网路犯罪案例Cyber crime Reconnaissance Case

1、1 網路犯罪案例網路犯罪案例 Cyber crime Reconnaissance Case Decision Group / CEO 張張 侃侃 Casper Kan Chang Chang_.tw 2 網際網路犯罪主要可分為二大網際網路犯罪主要可分為二大 Internet crime is divided into two major categories Network Packet Reconstruction 可還原網路封包可還原網路封包 Analysis Non- Reconstruction Packet 不可還的原網路封包不可還的原網路封包 以網路作為犯罪之客體 Traditi

2、onal crimes conducted through the Internet. Ex: Credit card fraud, Identity theft, child pornography, indecent chat-room behavior, software as soon as the public deceived again after the Financial Supervisory Commission, said the account has been criminal to use the name of money laundering, must si

3、nk financial security account to avoid being the freezing of accounts, lured victims of the deposit removed, changed into the aforementioned fraud of financial security accounts. 10 B. 網路詐欺案例網路詐欺案例 1-1 Internet fraud Case 一名馬來西亞籍的華裔賴姓女子，涉嫌與奈及利亞籍男友利用網路詐騙台 灣女子。刑事局國際科與馬國警方合作，日前逮捕賴姓女子並追緝共犯 A Malaysian w

4、oman of Chinese origin Ms. Lai in connection with a Nigerian boyfriend, used the Internet to defraud Taiwanese woman CIB International Council of Scientific Cooperation with Malaysia arrested by the police and looking for an accomplice Ms. Lai 11 B. 網路詐欺案例網路詐欺案例 1-2 Internet fraud Case 台北縣警方今年5月間接獲一

5、名女子檢舉，指稱一名在英國倫敦工作的網 友，聲稱寄送內有英鎊現金的包裹要給她，因未申報而遭馬國海關查扣， 需付稅金後始得放行，請求女子將錢匯至馬國海關處。這名女子不疑有他， 連續匯款兩次共計2358美元，但遲未收到包裹，始知受騙。 Taipei County police received an indirect May this year, a woman accused, Alleged that a work of netizens in London, claiming that there are pounds in cash to send parcels to give her,

6、 Who were failing to declare the Malaysian Customs and Excise Department seized, pay a tax before it may be released upon the request woman will remit money to the Malaysian Customs and Excise Department. The woman did not suspected him, a total of 2358 U.S. dollars two consecutive remittances, but

7、has not received the latest package, Found out deceived. 12 網路性侵案件！網路性侵案件！ Network of sexual assault cases! 07年網路性侵案件： 一天1.5件。12-18歲少年占六成多。 2009年06月10日蘋果日報 台灣 台北 市 Network of sexual assault cases in 2007: Daily average 1.5 case. 12-18 year-olds accounted for more than 60%. June 10, 2009 Apple Daily

8、Taipei Taiwan 13 禽獸不如禽獸不如 Is truly pathetic and inferior to animals 台北市兩名一瘦一胖的嫌犯，去年七月起，涉嫌在網路上約女網友開轟趴，等女網友赴約後將 對方帶到汽車旅館，誘騙對方進浴室洗澡，再要求發生性關係，女網友不願配合，即遭掌摑強 姦得逞 ，警方昨逮捕兩嫌，發現受害多達十多人。 Taipei two suspects a thin one fat, begin July 2008 , Suspected on the Internet to invite Female net friend to participate i

9、n party , Female net friend to meet this woman after the other into the Motel, Trick the other into the bathroom taking a bath, and then require a sexual relationship, The victim is unwilling to cooperate, that is, to succeed by slapping rape, the police yesterday arrested two suspected and found th

10、at as many as a dozen people injured. 被害人不甘受辱向警方報案，警方根據網路位址清查，並前往汽車旅館調閱車號，昨循線逮捕 兩嫌。警方追查發現，兩嫌去年七月開始犯案，每次都由葉嫌以小豬、出來玩等暱稱， 在奇摩即時通及豆豆聊天室等網站向女網友搭訕，葉嫌坦承犯案十多起、周嫌則供稱五、六起， 警方正追查其他共犯。 Humiliation of victims unwilling to report to the police, the police inventory of network address and went to the motel access

