Iftach Ian Amit | November 2010
www.security-art.comAll rights reserved to Security Art ltd. 2002-2010
Cyber[Crime|Terror]...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
So, I heard that crime has
something ...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 3
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 4
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 5
Hungry yet?
That was just the appetiz...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
6
CyberWar
“Cyberwarfare, is the use of...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
7
It did not happen yet
Being an except...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 8
Many faces of how CyberWar is
perceiv...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 9
CyberWar - Attack
Highly selective ta...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
10
CyberWar - Defense
• Never just mili...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 11
CyberCrime
11
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 12
You want
money, you
gotta play like
...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 13
CyberCrime -
Ammunition
=≈ APT
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 14
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
15
CyberCrime -
Defense• Anti [ Virus |...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 16
How do these
connect?
Claim: CyberCr...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 17
History - Revisited...
Israel
Septem...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 18
All attacks on targets
are Attribute...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 19
Mid-east crime-war
links
ARHack
Hack...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 20
Political post
Buying/Selling cards ...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 21
History - Revisited...
Iran
2009 Twi...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 22
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
23
Iran-Twitter connecting dots
• Twitt...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 24
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
25
Iran-Twitter -
Ashiyane
• Ashiyane w...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 26
On [Crime|Terror] training
Ashiyane ...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
2727
Wargames targets
includes:
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 28
Back to [Crime|Terror] Links:
What e...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 29
Mapping Iran’s [Crime|Terror]
More r...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 30
Ashiyane
Iranian
Cyber Army
DDoS
Bot...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 31
The Future (Ilustrated)
CLOUDS
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
32
Deterrence
Think: Article 5 for the ...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
33
Attribution?
• Technical - not feasi...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
34
Summary
Good Bad
Formal training on
...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
35
Summary
The Future
Lack of legislati...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
36
Thanks!
www.security-art.com
iamit@s...
Upcoming SlideShare
Loading in …5
×

Cyber Terror ICT Conference

1,960 views
1,870 views

Published on

Mapping connections between CyberCrime and CyberTerrorism groups.
Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,960
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
98
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Completely financially motivated
    Read: no political affiliation, unless $$$
    Highly connected
    Transactions can be traced across organizations
    Hierarchical in nature
    Need to know basis, highly professional business units, many small profit centers
  • Highly connected and hierarchical
  • Highly sophisticated botnets
    Usually rented by the hour/day for spamming or DDOS
    Harvesting specific information (credit cards, financial data, personal information, emails, documents, applications, credentials, etc...)
  • Engulfed in fog... information & dis-information all over the place.
    Events:
    Cast Led and 2nd Lebanon war
    kinetic and cyber links hard to find
    Palestinian TV station hacked for propaganda
    Maybe? - Syrian nuclear facility bombing in 2007 (no proof - no radar accountability of ANY aircraft in the area...)
  • An example of an organization that wears two hats:
    Running “hacker” forum by day
    Mostly tools, techniques, targets in the US, Israel and some Nordic states
    Actively running cybercrime organization:
    Carding, password theft and trade (major provider of hacked swiss/dutch/danish FTP sites to cybercrime groups)
  • At the Ashiyane forums, there’s an ongoing contest called “WarGames”:
    Sites are being targeted, participants are called to attack them - SQL injections, data theft, defacement, anything goes...
  • Landscape highly unclear!
    Where does that put “developing” nations
    Africa? OLPC + zero enforcement of licensing = largest infected PC population in the world!
    Arms race is on. Government/military commissioned attacks more likely, but mainly surgical strikes
    No Cybergeddon for you so far (sorry CNN...)
    Massive connectivity is still the WMD of CyberWar (and is a commodity)
    No problem getting it from questionable “arms dealers” (bot herders) - just like we do now with conventional weapons....
  • Cyber Terror ICT Conference

