Cyber crimeReconnaissance Case Decision Group / CEO Casper Kan ChangChang_kan@decision.com.tw

Internet crime is divided into two major categoriesTraditional crimes conducted through the Internet. Ex: Credit card fraud, Identity theft, child pornography, indecent chat-room behavior, software & media piracyAny criminal acts dealing with computers and networksEx: Release of Viruses & Worms, Invasion of privacy, Cyber-spying, Hacking & Cyber warfare

1Common Internet fraud behavior patterns and practices 1

Behavior-state-like Specific practices A. Online Shopping FraudGangsters published on the Internet at very low transfer of goods to trick people into them, and then charge the number of bads, after completion of the transaction would not even meet. B. Internet Friend-Ship FraudFemale criminals use the Internet chat room odd men netizens, fake identity, said a well-known universities such as the pseudo-graduate students, after-school part-time shooting advertising, fashion pictures and television commercials to send each other, finally borrowed money under the guise of reason to men, After the hand the money disappeared.

2Common Internet fraud behavior patterns and practices 2

Behavior-state-like Specific practices C. Dummy corporate fraud MP3 Fictitious high-tech companies on the web, to low-cost sale of high-tech new products, And its Web site to display products such as MP3 players, the company and Web site User upon receipt of payment by the Send to purchase products, the company will be empty, the website has also come close. D. Fraudulent sale of fake cheat Criminals often on the site, posted on a flea market selling cheap computer burner, Mobile phones and other second-hand goods, or pirated software and other items, and usually to be paid goods transactions, Of goods received by the victim is often defective or unusable goods or blank or damaged discs.

3Common Internet fraud behavior patterns and practices 3

Behavior-state-like Specific practices E. Internet bank transfer fraudAdvertising or distributing leaflets, claiming to help people loans, to require the victim prior to their designated bank accounts, rights to payment or deposit a considerable margin, the Internet electronic transactions will be the victim of deposit transfers led away.F. Internet credit card fraud The use of credit card companies posted on the Internet test Weika program, enter a credit card number correctly, the program generated several thousand to tens of thousands of card credit card numbers, criminals re-use card numbers generated by the illegal online shopping and spending.

4Common Internet fraud behavior patterns and practices 4

Behavior-state-like Specific practices G. Counterfeit Internet banking fraud Copies of Internet Banking site's pages, counterfeiting the name of the bank to provide savings feature, allowing users to error on the fake Internet banking, resulting in leakage of personal identity documents or bank account numbers and passwords and other important information, a further type of crime.H. Internet Conman fraudOn the Internet for "everyone to make money, this is true, is not deceptive," the title in the discussion group mailing list posting the letter, the letter listed the names and addresses of five persons, instructions sent to the list of User and one each in five people hundred dollars.

5Common Internet fraud behavior patterns and practices 5

Behavior-state-like Specific practices I. Credit Card FraudVictims using their credit cards on your computer online shopping and spending, credit card number has been caused by internet hackers to intercept and then being falsely fraudulent. J. Criminals use the Internet to ultra-low prices to sell merchandise will sell well to require transfer of the financial cards are purchased, in accordance with its instructions, after the successful transfer payments are often dozens of times in the original expenses.

1-1Online Shopping Fraud

1-2Online Shopping Fraud Swindle, said Eastern Shopping and Yahoo Auctions Payment ErrorInformation to the public, claiming a refund of the original contractors mistakenly set the previous trading installment deductions or victim error, mistake a refund will set phases such as the right to charge damaged, it tells the people to the ATM was required to operate changes, lifting hire charge; as soon as the public deceived again after the "Financial Supervisory Commission," said the account has been criminal to use the name of money laundering, must sink "financial security account" to avoid being the freezing of accounts, lured victims of the deposit removed, changed into the aforementioned fraud of "financial security accounts."

B. 1-1Internet fraud Case A Malaysian woman of Chinese origin Ms. Lai in connection with a Nigerian boyfriend, used the Internet to defraud Taiwanese woman CIB International Council of Scientific Cooperation with Malaysia arrested by the police and looking for an accomplice Ms. Lai

B. 1-2Internet fraud Case52358Taipei County police received an indirect May this year, a woman accused, Alleged that a work of netizens in London, claiming that there are pounds in cash to send parcels to give her, Who were failing to declare the Malaysian Customs and Excise Department seized, pay a tax before it may be released upon the request woman will remit money to the Malaysian Customs and Excise Department. The woman did not suspected him, a total of 2358 U.S. dollars two consecutive remittances, but has not received the latest package, Found out deceived.

