CEFORA: 14-11-2013

CYBERCRIME: RISKS, THREATS
ESPIONAGE, ANONYMITY,
HACKTIVISM, EXTORTION

ARE YOU PREPARED ?
Laurent BOU...
Cloud

Definition et impact

Social Networks
Good & bad news

Volatility
Traces  probative value of physical evidence
Ano...
©Bounameau Laurent, FCCU
©Bounameau Laurent, FCCU
Beyond the web …

©Bounameau Laurent, FCCU
Who investigates ICT crime ?

©Bounameau Laurent, FCCU
E-Police organisation and tasks
Integrated police
Federal Police

National
Level
31 persons

Federal Police
Regional
level...
Investigative problems : cloud computing …

3 categories
©Bounameau Laurent, FCCU
It’s so simple …

On his tablet

©Bounameau Laurent, FCCU

Cloud computing
But you loose the property of your data …

©Bounameau Laurent, FCCU
And if you don’t desire it …

You will not have the choice
©Bounameau Laurent, FCCU
Cloud computing
Impact on
crime

Applicability of national (privacy)
law governing companies ?
Very mobile working
environ...
Cloud computing
Impact on
police
methods

Less evidence on local computer
equipment
Loss of efficiency of house searches /...
Social networks

©Bounameau Laurent, FCCU
Social networks
Impact on
crime

Very much information & easily searchable
=> intelligence for other crimes
Identity theft...
Social networks

©Bounameau Laurent, FCCU
Social networks
Impact on
police
methods

Old investigation methods less effective
(no witnesses, no material traces => vi...
When virtual world is becoming real !

©Bounameau Laurent, FCCU
When virtual world is becoming real !

©Bounameau Laurent, FCCU
When virtual world is becoming real !

©Bounameau Laurent, FCCU
Anonymity
They try to anonymize them BUT…

©Bounameau Laurent, FCCU
Anonymity
More and more they SUCCEED …

©Bounameau Laurent, FCCU
Anonymity

TOR …
User

« Onion Routers »

www

Web server

- First request
- Second request -1 minute later
©Bounameau Lau...
TOR …

User

we are working in coop …
©Bounameau Laurent, FCCU

Anonymity

Server
 Childporn
 @tormail
Bitcoin

« The first three times you think you
understand Bitcoin, you’re wrong.”

Dan Kaminsky (@dakami)

©Bounameau Laur...
Everyday in the media & in the web …

©Bounameau Laurent, FCCU
When virtual money is used in black market …

©Bounameau Laurent, FCCU
Fortunately there are still traces … you knew this ?

©Bounameau Laurent, FCCU
Fortunately there are still traces … you knew this ?
Who will buy it ?
;-)

©Bounameau Laurent, FCCU
Botnets: DDos attacks …
Hacker

Knowledge server

Webserver / node
Infected, and ?

Internet

SCADA

Process control

Comm...
Botnets: DDos attacks …

©Bounameau Laurent, FCCU
Botnets: DDos attacks …

©Bounameau Laurent, FCCU
E-banking, phishing & money mule

Victime
John DOE

2
Password
user id
Phishing Site

3

Transfert
Order

Bank Site

1

Ba...
Defacement & more !!

Yesterday

©Bounameau Laurent, FCCU

Last week
Police ransomware

©Bounameau Laurent, FCCU
PaySafeCard Vouchers

©Bounameau Laurent, FCCU
Common web sites to use vouchers

Blocking web sites
©Bounameau Laurent, FCCU
Terrorism, hacktivism …

No financial intent
⇒ Political / social objectives

Attack and create chaos
⇒ Destabilize econ...
Terrorism, hacktivism …
 DDOS attacks on Mastercard, Paypal, VISA
Hours out !
No transaction for other companies
 Sony P...
Latest malware developments

©Bounameau Laurent, FCCU
Ransom, extortion ?

©Bounameau Laurent, FCCU
Data breaches

76%

of data

breaches utilised weak or
stolen credentials
Username: admin
Password: password

Computers, r...
The inside threats
 Fired system administator in courier company
 Hard working IT in financial institution
 Theft of PC...
Brussels, we have a problem ...

• Victim
 Hey, can you help us ?
 We’re a Belgium telecom/hosting compagny
 We have a ...
Some traces … but where ?
Cybercrime Scene Investigation

©Bounameau Laurent, FCCU
Traces: who / where / what ?
 In Belgium
 Hosting firm

=> Nothing in Belgium
 Client

=> Nothing in Belgium
 Hacked f...
Who are the criminals …

Unit 8200 ?

