20130321 Cybercrime threats on e-commerce online shops
Upcoming SlideShare
Loading in...5
×
 

20130321 Cybercrime threats on e-commerce online shops

on

  • 1,409 views

Threats on e-Shops

Threats on e-Shops
Presentation at e-Shop Expo in Tour & Taxis Brussels on 21 march 2013

Statistics

Views

Total Views
1,409
Views on SlideShare
1,266
Embed Views
143

Actions

Likes
0
Downloads
11
Comments
2

3 Embeds 143

http://gangstalkingbelgique.blogs.dhnet.be 111
https://twitter.com 31
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • criteria and sub criteria for web evaluation
    Are you sure you want to
    Your message goes here
    Processing…
  • four e-shop webiste comperision
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

20130321 Cybercrime threats on e-commerce online shops 20130321 Cybercrime threats on e-commerce online shops Presentation Transcript

  • How to survive in an era ofhacktivists, cyber espionnage andinternet fraudsters ?The need for an integrated approachto undermine the criminal cyber architecture Brussels, 21 March 2013 e-Shop Expo© 2013 Luc Beirens – Federal Computer Crime Unit - Belgian Federal Judicial Police – Direction economical and financial crime
  • Presentation @LucBeirens Chief Commissioner Head of the Federal Computer Crime Unit Belgian Federal Judicial Police Direction Economical and financial crime Chairman of the EU Cybercrime task force representing the organization of heads of national hightech crime units of the EU
  • Topics - overview An analysis of the eSociety situation Who is threating eSociety and how ? Inside threat / outside threats Possible damage to eGov and eSociety Which response to give to this ?
  • What is there to protect ? Your company / public image Your market share (even as public service) Your business activity / products Your existance as such Cybercrime threats © Belgian Federal Computer Crime Unit
  • What is there to protect ? Data (stored or in transmission)  Our personal data employees / citizens / customers  Info on the organisation (policy/functioning/financial)  Info on your activity, product (price list, patents, source code) Our information infrastructure  Internal / external systems  Network connexions  Storage and backup systems Privacy law requires measures organisational and technical to protect personal data Cybercrime threats © Belgian Federal Computer Crime Unit
  • eShop Be recognisable to your customers Beware of imposters  Use of certificates / control over domain Keep your customers safe  Data  Transactions Get paid for your services / products Don’t become unwillingly a criminal service platform Cybercrime threats © Belgian Federal Computer Crime Unit
  • e-Architecture Externally managed infrastructure Certification Authority Externally hosted website VPN Internet DNS Internal network Firewall DMZ own Backup server webserver Cloud service center SCADA End user Roaming user Process control © Luc Beirens
  • General trends today Evolution towards e-society  replace persons by e-applications  Interconnecting all systems (admin, industrial, control)  Mobile systems – Cloud  Social networks IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy Enduser is not yet educated to act properly
  • What do criminals want ? Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed Destabilaze (e-)society by causing troubles
  • First conclusions ? Society is thus very heavily depending on ICT ICT = important vulnerability of modern society End user = weakest link => biggest danger Need to  Guarantee continuity of ICT functioning  Availability and integrity of data Data is more and more in the cloud  Accessible from all over the world  Outside jurisdiction of your country
  • Who is threating us ? Script kiddies Insider ICT guy in your company Loosely organized criminals Firmly organized criminal groups Terrorists / hacktivists Foreign states / economical powers Nation warfare troups
  • What are the outside threats ? Cybercrime threats © Belgian Federal Computer Crime Unit
  • Threats in messageson hackersites Wiping away the websites in your state Infiltration in servers of the Public Treasury disrupting tax collection Infiltration in bank accounts Attacks on media websites Attacks on e-commerce websites Distribution of personnel data and credit card information Targetting also in the end of the year period Cybercrime threats © Belgian Federal Computer Crime Unit
  • Focus On individuals On webservers On your organization On your partner’s organization On your infrastructure On cyber infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit
  • Hacking webservers Motives of criminal :  Perform defacement  Use as storage platform for illegal content (childporn)  Use as intermediate platform for criminal activity  Get sensitive information and do extortion (idiot tax)  Get financial information (credit cards) To do :  Updates SW, strong admin access, no pers data on srvr  Follow up pastebin.com : a hackers drop off Cybercrime threats © Belgian Federal Computer Crime Unit
  • Cybercrime threats © Belgian Federal Computer Crime Unit