11、to number, yesterday arrested two suspected through the line. The police traced the two began to commit crimes too 2008 July for each pig by Ye too to come out to play other nickname, the yahoo messange and Peas chat rooms and other websites to Nvwang You strike up, leaves from more than 10 suspecte

12、d offender admits , Zhou said the suspect are for five or six, the police are tracing the other accomplices. 14 駭客蘇柏榕駭客蘇柏榕 替黑幫盜資料替黑幫盜資料 Hacker Su Po-jung work for the underworld to steal data 中時電子報/蔡旻岳/台北報導 2007/09/22 China Times / Taipei / Choi Min-Yue 刑事局科技犯罪防制中心查出 ，在網路上暱稱odin的林姓高二生、以及暱稱 cb的蘇柏榕兩人，

13、係以學術網路為骨幹，將跳板主機隱藏於台灣學術網路內， 並利用木馬程式、網站漏洞侵入各大知名網站非法取得資料後，存放在國外網站主 機，用以規避追查。其中xx電信公司用戶帳戶及密碼有兩百四十多萬筆遭竊，部分 網站則連程式都被搬走。 CIB Crime Prevention Center for Science and Technology have found that the Internet nickname odin Lin, high-school sophomore, and the nickname cb two Su Po-jung, an academic department a

14、s the backbone network will be a springboard for host hidden in Taiwan Academic Network inside, and the use of Trojan horse programs, Web site vulnerabilities well-known Web site illegally obtained large intrusive information, stored in a foreign website host, to circumvent the tracing. Xx telecom c

15、ompanies in which the user account and password with more than 2.4 million pens stolen, some websites have even the programs are removed. Hacker Su Po-jung 15 網路理財廣告詐貸銀行案網路理財廣告詐貸銀行案 -1 Internet advertising bank loan fraud case 高雄市刑警大隊 2009年5月接獲多家銀行報案，指稱遭人持偽造文件向銀行申辦信 用貸款，造成銀行遭詐貸的鉅額損失。案經該大隊15分隊深入調查發現，

16、以洪、 方等人共同基於牟取不法利益之犯意聯絡及行為分擔所籌組之詐欺集團，用國 內入口網站之免費網路空間張貼或貼紙廣告刊載理財達人專辦信用貸款、小 額信用貸款訊息等方式，招攬急需資金週轉之人頭客戶，由該集團成員偽變造財 稅、薪資等證明文件，美化貸款人之財力，並教唆指導人頭客戶持偽造文件向銀行 申辦信用貸款，使金融機構陷於錯誤而核准貸款，該集團則向人頭客戶收取高額手 續費牟取暴利 16 網路理財廣告詐貸銀行案網路理財廣告詐貸銀行案 -2 Internet advertising bank loan fraud case 17 網際網路犯罪偵察要領網際網路犯罪偵察要領 Cyber Crime Inv

17、estigation Essentials 組成專案小組 An ad hoc group 依案情內容申請技術支援 For technical support in accordance with the contents of the case 取得報案詳細資料 To obtain detailed information on reported 18 網際網路犯罪情資蒐集網際網路犯罪情資蒐集 Cyber criminal intelligence collection 1. 收集電腦稽核紀錄 : IP, 帳號, 時間 等 2. 客戶登錄資料 : 帳號使用人, 姓名, 地址, 電話 等 3.

18、犯罪事實 1. Collection of computer audit records : Log, IP, User account, time 2. Customer Login information : Account name and address of telephone users 3. Corpus delicti 19 網際網路犯罪證據蒐集網際網路犯罪證據蒐集 Cyber crime, gathering of evidence 1. 由被害人及嫌犯電腦上取得資料, Log, 檔案, 紀錄 . 等 2. 由業者提供的資料及紀錄 . 等 3. 網路監聽 4. 由被害人提供網

19、路封包還原 1. By the victims and suspects to obtain information on the computer, Log, files, records, etc. . 2. Information provided by the industry, and records and so on . 3. Interception 4. From the victims to restore the network packet 20 網際網路犯罪鑑識工具種網際網路犯罪鑑識工具種 Cyber crime forensics tools Wired , HTT

