Week 8 - Cybercrime mitigation Flashcards
(10 cards)
Describe four types of countermeasures againts cybercrime and explain how each mitigates threats. (8 marks)
Engineering - secures systems via antivirus, patching, firewalls, C&C server takedowns
Legal - prosecutes malware authors (e.g., under the Computer Misuse Act 1990)
Economic - increases costs for cybercriminials (e.g., seizing infrastructure, disrupting monetisation)
Education - raises user awareness, reduces phishing success, promotes safer practices.
Together, these four aspects (engineering, legal, economic, education) create a mult-layered strategy to reduce both the opportunity and profitability of cybercrime
What is situational crime prevention and how is it applied to cybercrime mitigation? (6 marks)
SCP reduces crime by limiting opportunities through five approaches:
1) increase effort (e.g., patching, 2FA)
2) increase risk (e.g., monitoring systems, antivirus)
3) reduce rewards (e.g., DNS sinkholing, backups)
4) reduce provocations (e.g., stress reduction tools, privacy settings)
5) remove excuses (e.g., clear ToS, GDPR)
Applied to cybercrime by hardening systems, disrupting infrastructure, and modifying user behaviour.
Explain how anti-virus software has evolved to address modern malware. (5 marks)
- Early AV relied on hash-based detection (MD5/SHA1)
- Malware polymorphism defeated static signatures
- Modern AV uses heuristics: statis (code traits) and dynamic (runtime behaviour)
- Includes file scanners, unpackers, packet filters, and self-protection
- Relies on proactive behavioural analysis for unknown threats
How can DNS sinkholing be used as a mitigation strategy? (5 marks)
DNS sinkholing reroutes malicious domain requests to controlled servers. It prevents bots from reaching C&C servers. The users may see cleanup guidance pages. This is effective in limiting reinfection and spreading.
DNS sinkholing is used by ISPs and researchers in coordinated takedowns.
Discuss the concept of mitigation displacement in cybercrime. Provide examples (6 marks)
Displacement occurs when crime shifts to another venur after mitigation.
Some examples: (1) facebook abus detection = criminals move to LinkedIn (2) closed bulletproof host = new hosting sought
Ideal mitigation ensures new venue has worse conditions (e.g., more expensive, less stable). Reflects adaptation in the cybercrime arms race.
What are the main limitations of legal approaches in cybercrime mitigation? (6 marks)
Jurisdictional issues: crimes span countries with differing laws.
Attribution difficulty: hard to prove who committed the office
Low reporting: many victims don’t report cybercrime
Resource constraints: law enforcement lacks funding/expertise
Adaptation: offenders quickly adjust to new laws
These factors will reduce the overall effectiveness of legal deterrents alone.
How do economic countermeasures disrupt the monetisation of cybercrime? (6 marks)
1) seizing domain names and C&C infrastructure breaks service continuity.
2) Blocking payment processors (e.g., Liberty Reserve) cuts off revenue.
3) Blacklisting advertisers or merchants tied to scams
4) Targeting bulletproof hosts and reshipping mules
These action raise operating costs and reduce the profitability of cybercrime.
Why is user education considered both crucial and difficult in cybercrime mitigation? (6 marks)
1) users are often the weakest link (e.g., fall for phishing)
2) awareness can prevent malware and data breaches
3) hard to scale: limited engagement and long-term retention
4) changing habits is challenging (e.g., weak passwords reused)
5) needs to be interactive, regularly updated, and role-specific
What is an example of a successful cybercrime mitigation operation and what made it effective? (7 marks)
Name: Operation Ghost Click (2011)
This mitigation took down the DNSChanger botnet (4M+ infected devices). This was led by the FBI in collaboration with private cybersecurity firms and international agencies. They used DNS sinkholing and global awareness campaigns to clean infections.
Balanced takedown with minimal disruption to infected users. Success due to coordination, legal powers, and timely public private response.
What are the key factors that determine whether cybercrime mitigation will be successful? (6 marks)
1 - timeliness of intervention
2 - public private collaboration
3 - use of layered approaches (technical, legal, economic, educational)
4 - ability to adapt to evolving threats
5 - public awareness and cooperation
6 - strong enforcement and legal follow-through
