CYBERSECURITY INESTIGATION AND ANALYSIS



Similar documents
The FBI and the Internet

Protect Your Brand Investment with. Brand Monitoring. from DomainTools DOMAINTOOLS SOLUTION BRIEF

ACCEPTABLE USE AND TAKEDOWN POLICY

Malware & Botnets. Botnets

Chapter 11 Manage Computing Securely, Safely and Ethically. Discovering Computers Your Interactive Guide to the Digital World

Acceptable Use Policy and Terms of Service

Internet threats: steps to security for your small business

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Course Content: Session 1. Ethics & Hacking

Phishing Trends Report

NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314

Don t Fall Victim to Cybercrime:

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

FAQ (Frequently Asked Questions)

Spear Phishing Attacks Why They are Successful and How to Stop Them

WEB ATTACKS AND COUNTERMEASURES

In an age where so many businesses and systems are reliant on computer systems,

FortKnox Personal Firewall

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

The Information Security Problem

10 Things Every Web Application Firewall Should Provide Share this ebook

I N T E L L I G E N C E A S S E S S M E N T

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN

Acceptable Use Policy

Abused Internet Domain Registration Analysis for Calculating Risk and Mitigating Malicious Activity

Why Device Fingerprinting Provides Better Network Security than IP Blocking. How to transform the economics of hacking in your favor

Into the cybersecurity breach

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Remote Deposit Quick Start Guide

Where every interaction matters.

Information Security. Be Aware, Secure, and Vigilant. Be vigilant about information security and enjoy using the internet

isheriff CLOUD SECURITY

Using big data analytics to identify malicious content: a case study on spam s

The Hidden Dangers of Public WiFi

Spyware. Summary. Overview of Spyware. Who Is Spying?

Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

The Impact of Cybercrime on Business

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

Cyber Security for Start-ups: An Affordable 10-Step Plan

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

.tirol Anti-Abuse Policy

Corporate Account Takeover & Information Security Awareness. Customer Training

How-To Guide: Cyber Security. Content Provided by

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

enom, Inc. API response codes

Managed Security Services

Microsoft Outlook 2010 contains a Junk Filter designed to reduce unwanted messages in your

Addressing Big Data Security Challenges: The Right Tools for Smart Protection

How To Stop A Ddos Attack On A Website From Being Successful

Swordfish

How To Protect Yourself From A Dos/Ddos Attack

Tips for Banking Online Safely

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Cybercrime in Canadian Criminal Law

.IBM TLD Registration Policy

National Cyber Security Month 2015: Daily Security Awareness Tips

Protect Yourself. Who is asking? What information are they asking for? Why do they need it?

WildFire. Preparing for Modern Network Attacks

Importance of Website Domain Ownership for Managing your Brand

OVERVIEW. 1. Cyber Crime Unit organization. 2. Legal framework. 3. Identity theft modus operandi. 4. How to avoid online identity theft

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31,

UNMASKCONTENT: THE CASE STUDY

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

User Documentation Web Traffic Security. University of Stavanger

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

Securing the endpoint and your data

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

FINAL // FOR OFFICIAL USE ONLY. William Noonan

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Concierge SIEM Reporting Overview

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

KASPERSKY DDoS PROTECTION. Protecting your business against financial and reputational losses with Kaspersky DDoS Protection

BE SAFE ONLINE: Lesson Plan

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Avoiding Malware in Your Dental Practice. 10 Best Practices to Defend Your Data

Transcription:

CYBERSECURITY INESTIGATION AND ANALYSIS The New Crime of the Digital Age The Internet is not just the hotspot of all things digital and technical. Because of the conveniences of the Internet and its accessibility, it has also given rise to a new kind of violators cybercriminals who prey on the wealth of valuable information available and accessible online. Information is the driving currency in the World Wide Web and this has given rise to a new form of data and information theft. In recent studies, cybercrimes have resulted to a loss averaging $9 million per year among corporations and companies. But besides the loss of huge amounts of profits, these online crimes have also ruined reputations of companies and rendered victims vulnerable as the perpetrators now have critical access to data that can be used against them. With advances in digital technology, online criminals have grown even more aggressive and creative in their ways despite efforts to strengthen and tighten online security. The crackdown on these online crimes remains a constant challenge to many authorities and intelligence and security experts. 1 Whois API LLC www.whoisxmlapi.com

