TRMG EU Commission March 2007

100 %
0 %
Information about TRMG EU Commission March 2007
Education

Published on March 19, 2008

Author: Petronilla

Source: authorstream.com

European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce Risks:  European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce Risks Agenda:  Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Agenda:  Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorism Part 1 The Evolution of Communications Fraud:  Part 1 The Evolution of Communications Fraud Fraud Defined:  Fraud Defined Theft through deception Financial incentive Not ‘Security’ Not ‘Credit Control’ Not ‘Revenue Assurance’ A criminal act… The Original Business Case:  The Original Business Case 10 active lines (no intention to pay) 24 hours traffic per line, per day 10p per minute to expensive IDD Revenue: 10x24x60x0.1 = £1,440 per day Or £43,200 per month Or £518,400 per year In cash, tax free The estimated cost:  The estimated cost Up to 5% of revenue Typically 30% of bad debt Does not include: Out-payment costs Opportunity costs Infrastructure costs Image and PR Cost of investigations and security Key root causes of fraud:  Key root causes of fraud Migration & demographics Penetration of new technology Staff dissatisfaction The ‘challenge factor’ Operational weaknesses Poor business models Criminal greed Money laundering Political & ideological factors Fraud Evolution:  Fraud Evolution 1900 2004 1950 1970 1980 1990 Operator Services Teeing in Payphone ‘tapping’ Meter tampering Black Box Red Box 3rd party billing Calling card Tumbling ESN Cloning Ghosting PBX DISA Subscription Roaming IMEI cloning Free phone Call forward Pre-paid PRS CDR suppression Magic phones Social engineering Voicemail hacking PRS Fraud:  PRS Fraud Operator PRS SP 3. Out payment 2. Fraudulent traffic – no revenue 1. PRS service provider takes out fraudulent subscriptions IDD Call Selling:  IDD Call Selling Operator 2. Fraudulent traffic – no revenue for operator 1. Fraudulent subscriptions based in call selling ‘shop’ 3. International traffic triggers a settlement out payment to the carrier PABX DISA Fraud:  PABX DISA Fraud Hacker DISA Port 1. Hacker cracks the DISA code 2. Multiple high value outbound calls from the PABX 3. The bill goes to the PABX owner $ Retail, Wholesale, IP Security:  ‘Wholesale’ Fraud ‘Retail’ Fraud IP Security Retail, Wholesale, IP Security VoIP Bypass via SIM Gateway:  VoIP Bypass via SIM Gateway Facilitates VoIP Bypass Fraud – a ‘wholesale’ category of fraud Country A The cost of fraud:  The cost of fraud Bill write- offs Out- payments Infra- structure Congest- ion Litigation Image & PR Fraud Countermeasures:  Fraud Countermeasures Call data analysis Customer vetting Credit control Information pooling Secure services Secure technology Awareness Call Data Tracking:  Call Data Tracking Handset SIM MSISDN IMSI IMEI Calling MSISDN; IMSI; IMEI; Called Number; Cell Site; Duration; Cost Call Record: Mobile Device: Cross-border Issues:  Cross-border Issues Handset SIM Pre-paid bal Post-paid bill payments Large top-ups, high spend, heavy VAS usage, roaming patterns Transportable anywhere: SIM as a Credit Card Subscriber Data ‘Fingerprinting’:  Subscriber Data ‘Fingerprinting’ Part 2 Online Threats & 3G Convergence:  Part 2 Online Threats & 3G Convergence Technical Convergence:  Technical Convergence Fixed Mobile Internet One Account Service Convergence:  Service Convergence Voice & data Info- tainment Banking One Account e.g. A1 Bank in Austria The Evolutionary Threat Model:  The Evolutionary Threat Model New Technology Service offerings Business models Threats From traditional voice telephony to convergent online communications & Info-tainment Typical Online Issues:  Typical Online Issues Identity theft True name takeover Account takeover Hacking & Database Theft Phishing, pharming & social engineering Fake websites Key loggers & password stealers Typical Online Issues:  Typical Online Issues Virus attacks Trojans System reconfiguration attacks Session hijacking Man-in-the-middle attacks Blackmail NGN Maturity:  NGN Maturity Today Comment: There is a direct correlation between service complexity and the number of fraud opportunities. More complex services also imply more complex detection and investigation techniques. A simple example:  A simple example An SMS is sent to a vending machine. The machine dispenses a can. Cost of the drink is charged to caller’s account. If no payment is made, the main loss is the value of the drink, not the value of the SMS message. The growing value of content:  The growing value of content Value of the content transaction Cost of the connection Time $ Value NGN Services:  NGN Services Communication SMS E-MAIL FAX Productivity AGENDA ADDRESS ALBUM Entertainment MUSIC VIDEO GAMES Information NEWS LOCATION EVENTS