  • E-Shop risks “Forgotten” test environments  Use of real data  No logging of Applications with debugging procedures Data bases with all user data on webserver instead of inside LAN User profiles unencrypted / unsalted ? Credit card information in profiles ? Use of stolen credit (new payment systems) Cybercrime threats © Belgian Federal Computer Crime Unit
  • Dossier Cybercrime - NVP PNS 2012-2015
  • Security : encrypted data ! Infection of workstations and servers in company LAN  Using targetted e-mails / social media messages  Malicious encryption of all user data files  Ransom to get decryption key From those that paid : some got key some didn’t Others had a recent off-line backup ! Cybercrime threats © Belgian Federal Computer Crime Unit
  • Intrusions in your LAN Intrusion in your system to intercept data that allows to take away products from your stock  WIFI interception from parking  Infection by trojan (e-mail)  (unreported) burglary in the company to place  hardware keyloggers  complete small computer system WIFI intercept 3G transmit With valid ticket go fetch cargo To Do :  Encrypt WIFI transmissions  Patch only active workstation connections Cybercrime threats © Belgian Federal Computer Crime Unit
  • Intrusion in yourtrading account Carbon dioxide certificates trade Open data : contact persons of companies Spear phishing mail + phishing website Access to trading account Millions of € sold in few hours all over EU  Sold far under price & immediately resold To do : Awareness Cybercrime threats © Belgian Federal Computer Crime Unit
  • Intrusion in your partner’s LAN Intrusion in LAN of foreign partner (Chinese) and get information on your business and invoices to pay You get mail with  Slightly different e-mail adresses  Change of bank account number to pay (Due to audit ...) To do : verify thouroughly any changes before paying Cybercrime threats © Belgian Federal Computer Crime Unit
  • Attacking infrastructure Remote managed infrastructures in your buildings  Central heating  Elevator Creating disruption of this infrastructure => leads to high cost To do : verify if this applies to you and your infrastructure managing company Cybercrime threats © Belgian Federal Computer Crime Unit
  • Hacking into cloud accounts SME’s that have all their information in cloud accounts Hacking into these account  Taking over access control  Sending of SOS-e-mails (Robbed money needed)  Deleting all contact information in the account => preventing warning e-mails after getting back access to account To do :  enforce strong authentication and second ways to access the account  Have backups of these systems Cybercrime threats © Belgian Federal Computer Crime Unit
  • Dossier Cybercrime - NVP PNS 2012-2015
  • Cyber crimeagainst cyber infrastructure Payment systems  2010 Wikileaks case : “Anonymous” attack on VISA, Paypal, Mastercard,... DNS – system create fraudulent routing or use for DDOS Certification autorities (Diginotar) Data centers (Blocs all servers in it) Dossier Cybercrime - NVP PNS 2012-2015
  • Dossier Cybercrime - NVP PNS 2012-2015
  • Cybercrime focusing individuals Individuals are  also working in companies / government  Use social networks / webmail  Often used to exchange business related info  Containing access code information Hacking of these profiles / webmails  Abuse to infect people you know  Get personal information of you and your contacts  Commit fraud Internet fraud of all kinds Webcam sex interception to do extortion Luc Beirens - FCCU -2012
  • What are the criminals techtools to hack and attack ? Malware attacks (viruses, worms, trojans, ...) fast spreading day zero infections => no immediate cure => lot of victims (especially home PC’s – 24 / 365 available) Abuse of infected computers to create botnets (large “armies” of PC’s under control of 1 master) => used to make massive attacks on webservers or network nodes => high risk for your critical ICT infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit
  • Webserver / node Computer Crash Hacker Internet Info Access lineCmd blocked My IP is x.y.z.z Command & Botnet attack on a webserver / node Control Server
  • Webserver / node Hacker Knowledge server Internet trigger event MW update Very frequent MW update request Malware update serverCommand & Malware update / knowledge transferControl Server
  • Why ? Making money ! Sometimes still for fun (scriptkiddies) Spam distribution via Zombie Click generation on banner publicity Dialer installation on zombie to make premium rate calls Spyware installation Espionage => banking details / passwords / keylogging Ransom bot => encrypts files => money for password Capacity for distributed denial of service attacks DDOS => disturb functioning of internet device (server/router) Cybercrime threats © Belgian Federal Computer Crime Unit
  • How big is the problem ?  Already criminal cases in several countries  Botnets detected  Several hundreds of botnets worldwide  Several thousands of C&C worldwide  Thousands upto millions of zombie computers online  generated huge datatraffic upto 40 Gbps  Dismantling / crippling botnets
