La Banca Móvil y los Delitos Informaticos

7/24/2019 La Banca Mvil y los Delitos Informaticos

1/37

INCLUSIN FINANCIERA BANCA MVIL YSEGURIDAD TEGUCIGALPA HONDURAS

12-13 AGOSTO 2013.

PROTECCIN AL CONSUMIDOR YRIESGOS.

LA SEGURIDAD EN LA BANCA MVILGIOVANI MANCILLA EXPERTO UIT


2/37

AGENDA

INTRODUCCINALGUNAS CIFRAS.CONSIDERACIONESTIPOLOGAS DE FRAUDE MSEXTENDIDAS.DESCRIPCIN Y RECOMENDACIONES DE

MITIGACIN.FRENTES DE TRABA!O DE MITIGACINCONCLUSIONES


3/37

INTRODUCCIN

H"#$"% &' (')*%+&"& ', B"," M/+$ '( ',%"% ', *, &' $('"( 4*' 5( "*(" '% " $( *(*"%+( " $" 6%" &' 6"'%*( &' "7$+"+,'( &+6 '% , '( +,8*,&"& &"&" $")%", ",+&"& &' 7(+#+$+&"&'( &' 8%"*&' 4*' 69 ,/'%)',', '$ '%+,"$ &' "'( :'$'*,+"+,'( I,8%5+(B","%+( 9 &' "7$+"+,'( ', *, ($ &+(7(++/;.S' %'4*+'%' ',',&'% $"%"',' $( %+'()( 4*' "(*+( 9#*("% (* ++)"+, '$ +'& "$ %+'() , 7*'&' 7"%"$+


4/37

INTRODUCCIN

E$ %'++', +,'%",*"$ &' #"," /+$ '('/+&',' 9 /" &' $" ", , '$ %'++', &' $('&+( &' "'( ', $" '&+&" 4*' ', $" %')+,$$')", ,*'/"( ',$)="( LTE :>G; (' '(7'%"

4*' *6"( "7$+"+,'( ',)", *, &'("%%$$+7%",' B"," /+$ , ('%5 $" '?'7+,.E, (')*%+&"& (' &'#', '/+"% 8"$(( %+*,8"$+(( 9'?'(( &' ,@",


5/37

CIFRAS

A$)*,"( +8%"( "( C$#+",.A'( #","%+ 7% ","$


6/37

D'$+( +,8%5+( D++, P$++" N"+,"$ &'

C$#+"

POLICA NACIONALDIRECCIN DE INVESTIGACIN CRIMINAL E INTERPOL

DENUNCIAS REGISTRADAS EN EL PAS POR DELITOS INFORMTICOSPERODO COMPARATIVO DEL 01 DE ENERO AL 07 DE AGOSTO AOS 2012-2013

DELITOSAOS VARIACIN

2012 2013 ABSOLUTA PORCENTUALARTCULO 269A ACCESO ABUSIVO A UN SISTEMAINFORMTICO 31 232

-!" -27#

ARTCULO 269B OBSTACULI$ACIN ILEGTIMA DE

SISTEMA INFORMTICO O RED DE TELECOMUNICACIN

> 2 -2 -%0#

ARTCULO 269D DAO INFORMTICO 0 0#ARTCULO 269F VIOLACIN DE DATOS PERSONALES 100 10> " "#ARTCULO 269G SUPLANTACIN DE SITIOS &EB PARACAPTURAR DATOS PERSONALES

1 11 -% -31#

ARTCULO 269I 'URTO POR MEDIOS INFORMTICOS (SEME)ANTES 1>>0 11>

7" %#

ARTCULO 269) TRANSFERENCIA NO CONSENTIDA DEACTIVOS

1 %6 1120#

ARTCULO 269C INTERCEPTACIN DE DATOSINFORMTICOS 12 >

-! -67#

ARTCULO 269E USO DE SOFT&ARE MALICIOSO 1 2 1 100#TOTAL 1!99 193% 36 2#


7/37

D'$+( +,8%5+( D++, P$++" N"+,"$ &'