CHAT OTHER TOOLS DATING BUY & SELL The SIM Card as a Credit Card. The Operator as a Bank Framework 2006 to 2010…:  Framework 2006 to 2010… Subscribers Network Framework 2006 to 2010…:  Framework 2006 to 2010… Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money Focus 2006 to 2010…:  Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Smarter handsets Internet access device: Viruses Trojans Pin & CC# capture More handset theft Focus 2006 to 2010…:  Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money Redistribution Copyright Focus 2006 to 2010… Focus 2006 to 2010…:  Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money PRS-type frauds Unlawful content QoS exploits Focus 2006 to 2010… Focus 2006 to 2010…:  Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming ASP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money SP manipulation of results Player fraud Staff/developer fraud PRS-type fraud Payment fraud Focus 2006 to 2010… Focus 2006 to 2010…:  Service Provider Subscribers Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Prize money LBS abuse Premium MMS Denial of Service Focus 2006 to 2010… Focus 2006 to 2010…:  Focus 2006 to 2010… Service Provider Artists DRM Royalties Fees Delivery Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network More identity theft Real identity Synthetic identity Org. crime Terrorism Related Issues 2010:  Related Issues 2010 Service Provider Artists DRM Royalties Fees Content provider Gaming SP Content aggregator Net Revenue VAS providers Net Revenue Network Social engineering Hacking Mal-ware Identity & payment Lawful intercept Virtual communities Unlawful content Money laundering DoS: ‘state’ sponsored Voting fraud Summary of NGN Risks:  Summary of NGN Risks Attacks on the ‘electronic wallet’ Frauds by subscribers - On operators - On third party service providers Staff frauds Third party SP frauds Denial of service type attacks Impact on Operators:  Impact on Operators Increasingly complex FM roles Digital rights management issues Banking compliance & regulation Handset-based anti-virus provision Implications for pre-paid customer vetting Key Online Countermeasures:  Key Online Countermeasures Awareness - paramount Firewalls and other security software Virus detection Secure website development IP Penetration Testing IPDR tracking URL Fingerprinting Agenda:  Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Agenda:  Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorism Part 3 Risks in Virtual Online Communities:  Part 3 Risks in Virtual Online Communities What is a Digital Virtual Community?:  What is a Digital Virtual Community? A Chat Room A Meeting Place An Online Game A Marketplace A Lecture Room A Training Centre An Art Form A Parallel Universe (From www.secondlife.com) A Virtual Seminar in progress:  A Virtual Seminar in progress The Second Life example:  The Second Life example 3,700,000+ members Evolved from online fantasy games Contains its own commercial model Operates its own currency (Linden$) Ability to buy & develop real estate Ability to sell ‘land’, goods & services USD 450,000 in trades per day Just the first of many… Users can be who they want to be…:  Users can be who they want to be… Is he a ‘he’? Is she really a ‘she’?:  Is he a ‘he’? Is she really a ‘she’? It’s not for everyone, but don’t be fooled::  It’s not for everyone, but don’t be fooled: Big Business is taking this seriously. More virtual players…:  More virtual players… Adidas Reebok 20th Century Fox BBC Radio Disney IBM Intel Starwood Hotels Dept of Homeland Security Recent New Sites:  Recent New Sites Entropia: 500,000 users There.com Active Worlds Gaia Online Kaneva (beta testing) Commerce in ‘Second Life’:  Commerce in ‘Second Life’ Currency exchange: Buy ‘Linden$’ with your credit card (E-money) Buy and sell land, goods and services Transfer profits back out to the real world: By PayPal By Check Profit is a primary difference:  Profit is a primary difference In the E-money model, money transfers are the sole motive. In the virtual money model, both movement and trade for profit are primary motives. Examples of 2nd Life trades:  Examples of 2nd Life trades Digital clothing Gambling Escort services Virtual land Property development Artistic projects Architectural services And more… Statement:  Statement “This has the look of a killer application that is being replicated, with adaptations, many times over”. Real Life 2nd Life 3rd Life 4th Life General Issues:  General Issues Virtual economic trends already seen: Inflation Property market downturns Exchange rate fluctuations Virtual stocks and shares? Insider trading? By staff of the Host By the Virtual ‘Elite’ Who protects the consumer? Due Diligence Issues:  Due Diligence Issues Regulation Is a virtual currency a real currency? Isn’t a Virtual Life account really a ‘bank account’? Taxation Income Tax Sales Tax Book-keeping and audits Are virtual holdings ‘assets’? Are virtual debts ‘liabilities’? More Issues…:  More Issues… Fraud Social engineering Harassment, coercion, solicitation & begging Hacking, database exposure & identity theft Plain old credit card fraud Copyright theft & resale of content Illegal content Unlawful sale of content to minors 21 or only 12?:  21 or only 12? Teen Second Life has now launched Even More Issues…:  Even More Issues… Avoidance of surveillance Fictional identities Virtual phone traffic Dedicated instant messaging Closed user groups (‘www.the_jihadist_site.org’?) Lawful intercept Jurisdiction Issues, Issues, Issues…:  Issues, Issues, Issues… Online gambling: Virtual money is not real money? Gambling wins & losses occur within the virtual economy Wins transferred out to real world accounts may not be identified as gambling-related Money laundering Credit card payment in from one identity PayPal payment out to another identity Far out issues:  Far out issues ‘Grey Goo’ attacks Virtual Gang raids In Korea in 2004, Police reported that over 50% of alleged Cyber Crime occurred on virtual world gaming and commerce sites. Theft of digital designs was a leading problem. Possible Triggers for Growth:  Possible Triggers for Growth Corporate interest/investment Brand awareness Product placement Click-through Political interest Economic recession leading to cost cutting Increasing international tensions leading to business travel restrictions How might this evolve?:  How might this evolve? New economic models will emerge Corporates will start marketing to the virtual community: Digital product offerings Click-through to real websites Product placement Advertising Telecom operators are already getting on board Evolution 2:  Evolution 2 M-Life as a feature of WIMAX Apple’s i-phone = convergence of voice, data, multi-media and M-Life The Nintendo Wiii Put them all together… Part 4 From Cyber crime to Cyber terrorism:  Part 4 From Cyber crime to Cyber terrorism Future Threats:  Future Threats VOCs could rapidly become both a tool and a target for terrorist organisations There is a low technical barrier to entry for existing terrorist organisations and affiliates There is a low ‘ethical’ barrier to entry for individuals who have previously never committed a criminal act Terrorist Profile: The Loner:  Terrorist Profile: The Loner Educated, middle class Technically skilled Economically unsuccessful Targets; corporate brands and business operations online, other users, government sites and news agency sites for PR purposes Objective; ideological/personal gain Terrorist Profile: The Group:  Terrorist Profile: The Group Probably trans-national Already known, so fears surveillance Technically proficient Targets; Primarily corporate/governmental Main Objectives; Avoidance of surveillance Virtual Planning & Recon (e.g. Virtual Congress) Virtual training/practice sessions Money laundering Specific Techniques:  Specific Techniques Mutation of existing techniques Viruses & Virtual Trojans Other virtual Malware Password hacking Virtual identity theft and account takeover Emergence of new techniques Virtual Grey Goo attacks Virtual ‘nuclear’ attacks The Impact of Virtual Terrorism:  The Impact of Virtual Terrorism Financial gain for terrorist cells Public relations: Victimless Focused on brands and governments Lawful intercept issues Political concerns Expression of unlawful views Hijacking of virtual institutions Virtual Terror Countermeasures:  Virtual Terror Countermeasures Education & awareness: Policy makers Law enforcement Virtual site hosts Virtual currency regulation & compliance Cooperation with hosts for Intercept Conventional virtual intelligence collection Tracking & surveillance of behaviour Conclusions:  Conclusions This is an ultra-modern technology which: Combined with new forms of commerce; With questionable oversight & regulation; And no clear audit or policing mechanisms; Constitutes a risk management issue that: May expose consumers; May also expose investors, and; Could potentially create many new opportunities for criminals of all descriptions How to respond?:  How to respond? The Key first steps:  The Key first steps An international effort at governmental level Classify ‘virtual’ currencies as real currency Classify virtual accounts as bank accounts Enforce banking standards for reporting and customer identification Employ tax assessments as a primary mechanism for collections Make virtual hosts legally liable for all activity on their sites Agenda:  Agenda Part 1: The evolution of communications fraud Part 2: Online threats and 3G convergence Part 3: Current commercial and security risks in virtual online communities Part 4: From Cybercrime to Cyber-terrorism Questions and comments:  Questions and comments