20、PS/SSL and VOIP Wireless “Catch-it-as-you-can” forensics systems 封包側錄還原鑑識設備封包側錄還原鑑識設備 Off-Line packet reconstruction software “Stop, look and listen” Forensics software 離線封包鑑識還原軟體離線封包鑑識還原軟體 Forensics tools 鑑識軟體鑑識軟體 21 鑑識工具使用鑑識工具使用 Forensics Tool Use 數位證據的鑑識與採集無法透過人的視覺直接辨識出來，如果沒 有適當的工具或軟體也是無法解析，運用適當的

21、工具或軟體採集與 辨識數位證據，也是偵辦電腦網路犯罪案件必備的條件 Kam-digital intellectual and collection of evidence can not be humans through direct identified intellectual vision out of future, without the right tools or software are unable to resolve, using the right tools or software acquisition and identified intellectual di

22、gital evidence, but also diligent in Internet Highway necessary conditions for criminal cases Forensics tools 鑑識軟體鑑識軟體 由被害人及嫌犯電腦上取得資料, Log, 檔案, 紀錄 . 等 Collection of computer audit records : Log, IP, User account, time etc 22 網路鑑識工具使用網路鑑識工具使用 Cyber Forensics Tool Use Wired , HTTPS/SSL and VOIP Wirele

23、ss “Catch-it-as-you-can” forensics systems 封包側錄還原鑑識設備封包側錄還原鑑識設備 網路監聽 Internet Interception 還原已錄製完成網路封包 Reconstruction, The completion of network packets have been recorded Off-Line packet reconstruction software “Stop, look and listen” Forensics software 離線封包鑑識還原軟體離線封包鑑識還原軟體 23 網路封包鑑識分析分網路封包鑑識分析分 Ne

24、twork packet forensics analysis categories Analysis Non- Reconstruction Packet 不可還的原網路封包不可還的原網路封包 Viruses & Worms, Hacking & Trojans . . 病毐 駭客 木馬程式 Network Packet Reconstruction 可還原網路封包可還原網路封包 Email , Web Mail ,IM, FTP , P2P, VoIP, Video Streaming , HTTP, Online Games, Telnet 電子郵件，網頁郵件，FTP， P2P，VoIP

25、，影音串流，網 頁瀏覽，線上遊戲， Telnet 1. 2. 24 提供全系列網路鑑識產品提供全系列網路鑑識產品 Complete Solutions for Cyber Forensics 1.Wired packet reconstruction. 2.Wireless (802.11 a/b/g/n) packet reconstruction. 3.HTTPS/SSL interceptor. 4.VOIP packet reconstruction. 5.Off-line packet reconstruction software 6.Network packet forensic

26、s analysis training For more information www.digi- 25 網際網路封包鑑識分析教育訓練課程網際網路封包鑑識分析教育訓練課程 Network Packet Forensics Analysis Training The knowledge of network packet analysis is important for Forensics Investigator and Lawful Enforcement Officer to carry out their daily duty. Network Packet Forensics An

27、alysis Training (NPFAT) provides useful and sufficient knowledge required to analyse network packets. Trainee will be able to identify different packet types according to different Internet Protocols such as packets containing a specific Email (POP3, SMTP and IMAP), Web Mail (Yahoo Mail, Gmail, Hotm

28、ail), Instant Messaging (Windows Live Messenger, Yahoo, ICQ etc.), FTP, Telnet, HTTP and VOIP. Forensics investigation is also science and art. 網際網路封包鑑識分析教育訓練課程（NPFAT）提供所需知識來分析網際網 路封包。令學員將能夠識別不同型的網路封包根據不同的Internet協議，如 電子郵件（POP3，SMTP和IMAP），網路郵件（雅虎郵件，Gmail， Hotmail等），即時通（如Windows Live Messenger，雅虎，ICQ

29、等），FTP， 遠程登錄，網頁瀏覽和VOIP。鑑識取證調查還技術兼具科學和藝術素養之 訓練課程。 Phillip A Russo Ing. Gustavo Presman Frankie Chan Kok Liang 26 實績實績 Reference site in Taiwan Criminal Investigation Bureau The Investigation Bureau of the Ministry of Justice 國家安全局國家安全局 National Security Bureau 國防部國防部 Ministry of National Defense,R.O.