Network of sexual assault cases! 07 1.512-1820090610 Network of sexual assault cases in 2007: Daily average 1.5 case. 12-18 year-olds accounted for more than 60%. June 10, 2009 Apple Daily Taipei Taiwan

Is truly pathetic and inferior to animals Taipei two suspects a thin one fat, begin July 2008 , Suspected on the Internet to invite Female net friend to participate in party , Female net friend to meet this woman after the other into the Motel, Trick the other into the bathroom taking a bath, and then require a sexual relationship, The victim is unwilling to cooperate, that is, to succeed by slapping rape, the police yesterday arrested two suspected and found that as many as a dozen people injured. Humiliation of victims unwilling to report to the police, the police inventory of network address and went to the motel access to number, yesterday arrested two suspected through the line. The police traced the two began to commit crimes too 2008 July for each pig by Ye too to come out to play other nickname, the yahoo messange and Peas chat rooms and other websites to Nvwang You strike up, leaves from more than 10 suspected offender admits , Zhou said the suspect are for five or six, the police are tracing the other accomplices.

Hacker Su Po-jung work for the underworld to steal data // 2007/09/22 China Times / Taipei / Choi Min-Yue odincbxx CIB Crime Prevention Center for Science and Technology have found that the Internet nickname "odin" Lin, high-school sophomore, and the nickname "cb" two Su Po-jung, an academic department as the backbone network will be a springboard for host hidden in Taiwan Academic Network inside, and the use of Trojan horse programs, Web site vulnerabilities well-known Web site illegally obtained large intrusive information, stored in a foreign website host, to circumvent the tracing. Xx telecom companies in which the user account and password with more than 2.4 million pens stolen, some websites have even the programs are removed.

-1 Internet advertising bank loan fraud case 2009515

-2 Internet advertising bank loan fraud case

Cyber Crime Investigation Essentials

Cyber criminal intelligence collection : IP, , : , , , Collection of computer audit records : Log, IP, User account, timeCustomer Login information : Account name and address of telephone users Corpus delicti

Cyber crime, gathering of evidence, Log, , ... ... By the victims and suspects to obtain information on the computer, Log, files, records, etc. ... Information provided by the industry, and records and so on ...InterceptionFrom the victims to restore the network packet

Cyber crime forensics tools

Forensics Tool Use Kam-digital intellectual and collection of evidence can not be humans through direct identified intellectual vision out of future, without the right tools or software are unable to resolve, using the right tools or software acquisition and identified intellectual digital evidence, but also diligent in Internet Highway necessary conditions for criminal cases

Cyber Forensics Tool Use

Network packet forensics analysis categoriesViruses & Worms, Hacking & Trojans ... ... Email , Web Mail ,IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Games, Telnet FTPP2PVoIPTelnet1.2.

Complete Solutions for Cyber ForensicsWired packet reconstruction.Wireless (802.11 a/b/g/n) packet reconstruction.HTTPS/SSL interceptor..VOIP packet reconstruction.Off-line packet reconstruction softwareNetwork packet forensics analysis trainingFor more information www.digi-forensics.com

Network Packet Forensics Analysis TrainingThe knowledge of network packet analysis is important for Forensics Investigator and Lawful Enforcement Officer to carry out their daily duty. Network Packet Forensics Analysis Training (NPFAT) provides useful and sufficient knowledge required to analyse network packets. Trainee will be able to identify different packet types according to different Internet Protocols such as packets containing a specific Email (POP3, SMTP and IMAP), Web Mail (Yahoo Mail, Gmail, Hotmail), Instant Messaging (Windows Live Messenger, Yahoo, ICQ etc.), FTP, Telnet, HTTP and VOIP. Forensics investigation is also science and art.NPFATInternet POP3SMTPIMAPGmailHotmailWindows Live MessengerICQFTPVOIP

Reference site in Taiwan