Gohsuke Takama /          , Meta Associates, 2012   2           http://www.slideshare.net/gohsuket
about…                 ✴ Gohsuke Takama /                     , Meta Associates http://www.meta-associates.com/           ...
Gohsuke Takama
http://www.ipa.go.jp/security/fy23/reports/measures/documents/report20120120.pdfGohsuke Takama
http://www.ipa.go.jp/security/vuln/newattack.htmlGohsuke Takama
11                                                                      x                 10                              ...
A                 AttacksGohsuke Takama
?                                                    "Spear Phishing"                                      "Advanced Persi...
?                 http://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/Gohsuke Takama               ...
?                 •            , IHI... (2011)                 •          ,          ... (2011,    ID,          ?)        ...
?                 RSA                 SecurIDGohsuke Takama
?                 Diginotar 2011   9 19                                    20Gohsuke Takama
?                 =                      (Cyber Espionage)                        "Targeted Cyber Espionage"              ...
?                     /   1                 ,Gohsuke Takama
?                 ✴ APT,                  •                   =                  •                  •               :     ...
?                                                       EU                                                       $1 Trilli...
?                 •   : OSIGohsuke Takama
?                                7 Psychological        ,                 Human Factor   6 Custom (Habit)       ,         ...
?                                                    , APT,Psychological                                               , P...
?                 ✴                            (Firewall)                  •(                          +                  ...
S                 Social EngineeringGohsuke Takama
:                                                 :                 syoutenn_aguri@aol.jp                                 ...
Gohsuke Takama
Gohsuke Takama
Gohsuke Takama
90%Gohsuke Takama
10%Gohsuke Takama
90% or   10%Gohsuke Takama
:       A28                                      90%                     3:20                     :         .xlsGohsuke Ta...
:       A28                                      10%                     3:20                     :         .xlsGohsuke Ta...
Visual Cognition Lab                1999                  http://www.youtube.com/watch?v=vJG698U2MvoGohsuke Takama
http://ja.wikipedia.org/wiki/Gohsuke Takama
http://ja.wikipedia.org/wiki/Gohsuke Takama
http://ja.wikipedia.org/wiki/Gohsuke Takama
http://ja.wikipedia.org/wiki/Gohsuke Takama
http://ja.wikipedia.org/wiki/Gohsuke Takama
(   : Turing test)                              1950                Computing Machinery and Intelligence                 [...
W                 Who, Why, WhatGohsuke Takama
?                      ?                 Law, Market, Norms, ArchitectureGohsuke Takama
?   ?Gohsuke Takama
?   ?Gohsuke Takama
?                  ?                          Political Power                 Money                               Ideology...
?                  ?                          Political Power                 Money                               Ideology...
?                  ?                          Political Power                         APT                 Money           ...
HUMINT, COMINT→CYBINT?Gohsuke Takama
HUMINT, COMINT→CYBINT?                 HUMINT: Human Intelligence                 COMINT: Communications Intelligence     ...
HUMINT, COMINT→CYBINT?                 ,              ,   ,             ,   ,       •             •      •           •    ...
HUMINT, COMINT→CYBINT?     ,                               ,    ,           ,   ,•     NW                         •   NW• ...
"Stuxnet"                       HUMINT, CYBINT                 "Nuclear scientist killed in Tehran was Irans top Stuxnet e...
"Stuxnet"                 HUMINT, CYBINTGohsuke Takama
A x S xW                   = what to do?Gohsuke Takama
?                     ,                              ,     ,            ,   ,        •                        /           ...
✴           ,                 ✴                 ✴    /                 ✴                  •                  •   -DMZ     ...
•                      •                      •                      •                      •   Twitter, Facebook, IRC, We...
✴                 •         =                   •                 •             =                   •                   • ...
✴    )                              (                 ✴                  •                  •                  •          ...
✴                  •                                    SSL / TLS                 ✴                      (PGP       )     ...
Gohsuke Takama
MACGohsuke Takama
/ MAC                 ✴   LAN                 •               LAN                 •                     LAN               ...
✴               PR                  •                  •                                   /                  •     Soft P...
Gohsuke Takama
Upcoming SlideShare
Loading in …5
×

