The secret world of cybercrime | Craig Gibson | TEDxMississauga

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I'd like to invite you to imagine a world in which you are not interrupted during supper by telemarketers I don't have to cross my fingers so just for a little bit of audience participation yeah you might have to hold up your hand for as much as 30 seconds how many of you received an email from a Nigerian prince how many of you received a voicemail saying that you have won a cruise it didn't you're left out you're the only one though and I received there's just the day before yesterday I think it was how many have received a human calling you and offering you free duct cleaning everybody that groaned would have put up their hand that sure so you were in you were especially in the case of the third one contacted by international telecom criminals so often these are referred to as scams but in my mind that makes you think about you know an individual working in their basement stealing a hundred dollars here and there you know a clever hoodie wearing hacker but these are international sophisticated groups sometimes hundreds of people who have multiple tiers of org chart some of whom are working in almost a call center level which will see some pictures of who are also working at higher levels of cartel like infrastructure when they actually begin these attacks they don't stop until they get everything you have so the more vulnerable you are the more the more you go for this kind of trick the more likely it is that there will actually get all of your home equity all of the balance of your credit card all of the money in your bank accounts and then add you to a database that they then sell to other criminals so they can hit you with the next attack so why does this keep happening well I I haven't have a switchboard here for no special reason except to say that there's IT security architecture and telecom security architecture large customers pay a lot for IT security architecture but almost never ask for telecom security architecture so IT security architecture is very advanced intelligence agency level telecom security architecture is somewhere around here so generally with telecom crime it follows you know there's as far as I understand there's 400 different kinds plus or minus of telecom crime so what we talked about earlier especially the duct cleaning is called phishing pH is age and if it's voice phishing in the case of doctor cleaning it would be called phishing or voice phishing and there's smishing and all kinds of other things too so how it starts as a hacker will do one of these techniques they'll make a virus or a worm or call you or use a fake cell tower to actually intercept your radio from you coming from your devices and if you're renting things like Internet of Things so cellular empowered drones or self-driving vehicles or smart televisions or smart fridges or any of these things that might be considered IOT all of these attacks were even better on those because they don't complain the attack will hit them it'll hit them again it'll go on write them up until somebody gets a bill for 2 million dollars and 2 million is just an example of somebody that broke into a conference bridge some time ago the corporate conference bridge so the hacker gets into the victim the victim for instance a company with a conference bridge or somebody with a phone lines up paying the telco for the fact that they generated a huge amount of traffic which then gets sub paid into the hacker perhaps the telco doesn't know that this they're colluding with criminals maybe the telco is in another country where this is actually part of their telephone business model working with customs the organized crime is serious cybercrime specifically the IT cybercrime makes more money than drug trade today in the world so the individuals that would have invested in drug trade crime now invest in cybercrime cybercrime has lots of vendors working in this space so now they're starting to move into telecom cybercrime or site L crime you probably can't read the small white writing on this gun but it's a desert eagle and because of the stealthiness of these attacks you would never ever fire this gun unless there was actually police already trying to arrest you the point that it's a desert eagle is it's a fifty caliber handgun capable of piercing police body armor so they're assuming that they'll be dealing with SWAT you may not have seen this logo before but the thing that may give it away is the Great Wall of China down here at the bottom without getting into any kind of political issues the Chinese government for the purpose of today's presentation gave permission for this logo to be in this presentation and one of the reasons that that you might consider telecom crime to be important is they consider this a very very very severe issue rather than give you some of this this fluffy stuff that I've just mentioned I'll go into a concrete description of one of the largest site L stings that has ever happened to date recently thousands or tens of thousands of calls terminated in China not everybody reported them so it took a little while for the Chinese National Police to know that there was actually an attack many many people thousands in this case lost all of their money and in some cases in the case of older people hit by this kind of crime who lose all of their money in countries that don't have the social safety net of Canada when they have no money and they're very old their face was living on the street well if their face was living on the street they tend to kill themselves so the Chinese National Police worked with Chinese telecom and telecom Chinese phone companies and identified these calls were originating from Spain but national police officer national police agencies can't work with the police agencies of other countries unless their legal systems are very similar so they have to walk through United Nations entities like your Interpol or Europol which is a group that I'm an adviser of through my my role once they created the formal relationship with National Police of Spain the Spanish police identified that in fact the calls were originating from Spanish phone companies and actually we're not being bounced through multiple countries so that led us to believe that the the actual crimes were actually originating from Spain so in working with the phone companies in Spain it was identified that there was 20 luxury homes this is a Spanish luxury home of Villa and they fit a particular profile so not only is the house physically big it's on a large lot meaning that there's a physical distance between the building and the hedge or fence the fences are hedges are very tall so what that means is that in these 20 villas in three cities within Spain there was 10 to 20 criminals per house working as members of criminal call centre it was distributed through the 20 locations those individuals those 10 to 20 people per house and never left they went in at night for instance and never stepped near a window never went outside and there was one person only they'd brought food in and out of this house so that model if you think about it works in Europe obviously would probably work in Canada and maybe is and would certainly work in any other wealthy neighborhood because