/smishing and social engineering

techniques. SIM swap attacks are effectively an extension of phishing

attacks, key loggers, etc. which are generally based on organised groups

• The fraudster can then receive any incoming calls and text messages,

including banking one-time-passcodes (OTPs) that are sent to the victim’s

phone

• This type of attack poses financial and reputational risks

14 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

RELATIONSHIP BETWEEN PHISHING AND SIM SWAP FRAUD

• In most instances SIM swap fraud works hand-in-

hand with phishing/ smishing (SMS phishing)

• SIM swapping is also described as the second

phase of a phishing scam

• When banks introduced measures such as OTPs to

combat phishing attacks and other malware,

fraudsters performed SIM swaps to get hold of the

OTPs

• Whilst the attacks are highly targeted, it is based on

a set of users who have been phished or key-logged

and whose banking credentials have been

previously compromised

15 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CASE STUDY: IZIGEBENGU ENTERPRISES

Mr. Inhlanzi has always been an entrepreneur and decided to put his good

business sense to work. Several of his family, friends and previous business

colleagues joined in his venture to develop innovative ‘investment’ products for

the mobile and banking industry. And so Izigebengu Enterprises was born.

With the help of his trusted CTO they launched the “ama Phish-Phish”

campaign which was geared towards growing their customer base. They soon

accumulated a pool of potential “customers”, but realised that they had to have

access to their financial profiles and a way to contact them on their cell phones

to ensure maximum offset of their products and services. Fortunately for Mr.

Inhlanzi he still kept contact with some of his friends working in the mobile and

financial industries and they were willing to assist him with his endeavours at a

minimal fee.

Phase 2 of the “ama Phish-Phish” strategy was to recruit staff for Project “le-

SIM swap” and once implemented, business started booming. With the client

details and SIM swaps done, they could insure healthy investments from their

targeted clients.

16 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

With the help of previous business associates and other international investors,

client funds were quickly re-invested to ensure a maximum return on

investment.

But a new cartel appeared on the horizon, posing a significant threat to the

operations of Izigebengu Enterprises.

The banks, mobile operators and other agencies joined forces, and their anti-

competitive behaviour soon drove Mr. Inhlanzi to drink. His business strategies

could still be effective if the different role players did not unite their forces

against him.

Sadly, the future of Izigebengu Enterprises looks bleak….

CASE STUDY: IZIGEBENGU ENTERPRISES (continued)

17 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

INVESTIGATIVE METHODOLOGY

• The curricula vitae of the role players – profiling and analysis

• Have they committed a crime? If so what?

• Syndicate activities?

• Can one agency investigate alone?

• Nature of the evidence

• Racketeering prosecutions?

• An opportunity missed by Mr. Inhlanzi – premium rated services

18 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CLOSING REMARKS

19 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

CLOSING REMARKS

• Treat information as a valuable but fragile asset and

important evidence in criminal investigations

• Effective public private partnerships contribute to

successful investigations

• Accurate reporting of cyber crime = accurate statistics

• Cost analysis of cyber crime and cyber investigations –

money talks

• Training and awareness

• Effective and efficient cyber investigations:

- Make use of intelligence

- Be pro-active

- Think out of the box

- Collaborate!

20 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

Thank you!

21 LEADERSHIP FOR WOMEN IN LAW ENFORCEMENT CONFERENCE 2014

BIBLIOGRAPHY

• 2012/2013 The South African Cyber Threat Barometer A strategic public-

private partnership (PPP) initiative to combat cybercrime in SA

http://www.wolfpackrisk.com

• http://cybercrime.org.za

• 2013 Norton Report

http://www.yle.fi/tvuutiset/uutiset/upics/liitetiedostot/norton_raportti.pdf

• SA loses R3.42bn to cyber crime, Staff Writer, ITWeb, 17 Feb 2014

http://www.itweb.co.za/index.php?option=com_content&view=article&id=709

18

• SA moves to curb rife cybercrime, Samuel Mungadze, 14 February 2014

http://www.bdlive.co.za/business/technology/2014/02/14/sa-moves-to-curb-

rife-cybercrime

• The current state of cybercrime 2014: Global malware outlook April 2014

http://www.emc.com/collateral/fraud-report/online-fraud-report-0414.pdf