標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー

1,609 views

Published on

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,609
On SlideShare
0
From Embeds
0
Number of Embeds
67
Actions
Shares
0
Downloads
30
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー

  1. 1. Gohsuke Takama / , Meta Associates, 2012 2 http://www.slideshare.net/gohsuket
  2. 2. about… ✴ Gohsuke Takama / , Meta Associates http://www.meta-associates.com/ ✴ , IT , ✴ , , ✴ : Black Hat Japan, PacSec ✴ ( , , ) ✴ ( ) ✴ : DHS, NIST, NERC, EPRI, Stanford Research, Sandia , Bell , ISAC Council, John Arquilla(NPS ), Richard Clarke, John Tritak, Paul Kurtz (Good Harbor Consulting) ✴ : , , ✴ : Patch Advisor( ), SecWest (PacSec ) ✴ IT , ( ) ✴ : CodeGate2008 ( ), (2002, 2010), ✴ : http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International, London, UK http://www.privacyinternational.org/ ✴ ,Gohsuke Takama
  3. 3. Gohsuke Takama
  4. 4. http://www.ipa.go.jp/security/fy23/reports/measures/documents/report20120120.pdfGohsuke Takama
  5. 5. http://www.ipa.go.jp/security/vuln/newattack.htmlGohsuke Takama
  6. 6. 11 x 10 = 9 8 7 R 6 5 4 3 2 1 A B C D E F G H I J KGohsuke Takama
  7. 7. A AttacksGohsuke Takama
  8. 8. ? "Spear Phishing" "Advanced Persistent Threat" APT "Targeted Cyber Espionage" "Adaptive Persistent Attack" APA "Top APT Research of 2011 (That You Probably Haven’t Heard About)"Gohsuke Takama http://blog.trendmicro.com/top-apt-research-of-2011-that-you-probably-havent-heard-about/
  9. 9. ? http://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/Gohsuke Takama http://paulsparrows.wordpress.com/2012-cyber-attacks-timeline-master-index/
  10. 10. ? • , IHI... (2011) • , ... (2011, ID, ?) • JAXA (2011, NASA ?) • ShadyRAT (2011, 14 OperationAurora (2010, Google 70 ), 34 ), Night Dragon (2010, ), GhostNet (2009, 103 ) • RSA / Lockheed Martin (2011, SecurID , Lockheed ) • DigiNotar (2011, Google SSL )Gohsuke Takama • Stuxnet (2010, )
  11. 11. ? RSA SecurIDGohsuke Takama
  12. 12. ? Diginotar 2011 9 19 20Gohsuke Takama
  13. 13. ? = (Cyber Espionage) "Targeted Cyber Espionage" "Advanced Persistent Threat" APT "Adaptive Persistent Attack" APAGohsuke Takama
  14. 14. ? / 1 ,Gohsuke Takama
  15. 15. ? ✴ APT, • = • • : , , • → → → ✴ ( ) • = •Gohsuke Takama • →
  16. 16. ? EU $1 Trillion/ = 80 (McAfee 2009 ) EU $3.4 Billion = 2720 (2011,VISA CyberSource ) ¥57.4 ¥19 (2011) https://www.europol.europa.eu/sites/default/files/publications/iocta.pdfGohsuke Takama http://www.net-security.org/secworld.php?id=12273
  17. 17. ? • : OSIGohsuke Takama
  18. 18. ? 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 PhysicalGohsuke Takama
  19. 19. ? , APT,Psychological , Phishing ? , ID / , , , Custom XSS, XSRF, CSIRT, PKI, ID, SSL DoS, Spam, , CSIRT , , Operation , , , , , , Content Spam, , IDS OS/ DoS, , , IDS, Application 0day, rootkit, IPS, , OS/ , , Hardware , , , , , , , Physical ,Gohsuke Takama
  20. 20. ? ✴ (Firewall) •( + ) ✴ •= ( ) ✴ 100% > • ( ?) ✴ PKI = DigiNotar ✴ =Gohsuke Takama •( )
