European Commission Directorate-General Enlargement JHA 24111 Communications & Virtual Commerce Risks [email protected] www.trmg.org Agenda • Part 1: The evolution of communications fraud • Part 2: Online threats and 3G convergence [email protected] www.trmg.org Agenda • Part 1: The evolution of communications fraud • Part 2: Online threats and 3G convergence • Part 3: Current commercial and security risks in virtual online communities • Part 4: From Cybercrime to Cyber-terrorism [email protected] www.trmg.org Part 1 The Evolution of Communications Fraud [email protected] www.trmg.org Fraud Defined • Theft through deception • Financial incentive • Not ‘Security’ • Not ‘Credit Control’ • Not ‘Revenue Assurance’ • A criminal act… [email protected] www.trmg.org The Original Business Case • • • • 10 active lines (no intention to pay) 24 hours traffic per line, per day 10p per minute to expensive IDD Revenue: – 10x24x60x0.1 = £1,440 per day – Or £43,200 per month – Or £518,400 per year – In cash, tax free [email protected] www.trmg.org The estimated cost • Up to 5% of revenue • Typically 30% of bad debt • Does not include: – Out-payment costs – Opportunity costs – Infrastructure costs – Image and PR – Cost of investigations and security [email protected] www.trmg.org Key root causes of fraud 1. Migration & demographics 2. Penetration of new technology 3. Staff dissatisfaction 4. The ‘challenge factor’ 5. Operational weaknesses 6. Poor business models 7. Criminal greed 8. Money laundering 9. Political & ideological factors [email protected] www.trmg.org Fraud Evolution 3rd party billing Calling card Tumbling ESN Meter tampering Cloning Operator Teeing Payphone Black Box Ghosting Services in ‘tapping’ Red Box PBX DISA 1900 1950 [email protected] 1970 1980 1990 Subscription Roaming IMEI cloning Free phone Call forward Pre-paid PRS CDR suppression Magic phones Social engineering Voicemail hacking 2004 www.trmg.org PRS Fraud 2. Fraudulent traffic – no revenue Operator 3. Out payment PRS SP 1. PRS service provider takes out fraudulent subscriptions [email protected] www.trmg.org IDD Call Selling 2. Fraudulent traffic – no revenue for operator Operator 1. Fraudulent subscriptions based in call selling ‘shop’ [email protected] 3. International traffic triggers a settlement out payment to the carrier www.trmg.org PABX DISA Fraud 2. Multiple high value outbound calls from the PABX 1. Hacker cracks the DISA code Hacker DISA Port $ [email protected] 3. The bill goes to the PABX owner www.trmg.org Retail, Wholesale, IP Security ‘Wholesale’ Fraud ‘Retail’ Fraud [email protected] IP Security www.trmg.org VoIP Bypass via SIM Gateway Facilitates VoIP Bypass Fraud – a ‘wholesale’ category of fraud Country A $ Settlements Country B Traffic VoIP Gateway GSM Gateway (1 IMEI) VoIP Gateway [email protected] Multiple SIMs www.trmg.org The cost of fraud 30% Bill writeoffs 30% 10% OutInfrapayments structure [email protected] 20% 5% 5% Congestion Litigation Image & PR www.trmg.org Fraud Countermeasures • • • • • • • Call data analysis Customer vetting Credit control Information pooling Secure services Secure technology Awareness [email protected] www.trmg.org Call Data Tracking Mobile Device: Handset SIM IMEI MSISDN IMSI Call Record: Calling MSISDN; IMSI; IMEI; Called Number; Cell Site; Duration; Cost [email protected] www.trmg.org Cross-border Issues SIM as a Credit Card Handset SIM Pre-paid bal Post-paid bill payments Transportable anywhere: Large top-ups, high spend, heavy VAS usage, roaming patterns [email protected] www.trmg.org Subscriber Data ‘Fingerprinting’ [email protected] www.trmg.org Part 2 Online Threats & 3G Convergence [email protected] www.trmg.org Technical Convergence Fixed Mobile One Account Internet [email protected] www.trmg.org Service Convergence Voice & data Infotainment One Account Banking e.g. A1 Bank in Austria [email protected] www.trmg.org The Evolutionary Threat Model New Technology Service offerings Business models Threats From traditional voice telephony to convergent online communications & Info-tainment [email protected] www.trmg.org Typical Online Issues • Identity theft – True name takeover – Account takeover • • • • Hacking & Database Theft Phishing, pharming & social engineering Fake websites Key loggers & password stealers [email protected] www.trmg.org Typical Online Issues • Virus attacks • Trojans • System reconfiguration attacks • Session hijacking • Man-in-the-middle attacks • Blackmail [email protected] www.trmg.org NGN Maturity NGN Service Complexity Comment: There is a direct correlation between service complexity and the number of fraud opportunities. Today More complex services also imply more complex detection and investigation techniques. NGN Network Maturity [email protected] www.trmg.org A simple example • An SMS is sent to a vending machine. • The machine dispenses a can. • Cost of the drink is charged to caller’s account. • If no payment is made, the main loss is the value of the drink, not the value of the SMS message. [email protected] www.trmg.org The growing value of content $ Value Value of the content transaction Cost of the connection Time [email protected] www.trmg.org NGN Services Information NEWS LOCATION EVENTS BUY & SELL Communication SMS E-MAIL FAX CHAT Productivity AGENDA ADDRESS ALBUM OTHER TOOLS Entertainment MUSIC VIDEO GAMES DATING The SIM Card as a Credit Card. The Operator as a Bank [email protected] www.trmg.org Framework 2006 to 2010… Network Subscribers [email protected] www.trmg.org Framework 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Content aggregator Gaming SP Net Revenue Prize money Delivery Network Subscribers [email protected] www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Delivery Network [email protected] Content aggregator Gaming SP Net Revenue • Smarter handsets • Internet access device: • Viruses • Trojans • Pin & CC# capture • More handset theft www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Content aggregator Gaming SP Net Revenue Prize money • Redistribution • Copyright Delivery Network Subscribers [email protected] www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Content aggregator Gaming SP Net Revenue Prize money Delivery • PRS-type frauds • Unlawful content • QoS exploits Network Subscribers [email protected] www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Content aggregator Gaming ASP Net Revenue Prize money Delivery Network [email protected] • SP manipulation of results • Player fraud • Staff/developer fraud • PRS-type fraud • Payment fraud www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Content aggregator Gaming SP Net Revenue Prize money • LBS abuse • Premium MMS Denial of Service Delivery Network Subscribers [email protected] www.trmg.org Focus 2006 to 2010… VAS providers Net Revenue Artists Content provider Royalties Fees DRM Service Provider Delivery Network [email protected] Content aggregator Gaming SP Net Revenue • More identity theft • Real identity • Synthetic identity • Org. crime • Terrorism www.trmg.org Related Issues 2010 VAS providers Net Revenue Artists Content provider Royalties Fees DRM • Social engineering • Hacking • Mal-ware • Identity & payment • Lawful intercept [email protected] Service Provider Network Content aggregator Gaming SP Net Revenue • Virtual communities • Unlawful content • Money laundering • DoS: ‘state’ sponsored • Voting fraud www.trmg.org Summary of NGN Risks • Attacks on the ‘electronic wallet’ • Frauds by subscribers - On operators - On third party service providers • Staff frauds • Third party SP frauds • Denial of service type attacks [email protected] www.trmg.org Impact on Operators • Increasingly complex FM roles • Digital rights management issues • Banking compliance & regulation • Handset-based anti-virus provision • Implications for pre-paid customer vetting [email protected] www.trmg.org Key Online Countermeasures • • • • • • • Awareness - paramount Firewalls and other security software Virus detection Secure website development IP Penetration Testing IPDR tracking URL Fingerprinting [email protected] www.trmg.org Agenda • Part 1: The evolution of communications fraud • Part 2: Online threats and 3G convergence [email protected] www.trmg.org Agenda • Part 1: The evolution of communications fraud • Part 2: Online threats and 3G convergence • Part 3: Current commercial and security risks in virtual online communities • Part 4: From Cybercrime to Cyber-terrorism [email protected] www.trmg.org Part 3 Risks in Virtual Online Communities [email protected] www.trmg.org What is a Digital Virtual Community? • A Chat Room • A Meeting Place • An Online Game • A Marketplace • A Lecture Room • A Training Centre • An Art Form • A Parallel Universe (From www.secondlife.com) [email protected] www.trmg.org A Virtual Seminar in progress [email protected] www.trmg.org The Second Life example • • • • • • • • 3,700,000+ members Evolved from online fantasy games Contains its own commercial model Operates its own currency (Linden$) Ability to buy & develop real estate Ability to sell ‘land’, goods & services USD 450,000 in trades per day Just the first of many… [email protected] www.trmg.org Users can be who they want to be… [email protected] www.trmg.org Is he a ‘he’? Is she really a ‘she’? [email protected] www.trmg.org It’s not for everyone, but don’t be fooled: Big Business is taking this seriously. [email protected] www.trmg.org More virtual players… • • • • • • • • Adidas Reebok 20th Century Fox BBC Radio Disney IBM Intel Starwood Hotels Dept of Homeland Security [email protected] www.trmg.org Recent New Sites • • • • • Entropia: 500,000 users There.com Active Worlds Gaia Online Kaneva (beta testing) [email protected] www.trmg.org Commerce in ‘Second Life’ • Currency exchange: – Buy ‘Linden$’ with your credit card (E-money) – Buy and sell land, goods and services • Transfer profits back out to the real world: – By PayPal – By Check [email protected] www.trmg.org Profit is a primary difference • In the E-money model, money transfers are the sole motive. • In the virtual money model, both movement and trade for profit are primary motives. [email protected] www.trmg.org Examples of 2nd Life trades • • • • • • • • Digital clothing Gambling Escort services Virtual land Property development Artistic projects Architectural services And more… [email protected] www.trmg.org Statement “This has the look of a killer application that is being replicated, with adaptations, many times over”. Real Life [email protected] 2nd Life 3rd Life 4th Life www.trmg.org General Issues • Virtual economic trends already seen: – Inflation – Property market downturns – Exchange rate fluctuations • Virtual stocks and shares? • Insider trading? – By staff of the Host – By the Virtual ‘Elite’ • Who protects the consumer? [email