A perspective for counter strategy against cybercrime and cyber espionage

1,382 views

Published on

Published in: Business, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,382
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

A perspective for counter strategy against cybercrime and cyber espionage

  1. 1. Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
  2. 2. about…✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
  3. 3. "what happened in the last 2 years"• OperationAurora, ShadyRAT, ...• Stuxnet• (MENA) *new• Wikileaks *new• Sony PSN• Anonymous *new• Indira Gandhi
  4. 4. "what happened in the last 2 years"• OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat)• Stuxnet = SCADA• *new=• Wikileaks *new = :• Sony PSN: 3 = DDoS, ,• Anonymous *new = +• Indira Gandhi =
  5. 5. "what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
  6. 6. "whom targeted, why"• ,• Sony PSN, Sony• ,•• :
  7. 7. "whom targeted, why"http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/
  8. 8. "spoofing, phishing & targeted attack"/ 1
  9. 9. "cybercrime, cyber espionage, primary target = individual"
  10. 10. "know your enemy: techniques"• phishing • website spoofing• targeted phishing • content altering• trojan • XSRF• spyware • XSS• keylogger • code injection• rootkit • IP hijacking• botnet DDoS • rogue WiFi AP • sniffer
  11. 11. "know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
  12. 12. "know your enemy: not just techniques"•• who are they?• disseminate characters• disseminate motives
  13. 13. "disseminate characters"•••••••••
  14. 14. "disseminate characters"
  15. 15. "disseminate characters"https://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
  16. 16. "disseminate characters"how cyber criminals lure talents?
  17. 17. "disseminate characters" http://www.youtube.com/watch?v=2Tm7UKo4IBchttp://www.youtube.com/watch?v=kZNDV4hGUGw
  18. 18. "disseminate characters"• =• =• =• =• : →CEO 26%• = Lulzsec, TeaMp0isoN• = Th3J35t3r, On3iroi• = Anonymous• vs
  19. 19. "disseminate motives"• ,•• hacktivism,•
  20. 20. "disseminate motives"Law, Market, Norm, Architecture
  21. 21. "disseminate motives"Law, Market, Norm, Architecture
  22. 22. "disseminate motives"Law, Market, Norm, Architecture
  23. 23. "disseminate motives"Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
  24. 24. "disseminate motives"• , = Power• = Money• hacktivism, = Ideology• = Control
  25. 25. "disseminate motives" Power, Money, Ideology, Control Power$Money Ideology - - - - Control
  26. 26. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist$Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
  27. 27. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist$Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
  28. 28. "social change on Internet" 2000•• • • • •
  29. 29. "social change on Internet" 2001• •• •• •• • • • • • • • (Wiki ) • / • • • 3D •
  30. 30. "real world vs. social data world"
  31. 31. "real world vs. social data world" :
  32. 32. "emerging attack techniques"• malware: ,• VM , bios• : VNC, Spycam,• spyware : keylogger, GPS logger• sabotage ware : Stuxnet• USB =• DDoS: JavaScript (LOIC) ($8/h~),
  33. 33. "layer approach" •examle: OSI model
  34. 34. "a security layer model " 7 Psychological ,Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
  35. 35. "attacks vs. counter measures " APT, espionage, phishing,Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
  36. 36. "state of security methodology"✴ •( + )✴ •= ( )✴ PKI = DigiNotar✴ = •( )✴ =
  37. 37. "perspective for counter strategy" set basic security measures:✴ prevention, detection, response✴✴✴ : 100%✴ :✴ (APT )✴ PET (Privacy Enhancing Technology )✴ PIA (Privacy Impact Assessment )
  38. 38. "perspective for counter strategy" be creative:✴✴ soft power • • PR deflective PR✴ social intelligence ( )✴ counter social engineering • •
  39. 39. "perspective for counter strategy" be creative: Learn Attack Technique• •• = CTF (Capture The Flag) • • DEFCON CTF CTF •
  40. 40. "perspective for counter strategy" be creative: Soft Power• Soft Power = 1990 Joseph Nye• Hard Power•• http://en.wikipedia.org/wiki/Soft_power• /••
  41. 41. "perspective for counter strategy" be creative: Soft Power
  42. 42. "perspective for counter strategy" be creative: Social Intelligence•• • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
  43. 43. "perspective for counter strategy"be creative: Counter Social Engineering••• • •• • ( )
  44. 44. "perspective for counter strategy" be prepared: Simulation Exercise✴• TableTop Exercise = •• Functional Exercise = • •• FullScale Exercise = • •
  45. 45. references• CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649• PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php• Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/• Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/• ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc• Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw• Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ• Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
  46. 46. references• 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html• Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html• CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y• MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality• McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf• Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html• "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
  47. 47. references• -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html• PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf• PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf• http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527• GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819• Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
  48. 48. references• Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars• F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html• State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/• NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27

×