Add a comment

Related presentations

Related pages

European Commission

European Commission. English en. search. Highlight. ... EU and Turkey agree European response to refugee crisis. ... and comes into effect on 20 March.
Read more

European Commission - Wikipedia, the free encyclopedia

The European Commission ... In 2007 the Commission increased from 25 to 27 ... and is used "for justifying the EU and the commission" increasing ...
Read more

Top News from the European Commission

Top News from the European Commission 05 March ... Tuesday 13 March: New EU Consumer Strategy 2007-2013 – Making the Single Market work for Consumers .
Read more

European Union climate and energy package - Wikipedia, the ...

European Union climate and energy package ... in March 2007, ... emissions of greenhouse gases presented by the Commission on 10 January 2007.
Read more

Top News from the European Commission

Top News from the European Commission ... impact assessment the EU Commission will make a new proposal on ... on the first of March 2007.
Read more

COMMISSION REGULATION (EC) No 240/2007 of 6 March 2007 ...

in the ‘Register of protected designations of origin and protected geographical indications’. ... Done at Brussels, 6 March 2007. For the Commission
Read more

EU, Commission Directive 2007/19/EC of 30 March 2007 ...

EU, Commission Directive 2007/19/EC of 30 March 2007 Amending Directive 2002/72/EC Relating to Plastic Materials and Articles Intended to Come into ...
Read more

European Commission investment survey

March 2007 ECONOMIC AND MONETARY DEVELOPMENTS Output, demand and the labour market Box 5 EUROPEAN COMMISSION INVESTMENT SURVEY
Read more

01 - Quarterly Report on the Euro Area. March 2007 ...

Quarterly Report on the Euro Area. March 2007. ... and do not necessarily correspond to those of the European Commission. ... @ec.europa.eu.
Read more

JUDGMENT OF THE COURT (Third Chamber) 15 March 2007 *

JUDGMENT OF 15. 3. 2007 — CASE C-95/04 P ... On 12 March 1998 the Commission adopted a supplementary statement of objections in relation to that new system.
Read more