©Bounameau Laurent, FCCU
Role of governments & international organizations
 Working according a strategy
 Develop international plans & reaction ...
Responsabilities of the enterprises
 E-Security = business risk => management
responsibility
 Think about how to survive...
Responsibilization of end users

 Awareness raising => media
 Training on e-security & attitude
 already at school
 in...
How many elements do you know

Are we prepared
©Bounameau Laurent, FCCU
+32 2 743 74 74

©Bounameau Laurent, FCCU
Upcoming SlideShare
Loading in...5
×

Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)

398

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
398
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Overleef in dit tijdperk van cybercrime, hacktivisten en cyberspionage. Bent u klaar? (Laurent Bounameau)

  1. 1. CEFORA: 14-11-2013 CYBERCRIME: RISKS, THREATS ESPIONAGE, ANONYMITY, HACKTIVISM, EXTORTION ARE YOU PREPARED ? Laurent BOUNAMEAU Deputy head of service ©Bounameau Laurent, FCCU
  2. 2. Cloud Definition et impact Social Networks Good & bad news Volatility Traces  probative value of physical evidence Anonymity Tor, Bitcoin: a virtual world in autarky ? In pratice An explosive combination ©Bounameau Laurent, FCCU
  3. 3. ©Bounameau Laurent, FCCU
  4. 4. ©Bounameau Laurent, FCCU
  5. 5. Beyond the web … ©Bounameau Laurent, FCCU
  6. 6. Who investigates ICT crime ? ©Bounameau Laurent, FCCU
  7. 7. E-Police organisation and tasks Integrated police Federal Police National Level 31 persons Federal Police Regional level 1 Federal Computer Crime Unit 24 / 7 (inter)national contact Policy Operations : Training Equipment FCCU Network Forensic ICT analysis ICT Crime combating Intelligence Internet & ePayment fraude Cybercrime www.ecops.be hotline Internat internet ID requests 25 Regional Computer Crime Units (1 / judicial disctrict) 180 persons Assistance for house searches, forensic analysis of ICT, taking statements, internet investigations Local Level First line police Local Police “Freezing” the situation until the arrival of CCU or FCCU Selecting and safeguarding of digital evidence ©Bounameau Laurent, FCCU Investigations of ICT crime case (assisted by FCCU)
  8. 8. Investigative problems : cloud computing … 3 categories ©Bounameau Laurent, FCCU
  9. 9. It’s so simple … On his tablet ©Bounameau Laurent, FCCU Cloud computing
  10. 10. But you loose the property of your data … ©Bounameau Laurent, FCCU
  11. 11. And if you don’t desire it … You will not have the choice ©Bounameau Laurent, FCCU
  12. 12. Cloud computing Impact on crime Applicability of national (privacy) law governing companies ? Very mobile working environment for criminals Cloud data centers will become new focus of hackers ©Bounameau Laurent, FCCU
  13. 13. Cloud computing Impact on police methods Less evidence on local computer equipment Loss of efficiency of house searches / PC forensics Need for international forensic network searches Legal framework / cooperation agreements Legal hacking ©Bounameau Laurent, FCCU
  14. 14. Social networks ©Bounameau Laurent, FCCU
  15. 15. Social networks Impact on crime Very much information & easily searchable => intelligence for other crimes Identity theft : account takeover, creation of bogus profiles, abuse for extortion, spying, malware distribution, Internet fraud Privacy breaches by Social network providers and affiliates Explosion of abuse of “freedom of speech” => will remain there forever (… sextortion) ©Bounameau Laurent, FCCU
  16. 16. Social networks ©Bounameau Laurent, FCCU
  17. 17. Social networks Impact on police methods Old investigation methods less effective (no witnesses, no material traces => virtual world) Difficulty to set up history for undercover agents / front stores Difficulty to wipe out existing history of real identity of undercover agents Legal use of information gathered on these social networks Lack of swift effective methods to remove illegal content ©Bounameau Laurent, FCCU
  18. 18. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  19. 19. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  20. 20. When virtual world is becoming real ! ©Bounameau Laurent, FCCU
  21. 21. Anonymity They try to anonymize them BUT… ©Bounameau Laurent, FCCU
  22. 22. Anonymity More and more they SUCCEED … ©Bounameau Laurent, FCCU
  23. 23. Anonymity TOR … User « Onion Routers » www Web server - First request - Second request -1 minute later ©Bounameau Laurent, FCCU
  24. 24. TOR … User we are working in coop … ©Bounameau Laurent, FCCU Anonymity Server  Childporn  @tormail
