Cyber Crime
About Cyber Crime
As Jamaica evolves within the cyberspace and develops an increased dependence on emerging technologies for everyday functions, it is pertinent that citizens keep abreast of the dangers associated with this rapid expansion. Critical infrastructure is an area that cybercriminals frequently target. Its disruption has the ability to decrease the flow of crucial products and services, obstruct or disrupt key economic and financial functions, and effectively shut down the country. It is important to note that Jamaica loses billions of dollars annually to cyber crime. It is therefore the responsibility of the Cyber Forensics and Risk Management Unit to secure our nation and relentlessly pursue organised criminal networks.
Combatting Cyber Crime
The Major Organised Crime & Anti-Corruption Agency (MOCA) Cyber Forensic Lab was formed in 2012 just after the establishment of the then Major Organised Crime Task Force. With every crime having a digital dimension, the lab’s remit was primarily to investigate cybercrimes breaches, and conduct digital forensics investigations. Since the merger of the MOCA Task Force and the Anti-Corruption Branch in August 2014, the remit of MOCA’s cyber lab has grown exponentially, adapting additional responsibilities as a Cyber Forensics and Risk Management Unit.
Following the merger, the branch advanced its capabilities and resources to conduct cyber defence, cybersecurity incident response and post mortem of cyber-attacks such as ransomware, business email compromise (BEC) and Distributed Denial of Service (DDoS). The branch also carries out internal and external audits of networks of Government of Jamaica (GOJ) ministries, departments and agencies (MDAs) in order to create a security baseline and to implement mitigation measures where anomalies are detected.
Members of the Cyber Forensics and Risk Management Unit are specialists who are cross-trained and can function in various roles. They are also trained to deliver cybersecurity lectures and awareness seminars to academia, as well as private and public organisations.
With such an increase in the scope of responsibilities for the Cyber Forensics and Risk Management Branch, four (4) areas of focus were integrated to encapsulate the daily operations of the unit, namely; the Cyber Forensics, Security Operations, Malware Investigation, and Big Data Analytics.
Cyber Forensics
-
Forensic examination of digital media
-
Recovery of deleted or encrypted data/emails, videos, internet sites
-
Presentation of expert forensic evidence in court
-
Maintenance of inventories of digital evidence as per NIST and ISO standards
-
Cyber Research and Development
Security Operations Centre (SOC)
-
Managing alerts and viewing hierarchical relationships between events
-
Monitoring and analysis of threat actor behavior
-
Monitoring of network traffic anomalies
-
Generate cyber insights through collected logs
-
Provide early warning against impending cyber attacks (CEWC)
Build timeline & generate a comprehensive cyber situational awareness picture
Malware Investigation Lab
-
Malware quarantine and reverse engineering
-
Uncovers stealthy malware such as trojans, rootkits and bots to understand how they work through the use of advanced sandboxing capabilities
-
The determination of malware origin and its potential impact
-
Analyse unknown files for suspicious tactics, techniques, and procedures (TTP) behaviour
Big Data Fusion Centre and Analytics
-
Predictive analyses techniques to aid with the prevention and detection of criminal activities such as murder, shootings and other gang related activities.
-
Detect threats through correlation and analysis of collected information
The branch also conducts several cybersecurity activities such as cyber threat intelligence, vulnerability assessment and penetration testing.
Cyber Threat Intelligence (CTI)
-
Deep Web & Dark Net
-
OSINT/SOCINT/ WEBINT/Digital HUMINT
-
Target Intelligence
Cryptocurrency Intelligence
Vulnerability Assessment and Penetration Testing
-
Find and assess data risks, manage user rights
-
Create, manage, and auto deploy policies
-
Uncover risky behaviours across users, entities, applications, and data
-
Discover low and slow threats in real time
-
Find and prioritise weaknesses before they are exploited