  • e-Crime underground business  Underground fora and chatrooms  Restricted access – on invitation  Secured by encryption  Botnets for hire  Control over bot for spam : 0,04 $ / bot / day Small scale attack 20 Mbps : 50 – 100 $ / day  Large scale attack 10Gbps : 1000 $ / day  Malware development on demand Cybercrime threats © Belgian Federal Computer Crime Unit
  • Important DDOS cases UK 2004 : gambling website down (+ hoster + ISP) NL 2005 : 2 botnets : millions of zombies BE 2005 : DDOS on chatnetwork of Media firms BE 2005 : DDOS on Firm (social conflict) US 2006 : Blue security firm stops activity SE 2006 : Website Gov and Police down due to DDOS after police raid on P2P EE 2007 : Widespread DDOS attack on Estonia after incidents on moving soldier statue Georgia 2008 : cyber war during military conflict World 2010 : Wikileaks case : Visa Mastercard paypal World 2012 : CIA FBI USDOJ EU Arcelor Mittal ... Cybercrime threats © Belgian Federal Computer Crime Unit
  • Attacks oneSociety authentication systemsusing malware and botnets Cybercrime threats © Belgian Federal Computer Crime Unit
  • Authentication eService website eService userAuthentication systems Intercepted userid + pw user : u123 password : secret123 Give token 15 : Word15 Intercepting 36 sessions Phishing website 3 x 12 Consultation & TransfersNew authentication systemsOne time passwordsTime basedGive OT password : Timedependentcode Consultation & Transfers Waiting the authentication Afterwards perform transactionChallenge basedCalculate OTP with challenge 12345678 Calculated OTP Consultation & Transfers Waiting the authentication Need for user cooperation ????
  • If technical security is ok ...  They are informed of webactivity over the botnet  They know you ! (knowledge base & social networks)  They will switch to social engineering They will make you believe they are someone else to make you do something they want / need  Abusing expected “normal user behaviour”  Fear of or willingness to help or coope with hierarchy security services / helpdesk / vendors / (business) partners  Love for (new) friends  Greed
  • Activity spying Keylogging 5 4 Local 6 storage trying to surf on the real website Bank site eBank user 10 Bank account transfer 8 9 Authentication Money transfer order Authentication Fake site 3 Hackers Knowledge database 7Money Mule Trojan Proxy 2 Use of 1 distribution intermediate campain systems Spam to control network Fake Company 11 12 Money collector 13 Money Mule
  • Latest malware developments  Stuxnet : very complex and elaborated trojan  Several replication vectors :  Networks  USB keys  Connects to C&C botnet server  Focused on industrial control system  Searches for systems with this control system  Collects information on Siemens PLC systems  Changes process logic on infected machines  Duqu based upon Stuxnet : spying purposes Cybercrime threats © Belgian Federal Computer Crime Unit © Luc Beirens
  • Biggest threat ? Criminal’sKnowledge database SQL (standard query language) databases Several backup servers Content  Keylogging (everything also userids, passwords)  Screenshots (of all opened windows, websites,...)  URL  IP-addresses Base for reverse R&D to counter new security Cybercrime threats © Belgian Federal Computer Crime Unit
  • Cases ? e-Banking fraud Hacking of large institutions / firms  Long time unaware of hacking  Keylogging  Encrypted files on PC  Internal botnet  Intermediate step to other networks  Often no complaint Cybercrime threats © Belgian Federal Computer Crime Unit
  • Large firm hackingusing internal botnet Internet Hacker Company network © Luc Beirens
  • And the victims ? Who ?  Transactional websites  Communication networks  ISPs and all other clients Reaction  Unaware of incidents going on  ISPs try to solve it themselves  Nearly no complaints made – even if asked ... Result ? The hackers go on developing botnets
  • Combined threat What if abused by terrorists ? ... simultaniously with a real world attack? How will you handle the crisis ? Your telephone system is not working ! Cybercrime threats © Belgian Federal Computer Crime Unit
  • Risks Economical disaster  Large scale : critical infrastructure  Small scale : enterprise Individual data Loss of trust in e-society Cybercrime threats © Belgian Federal Computer Crime Unit
  • Who investigates ICT crime ? Prosecutors / Examining Judges Specialised police forces (nat’l & Internat’l) Legal expert witnesses Specialised forensic units of consulting firms Associations defending commercial interests Security firms => vulnerabilities Activist groups => publish info on « truth » © Luc Beirens
  • E-Police organisation and tasks Integrated policeFederal 1 Federal Computer Crime UnitPolice 24 / 7 (inter)national contactNational Policy Operations : IntelligenceLevel Internet & ePayment fraude Training Forensic ICT analysis Cybercrime33 persons Equipment ICT Crime combating www.ecops.be hotline FCCU Network Internat internet ID requestsFederal Police 25 Regionale Computer Crime Units (1 – 2 Arrondissementen)Regionallevel Assistance for housesearches, Investigations of ICT crime case180 persons forensic analysis of ICT, taking (assisted by FCCU) statements, internet investigationsLocal Level First line policeFederal Police “Freezing” the situation until the arrival of CCU or FCCULocal Police Selecting and safeguarding of digital evidence © 2013 - Luc Beirens - FCCU - Belgian Federal Police