protected] www.trmg.org Due Diligence Issues • Regulation – Is a virtual currency a real currency? – Isn’t a Virtual Life account really a ‘bank account’? • Taxation – Income Tax – Sales Tax • Book-keeping and audits – Are virtual holdings ‘assets’? – Are virtual debts ‘liabilities’? [email protected] www.trmg.org More Issues… • Fraud – Social engineering – Harassment, coercion, solicitation & begging – Hacking, database exposure & identity theft – Plain old credit card fraud – Copyright theft & resale of content • Illegal content • Unlawful sale of content to minors [email protected] www.trmg.org 21 or only 12? Teen Second Life has now launched [email protected] www.trmg.org Even More Issues… • Avoidance of surveillance – Fictional identities – Virtual phone traffic – Dedicated instant messaging – Closed user groups (‘www.the_jihadist_site.org’?) – Lawful intercept – Jurisdiction [email protected] www.trmg.org Issues, Issues, Issues… • Online gambling: – Virtual money is not real money? – Gambling wins & losses occur within the virtual economy – Wins transferred out to real world accounts may not be identified as gambling-related • Money laundering – Credit card payment in from one identity – PayPal payment out to another identity [email protected] www.trmg.org Far out issues • ‘Grey Goo’ attacks • Virtual Gang raids In Korea in 2004, Police reported that over 50% of alleged Cyber Crime occurred on virtual world gaming and commerce sites. Theft of digital designs was a leading problem. [email protected] www.trmg.org Possible Triggers for Growth • Corporate interest/investment – Brand awareness – Product placement – Click-through • Political interest • Economic recession leading to cost cutting • Increasing international tensions leading to business travel restrictions [email protected] www.trmg.org How might this evolve? • New economic models will emerge • Corporates will start marketing to the virtual community: – Digital product offerings – Click-through to real websites – Product placement – Advertising • Telecom operators are already getting on board [email protected] www.trmg.org Evolution 2 • M-Life as a feature of WIMAX • Apple’s i-phone = convergence of voice, data, multi-media and M-Life • The Nintendo Wiii • Put them all together… [email protected] www.trmg.org Part 4 From Cyber crime to Cyber terrorism [email protected] www.trmg.org Future Threats • VOCs could rapidly become both a tool and a target for terrorist organisations • There is a low technical barrier to entry for existing terrorist organisations and affiliates • There is a low ‘ethical’ barrier to entry for individuals who have previously never committed a criminal act [email protected] www.trmg.org Terrorist Profile: The Loner • • • • Educated, middle class Technically skilled Economically unsuccessful Targets; corporate brands and business operations online, other users, government sites and news agency sites for PR purposes • Objective; ideological/personal gain [email protected] www.trmg.org Terrorist Profile: The Group • • • • • Probably trans-national Already known, so fears surveillance Technically proficient Targets; Primarily corporate/governmental Main Objectives; – Avoidance of surveillance – Virtual Planning & Recon (e.g. Virtual Congress) – Virtual training/practice sessions – Money laundering [email protected] www.trmg.org Specific Techniques • Mutation of existing techniques – Viruses & Virtual Trojans – Other virtual Malware – Password hacking – Virtual identity theft and account takeover • Emergence of new techniques – Virtual Grey Goo attacks – Virtual ‘nuclear’ attacks [email protected] www.trmg.org The Impact of Virtual Terrorism • Financial gain for terrorist cells • Public relations: – Victimless – Focused on brands and governments • Lawful intercept issues • Political concerns – Expression of unlawful views – Hijacking of virtual institutions [email protected] www.trmg.org Virtual Terror Countermeasures • Education & awareness: – Policy makers – Law enforcement – Virtual site hosts • • • • Virtual currency regulation & compliance Cooperation with hosts for Intercept Conventional virtual intelligence collection Tracking & surveillance of behaviour [email protected] www.trmg.org Conclusions • This is an ultra-modern technology which: – Combined with new forms of commerce; – With questionable oversight & regulation; – And no clear audit or policing mechanisms; • Constitutes a risk management issue that: – May expose consumers; – May also expose investors, and; – Could potentially create many new opportunities for criminals of all descriptions [email protected] www.trmg.org How to respond? [email protected] www.trmg.org The Key first steps • • • • An international effort at governmental level Classify ‘virtual’ currencies as real currency Classify virtual accounts as bank accounts Enforce banking standards for reporting and customer identification • Employ tax assessments as a primary mechanism for collections • Make virtual hosts legally liable for all activity on their sites [email protected] www.trmg.org Agenda • Part 1: The evolution of communications fraud • Part 2: Online threats and 3G convergence • Part 3: Current commercial and security risks in virtual online communities • Part 4: From Cybercrime to Cyber-terrorism [email protected] www.trmg.org Questions and comments [email protected] www.trmg.org
© Copyright 2026 Paperzz