C$#+"DELITO CAPTURA

AOS VARIACIN

2012 2013 ABSOLUTAPORCENTUA

LARTCULO 269A ACCESO ABUSIVO A UNSISTEMA INFORMTICO

20 2> " 20#

ARTCULO 269B OBSTACULI$ACIN

ILEGTIMA DE SISTEMA INFORMTICO O REDDE TELECOMUNICACIN

2 -2 -100#

ARTCULO 269C INTERCEPTACIN DEDATOS INFORMTICOS

1 20#

ARTCULO 269D DAO INFORMTICO 2> 13 -11 -"6#ARTCULO 269E USO DE SOFT&AREMALICIOSO

1 2 1 100#

ARTCULO 269F VIOLACIN DE DATOSPERSONALES

2 1% 21#

ARTCULO 269I 'URTO POR MEDIOSINFORMTICOS ( SEME)ANTES 121 "2 %3#ARTCULO 269) TRANSFERENCIA NOCONSENTIDA DE ACTIVOS

2 10 ! "00#

TOTAL 20% 263 %! 2!#


8/37

CONSIDERACIONESC"&" (')*,& 6"9 *, +,', &' "'( +%%')*$"% " "7$+"+,'( ', '$

*,& '(7'+"$',' B"," M/+$ +',' '$ )%", "%"+/ &' $")",",+" ',+" 7"%" '$ &'8%"*&"&%.O7'%"&%'( &' '$'*,+"+,'( 7+'%&', ',%' *, 0 9 *, 10&' +,)%'(( 7% 8%"*&'.L( #",( +',', 7%&+&"( #+$$,"%+"( 7% 8%"*&'.

E$ 8%"*&' +,'%, "*(" '%" &'$ 0 &' $"( 7%&+&"(.E$ &'8%"*&"&% #*(" $" "(+, &' &'(*+& 7% 7"%' &' $( "%'(', '(' "( :*(*"%+ 7%/''&% &' *,+"+,'( 9 B",; ', $"7"%' 4*' ('" 5( +$ '$ &'8%"*&"&% +,',"%5 """%.E,8%',"( " *, ','+) *$ 4*' 7*'&' '("% ', *"$4*+'% 7"%'&'$ *,&.C+8%"& JPA (' 6" % ', 0 (')*,&( .


9/37

ATAKUE AL DELITO REKUIERE DE HERRAMIENTASESPECIALIADAS Y PERSONAL IDNEO. :%'(=" P,"$ C$#+";


10/37

PRINCIPALES FRAUDES Y ALGUNASRECOMENDACIONES DE MITIGACIN

FRAUDE EN EL ELEMENTO DE ACCESO.FRAUDE EN EL CANAL - PROTOCOLOS.

FRAUDE EN LAS BASES DE DATOSBANCARIAS.


11/37

FRAUDES EN ELEMENTOS DE ACCESOMVILES TABLETS

1; HURTO DE MVILES.2; CLONACIN SIM.3; TELFONOS DE DUDOSA PROCEDENCIA NO

HOMOLOGADOS

>; PASEO MILLONARIO TRANSFERENCIAS OBLIGADAS.; SINCRONIACIN CON PC INFECTADOS.; PHISING POR SUPLANTACIN DE PGINA JEB O POR E-MAIL.; PUERTOS ABIERTOS Y COMPARTIDOS GSM JIFI POR

INTERNET - BOTNET

; MALJARE.; INGENIERA SOCIAL10;ACCESO AUTORIADO Y PERMITIDO A TERCEROS KUE NO

TIENEN DEBIDO CUIDADO


12/37

1; HURTO DE MVILES.P"%" '$ '" &' B"," M/+$ $" "',"


13/37

1; HURTO DE MVILES.M++)"+, %'',&"+, *(*"%+(.F"#%+"+, &' '%+,"$'( (')*%( 4*' , ('

7*'&" %''(%+#+% '$ IMEI (')*++', %' &''%+,"$'( "7$+"+,'( &' #%%"& %' &'&"( "7$+"+,'( &' #, &' 75,+ *+&"&7% 7"%' &'$ *(*"%+ 'S*#+% " #"('( &' &"( &' $+("( #$","( 9 ,')%"($( '%+,"$'( ,%$ " '?7%"+, ' +7%"+,&' '%+,"$'( *("&( ''7$ #"(' &' GSMA.

FRAUDES EN ELEMENTOS DE ACCESOMVILES PORTTILES - TABLETS


14/37

2; C$,"+, &' SIM.E( *, "(7' 4*' '7+'


15/37

2; C$,"+, &' SIM.P"%" 4*' (' &' '(" &"$+&"& '(

,''("%+ 4*' '$ &'8%"*&"&%',)" "'( "$ '%+,"$ 7% ',&', &'"% $( '4*+7( (+, /+)+$",+", 7%'("%$( ', "( &',''(+&"& "#+"% $"/'( &'"'(.



