Your SlideShare is downloading. ×
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)

370

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
370
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. CEFORA: 14-11-2013 CYBERCRIME: RISKS, THREATS ESPIONAGE, ANONYMITY, HACKTIVISM, EXTORTION ARE YOU PREPARED ? Laurent BOUNAMEAU Deputy head of service ©Bounameau Laurent, FCCU
  • 2. Cloud Definition et impact Social Networks Good & bad news Volatility Traces  probative value of physical evidence Anonymity Tor, Bitcoin: a virtual world in autarky ? In pratice An explosive combination ©Bounameau Laurent, FCCU
  • 3. ©Bounameau Laurent, FCCU
  • 4. ©Bounameau Laurent, FCCU
  • 5. Beyond the web … ©Bounameau Laurent, FCCU
  • 6. Who investigates ICT crime ? ©Bounameau Laurent, FCCU
  • 7. E-Police organisation and tasks Integrated police Federal Police National Level 31 persons Federal Police Regional level 1 Federal Computer Crime Unit 24 / 7 (inter)national contact Policy Operations : Training Equipment FCCU Network Forensic ICT analysis ICT Crime combating Intelligence Internet & ePayment fraude Cybercrime www.ecops.be hotline Internat internet ID requests 25 Regional Computer Crime Units (1 / judicial disctrict) 180 persons Assistance for house searches, forensic analysis of ICT, taking statements, internet investigations Local Level First line police Local Police “Freezing” the situation until the arrival of CCU or FCCU Selecting and safeguarding of digital evidence ©Bounameau Laurent, FCCU Investigations of ICT crime case (assisted by FCCU)
  • 8. Investigative problems : cloud computing … 3 categories ©Bounameau Laurent, FCCU
  • 9. It’s so simple … On his tablet ©Bounameau Laurent, FCCU Cloud computing
  • 10. But you loose the property of your data … ©Bounameau Laurent, FCCU
  • 11. And if you don’t desire it … You will not have the choice ©Bounameau Laurent, FCCU
  • 12. Cloud computing Impact on crime Applicability of national (privacy) law governing companies ? Very mobile working environment for criminals Cloud data centers will become new focus of hackers ©Bounameau Laurent, FCCU
  • 13. Cloud computing Impact on police methods Less evidence on local computer equipment Loss of efficiency of house searches / PC forensics Need for international forensic network searches Legal framework / cooperation agreements Legal hacking ©Bounameau Laurent, FCCU
  • 14. Social networks ©Bounameau Laurent, FCCU
  • 15. Social networks Impact on crime Very much information & easily searchable => intelligence for other crimes Identity theft : account takeover, creation of bogus profiles, abuse for extortion, spying, malware distribution, Internet fraud Privacy breaches by Social network providers and affiliates Explosion of abuse of “freedom of speech” => will remain there forever (… sextortion) ©Bounameau Laurent, FCCU
  • 16. Social networks ©Bounameau Laurent, FCCU
  • 17. Social networks Impact on police methods Old investigation methods less effective (no witnesses, no material traces => virtual world) Difficulty to set up history for undercover agents / front stores Difficulty to wipe out existing history of real identity of undercover agents Legal use of information gathered on these social networks Lack of swift effective methods to remove illegal content ©Bounameau Laurent, FCCU
  • 18. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  • 19. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  • 20. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  • 21. Anonymity They try to anonymize them BUT… ©Bounameau Laurent, FCCU
  • 22. Anonymity More and more they SUCCEED … ©Bounameau Laurent, FCCU
  • 23. Anonymity TOR … User « Onion Routers » www Web server - First request - Second request -1 minute later ©Bounameau Laurent, FCCU
  • 24. TOR … User we are working in coop … ©Bounameau Laurent, FCCU Anonymity Server  Childporn  @tormail
  • 25. Bitcoin « The first three times you think you understand Bitcoin, you’re wrong.” Dan Kaminsky (@dakami) ©Bounameau Laurent, FCCU Anonymity
  • 26. Everyday in the media & in the web … ©Bounameau Laurent, FCCU