Knowing What the Crimes Are The first step to combating cybercrimes is to first understand what it is you re dealing with. With the never-ending breakthroughs in the digital world and the ever-increasing number of things one can do on the Internet, cybercriminals have also become more intelligent, more creative and more aggressive such that there are more forms and types of cybercrimes than the Internet police and security protocols can afford to fight. DDoS (also known as distributed denial of service) attacks happen when compromised computers and hardwares are used to spread malicious codes on networks and websites, causing the network to crash. Hardware hijacking targets the computer and other digital hardware so that criminals have access to the data contained in such hardware like one s email, files and folders. This happens when users open or click certain links or download files that are malwares designed to infiltrate the computer. Phishing is common in email. Many fall victim to these when they click on spam messages in their junk folder that are actually worms or viruses designed to infiltrate the data system. Once in, user information is easily accessible. Counterfeit ecommerce takes advantage of the popularity of online shopping. A fraudulent or fake ecommerce or online selling website is set up, driving people into the site and accessing their personal information. Another common form is the selling of fake products, especially luxury brands, in online stores. Identity theft is a common form of cybercrime where hackers gain access into one s personal accounts or a database and uses the critical information, such as credit card details or social security numbers for their own gains. There are other more forms and types, including online bullying and stalking and electronic vandalism and extortion, but the abovementioned are the most common forms of cybercrime that target companies and individual accounts and thus, can have far-reaching impacts, both on the business and personal fronts. The Security Strategy The key to cracking cybercrimes lies in two important elements: the DNS (or domain name system) and the Whois data. The DNS is a system for translating domain and Internet names into IP addresses, which is then used to track computers and networks across the globe. It s the first place to start in looking up sources of transactions in the World Wide Web, including sites that contain malicious codes and links. 2 Whois API LLC www.whoisxmlapi.com

The other critical link is the Whois data that yields information such as the domain name, the IP address, and contact information of the registrant (to whom the domain name is registered). The Internet police most often start their investigation of cybercrimes here. A search is made on the Whois database to determine who owns the site, how long it s been up, its legitimacy, and the most important information of all, location of the website owner. In some cases, the data in the Whois registry may be inaccurate or incomplete. This is why in most investigations, information in the Whois database is correlated and supported by information from the IP address assignment records (through the DNS). According to the FBI, the IP address records often yields more correct information that can generate leads such as the web hosting company. For example, in the case of a fraudulent online shopping site that has tricked the public into sharing their credit card details under the guise of a product purchase, the first step is to identify the operator and owner of the site. By matching the IP address, a query of the domain name is first made. A search on the Whois database is also carried out to look for information as to the owner of the fraudulent site, the details on how the site was paid for (i.e., credit card), other malicious sites that were also paid for using the same account, and hopefully other leads, such as the location of the domain owner. With these leads, the authorities can then take the necessary next steps to apprehend the criminal. Cracking cybercrimes While it is true that these cybercriminals have become more aggressive and creative in the way they operate (in most cases, they work together and are not individual perpetrators), there are a number of simple security measures that businesses and individuals can employ as an added layer of protection. These can include any of the following: Not opening suspicious emails in the Spam or Junk folder Disabling cookies on web browsers to avoid storing any critical information Installing a firewall to filter information exchanged with other computers Browsing on secure sites where data is encrypted as a form of security These are very simple measures to safeguard against hacking and information theft that can be easily employed by an individual. However, for companies and businesses with more to lose, a tighter form of security is needed, hence the development of softwares and programs designed to protect against and catch cybercriminals. These security solutions mainly use Whois data. The Whois record contains information on the domain name, which serves as the starting point of cybersecurity analysis. From the domain name, other critical information are revealed such as: Registrant name Registrant email, phone number and address Name server 3 Whois API LLC www.whoisxmlapi.com

IP address Registrar Registration date Expiration date Updated date For example, in tracking down a spreading malware from unknown sites, the first step is to look for information in the Whois registry. A website may be suspected of hosting malware if any of the following information have been found: a fairly recent registration date a fairly close expiration date registrant owner is in a high-risk country registrant and website location are different Besides utilizing Whois data, security solutions also feature the following functionalities and activities: Surface Leads are instrumental in collecting and gathering data, including the following: Finding contact information from a single domain name or IP address Getting behind Whois privacy records by scouring historical Whois records Identifying associated nameservers, IP addresses, MX servers and more for triangulating perpetrator identities Correlating the data with external data to strengthen connections and patterns Scoping the breadth of nefarious activity to identify all fraudulent acts by: Identifying all connected domains, websites and IP addresses associated with fraudulent activity Searching parsed Whois data to perform a broad search focused on limited data Cross-referencing domain name in the Whois data with other useful DNS data points Preventing future threat activity by: Identifying other sites and networks associated with known-bad sites or actors and shutting them down at once Monitoring domains, IP addresses, nameservers and registrant information of suspect characters Leveraging Brand Monitor to prevent fraudulent domain name registration across all top level domains (TLDs) worldwide 4 Whois API LLC www.whoisxmlapi.com

