Computer Cyber Crime Unit

The Computer Cyber Crime Unit (C3) is dedicated to providing online investigative support for all members of the Niagara Regional Police Service by using innovative technology while guided by Service Governance, Federal and Provincial Statute.

Phones

C3 may be called upon for support for any online investigation/ Internet facilitated investigation regarding the following:

  • Assistance in the identification of any person, including but not exclusive to suspect(s), persons of interest, witnesses and victims
  • Assistance in the capturing of Open Source digital evidence, information, intelligence and/or documentation in the support of investigations
  • Assistance in the identification of any location including but not exclusive to a crime scene or event location
  • Respond to and investigate information provided by Crime Stoppers and Cyber Tips involving all cyber related crime, excluding Child Exploitation
  • Support investigations that focus on Cyber Threats to the Niagara Police Service, and its member
  • Special Event / Major Incident social media monitoring
  • Assistance with Email and IP (Internet Protocol) tracing regarding open source investigations

What is“Cyber”?

If you are confused, you’re not alone. “Cyber” is a catch-all term that is applied very broadly and liberally to any and all topics that intersect with technology, the internet, or computer networks (in other words everything). However, in general we can say that “cyber” refers to events that take place or things that exist in digital realms such as the internet and computer networks as opposed to the physical world.

Desk

"Cybercrime",refers to Criminal Code offences where:

Technology is the target of the crime (such as data theft, ransomware extortions, and DDoS attacks) (Mischief to Data Sec 430(1) CCC, Unauthorized Use of a Computer System Sec 342.1 CCC)

Technology used as a tool in the commission of the crime, such as internet-based harassment and fraud and traditional crimes such as fraud, threatening, and criminal harassment.

Cyber-security, which is a field of security concerned with protecting computer networks, digital devices and digital data from attack or unauthorized access. Individuals and business alike can take steps to protect their data, by using strong passwords and following best practices.

Common Cyber Threats

A compromise in the security of an online data repository that arises through negligence or deliberate attack. It is then exploited to foster further harmful or criminal action. Often a criminal will gain access to a computer network through exploiting an unpatched vulnerability, installing malware on the target system, using stolen credentials (or brute-forcing weak passwords), or social engineering. However, data breaches are not only the target of external actors. It is also quite common for insider threats such as disgruntled employees to steal or destroy data as well. Some motivations for data breaches include:

Extortion

A criminal will steal data and threaten to release it publicly unless the victim pays them (usually in bitcoin).

Sale of Personally Identifiable Information (PII)

Criminals will steal personally identifiable information and resell it to criminals who use it for other crimes such as fraud and money laundering.

Industrial Espionage

Theft of company data or trade secrets for financial gain. This type of activity is typically carried out by state actors, business competitors, or employees who are leaving to work for a competitor or start their own company.

Phishing is a common threat in which criminals, posing as a trustworthy entity like a financial institution or government, will try to acquire your personal information by sending fake emails, text messages, or by impersonating a website. Many of these phishing campaigns are mass-market campaigns that are generic and target millions of people. Spear-phishing on the other hand is a type of phishing campaign where a criminal will conduct background research on a potential victim to specifically tailor the phishing email to that individual. Phishing is the medium for a whole host of criminal activity including:

Wire Fraud

Wire transfer frauds that are perpetrated through phishing attacks typically come in one of two flavours:

  • The Vendor Scam,where a criminal will craft a convincing email or invoice from one of a business’s suppliers or service providers (such as a web hosting service) providing a new account that is controlled by the fraudster. In some cases the criminal may have access to the email accounts of the business, the vendor, or both allowing them to craft very convincing and legitimate-looking emails.
  • The Business Executive Scam,where a criminal will send an email to business posing as the CEO or another high level executive from the company (sometimes using a legitimate, but compromised email account) demanding a wire transfer to an account controlled by the fraudster.

Extortion

Many of these cases take the form of the mass-market phishing campaign targeting potential victims at random. The emails will state that the criminal has compromising video of the victim or evidence of an affair. It will then demand a ransom (usually in bitcoin) in exchange for not releasing the information. In most cases the criminal does not have any compromising information and is banking on a small number of victims actually being guilty of what the email accuses them of (usually of having an affair or viewing child pornography) and taking the threat seriously.

Spreading Malware

Another common use of phishing attacks are simply to trick potential victims into clicking a malicious link or opening a malicious document in order to install malware on their computer to facilitate some sort of criminal activity. Depending on what kind of malware is installed the criminal may be able to harvest login credentials, steal data, gain access to networked devices or install ransomware on the target system.

A ransomware attack occurs when a cybercriminal infects a victim’s computer systems with malware that encrypts the data on those systems making them inaccessible and unusable without the key to decrypt it. The cybercriminals then demand some sort of ransom (usually in bitcoin) in exchange for the decryption key.

Mass Market

This type of ransomware campaign does not target a particular victim. It is usually spread by phishing email and mimics a well-known and trusted entity such as a popular tech company, financial institution, or government agency.

Targeted

These campaigns typically target institutions and businesses rather than individuals, and will usually focus on a particular type of business, such as manufacturing, healthcare, or academia. They may use spearphishing attacks to gain access to target systems or hack the systems directly using known vulnerabilities. In many cases criminals will explore target systems and attempt to delete any connected backups before installing the ransomware.

Aside from theft or destruction of data, there are many other uses for compromised computer infrastructure. Compromised systems can be used for cryptocurrency mining, can be recruited into a botnet for use in DDoS attacks, can be used for the distribution of spam and phishing emails, and in the case of devices with audio and visual capabilities can be used to spy on anyone nearby.

A DDoS attack is a cyber-attack meant to disable a website by flooding it with more traffic than it is designed to handle and often makes use of a network of compromised computers and IOT Devices (botnet) to deliver the traffic. These attacks are used for extortion, pranks, activism and for financial gain by driving customers away from a competitors website.

Quick Cyber Tips

  • Keep your software and hardware up to date
  • Use an Antivirus / Firewall
  • Use Strong passwords 9dont reuse passwords consider a password manager
  • User Two Factor Authentication
  • Be cautious of emails and phone calls. Think before you click.
  • Attempt to verify anyone that requests money from you (CRA Scams, Banker Scams)
  • Secure your mobile deices
  • Back up your data

Links and Resources

The Canadian Anti-Fraud Centre (CAFC) is the central agency in Canada that collects information and criminal intelligence on such matters as mass marketing fraud (e.g., telemarketing), advance fee fraud (e.g., West African letters), Internet fraud and identification theft complaints.

Federal Trade Commission

Cybersecurity for Small Business

Equifax Credit Bureau

Get Cyber Safe

Government of Canada's campaign to promote cyber security practices.

The National Cyber Security Centre

Helps teens stop the spread of sexual pictures or videos and provides support along the way.

US-Cert

Cybersecurity Resources for Small and Midsize Businesses

www.fbi.gov/image-repository/ic3_hd_2.png/@@ima...

FBI Internet Crime Complaint Center - IC3

RCMP National CyberCrime Coordination Unit (NC3)

Canadian Centre for Cyber Security