Profile of the World’s
Top Hackers:
Mafiaboy
Agenda

• The New Threat Landscape

• Insider’s View of Cybercrime

• Evolution of Hacker Techniques

• Changing Motives a...
Panelists




    Paul Henry               Michael Calce     Byron Acohido
    Security and Forensics   a.k.a. Mafiaboy   ...
The New Threat Landscape
Pogo Plug – Backdoor in a Box
• Allows anything connected via USB to be easily shared across the
  Internet
    » Hard dri...
Pogo Plug – Backdoor in a Box

• Yes there are a few good uses but…. Pogo Plug demonstrates the need
  to re-evaluate acce...
Business Is Good For The Bad Guys

• Companies in the US, UK, Germany, Japan, Brazil, India and Dubai lost
  $4.6 billion ...
Annual Reported Vulnerabilities

• It is common knowledge that you can eliminate 90% of your risk by
  applying patches in...
Obfuscation Changes The Game




9
Total Sample Growth




10
No One’s Fault But Our Own




11
Botnet Growth Continues




12
Black Market




13
Prices Have Fallen In 2009




14
Going Inside the Mind of the Cybercriminal
Mafiaboy’s Distributed Denial-of-Service (DDoS)

‘Mafiaboy’ hacker jailed – September 13, 2001
                 Author: Mi...
How it All Started

Excerpt from “How I Cracked the Internet and Why It’s Still Broken”

“…Someone knocked me offline by h...
Why the Internet Was Broken

                 Internet was relatively new and global
                 security knowledge w...
Hacking Technique – Denial of Service

• What is a DoS?
     » Causes loss of service to
       users, typically the loss ...
Attack Types – DoS and DDoS

• The attack on Yahoo was an ICMP flood
     » ICMP traffic is the simplest kind of computer ...
Why the Internet is Still Broken Today

                  Social Engineering
                    » Hackers rely on manipul...
Why the Internet is Still Broken Today

                  Web 2.0 and Cloud Computing
                   » Ease of data ac...
Evolving Hacker Techniques

                Low-level attacks – script-kiddie
                attacks, viruses

          ...
Evolution of Hacker Motives

                 • Intoxicating power over others
                 • Intellectual challenge
 ...
Why Organizations are At Risk - Hacker’s Perspective

• The lack of concern for security
• Easy exploitable loopholes that...
Zero Day Threat – Why Businesses Still Don’t Get It
Convergence / Integration of Criminal Pursuits

 • Pharm spam
 • Pump-and-dump spam
 • Spear phishing
 • Drive by download...
Two Criminal Markets




                       •Stealing data
                       •Using stolen data




28
Three Main Ways to Steal Data

 •Corrupted email spam (port 25)
     • Phishing
     • Bad attachments/ tainted URLs


 •T...
Attacks Move to the Web Layer
Tainted Web links - port 80
                                   Mar. 2009 –banking Trojan spi...
Corrupted Search Results and Ads on Popular Sites




                                   hxxp://antivirusquickscanv1.com
 ...
Corrupting Major Software Vendors




32
Corrupting Social Media
 Koobface messaging spam exploits trust-level




          Address replicator;
          social e...
Corrupted Tweets




34
Botnets Micro
Koobface unleashed with help of
CAPTCHA breakers



     Sample CAPTCHA: smwm




                          ...
Latest Techniques
USA Today, 03 Apr. 2009, p. 1A - 2A   USA Today, 10 Jun. 2009, p. 1B-2B




36
Conficker – Multi-faceted Threat
     Weak passwords




USB toggles




                                                 ...
Why Businesses Still Don’t Get It
     USA Today, 12 Nov. 2008 p. 1B – 2B




38
What Needs To Be Done

 •Macro View
     »   Select and empower an effective cyber czar
     »   Set forth effective mix o...
Byron Acohido
     lastwatchdog.com
     http://lastwatchdog.com
     360 297-5566
     byron@lastwatchdog.com




40
Q&A via Chat or…
Twitter - send us your questions using hashtag: #TOPHCKR1
                      Follow on Twitter:
      ...
Global Headquarters
15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260

1.888.725.7828
info@lumension.com
Upcoming SlideShare
Loading in …5
×

Profile Of The Worlds Top Hackers Webinar Slides 063009

2,350
-1

Published on

Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing damage. The current economic climate combined with new technologies such as Web 2.0 and Cloud Computing have undoubtedly created more opportunities for hackers, criminals, and industrial espionage firms who are targeting critical infrastructures and systems to steal sensitive information. This presentation from the Profile of the World's Top Hackers with Byron Acohido of USA Today, Mafiaboy, and Paul Henry provides critical insight into the inner workings of the cybercrime underground and outlines what businesses can do to protect their vital systems and information.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,350
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
108
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Profile Of The Worlds Top Hackers Webinar Slides 063009