  • 27. When virtual money is used in black market … ©Bounameau Laurent, FCCU
  • 28. Fortunately there are still traces … you knew this ? ©Bounameau Laurent, FCCU
  • 29. Fortunately there are still traces … you knew this ? Who will buy it ? ;-) ©Bounameau Laurent, FCCU
  • 30. Botnets: DDos attacks … Hacker Knowledge server Webserver / node Infected, and ? Internet SCADA Process control Command & Control FCCU ©Bounameau Laurent, Server trigger event MW update Very frequent MW update request Malware update server Update malware / transfer info & money
  • 31. Botnets: DDos attacks … ©Bounameau Laurent, FCCU
  • 32. Botnets: DDos attacks … ©Bounameau Laurent, FCCU
  • 33. E-banking, phishing & money mule Victime John DOE 2 Password user id Phishing Site 3 Transfert Order Bank Site 1 Bank: John Doe 4 Contract Financial manager Bank: Money Mule 6 ©Bounameau Laurent, FCCU Money Mule Jefke 5
  • 34. Defacement & more !! Yesterday ©Bounameau Laurent, FCCU Last week
  • 35. Police ransomware ©Bounameau Laurent, FCCU
  • 36. PaySafeCard Vouchers ©Bounameau Laurent, FCCU
  • 37. Common web sites to use vouchers Blocking web sites ©Bounameau Laurent, FCCU
  • 38. Terrorism, hacktivism … No financial intent ⇒ Political / social objectives Attack and create chaos ⇒ Destabilize economy and society Might take their time to prepare ... ⇒ Or set up actions very quickly (social networks) ©Bounameau Laurent, FCCU
  • 39. Terrorism, hacktivism …  DDOS attacks on Mastercard, Paypal, VISA Hours out ! No transaction for other companies  Sony Playstation network (LulzSec) SPNetwork 2 month out => 171 million $ losses data from 60 million users in the nature some usage  Private data from different databases on the Internet (doxed) => Military / FBI ©Bounameau Laurent, FCCU
  • 40. Latest malware developments ©Bounameau Laurent, FCCU
  • 41. Ransom, extortion ? ©Bounameau Laurent, FCCU
  • 42. Data breaches 76% of data breaches utilised weak or stolen credentials Username: admin Password: password Computers, routers, PABX, … ©Bounameau Laurent, FCCU Source: Verizon Data Breach Report 2013
  • 43. The inside threats  Fired system administator in courier company  Hard working IT in financial institution  Theft of PCs in R&D department of company  Social conflict DDOS attacks ©Bounameau Laurent, FCCU
  • 44. Brussels, we have a problem ... • Victim  Hey, can you help us ?  We’re a Belgium telecom/hosting compagny  We have a problem  Our web servers are hacked  & some web sites of our Belgium clients are defaced ©Bounameau Laurent, FCCU  Police  OK  Some questions to start the case …  Who, where, what, when …
  • 45. Some traces … but where ? Cybercrime Scene Investigation ©Bounameau Laurent, FCCU
  • 46. Traces: who / where / what ?  In Belgium  Hosting firm => Nothing in Belgium  Client => Nothing in Belgium  Hacked firme => Nothing in Belgium ©Bounameau Laurent, FCCU  In USA  Hacked web server  Defaced web site  In Netherlands  Hacked server  In United Kingdom  Hacker ?  In Luxemburg  Hacker ?
  • 47. Who are the criminals … Unit 8200 ? ©Bounameau Laurent, FCCU
  • 48. Role of governments & international organizations  Working according a strategy  Develop international plans & reaction schemes for critical ICT infrastructure protection  Develop legal framework     ©Bounameau Laurent, FCCU Obligation to report cybercrime incidents Obligation to secure your computersystem (?) Possibility for ISP to cut off infected machines (?) Obligation to respond to requests of Gov authority when serious incidents happen
  • 49. Responsabilities of the enterprises  E-Security = business risk => management responsibility  Think about how to survive when e-systems are under attack  Enforce detection of incidents – IDS ? Report incidents to CERT ? to police ?  Integrate strong authentication in e-business applications ©Bounameau Laurent, FCCU
  • 50. Responsibilization of end users  Awareness raising => media  Training on e-security & attitude  already at school  in the enterprises  Obligation to secure his PC properly ? ©Bounameau Laurent, FCCU
  • 51. How many elements do you know Are we prepared ©Bounameau Laurent, FCCU
  • 52. +32 2 743 74 74 ©Bounameau Laurent, FCCU

×