30、C 憲兵司令部憲兵司令部 Military Police, R.O.C 海岸巡防署海岸巡防署 Coast Guard Administration 國防大學國防大學 National Defense University 中央警察大學中央警察大學 Central Police University 27 owDLS#)5cksjqyGNV$07fmuCJRY(3biqxFNU$+7emtBIQY*3aipxEMU!+6eltAIPX*2ahpwELT#-6dlsAHPW&29howDLS#)5dkszHOW%18govDKSZ)4cjrzGOV%08fnvCKRZ(4bjqyGNV$07fmu

31、BJRY(3biqxFNU$+7emtBIQY*3aipxEMT!+6eltAIPX*2ahpwELT#-ovDKSZ)5ckrzGOV%18gnvCKRZ(4cjryGNV$07fnuCJRY(3bjqyFNU$+7emuBJQY*3aipxFMU!+6eltBIQX*2ahpwEMT!-6dlsAHPX&29howDLS#-5dkszHOW&19govDKSZ)5ckrzGOV%08gnvCKRZ(4cjryGNV$07fnuCJRY(3biqyFNU$+7emuBJQY*3aipxFMDLT#- 5dkszHOW&19govDKS#)5ckrzGOV%18gnvCKRZ(4cjryGNV

32、$08fnuCJRY(3bjqyFNU$+7emuBJQY*3aiqxFMU!+6eltBIQX*2ahpwEMT!-6dlsAHPX&29howDLT#-5dkszHOW&19govDKSZ)5ckrzGOV%18gnvCKRZ(4cjryGNV$07fnuCJRY(3bjqyFNU$+7emMT!-6dltAIPX&29hpwELT#-5dksAHPW&19govDLS#)5ckrzHOW%18gnvCKSZ)4cjryGNV%08fnuCJRZ(4bjqyFNU$07fmuBJQY*3biqxFMU!+6emtBIQX*2aipxEMT!-6dltAIPX&29howELT#-5dksA

33、HPW&19govDLS#)5ckrzGOW%18gnvCKSZ)4cjryGNFMU!+7emtBIQX*2aipxEMT!-6eltAIPX&29hpwELT#- 5dksAHPW&19gowDLS#)5ckrzHOW%18gnvCKSZ)4cjryGOV%08fnuCJRZ(4bjqyFNU$07fmuBJQY*3biqxFMU!+7emtBIQX*2aipxEMT!-6dltAIPX&29hpwELT#-5dksAHPW&19zGOV%08fnvCKRZ(4bjqyGNV$07fmuBJRY(3biqxFNU$+7emtBIQY*3aipxEMT!+6eltAIPX*2ahpwELT#

34、-6dlsAHPW&19howDLS#)5dkszHOW%18govDKSZ)4cjrzGOV%08fnuCKRZ(4bjqyGNV$07fmuBJRY(3biqxFMU$+7emtlsAHPW&29howDLS#)5dkszHOW%19govDKSZ)4ckrzGOV%08fnvCKRZ(4bjqyGNV$07fmuCJRY(3biqxFNU$+7emtBIQY*3aipxEMU!+6eltAIPX*2ahpwELT#- 6dlsAHPW&29howDLS#)5dkszHOW%18govDKSZ)4cjrzGOV%U$+7emtBJQY*3aipxEMU!+6eltAIQX*2ahpwELT

35、!-6dlsAHPW&29howDLS#-5dkszHOW%19govDKSZ)4ckrzGOV%08fnvCKRZ(4bjryGNV$07fmuCJRY(3biqxFNU$+7emtBJQY*3aipxEMU!+6eltAIPX*2ahpwW&19govDKS#)5ckrzGOW%18gnvCKRZ)4cjryGNV$08fnuCJRY(3bjqyFNU$+7fmuBJQY*3aiqxFMU!+6eltBIQX*2ahpxEMT!-6dlsAIPX&29howDLT#-5dkszHPW&19govDKS#)5ckrzGOV%18gnvCKRZ(4cjryGNV$U!+6emtBIQX*2ah