  1. Profile of the World’s Top Hackers: Mafiaboy
  2. Agenda • The New Threat Landscape • Insider’s View of Cybercrime • Evolution of Hacker Techniques • Changing Motives and Targets • Impact on Businesses and Governments • Steps to Reducing the Threat of Attack 2
  3. Panelists Paul Henry Michael Calce Byron Acohido Security and Forensics a.k.a. Mafiaboy Investigative Reporter and Analyst, Lumension Author of Zero Day Threat 3
  4. The New Threat Landscape
  5. Pogo Plug – Backdoor in a Box • Allows anything connected via USB to be easily shared across the Internet » Hard drive » Ethernet adapter » Wireless adapter 5
  6. Pogo Plug – Backdoor in a Box • Yes there are a few good uses but…. Pogo Plug demonstrates the need to re-evaluate access to 80/443 outbound 6
  7. Business Is Good For The Bad Guys • Companies in the US, UK, Germany, Japan, Brazil, India and Dubai lost $4.6 billion in intellectual property last year » And spent $600M on repairing the damage • Global damage from data loss will exceed $1Trillion » This is more then the cost to fix the global recession • 98% of those polled in a recent survey reported a tangible loss due to cybercrime 7
  8. Annual Reported Vulnerabilities • It is common knowledge that you can eliminate 90% of your risk by applying patches in a timely manner Annual Reported Vulnerabilities 7,000 6704 6,000 5633 4894 5,000 4,000 3,000 2372 1963 2,000 1672 1289 1015 790 1,000 251 243 24 75 0 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 Source: National Vulnerability Database 8
  9. Obfuscation Changes The Game 9
  10. Total Sample Growth 10
  11. No One’s Fault But Our Own 11
  12. Botnet Growth Continues 12
  13. Black Market 13
  14. Prices Have Fallen In 2009 14
  15. Going Inside the Mind of the Cybercriminal
  16. Mafiaboy’s Distributed Denial-of-Service (DDoS) ‘Mafiaboy’ hacker jailed – September 13, 2001 Author: Michael Calce, 15 » St. Raphael Country Club Botnet used in denial-of-service attack » Yale, Harvard servers botted » CNN, Yahoo, Amazon, Dell, Excite, E- trade attacked Estimated $1.7 billion in damages 16
  17. How it All Started Excerpt from “How I Cracked the Internet and Why It’s Still Broken” “…Someone knocked me offline by hitting me with so much data that my connection was severed. These punters seemed to have a huge amount of power over others on AOL. I was intrigued that an individual was able to “attack” someone else, regardless of the distance between them, using the internet. It seemed like harmless fun, almost a practical joke. The people punted off could simply sign on again and rejoin the chat room. Nobody got hurt. I wanted to punt someone. Badly. … That’s when my real hunt for AOL hacking tools started. Once I found that first application, I stumbled across more and more. They were each brilliant in their own subversive way. I came across one site that had a huge list of applications. I decided to download all of them and browse their various functions. With these tools in hand, I began to feel like I was in control of the internet, rather than the other way around. The sense of power and possibility was intoxicating.” 17
  18. Why the Internet Was Broken Internet was relatively new and global security knowledge was lacking » Many available tools that enabled attacks to be delivered with relative ease » The internet was never intended to be a tool of Commerce » The fundamental protocols the internet was built on are still flawed » The lack of regulation between governments and companies » Security was never incorporated into the architecture of ARPANET » The lack of fundamental knowledge of the users who try to utilize the internet 18
  19. Hacking Technique – Denial of Service • What is a DoS? » Causes loss of service to users, typically the loss of network connectivity and services » Not designed to gain access to systems • Three types of attack » Consumption of computer resources such as bandwidth, disk space or CPU time » Disruption of configuration information, such as routing information » Disruption of physical network components 19
  20. Attack Types – DoS and DDoS • The attack on Yahoo was an ICMP flood » ICMP traffic is the simplest kind of computer conversation - a ping, or a single bit of data sent to see if another computer is responding » ICMP flood is when an attacking ping is sent to a target computer with a faked return address, which sends the attacked computer on an endless quest for a place to return the ping • Attack on CNN was a Syn Flood » Starts with a falsified synchronization packet which is sent by a computer when it wants to actually connect with another computer » It sent so-called synchronization packets, or attempts to connect, to random ports, ranging from 2 to 400 » Each packet had to be approved by the ACL - normally, synchronization packets are followed by legitimate traffic which simply flows through the router » Quickly, the router’s memory was consumed and stopped functioning 20