  • Our services Help to take a complaint Descend on the scene of crime  Make drawing of architecture of hacked system  Image backup of hacked system (if possible) Internet investigations (Identification, location) House searches Taking statements of concerned parties Forensic analysis of seized machines Compile conclusive police report © Luc Beirens
  • Investigative problems -tracking Victims : Unfamiliar and fear for “Corporate image” => belated complaints – trashed / no more traces Rather “unknown” world for police & justice => Delay before involvement specialised units Limited ICT investigation capacity (technical & police skills) Multiplication and integration of services / providers / protocols / devices Lack of harmonised international legislation & instruments Anonymous / hacked connections – subscriptions - WIFI Intermediate systems often cut track to purpetrator © Luc Beirens
  • Investigative problems –evidence gathering Delocalisation of evidence : the cloud ? Exponential growth of storage capacity => time consuming :  backups & verification processes  Analysis New legislation / jurisprudence imposes more rigorous procedures for evidence gathering in cyber space Bad ICT-security : give proof of the source and the integrity of evidence © Luc Beirens
  • Brussels, we have a problem ... Complainer  Politie  OK  Hello, can you help ?  A few questions to start  We are a Belgian hosting firm our file …  Who, where, what, when  We have a problem …  Our webservers are hacked  & several websites of our Belgian customers have been defaced © Luc Beirens
  • Who is where ? © Luc Beirens
  • Who / where / what  In the USA In Belgium  Hacked webserver Defaced website  Hosting firm :  nothing in Belgium  In the Netherlands  Hacked server  Customer : nothing in Belgium  In the UK  Hacker ?  Hacked firm :  In the Luxemburg nothing in Belgium  Hacker ? © Luc Beirens
  • Conclusions ... Competence Belgian Justice authorities ? Discussion  viewpoint Public Prosecutor General : not competent  viewpoint lawyer victim : competent  viewpoint suspect’s defence : ???? If choice was made for storage in foreign country Why ? Cost ? Evade regulations & obligations ? No (?) protection of Belgian Law No (?) intervention of Law Enforcement in Belgium Protection by law & LE in country where server is © Luc Beirens
  • PreventiveRecommendations Draw up a general ICT usage directive (normal usage) Awareness program for management & users ICT security policy is part of the global security policy Appoint an ICT security responsible => control on application of ICT usage & security policy Keep critical systems separate from the Internet if possible ! Use software from a trusted source Install recent Anti-virus and Firewall programms (laptops) Synchronize the system clocks regularly Activate and monitor log files on firewall, proxy, access Make & test backups & keep them safe (generations) ! © Luc Beirens
  • Recommendations for victims of ICT crime Disconnect from the outside world Take note of last internet activities & exact date and time Evaluate : damage more important than restart ?  Restart most important: make full backup before restor  Damage more important : don’t touch anything Safeguard all messages, log files in original state Inform ASAP the Federal Judicial Police and ask for assistance of the Federal or Regional CCU Force change all passwords Reestablish the connection only if ALL failures patched © Luc Beirens
  • Where to make a complaint ? Within a police force …  Local Police service => not specialised => not the right place for ICT-crime (hacking/sabotage/espionage) => place to make complaints on Internet fraud  Federal judicial police (FGP) => better but … Regional CCU => The right place to be for ICT crime  Federal Computer Crime Unit => 24/7 contact Risks on vital or crucial ICT systems => call urgently  Illegal content (childporn, …) => www.ecops.be … or immediately report to a magistrate ?  Local prosecutor (Procureur) => will send it to police => can decide not to prosecute  Examining Judge => complaint with deposit of a bail => obligation to investigate the case © Luc Beirens
  • For the sys admin Several layers of protection  Internal firewalls  Encrypted communications  Encrypted data bases Check active sys admin profiles on svrs Log and follow up FW, IDS : IP + port + time Certificates should be signed by 2 CA Cybercrime threats © Belgian Federal Computer Crime Unit
  • Contact informationFederal Judicial PoliceDirection for Economical and Financial crimeFederal Computer Crime UnitNotelaarstraat 211 - 1000 Brussels – BelgiumTel office : +32 2 743 74 74Fax : +32 2 743 74 19E-mail : luc.beirens@fccu.beTwitter : @LucBeirens Cybercrime threats © Belgian Federal Computer Crime Unit