16/37

3; T'$8,( &' &*&(" 7%'&',+" %'"%"&( ,6$)"&(.

E, $" +,&*(%+" M/+$ '(7'=@"',' $" GSMA "(+)," "$" +,&*(%+" #$4*'( &' IMEI( " $( 7%&*%'( &'

'4*+7( '(" %')$" (' '(5 /+$",& 9 "7"%'', ', '$'%"& '4*+7( , 6$)"&( 4*' *7$', , $"(,%"( 9 4*' %'"$',' *(*%7", $" "(+),"+, "5 ','(' "(7' (' %%' '$ %+'() 4*' '(( '4*+7(6"9", (+& &+@"&( 9 4*' ,',)", &'(&' '$ +,++

"7$+"+,'( "$"%' 4*' 7*'&", %",(++% " $(&'$+,*','( &"( 4*' 7"%" '$ "( &' B"," M/+$7'%+" '$ "'( " $"( *',"( 9 $" %'"$+


17/37

3;T'$8,( &' &*&(" 7%'&',+"%'"%"&( , 6$)"&(.

C %'',&"+, )','%"$ 7"%" $(

*(*"%+( '(5 '$ 7%"% (*( '%+,"$'(', +',&"( @+"$'( &' $( 7%&*%'(&' ',$)=" * 7'%"&%'( 4*'"(')*%', 4*' ('", 6$)"&( 9 4*'7*'&", ', "( %'4*'%+& %'"$+


18/37

>; P"(' M+$$,"%+ T%",(8'%',+"( #$+)"&"(.E, '(' %+'() '$ &'8%"*&"&% #+',' '$"'( " $" B"," M/+$ " %"/( &' $"

+,++&"+, &'$ *(*"%+ %+)+,"$ 4*+', (' /'#$+)"& " %'"$+


19/37

>; P"(' M+$$,"%+ T%",(8'%',+"(#$+)"&"(.

M++)"+,. P'%('*+, &' $"( "*%+&"&'(

'/+"% "% %",(7%'( ', $" "$$' 4*' ,',)", *," 7%'&',+" 7%#"&"&'("%%$$ 7% 7"%' &' $( #",( &'",5$+(+( &' &"( , $"/'( &'

7%#"+, 7"%" 4*' '$ *(*"%+ 7*'&"('% $"$+


20/37

. S+,%,+


21/37

. S+,%,+


22/37

. P6+(6+,) 7% (*7$","+, &' 75)+,"( '# 7% %%'( '$'%,+(.

M&"$+&"& ', $" 4*' '$ *(*"%+ +,"*"','

7+',(" 4*' '(5 ,"/')",& 9 7%7%+,",&&"( " (* 7'%"&% B","%+ 9 %'"$',' $('(5 7%7%+,",& " *, &'8%"*&"&% 4*+',$( "7*%" 9 , #"(' ', '(( %'"$+


23/37

. P6+(6+,) 7% (*7$","+, &' 75)+,"('# 7% %%'( '$'%,+(.

M++)"+,. C"7"+"+, " $( *(*"%+(

(#%' '$ *( (')*% &' $( '&+( &'"'( ', '(' "( (#%' B"," M/+$ '$*(*"%+ , &'#' 7'%&'% &' /+(" 4*' '$6'6 &' %'"$+


24/37

. P*'%( A#+'%( 9 7"%+&( GSM JIFI POR INTERNET -BOTNET.

E(" &"$+&"& '$ *(*"%+ '(5 "#%+',& $"( 7*'%"( 7"%" 4*' (*(&"( 7*'&", ('% /+(( 7#$+"',' "$ 7'%++% '$ "'( &''%'%( " %"/( &' (*( &+(7(++/( *6"( /''( $( &'",

"#+'%( (+, $"/'( , $"/'( 4*' (, 85+$'( &' "&+/+,"% 7%7"%' &' $( &'$+,*','( 7% '&+ &' 7*'%( +@ '( 7(+#$'#','% %5@ , +8%"& '(' (' 7*'&' ,/'%+% ', $" 8*',' &'+,8'+, &' &+(7(++/( ,'"&( " $" +(" %'& "5"&++,"$',' (' %%' '$ %+'() &' /$/'%(' 7"%' &' *," %'& &'%#( 4*' (, "7%/'6"&"( 7% $( +#'%&'$+,*','( 7"%" %'"$+


25/37

. P*'%( A#+'%( 9 7"%+&( GSMJIFI POR INTERNET - BOTNET.