  21. 21. S Social EngineeringGohsuke Takama
  22. 22. : : syoutenn_aguri@aol.jp : ( ) : Photo.zip : : 3 , 7 ( 1 ( ), 10Gohsuke Takama
  23. 23. Gohsuke Takama
  24. 24. Gohsuke Takama
  25. 25. Gohsuke Takama
  26. 26. 90%Gohsuke Takama
  27. 27. 10%Gohsuke Takama
  28. 28. 90% or 10%Gohsuke Takama
  29. 29. : A28 90% 3:20 : .xlsGohsuke Takama
  30. 30. : A28 10% 3:20 : .xlsGohsuke Takama
  31. 31. Visual Cognition Lab 1999 http://www.youtube.com/watch?v=vJG698U2MvoGohsuke Takama
  32. 32. http://ja.wikipedia.org/wiki/Gohsuke Takama
  33. 33. http://ja.wikipedia.org/wiki/Gohsuke Takama
  34. 34. http://ja.wikipedia.org/wiki/Gohsuke Takama
  35. 35. http://ja.wikipedia.org/wiki/Gohsuke Takama
  36. 36. http://ja.wikipedia.org/wiki/Gohsuke Takama
  37. 37. ( : Turing test) 1950 Computing Machinery and Intelligence [1] http://ja.wikipedia.org/wiki/Gohsuke Takama
  38. 38. W Who, Why, WhatGohsuke Takama
  39. 39. ? ? Law, Market, Norms, ArchitectureGohsuke Takama
  40. 40. ? ?Gohsuke Takama
  41. 41. ? ?Gohsuke Takama
  42. 42. ? ? Political Power Money Ideology - - - -Gohsuke Takama Technical Control
  43. 43. ? ? Political Power Money Ideology : - - - -Gohsuke Takama Technical Control
  44. 44. ? ? Political Power APT Money Ideology Lulz : - - - -Gohsuke Takama Technical Control
  45. 45. HUMINT, COMINT→CYBINT?Gohsuke Takama
  46. 46. HUMINT, COMINT→CYBINT? HUMINT: Human Intelligence COMINT: Communications Intelligence (Signals Intelligence) CYBINT*: Cyber Intelligence (Network Intelligence) http://en.wikipedia.org/wiki/Network_intelligenceGohsuke Takama
  47. 47. HUMINT, COMINT→CYBINT? , , , , , • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • , • • • • • • • • • • • • • • • • •Gohsuke Takama
  48. 48. HUMINT, COMINT→CYBINT? , , , , ,• NW • NW• •Spam ( ) • • ••IP • • •• • • •• , F/W ••Fax, • USB • • •• • CD-ROM • •• • • •• • • • •• • • • •• • LAN • •• •Fax • • •• • • • • • • •• • • • •• •• • • •• • • •• • • , •• • • Gohsuke Takama
  49. 49. "Stuxnet" HUMINT, CYBINT "Nuclear scientist killed in Tehran was Irans top Stuxnet expert"Gohsuke Takama http://www.debka.com/article/20406/
  50. 50. "Stuxnet" HUMINT, CYBINTGohsuke Takama
  51. 51. A x S xW = what to do?Gohsuke Takama
  52. 52. ? , , , , , • / • • • • • VPN, • • - • • • / / • • • • • • • • • • •MAC • PR • / •Gohsuke Takama
  53. 53. ✴ , ✴ ✴ / ✴ • • -DMZ • -Gohsuke Takama
  54. 54. • • • • • Twitter, Facebook, IRC, Weibo, RenRen • : https://www.recordedfuture.com/ "RQ-170" Jul 30 2006--Mar 14 2012 https://www.recordedfuture.com/rf/s/2z0Cm4Gohsuke Takama
  55. 55. ✴ • = • • = • • • = •Gohsuke Takama •
  56. 56. ✴ ) ( ✴ • • • • /Gohsuke Takama
  57. 57. ✴ • SSL / TLS ✴ (PGP ) ✴ (Chat, IM, SMS, ) ✴ • Chat, IM, SMS ,VoIPGohsuke Takama •
  58. 58. Gohsuke Takama
  59. 59. MACGohsuke Takama
  60. 60. / MAC ✴ LAN • LAN • LAN • F/WGohsuke Takama
  61. 61. ✴ PR • • / • Soft Power = 1990 ( Joseph Nye Hard Power ) • http://ja.wikipedia.org/wiki/ •Gohsuke Takama
  62. 62. Gohsuke Takama

×