wealthy neighborhoods by the nature have low police presence so what does this tell you what does this picture tell you you know it tells you at least some of the criminals were tricked into taking this job they're eating off the floor they're sleeping on the floor they're not glamorous they're not driving Lamborghinis out of the many people working in those 20 locations almost all of them were call center staff well we would consider very low paid very low writes sort of positions if you've been called by duct cleaning you may have heard somebody in the background you know speaking behind the person that was speaking to you that person that was speaking to you and the person sitting beside them we're likely sitting in a call center like this so these are folding chairs folding tables cardboard boxes with soundproofing foam on them and cell phones and the cell phones were used so is to hide the fact that they were all physically sitting in one house like any call center they had targets so hourly each morning each day they were expected to achieve a certain number of dollars in fraud or dollars in lives destroyed who is it it does these crimes well as you can imagine there's certainly higher with more well-paid criminals most of the people involved tend to be people that can't get normal jobs maybe they have a criminal record that prevents them from getting a normal job they tend to be almost refugee lake and certainly in the case of the individuals in all these call centers once they got on the plane from their home country the criminal agency that they worked for had no cause to pay them and give them a flight back would put punish them if they spoke to the neighbor or anything similar of that kind so there is a solution for all of this luckily so when we talked about Internet of Things and calls that impact people there's actually in efficiencies in 4G landline networks long distance and so on and those inefficiencies actually limit how much fraud can be done and so they have to rely on things like these physical houses to sit in those inefficiencies were one of the we the win one of the ways by which they were traced so in this particular operation this International sigh tell sting filled the wall ultimately through the three cities the 20 locations the three law-enforcement agencies there were 50 Chinese national police involved 200 Spanish national police involved and 300 Interpol officers involved that hit all 20 locations arresting 300 people those 300 people all spoke Chinese and this is one of the reasons that the Chinese National Police were involved to function as translators and they were all then deported so there's inefficiencies in 4G don't exist in five g 5g at its highest level is managed by a kind of artificial intelligence called 5g ml or 5g machine learning and because it's an AI based system and it has kind of a body guard called a security Orchestrator that security Orchestrator which is very very rules based is supremely good and not only enforcing security rules like anti-fraud rules but also preventing new frauds from occurring as long as it identifies what that common train or chain of value is so if it says for instance one kind of fraud is it originates from one central point and hits many many targets that's a one-to-many relationship anytime at a telecom level you see a one-to-many relationship it's quite likely non-human let's say so it's likely an automated system human and traffic is very very many to many so it's families talking to each other and trading a variety of different kinds of traffic a fraud system will be one kind of traffic and will probably be you of when it cruisers or something similar so at a telecom level that's very easily traceable that's one of the four hundred different kinds of fraud that get executed in telecom but all of the four hundred different kinds of fraud were actually invented thousands of years ago they were actually invented for the most part in place with lake mesopotamia where they were used by individuals to each grain silos out of other people's grain so when you execute executed those artificial intelligence security rules in a 5g machine learning environment the forward-looking threat research group has identified that you can bring this fraud not only not only down but you can bring it to zero you can bring it to zero so when these frauds are performed and you know all these people died it was totally preventable if we had 5g so I have two calls to action so the one call to action is for everybody in the room that didn't report this crime so when you received all these different kinds of fishing when you report them it goes to the government the government knows how to allocate funding how to provide support for law enforcement and in that way everybody knows exactly how severe this is when I was an architect in telco I had one specific fishing event which was you have won a cruise years ago which is still going on today that was generating 57 million calls a month under one telco that being the case I told the federal government over beer one day and they were very surprised because they only had three thousand reports so luckily here in Canada you can report this to the Canadian anti-spam center and they will know exactly how much you care how much you care about this topic the other thing the other call to action is for law enforcement so national law enforcement either here in Canada or or on on YouTube if YouTube is watching national law enforcement of any country can approach the Europol ec3 European cybercrime center and through it approached the site L working group which I'm the adviser of for all the law enforcement and all the telcos in Europe that being the case any law enforcement agency and you know the Chinese National Police are looking to join this group even though it's Europol any national agency can attempt to join this group and if they do join the group and pass the vetting process we can then share criminology on all these 400 different types of crime we can talk about which groups are actually committing the crime which phone numbers are generating the crime which kinds of machines generate the crime and therefore what you can look for at a very low technical signaling kind of level and we can share all of this detailed kind of information with law enforcement agencies in such a way that we can accelerate the kind of collaboration I described during this sustained one thing I will say is that this is a really misunderstood or a very secret class of crime it's often misunderstood it's often downplayed it's often considered to be a non-issue many systems in large-scale companies don't even track it so the criminals are just walking away with your money and nobody's even complaining but I hope would have done through this talk today is done a little bit too distant to mystify this topic and my hope is that you will share this talk with people you're sitting at having lunch with for Christmas and anybody that might be in law enforcement telecom or receive this kind of crime so they know what it is so thank you [Applause]

Info

Channel: TEDx Talks

Views: 18,240

Rating: 4.8461537 out of 5

Keywords: TEDxTalks, English, Technology, Crime, Data, Security

Id: 3mR9PfEOFFo

Channel Id: undefined

Length: 17min 10sec (1030 seconds)

Published: Fri Feb 08 2019