DECISION GROUP INC.
Back   Home
2010.7.01            www.edecision4u.com
ICT Crime Investigation-Case Study on Internet Lawful Interception
Yang, Kai-Sheng    Technical Crime Prevention Center  C I B
Current Situation
Emerging Advanced Technologies
  • Popularity of Infrastructures and Multiple Applications/Services in Internet
    • Wired Broadband: ADSL、Cable Modem、Fiber Optic(FTTx)
    • Wireless Broadband: Wi-Fi、WiMAX
    • Marketplace Platform: Auction (3C Products, game awards), Online Game
  • Integration with Telecom Service
    • Easy and Convenient Communication; Low Cost
    • ISR( International Simple Resale )
    • VoIP:Skype
    • Mobile Network
  • Fact of Crimes (Census in 2009)
    • Serious Social Issue: The No.1 on Ten Major Public Grievances was telephone and Internet fraud crime
    • Telephone Fraud Crime
      • Title Used by Fraud Crime
        • Government Agencies: 1. Police 2. Post Office
        • Guess Who: 1. family(friends) 2. call from bar 3. acquaintance pretended
        • By Privacy Information Leakage: 1. Police 2. Bank 3. Telecom Service Provider
    • Internet Fraud Crime
      • Major Crime Model
        • Auction:1、奇摩拍賣 2、露天拍賣
        • Credit Card:1. take good by fraud 2. game points
Cases Study
Telephone Fraud Crime
  • Recently the ways of fraud groups are from local, traditional phone fraud to new type of cross boarder fraud crime with advanced ICT technologies
  • By “A Number” of VoIP Display, they can change their numbers into the ones of public services, banks, famous trading companies
  • Major Types :
    • Cash in Delivery or Draft by Counter to Specified Account
      • Pretend Police or Prosecutor for case investigation
      • Pretend Hospital to apply medical stipend, or take case investigation
    • ATM Operation
      • Phish Website, 3C or Book Internet Shop, Internet Bank with Installment, fund transfer

Internet Auction Fraud : 1. Fake Auction / True Fraud

Post false auction information to those innocent people and invite them to trade in for money transfer

  • Recently swindler groups use faked trade messages in auction platform or community BBS to attract students with concert ticket, high price 3C products, fashion designs in order to get money
  • Faked Auction – Intrude PTT, Facebook : Not only in Auction platform, swindler groups also use high popular BBS station (PTT) or Facebook to trick students It was reported that 5 students were suffered in PTT during Chinese New Year period. One female student was tricked by NT$2800 with the concert ticket of Super Junior, and another male student was tricked by NT$1000 with Sakura cup of Japanese Starbucks
  • Case of Fake Auction
Internet Auction Fraud : 2. True Auction True Cheating(Swapping)

Post trade information by high-credited account to attract orders, and deliver low priced trash to buyers in order to make an image of trade disputes. Late on all information investigated by police are faked.

Internet Auction Fraud : 3. Middle-man Cheating(Triangle Cheating)

Looking for high-valued good from e-commerce website, and posting the same information in another website to attract buyers to send money to seller, and take away goods directly from seller

  • Internet Middle-man  Young Girl Tricks Money

New trick of “Internet Middle-man”! One young girl plans to buy designer purse, takes account number of seller, posts trade information to another website to attract buyer to send money to seller, and takes purse from seller and runs away

Hacker Intrusion - 50,000,000 Personal Data Breach

In 26 Aug., 2008, Taiwan police caught a hacker group, who integrate database with 50,000,000 pieces of personal data stolen from account DB of Post Bank of China, Health Insurance Bureau, Ministry of Education and several Telecom operators, as well as several million NT dollars. 6 criminals were caught by red-hand.

  • Hacker Channel:
    • By collocate or hosting service in China.
    • Jumping Board:By collage mail servers, host IP’s are all over China.
  • Database Enquiry Website with High Profit:
    • Hacker group intruded database in Post Bank of China, stole millions NT dollars, and intruded and stole 50,000,000 pieces of personal data from National Health Insurance Bureau, Ministry of Education and several telecom operators.
    • One piece of personal data enquiry for NT$300 by name, National ID # or other fussy enquiry method.
Future Challenges

1. Emerging High Tech Crime, High Risky Social Security

  • The outlaw use modern technologies to commit more crimes.
  • Emerging high tech crime challenges lawful investigation drastically.

2. IT with Telecom, Fraud Crime Cross Boarder

  • Anonymous, cross-boarder ICT crimes will be the major features in Internet, mobile phone…etc platforms. If lawful enforcement cannot keep up with technology, it will be great impact to efficiency and capability of LEA.
  • Leader of hacker group likes to commit crime cross strait.

3. Internet Black Market Formed

  • Information of backdoors, breakdown
  • Phishing
  • Cross-boarder Crime
  • Professional Cacker
    • Stealing Account information
      • By Trojan or faked website, get account name, password, personal or transaction information

4. Greater Development of Internet Lawful Interception

  • Multiple Internet Applications and Services to 140+
  • Decoding method for LI must be aligned with protocol upgrade, such as IM: MSN、QQ
  • Unique encryption break down, such as VoIP、Skype