Instructions Law Enforcement in the Cyber World Ed Moore Lecture Outline Faculty of Arts | Department of Security Studies and Criminology 2 Law enforcement agencies Domestic U.S International Law...

Instructions
Law Enforcement in the Cyber World
Ed Moore
Lecture Outline
Faculty of Arts | Department of Security Studies and Criminology
2
Law enforcement agencies
Domestic
U.S
International
Law enforcement strategies
Effectiveness of agencies
What can we learn?
Law enforcement bodies
3
Law enforcement and cyber criminals are locked in a constant battle, with each trying to gain the edge over the other. With both traditional crime moving to cyberspace and the emergence of new and evolving threats, cyber policing is very different to traditional law enforcement. Today we’re going to look at some of the different law enforcement bodies in Australia and overseas and the strategies they use.
3
Domestic law enforcement bodies
Australian Signals Directorate (ASD)
Australian Cyber Security Centre (ACSC)
Computer Emergency Response Team Australia (CERTAU)
Australian Cybercrime Online Reporting Network (ACORN)
Australian Federal Police (AFP)
State Police Forces
Australia has a number of domestic law enforcement bodies to manage cybercrime. What we see across these agencies and organisations is a split into those that focus on national security and critical infrastructure protection, and those dedicated to cybercrime.
4
Domestic law enforcement bodies
Australian Signals Directorate (ASD)
An intelligence agency in the Australian Government Department of Defence
Its existence was denied until 1977
Originally called Defence Signals Directorate
“Reveal their secrets, protect our own”
Collects and analyses foreign signals intelligence, known as SIGINT
Provides advice and assistance on information and communications security, known as InfoSec
Conduct offensive cyber operations
Combat global cybercrime related to national security
Loosely based on NSA
The role of the ASD has been expanding since the 1950s, with the ASD taking a more public and important role in Australia’s cyber security since 2013. Formerly the Defence Signals Directorate, in 2013 it became the Australian Signals Directorate to reflect a shift from purely defensive capability to a more open and varied role with the motto of “Reveal their secrets, protect our own”. Until 1977, the existence of the ASD was denied, despite existing from the 1950s. They were heavily involved in intelligence and signals interpretation in WWII
They are a major agency within both offensive and defensive cyber capability, supporting the ADF and the Australian Intelligence community. They are a major collaborative partner with the AFP, ACSC and JCSC.
CI and national security focus
5
Domestic law enforcement bodies
Australian Cyber Security Centre (ACSC)
Lead the Australian Government’s operational response to cyber security
incidents
Was the responsibility of the Attorney-General & Minister for Defence
Now sits under ASD
Organise national cyber security operations and resources
Encourage and receive reporting of cyber security incidents
Raise awareness of the level of cyber threats to Australia
Study and investigate cyber threats.
Runs industry outreach in each state through Joint Cyber Security Centre (JCSC)
Created in 2015, the ACSC was set up to be Australia’s centralised cyber security hub for both public and private industry. It became a part of the Australian Signals Directorate in 2018.
The ACSC is a public-private partnership between private industry with partners like Boeing, Qantas, Telstra and government partners like the ASD in order to combine resources and address common threats
Any business can sign up to be a part of the ACSC through their Joint Cyber Security Centre initiative, which is designed to facilitate information sharing for threats, vulnerabilities and best-practice across industry and government. Interestingly, each business MUST sign a strict confidentiality agreement before they can join the JCSC/ACSC and it is enforced heavily.
The ACSC also publishes regular information through their website about the latest threats, cyber incidents and how consumers can best protect themselves against cyber threats. The ACSC is about national security and CI protection
6
Domestic law enforcement bodies
Computer Emergency Response Team Australia (CERTAU)
The CERT model is used around the world
Main contact point for Australian Businesses & government agencies with regards to:
Receive and respond to cyber security incident reports
Receive support and advice in responding to and mitigating cyber incidents
Monitor cyber security incidents or attacks to develop a threat picture
Provide advice and alerts to its partners to enhance their cyber security
esilience
Works with ACSC to communicate information to the AFP, ASD & ASIO
They manage the following programs:
Stay Smart Online
Australian Internet Security Initiative
CERT Australia was created in 2009 under the Attorney-General’s Department to one of the main contact points for Australian businesses for READ SCREEN. Again, they have no operational capability, but rather work with the AFP, ASD and ASIO to provide threat intelligence. They moved to the ACSC in 2017 to further combine Australia’s cyber security responses.
Not to be confused with AusCERT, which was created in 1993 as a collaboration between the Queensland University of Technology, Queensland University and Griffith University in response to cyber attacks on government systems in the United States that were traced back to these universities. Australians were some of the most prolific hackers in the 1980s, with hacks on NASA, the NSA and the CIA. As a result of the lack of government funding, AusCERT became a subscription-based service run by these universities and was one of Australia’s key cyber security responses.
Cybercrime and cyber resilience
7
Domestic law enforcement bodies
Australian Federal Police (AFP)
Split into two divisions: “Capability and Strategy” and Operations
Capability and Strategy:
Provide advice and analysis of cyber related policy
Monitor and evaluate progress in delivering strategic objectives
Operations:
Develop tools and scripts that assist in the analysis of digital evidence
Work with AFP investigators on cyber related investigations
Test and maintain sensitive IT systems.
