THE GLOBILIZATION OF CYBERCRIME


As computer technology continues to advance, both government and private entities have become increasingly dependent on computerized information systems to carry out operations and to process, maintain, and report essential information. Every day businesses as well as citizens are challenged with trying to balance security with the convenience of usability. Connectivity, productivity and convenience are critical in the 21st century, but if not implemented properly, they can have devastating effects to security. The purpose of this web site is to provide you with information to help track the risk and adopt the essentials of Internet Security within your enterprise system or home computer network. See United Nations report...

Former NSA Director, General Keith Alexander: The loss of industrial information and intellectual property through cyber espionage constitutes the "Greatest Transfer of Wealth in History"


How to report Cybercime? So who investigates Cybercrime? What do you do if you become a victim of Cybercrime? How do you report Cybercrime if your business falls victim, or even where to go if you're just not sure? To answer these basis questions you must first be able to answer even more basic questions such as:

  • Does your situation meet the any investigative or prosecutorial thresholds?

  • Is there a high enough monetary loss ( prosecuting attorney's offices will calculate compensatory losses not punitive losses)

  • Is it a case with a community impact?

  • Is it a breach of a business or are you a personal victim of cybercrime?


Reporting business cyber intrusions and personally becoming a victim of cybercrime share some similarities, however in most cases:

  • Cybercrimes affecting businesses should be reported to federal law enforcement agencies

  • Cybercrimes affecting Individuals should be reported to local law enforcement agencies and federal reporting centers like the FTC and IC3.

Learn more...


Cybersecurity and Incident Response Planning for Businesses: As cyber incidents rapidly spread across the nation’s financial and critical infrastructure an effective response requires close coordination from multiple stakeholders affected by the incident. A well-defined and organized response to a cyber incident requires a team effort. Getting the right people involved is essential to properly responding, coordinating, mitigating, and investigating your incident.

  • Knowing who to involve in your initial response

  • Containing the problem while investigating the incident

  • Collecting and reporting the facts

Learn more...


Cyber Security for Executives of Companies: The following three (3) key points are what every executive should want to know about their company’s information technology presence.

  • Securing your data against a cyber-attack

  • Taking a holistic and layered approach to cybersecurity

  • Having a cybersecurity response plan


Recent Sony Breach comments for CEO's:

  • The common cause of the problem is a lack of understanding by CEOs as to their role in cyber defense and their delegation to others in the organization.
  • These lawsuits are the beginning of a groundswell of litigation that will pit corporate CEOs against the public where they will have to defend their behavior of reduction of IT costs vs. taking reasonable care in the handling of their security.

Learn more...


The vulnerabilities of remotely accessing your business: Remote Desktop, Log Me In, Team Viewer, mailservers etc.

  • Identity theft

  • Hi-jacked Bank Accounts

  • Intellectual Property Theft

  • Stolen Credit Cards

Learn more...


Keylogger in Hotels: The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guest’s by downloading a keylogger on publicly available business center computers. This particular type of criminal activity highlights the importance of the need for physical and network security to work together as they are dependent on each other.

  • Physical events can have cyber (logical data flow) consequences

  • Cyber events can have physical consequences.

Learn more...


We are all in the this fight together:

    1. Users - home user and business user whose data is targeted and don't have the where with all to protect their systems. See CPE fixes Dr. Paul Vixie and Web based attacks targeting home routers.
    2. Private Sector businesses - who control the majority of access to the internet yet view cybercrime in a managed business context instead of a security risk. Internet touches half million routes.
    3. Software AV vendors - who develop software for business use and not for security, while AV vendors are losing the battle to zero-day malware.
    4. Internet Service Providers (ISPs) - who manage the network yet allow blantant criminal element to abuse Internet Service use agreement. See list of top ISPs
    5. Domain name registrars and regulators - who determine if a domain is allowed to be registered and potentially have the power to de-register a domain that is used to commit fraud or other criminal activity, including, for example, the distribution of malware.  an established Regional Internet Registry (RIR) or National Internet Registry (NIR) such as ARIN, RIPE, AFRINIC, APNIC, LACNIC or KRNIC or direct RIR allocations. ICANN list of accredited registrars.
    6. Law enforcement - which investigates and prosecutes cybercrime violations yet don't gear the proper resources overseas to combat cybercrime globally. The way of a warrant youtube.
    7. Government agencies - have a role to manage risks and developing national and international policies combat cybercrime.

    THE GOVERNEMTS COMPREHENSIVE NATIONAL CYBERSECURITY INITIATIVE HISTORY:

    See: Whitehouse.gov- International strategy for cyberspace


    1998 - President Clinton issues PDD-63 with the goal of public and private organizations being able to maintain continuity of the U.S. critical infrastructure in the event of a terrorist attack. Critical infrastructure includes the physical and cyber-based systems that are essential for the economy and the government to operate at a minimum level.
    2002 -The Federal Information Security Management Act was passed as legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
    2003 - PDD-63 was specifically superseded by HSPD-7, Critical Infrastructure Identification, Prioritization, and Protection. HSPD-7, issued by President George W. Bush on December 17, 2003, establishes a national policy for federal departments and agencies to identify and prioritize critical U.S. infrastructure and key resources and to protect them from terrorist attacks.
    2004 - Homeland Security Presidential Directive 12 (HSPD-12) was issued by President George W. Bush which calls for a mandatory, government-wide standard for secure and reliable forms of ID issued by the federal government to its employees and employees of federal contractors for access to federally-controlled facilities and networks.
    2008 - Shortly after taking office, President Obama ordered a thorough Cyberspace Policy Review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure. The recommendations of the Cyberspace Policy Review were build on an unclassified summary of the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W. Bush in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/ HSPD-23) in January 2008.
    The CNCI consists of a number of mutually reinforcing initiatives with the following major goals designed to help secure the United States in cyberspace:
    To establish a front line of defense against todays immediate threats by creating or enhancing shared situational awareness of network events within the Federal Government To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities To strengthen the future cybersecurity environment by expanding cyber education
    2013 - President Obama issued Presidential Policy Directive 21: Critical Infrastructure Security and Resilience. President Obama issued Executive Order (EO) 13636 on improving critical infrastructure cybersecurity. PPD-21 re-aligned the HSPD-7 critical infrastructure sectors and reduced the number from 18 to 16. The 16 critical infrastructure sectors are chemical; commercial facilities; communications; critical manufacturing; dams; defense industrial base; emergency services; energy; financial services; food and agriculture; government facilities; healthcare and public health; information technology; nuclear reactors, materials, and waste; transportation systems; and water and wastewater systems.
    2013 - EO 13636 directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices - for reducing cyber risks to critical infrastructure. The Framework for Improving Critical Infrastructure Cybersecurity  helps organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs.
    2014 - The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. 
    Other Notable Laws - Federal Information Processing Standards (FIPS) are publicly announced standardizations developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract.

    References and Resources:

    http://csrc.nist.gov/publications/PubsFIPS.html
    http://www.wilmerhale.com/
    https://www.schneier.com/
    http://www.idtheftcenter.org
    https://www.allclearid.com/business
    http://www.spamhaus.org
    https://corporate.target.com/about/payment-card-issue.aspx www.bsa.org

    http://www.search.org/resources/isp-list/