  21. Why the Internet is Still Broken Today Social Engineering » Hackers rely on manipulation of naïve end- users » Doesn’t have to be remote – they can dress up in uniform and literally walk into a company Internal IT hackers are more of a threat than remote exploits or DoS attacks » Employees don’t necessarily care about the company, just about the paycheck » Sabotage / retribution for loss of job or internal dispute 21
  22. Why the Internet is Still Broken Today Web 2.0 and Cloud Computing » Ease of data access » Inevitably less secure technology » Further enables social engineering Time to Market Valued Over Security » New technology developed before predecessors are secured » Zero-day exploits - people are unaware of them and patches don’t exist yet 22
  23. Evolving Hacker Techniques Low-level attacks – script-kiddie attacks, viruses Medium level attacks – more technical, leveraging recent vulnerabilities High level attacks – stealthy, zero- day, polymorphic, designed NOT to be caught 23
  24. Evolution of Hacker Motives • Intoxicating power over others • Intellectual challenge • Vengeance • Exploration of technology • Self-expression and peer recognition • Mischief or Curiosity • Terrorism • Financial Gain » Data is worth a lot on the black market » Easier and less traceable than robbing a bank 24
  25. Why Organizations are At Risk - Hacker’s Perspective • The lack of concern for security • Easy exploitable loopholes that aren’t patched • Not having properly trained IT employees • Default’s left untouched • Flaws in the software or operating systems they use • Networks aren’t properly monitored • Lack of funding to the IT department • No outside pen testing • Unprotected valuable data 25
  26. Zero Day Threat – Why Businesses Still Don’t Get It
  27. Convergence / Integration of Criminal Pursuits • Pharm spam • Pump-and-dump spam • Spear phishing • Drive by downloads • Web spam • Banking Trojans • Cross site scripting • SQL injections • Zero day exploits • Tainted banner ads • Extortionist denial of service • Cross-platform Web attacks • Vishing • Poly-morphic Javascript 27
  28. Two Criminal Markets •Stealing data •Using stolen data 28
  29. Three Main Ways to Steal Data •Corrupted email spam (port 25) • Phishing • Bad attachments/ tainted URLs •Tainted Web links (port 80) • Drive-by downloads • Tainted banner ads • Corrupted search results •Database breaches • Direct hacks - SQL injections; Cross site scripting • Insider theft 29
  30. Attacks Move to the Web Layer Tainted Web links - port 80 Mar. 2009 –banking Trojan spike Feb. 2009 – Keystroke logger spike Source: Scan Safe 30
  31. Corrupted Search Results and Ads on Popular Sites hxxp://antivirusquickscanv1.com /1/?id=2006- 40&smersh=a54b37c24&back= %3DzQ21zT3MAQNMI%3DM Source: Finjan Source: Purewire 31
  32. Corrupting Major Software Vendors 32
  33. Corrupting Social Media Koobface messaging spam exploits trust-level Address replicator; social engineering 33
  34. Corrupted Tweets 34
  35. Botnets Micro Koobface unleashed with help of CAPTCHA breakers Sample CAPTCHA: smwm Botnet driven operations --Worm spreads via address replicator --Members trust downloads MALWARE installed: CAPTCHA protection --Pitches scareware --Steals cookies Member --Installs Waldac email spamming engine account --Installs ZeuS banking Trojan --Carries out click-through fraud 35
  36. Latest Techniques USA Today, 03 Apr. 2009, p. 1A - 2A USA Today, 10 Jun. 2009, p. 1B-2B 36
  37. Conficker – Multi-faceted Threat Weak passwords USB toggles RPC-Dcom worm – like MSBlast Open shares Unpatched PCs Source: Tech Republic Source: Panda Security 37
  38. Why Businesses Still Don’t Get It USA Today, 12 Nov. 2008 p. 1B – 2B 38
  39. What Needs To Be Done •Macro View » Select and empower an effective cyber czar » Set forth effective mix of incentives and regulations » Foster private/public partnerships » Engender global cooperation •Micro View » Think of data as a valuable asset » Make data privacy and security a core competency » Keep antivirus/antispyware updated » Install ALL updates » Realize social media applications are festering with malware 39
  40. Byron Acohido lastwatchdog.com http://lastwatchdog.com 360 297-5566 byron@lastwatchdog.com 40
  41. Q&A via Chat or… Twitter - send us your questions using hashtag: #TOPHCKR1 Follow on Twitter: Lumension @_Lumension Byron Acohido @lastwatchdog Paul Henry @phenrycissp
  42. Global Headquarters 15880 N. Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 1.888.725.7828 info@lumension.com

×