The AFP falls under the Department of Home Affairs as of 2017, along with ASIO- the Australian Secret Intelligence Organisation
The AFP is split into 2 divisions: READ OFF SCREEN
cybercrime
8
Created in 2003
Australia’s first law enforcement response dedicated to cybercrime
Their responsibilities included:
Information sharing
Bringing together industry and government
Threat analysis
International cooperation
Became part of the in High-Tech Crime Operations in 2008
Child exploitation
Te
orism
Organised crime
The Australian High Tech Crime Centre
OFFICE | FACULTY | DEPARTMENT
9
Case study
The Australian Federal Police housed one of the first law enforcement responses to cybercrime in the Australian High Tech Crime Centre. The AHTCC was created in 2003 in response to a rise in financial fraud through Phishing Scams. These phishing scams were the first large scale cyberattack to hit the Australian population. Interestingly, the AHTCC had no operational law enforcement capability. They acted as a site for cooperation, intelligence gathering, monitoring and coordination, which the AFP could then act on in cooperation with state police.
The AHTCC was designed as a collaboration between the Australian federal government and private industry to combat and manage the rising threat of ‘technology enabled crime’, and to create a national platform to coordinate responses to cybercrime. It was a collaborative effort, with a large number of staff from the Australian Federal Police, complimented by police from each state.
In addition to this, the AHTCC seconded staff from across the Federal Government, with staff from the ASD, Australian Bureau of Statistics and the Australian Institute of Criminology among others. With the transnational nature of cybercrime, the AHTCC also utilised the Australian Federal Police’s International Network to further develop relationships with agencies from the United Kingdom, the United States, Canada, Germany, Interpol and the G8. These relationships included operations, intelligence sharing and training exercises.
In 2008, the AHTCC became part of the AFP’s High-Tech Crime Operations. This merger combined the research, prevention and industry cooperation with the operational capabilities of the AFP and expanded the AHTCC to other areas of cybercrime including child exploitation, te
orism and organised crime The merger also meant that all cybercrime responses became part of a single department, and integrated the information gathering capability with the operational capability. However, this merger also handed control to the AFP and excluded state police from this network. It remains the AFP’s main body to manage te
orism, child exploitation and organised crime.
9
Domestic law enforcement bodies
State Police Force
Each state has their own laws that govern cybercrime.
Cybercrime Squad is often a single department inside the State Police Force
Online fraud is the jurisdiction of the state or te
itory police if the victim is
not a Commonwealth Government department
Most common cybercrimes that they deal with include:
Phishing, Scams & Spam
Identity theft
Child pornography & grooming
Forensic Evidence & Technical Services command provides digital forensics
support for investigations
Child Abuse and Sex Crimes squad
Includes Child Exploitation Internet Unit (CEIU) runs sting operations
Each State has their own laws to govern cybercrime, and tend to have a cybercrime unit. Online fraud is the jurisdiction of the state or te
itory police if the victim is not a Commonwealth Government department
Most common cybercrimes that they deal with include:
Phishing, Scams & Spam
Identity theft
Child pornography & grooming
They still collaborate with the AFP and the Australian Intelligence community, but are more commonly associated with state-based crime.
cybercrime
10
U.S law enforcement bodies
National Security Agency (NSA)
Federal Bureau of Investigation (FBI)
Central Intelligence Agency (CIA)
United States Secret Service (USSS)
National White Collar Crime Center (NW3C)
United States Cyber Command (USCYBERCOM)
United States Postal Inspection Service (USPIS)
State Police Forces
Large Metro Police
Local law enforcement
The United States also has a varied law enforcement response to cybercrime
11
U.S law enforcement bodies
National Security Agency (NSA)
Originally tasks with the defence of the nation
“Intelligence” Agency
Signals Intelligence (SIGINT)
The NSA is responsible for global monitoring, collection & processing of information in the interest of national security
Recently they have overstepped on these mandates
Surveillance of American citizens
Tailored Access Operations (TAO)
Elite hackers that develop cyber weapons and hacking tools
STUXNET (allegedly)
https:
www.youtube.com/watch?v=bDJb8WOJYdA
The National Security Agency is similar to the ASD, it is one of the most well known and most influential intelligence agencies in the US.
Their
ief isn’t limited to cyber, but combines cyber security and intelligence gathering to
Devoted to national security
12
U.S law enforcement bodies
Federal Bureau of Investigation (FBI)
Cybercrime division is small part of a larger organisation
Plays the role of Australia’s state police and AFP for the U.S
Prioritises:
Hacking
Child sex exploitation
Intellectual property rights
Internet fraud
The FBI aims to address cyber crime in a coordinated and cohesive manner, with similar concerns to the AFP.
At each of the 56 FBI Headquarters there is a cyber division staffed with agents and analysts who protect against and investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud.
They also partner with other federal agencies like the Department of Defense and the Department of Homeland Security
13
U.S law enforcement bodies
Central Intelligence Agency (CIA)
Largely focused on information gathering internationally
Typically done through human intelligence (HUMINT)
More commonly using signals intelligence (SIGINT)
The CIA focuses largely on intelligence gathering, this was traditionally done through human intelligence, also known as HUMINT. This form of intelligence is performed by people (or humans) talking to other humans. With regards to the CIA, this was often done in covert operations of information gathering. This has moved to a dual focus with the CIA investing heavily into foreign signals intelligence,