Presentation @LucBeirens Chief Commissioner Head of the Federal Computer Crime Unit Belgian Federal Judicial Police Direction Economical and financial crime Chairman of the EU Cybercrime task force representing the organization of heads of national hightech crime units of the EU
Topics - overview An analysis of the eSociety situation Who is threating eSociety and how ? Inside threat / outside threats Possible damage to eGov and eSociety Which response to give to this ?
General trends today Evolution towards e-society replace persons by e-applications Interconnecting all systems (admin, industrial, control) Mobile systems – Cloud Social networks IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy Enduser is not yet educated to act properly
What do criminals want ? Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed Destabilaze (e-)society by causing troubles
First conclusions ? Society is thus very heavily depending on ICT ICT = important vulnerability of modern society End user = weakest link => biggest danger Need to Guarantee continuity of ICT functioning Availability and integrity of data Data is more and more in the cloud Accessible from all over the world Outside jurisdiction of your country
Who is threating us ? Script kiddies Insider ICT guy in your company Loosely organized criminals Firmly organized criminal groups Terrorists / hacktivists Foreign states / economical powers Nation warfare troups
Cyber crimeagainst cyber infrastructure Payment systems 2010 Wikileaks case : “Anonymous” attack on VISA, Paypal, Mastercard,... DNS – system create fraudulent routing or use for DDOS Certification autorities (Diginotar) Data centers (Blocs all servers in it) Dossier Cybercrime - NVP PNS 2012-2015
Cybercrime focusing individuals Individuals are also working in companies / government Use social networks / webmail Often used to exchange business related info Containing access code information Hacking of these profiles / webmails Abuse to infect people you know Get personal information of you and your contacts Commit fraud Internet fraud of all kinds Webcam sex interception to do extortion Luc Beirens - FCCU -2012
How big is the problem ? Already criminal cases in several countries Botnets detected Several hundreds of botnets worldwide Several thousands of C&C worldwide Thousands upto millions of zombie computers online generated huge datatraffic upto 40 Gbps Dismantling / crippling botnets
Authentication eService website eService userAuthentication systems Intercepted userid + pw user : u123 password : secret123 Give token 15 : Word15 Intercepting 36 sessions Phishing website 3 x 12 Consultation & TransfersNew authentication systemsOne time passwordsTime basedGive OT password : Timedependentcode Consultation & Transfers Waiting the authentication Afterwards perform transactionChallenge basedCalculate OTP with challenge 12345678 Calculated OTP Consultation & Transfers Waiting the authentication Need for user cooperation ????
If technical security is ok ... They are informed of webactivity over the botnet They know you ! (knowledge base & social networks) They will switch to social engineering They will make you believe they are someone else to make you do something they want / need Abusing expected “normal user behaviour” Fear of or willingness to help or coope with hierarchy security services / helpdesk / vendors / (business) partners Love for (new) friends Greed
Activity spying Keylogging 5 4 Local 6 storage trying to surf on the real website Bank site eBank user 10 Bank account transfer 8 9 Authentication Money transfer order Authentication Fake site 3 Hackers Knowledge database 7Money Mule Trojan Proxy 2 Use of 1 distribution intermediate campain systems Spam to control network Fake Company 11 12 Money collector 13 Money Mule
And the victims ? Who ? Transactional websites Communication networks ISPs and all other clients Reaction Unaware of incidents going on ISPs try to solve it themselves Nearly no complaints made – even if asked ... Result ? The hackers go on developing botnets