36、pxEMT!-6dltAIPX&29howELT#- 5dkszHPW&19govDLS#)5ckrzGOW%18gnvCKRZ)4cjryGNV$08fnuCJRY(4bjqyFNU$+7fmuBJQY*3aiqxFMU!+6emtBIQX*2ahpxEMT!-6dlsAIPX&29howELT#-5vDKSZ)4cjryGOV%08fnuCKRZ(4bjqyFNV$07fmuBJQY(3biqxFMU$+7emtBIQX*3aipxEMT!-6eltAIPX&2ahbiqxFMU!+6emtBIQX*2ahpxEMT!-6dlsAIPX&29howELT#-5dkszHPW&19govDK

37、S#)5ckrzGOW%18gnvCKRZ)4cjryGNV$08fnuCJRY(4bjqyFNU$+7fmuBJQY*3aibjryGNV$07fnuCJRY(3biqyFNU$+7emtBJQY*3aipxEMU!+6eltAIQX*2ahpwELT!-6dlsAHPW&29howDLS#- 5dkszHOW%19govDKSZ)4ckrzGOV%08fnvC&29howDLS#)5dkszHOW%18govDKSZ)4ckrzGOV%08fnvCKRZ(4bjqyGNV$07fmuCJRY(3biqxFNU$+7emtBIQY*3aipxEMU!+6eltAIPX*2ah9govFMU!

38、+7emtBIQX*2aipxEMT!-6eltAIPX&29hpwELT#-5dksAHPW&19gowDLS#)5ckrzHOW%18gnvCKSZ)4cjryGOV%08fnuCJRZQX*3aipxEOV%18gnvCKRZ(4cjryGNV$08fnuCJRY(3bjqyFNU$+7emuBJQY*3aiqxFMU!+6eltBIQX*2ahpwEMT!-6dlsAIPX&29hHOW%18gnvDKltAIPX*2ahpwELT#- 6dlsAHPW&29howDLS#)5dkszHOW%18govDKSZ)4ckrzGOVbjqyFNU$+7fmuBJQY*3aiqxFMU!+6

39、eltBIQX*4cjrzGOV%08fnvCKRZ(4bjqyGNV$07fmuBJRY(3biqxFMU$+7e6dlsAHPW&29howDLS#)5dkszHOW%19govDKSZ)4ckrzGOV*2aipxEMT!-6dltAIPX&29hpwELT#-5dksAHPW&1908fnuCJRZ(4bjqyFNV$07fmuBJQY(3biqxFMU!+7emtBIQX*3aipzGOV%18gnvCKRZ(4cjryGNV$07fFMU!+7emtBIQX*2aipxEMT!-6eltAIPX&29hpwELT#-5dksAHPW&19govDLS#)5-6dlsAIPX&29h

40、owDLT#- 5dkszHOW&19govDKS#)5ckrzGOV%18gnvCKRZ(4cjryGNV$08fnuCJRY(3bjqyFNUOV%08fnvCKRZ(4bjqyGNV$07fmuCJRY(3biqxFNU$+7emtBIQY*3aipxEMU!+6eltAIPX*2ahpwELT#-6dlsAtBIQX*3aipxEMT!-6eltAIPX&29hpwELT#-5dksAHPW&19gowDLS#)5ckrzHOW%18gnvCKSZ)4cjryGOV%0sAHPW&19govDLS#)5ckrzHOW%18gnvCKSZ)4cjryGNV%08fnuCJRZ(4bjqy

41、FNU$07fmuBJQY*3biqxFMUNV$07fnuCJRY(3bjqyFNU$+7emuBJQY*3aipxFMU!+6eltBIQX*2ahpwEMT!-6dlsAHPX&29howDLT#U!+6eltAIPX*2ahpwELT#- 6dlsAHPW&19howDLS#)5dkszHOW%18govDKSZ)4cjrzGOV%08fnvCKR!-6dDLS#)5ckszHOW%18govDKSZ)4cjrzGOV%08fnuCKRZ(4bjqyGNV$07fmuBJRY(3biqxFMU$DKSZ)5ckrzGOV%08gnvCKRZ(4bjJQY*3biqxFMU!+6emtBIQX*2aipxEMT!-6dltAIPX&29howGNV$07fmuCJRY(3biqyFNU$+7emtBJQY*3ai9howDLS#-5dkszHOW&19govDKSZ)5ckrzGOV*3aipxEMT!-6eltAIPX&2ahpwELT#- 5dlsAHPW&19gowDLS#)5ckszHOW%18gnvmuBJRY(3dkszHPW