  25. 25. Bitcoin « The first three times you think you understand Bitcoin, you’re wrong.” Dan Kaminsky (@dakami) ©Bounameau Laurent, FCCU Anonymity
  26. 26. Everyday in the media & in the web … ©Bounameau Laurent, FCCU
  27. 27. When virtual money is used in black market … ©Bounameau Laurent, FCCU
  28. 28. Fortunately there are still traces … you knew this ? ©Bounameau Laurent, FCCU
  29. 29. Fortunately there are still traces … you knew this ? Who will buy it ? ;-) ©Bounameau Laurent, FCCU
  30. 30. Botnets: DDos attacks … Hacker Knowledge server Webserver / node Infected, and ? Internet SCADA Process control Command & Control FCCU ©Bounameau Laurent, Server trigger event MW update Very frequent MW update request Malware update server Update malware / transfer info & money
  31. 31. Botnets: DDos attacks … ©Bounameau Laurent, FCCU
  32. 32. Botnets: DDos attacks … ©Bounameau Laurent, FCCU
  33. 33. E-banking, phishing & money mule Victime John DOE 2 Password user id Phishing Site 3 Transfert Order Bank Site 1 Bank: John Doe 4 Contract Financial manager Bank: Money Mule 6 ©Bounameau Laurent, FCCU Money Mule Jefke 5
  34. 34. Defacement & more !! Yesterday ©Bounameau Laurent, FCCU Last week
  35. 35. Police ransomware ©Bounameau Laurent, FCCU
  36. 36. PaySafeCard Vouchers ©Bounameau Laurent, FCCU
  37. 37. Common web sites to use vouchers Blocking web sites ©Bounameau Laurent, FCCU
  38. 38. Terrorism, hacktivism … No financial intent ⇒ Political / social objectives Attack and create chaos ⇒ Destabilize economy and society Might take their time to prepare ... ⇒ Or set up actions very quickly (social networks) ©Bounameau Laurent, FCCU
  39. 39. Terrorism, hacktivism …  DDOS attacks on Mastercard, Paypal, VISA Hours out ! No transaction for other companies  Sony Playstation network (LulzSec) SPNetwork 2 month out => 171 million $ losses data from 60 million users in the nature some usage  Private data from different databases on the Internet (doxed) => Military / FBI ©Bounameau Laurent, FCCU
  40. 40. Latest malware developments ©Bounameau Laurent, FCCU
  41. 41. Ransom, extortion ? ©Bounameau Laurent, FCCU
  42. 42. Data breaches 76% of data breaches utilised weak or stolen credentials Username: admin Password: password Computers, routers, PABX, … ©Bounameau Laurent, FCCU Source: Verizon Data Breach Report 2013
  43. 43. The inside threats  Fired system administator in courier company  Hard working IT in financial institution  Theft of PCs in R&D department of company  Social conflict DDOS attacks ©Bounameau Laurent, FCCU
  44. 44. Brussels, we have a problem ... • Victim  Hey, can you help us ?  We’re a Belgium telecom/hosting compagny  We have a problem  Our web servers are hacked  & some web sites of our Belgium clients are defaced ©Bounameau Laurent, FCCU  Police  OK  Some questions to start the case …  Who, where, what, when …
  45. 45. Some traces … but where ? Cybercrime Scene Investigation ©Bounameau Laurent, FCCU
  46. 46. Traces: who / where / what ?  In Belgium  Hosting firm => Nothing in Belgium  Client => Nothing in Belgium  Hacked firme => Nothing in Belgium ©Bounameau Laurent, FCCU  In USA  Hacked web server  Defaced web site  In Netherlands  Hacked server  In United Kingdom  Hacker ?  In Luxemburg  Hacker ?
  47. 47. Who are the criminals … Unit 8200 ? ©Bounameau Laurent, FCCU
  48. 48. Role of governments & international organizations  Working according a strategy  Develop international plans & reaction schemes for critical ICT infrastructure protection  Develop legal framework     ©Bounameau Laurent, FCCU Obligation to report cybercrime incidents Obligation to secure your computersystem (?) Possibility for ISP to cut off infected machines (?) Obligation to respond to requests of Gov authority when serious incidents happen
  49. 49. Responsabilities of the enterprises  E-Security = business risk => management responsibility  Think about how to survive when e-systems are under attack  Enforce detection of incidents – IDS ? Report incidents to CERT ? to police ?  Integrate strong authentication in e-business applications ©Bounameau Laurent, FCCU
  50. 50. Responsibilization of end users  Awareness raising => media  Training on e-security & attitude  already at school  in the enterprises  Obligation to secure his PC properly ? ©Bounameau Laurent, FCCU
  51. 51. How many elements do you know Are we prepared ©Bounameau Laurent, FCCU
  52. 52. +32 2 743 74 74 ©Bounameau Laurent, FCCU
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×