M++)"+,. L( *(*"%+( , &'#', &'"%

"#+'%( (*( 7*'%( '( &'"%"#+'%" $" 7*'%" &' $" "(" (' %%',&+/'%(( %+'()( ' +,$*( 7*'&', /'%('+,/$*%"&( ', +,/'(+)"+,'(7('%+%'( 7% "'(( " %"/( &' (*('&+( " (++( , 7'%++&( ('% 7"%'&' *," %'& &' ""4*' " ',+&"&'(.



26/37

. M"$"%'S8"%' "$++( 4*' #*(" #','% &"( &' *(*"%+ 9 *+$+


27/37

MALJARE CABALGANTE

D'$+( +,8%5+( D++, P$++"N"+,"$ &' C$#+" D'8%"*&"&%'('(7'+"$+


28/37

. M"$"%'M++)"+, "; M",','% '$ &+(7(++/ "*"$+


29/37

. I,)',+'%=" S+"$E, '(" &"$+&"& '$ &'8%"*&"&% $)%" $" #',+, &' &"((',(+#$'( " %"/( &' $" +,)',*+&"& &'$ *(*"%+ *6"( /''((' /"$', $( &'$+,*','( &' %'&'( (+"$'( (*7$","+, &'7'%(,"( 7%'(',5,&(' *9 #*',( "+)(

7'%(,"( , )%",&'( ,''(+&"&'(. E$ &'8%"*&"&% $)%"#','% $" +,8%"+, ,''("%+" 7"%" +,++"% *, ""4*' 7"%"'$ "( &' B"," M/+$ 7&%=", #','% +,8%"+, /+',&7% ',+" &'$ 6#% '$ *(*"%+ 9 ,%"('" 7%/+( 7"%"%'"$+


30/37

. I,)',+'%=" S+"$M++)"+,. E$ *(*"%+ &' $( ('%/++( &'B"," M/+$ &'#', ('% ,(+','( &' '('

+7 &' 7'$+)%( 9 ++)"%$( '/+",&','% ,/'%("+,'( 9 %'"$+


31/37

10.A'( "*%+


32/37

10.A'( "*%+


33/37

FRAUDES EN CANAL

1; CAPATADORES DE SEAL SNIFFER.

2; ENVO DE INFORMACIN POR

ENLACES NO SEGUROS.3; ACCESOS ABIERTOS A INTERNET.


34/37

FRAUDES EN BASES DE DATOS

1; BASES DE DATOS BANCARIAS.2; ATAKUES A LAS ENTIDADES.

3; DENEGACIN DE SERVICIOS>; FRAUDE INTERNO PARA TIMAR ACLIENTES.


35/37

FRENTES DE TRABA!O DE MITIGACIN

1; L')"$.

2; I,/'(+)"+/ '(7'+"$+; S')*++', " %",("+,'( ', +'7 %'"$ +,6+#+',& "4*'$$"(

((7'6("( )','%",& ,+/'$'( "&++,"$'( &' "(')*%"+',.; %'"( #",( 7'%"&%'( &' ,%$ &'$ 8%"*&'.; C"7"+"+, " *(*"%+( 7"%" %'"$+


36/37

CONCLUSIONES1; E, $" '&+&" ', 4*' %'' $" B"," M/+$ &' $" +(" 8%" %'', (*( "',"


37/37

GRACIAS

P"%" "9% +,8%"+,.C,""% " G+/",+ M",+$$" G","A('(% +,&'7',&+',' ', '"( &'

(')*%+&"& 9 ,%$ &' 8%"*&'.E?7'% UIT R'$"% G%*7 &' F%"*&' 9

S')*%+&"& ', %'&'( CITEL OEA.G+/",+.",+$$"\)"+$.

)",+$$"\*&+(%+"$.'&*.]1 3111111.

E$ C,%$ &' F%"*&' '( $"#% &' &(W
mailto:[email protected]:[email protected]:[email protected]:[email protected]

La Banca Móvil y los Delitos Informaticos

Documents

Transcript of La Banca Móvil y los Delitos Informaticos