The Whois API Solution Whois API specializes in providing Whois database access that can be used in tracking cybercriminals and hackers. Whois API s three major products are for businesses and companies with the infrastructure and expertise to carry out Whois database searches to track malicious activity on their sites. Hosted Whois Webservice The Hosted Whois Webservice is an online-based service that returns well-parsed Whois fields for every URL request made in common formats, such as the XML and JSON. This webservice boasts of the following key features: Accessible platform. The Whois Webservice works on basic HTTP so it circumvents firewall restrictions that can limit access to Whois servers on port 43. Comprehensive Whois database. To ensure that one has covered all the Whois registrars to yield complete information, this webservice follows the Whois registry referral chains that directs to the correct Whois registrars to get the most complete Whois data. Powerful infrastructure. This product utilizes smart mechanism and powerful protocols to avoid query limits posed by Whois registrars during searches. Readable format. Whois query yields exceptionally freeform data that are translated into well-structured and readable formats (XML and JSON) that are compatible with most applications. It can yield very specific information, such as name, organization, street, city, state/province, postal code, fax number, and telephone numbers. The data is also cleanly displayed by eliminating header and footer text. The parser is fault tolerant as it is constantly tested and improved, and parsing support for all Whois registers is available. It also returns registry dates (created date, update date, and expire date) in their original and normalized formats. The Whois Hosted Webservice has a wide range of applications, covering simple to more serious online offenses. It can work in queries and activities involving the following: Tracking domain registrations to see owner details Detecting credit card fraud Investigating spam, fraud, intrusions, and other online misbehaviours Checking advanced Whois web pages Locating geographical location of users 5 Whois API LLC www.whoisxmlapi.com

In addition to cybercrime investigation, the webservice is also handy in researching Internet infrastructure and usage. An example is in website setup and creation. Web developers may check into the Whois database to see the availability of a domain name for a website they re putting up. Whois Database Download Whois API also provides an offline alternative to the hosted webservice in the form of the Whois Database Download. Organizations can opt to have access to downloadable archived historic Whois database. Records can be displayed in raw text or raw text and parsed formats, and are downloaded as database dumps (MYSQL or MYSSQL dump) or CSV files (Office Excel-based). This service offers Whois archived records for most of the major GTLDs (generic top-level domains) such as,.com,.net,.org,.us,.biz,.mobi,.info,.pro,.coop, and.asia. Besides cybercrime investigation, the database download can also be used in statistical research analysis and in extracting fine-grained information even from archived Whois records. Reverse Whois Tracking and investigating online crimes can also be a game of trial and error and random searches. In other cases, inactive cybercriminals and hackers may even be identified by a simple random search on the Whois database. And yet, in a few more cases, searches made on the Whois database are not to purposely track and investigate cybercriminals, but to simply look up and research on a domain name for business purposes. This is where the Reverse Whois or Registrant Search comes in. There are a number of business uses and functions of this service, such as the following: Website owners and managers use this service to identify new business and partnership opportunities and to locate potential buyers through the contact details provided in the Whois database. Brand agents also use Reverse Whois to protect their intellectual property and check potential trademark infringements through random searches to scope domain name similarities, duplicates, or copycats. Domain investors can use the information gained from random searches on the Reverse Whois to learn about their competition and identify investment opportunities. Whether you re a company looking for a domain name for your site, or you re out to catch that hacker, the Reverse Whois allows one to make a search on the Whois database with a single piece of data to yield a wealth of information using the principle of keyword matching. 6 Whois API LLC www.whoisxmlapi.com

Users may only have a name or an email address and they can use these to get more information about the registrant from the Whois database. The Reverse Whois Database allows advanced searches to be made using multiple search terms and on both current and historic Whois databases. This service yields results that can be viewed online or may be downloaded in CSV or PDF formats. These services prove valuable in undertaking the first steps to cracking cybercriminals. Without these features and databases accessible to the public, it will be doubly difficult for the Internet police and concerned authorities to identify the masterminds behind online crimes. And at the same time, the Whois and DNS records also serve business and commercial functions. Taking the Next Steps In dealing with cybercrimes, it s important to remember that many criminals and suspected characters cover up their true identity in foreign and less strict and less popular TLDs. This is why looking at the breadth of domain and TLD coverage remain a critical step in cybercrime investigation While.com is the most popular and commonly used TLD, there are around 350 other TLDs, as well as more than 300 cctlds where fraudulent Internet activity is also happening. Furthermore, with the ICANN issuing new gtlds next year, Internet experts are expecting an increase in online fraud and cybersquatting. So far, there are over 1800 active applications for new gtlds and possibly, even more applications in the coming years and therefore, a new wave of cybercriminals to catch. Security solutions companies are not to be left behind. Whois API has enhanced its scalability and product suite in preparation for the launch of the new gtlds, and to continue providing critical data and tools to combat cybercrimes. Visist us at http://www.whoisxmlapi.com 7 Whois API LLC www.whoisxmlapi.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information