    1. 1. Iftach Ian Amit | November 2010 www.security-art.comAll rights reserved to Security Art ltd. 2002-2010 Cyber[Crime|Terror] Links between crime and terror on the cyber front: analysis and mitigation strategies Iftach Ian Amit VP Business Development, Security Art Board Member - CSA Israel IL-CERT Dreamer
    2. 2. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 2 So, I heard that crime has something to do with state? You heard right...
    3. 3. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 3
    4. 4. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 4
    5. 5. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 5 Hungry yet? That was just the appetizer...
    6. 6. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 6 CyberWar “Cyberwarfare, is the use of computers and the Internet in conducting warfare in cyberspace.” Wikipedia
    7. 7. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 7 It did not happen yet Being an exceptionEstoniaGeorgiaTitan RainIndiaGoogleAdobe
    8. 8. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 8 Many faces of how CyberWar is perceived... From McAfee’s “Virtual Criminology Report 2009” Image caption: “countries developing advanced offensive cyber capabilities”
    9. 9. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 9 CyberWar - Attack Highly selective targeting of military (and critical) resources In conjunction with a kinetic attack OR Massive DDOS in order to “black-out” a region, disrupt services, and/or push political agenda (propaganda)
    10. 10. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 10 CyberWar - Defense • Never just military • Targets will be civilian • Physical and logical protections = last survival act • Availability and Integrity of services • Can manifest in the cost of making services unavailable for most civilians
    11. 11. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 11 CyberCrime 11
    12. 12. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 12 You want money, you gotta play like the big boys do...
    13. 13. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 13 CyberCrime - Ammunition =≈ APT
    14. 14. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 14
    15. 15. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 15 CyberCrime - Defense• Anti [ Virus | Malware | Spyware | Rootkit | Trojan ] • Seriously? • Firewalls / IDS / IPS • Seriously? • Brought to you by the numbers 80, 443, 53... • SSL...
    16. 16. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 16 How do these connect? Claim: CyberCrime is being used to conduct CyberWar/Terror Proof: Let’s start with some history...
    17. 17. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 17 History - Revisited... Israel September 6th, 2007 Source: http://en.wikipedia.org/wiki/Operation_ Orchard Source: Der Spiegel Operation Orchard
    18. 18. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 18 All attacks on targets are Attributed to Hacktivists Israeli Arabic 18 Cast-Led, 2nd Lebanon war
    19. 19. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 19 Mid-east crime-war links ARHack Hacker/Political forum by day Cybercrime operations by night
    20. 20. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 20 Political post Buying/Selling cards for 1/2 their balance Selling 1600 visa cards
    21. 21. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 21 History - Revisited... Iran 2009 Twitter DNS hack attributed to Iranian activity. Political connections are too obvious to ignore (elections) UN Council Decisions Protests by leadership opposition in Tehran Timing was right on:
    22. 22. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 22
    23. 23. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 23 Iran-Twitter connecting dots • Twitter taken down December 18th 2009 • Attack attributed eventually to a group named “Iranian Cyber Army” • Until December 2009 there was no group known as “Iranian Cyber Army”... • BUT - “Ashiyane” (Shiite group) is from the same place as the “Iranian Cyber Army”
    24. 24. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 24
    25. 25. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 25 Iran-Twitter - Ashiyane • Ashiyane was using the same pro- Hezbolla messages that were used on the Twitter attack with their own attacks for some time... • AND the “Iranian Cyber Army” is an active group on the Ashiyane forums www.ashiyane.com/forum Let’s take a look at how Ashiyane operates...
    26. 26. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 26 On [Crime|Terror] training Ashiyane forums WarGames 26
    27. 27. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 2727 Wargames targets includes:
    28. 28. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 28 Back to [Crime|Terror] Links: What else happened on the 18th? Additional targets - Baidu taken down with the same MO (credentials)
    29. 29. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 29 Mapping Iran’s [Crime|Terror] More recently: Iranian Cyber Army expanding into the “Crime” business Along with the cybercrime “honeypot” tactics…
    30. 30. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 30 Ashiyane Iranian Cyber Army DDoS Botnet Herding Site Defacemen t Credit Card Theft Strategic Attacks Mapping Iran’s [Crime|Terror] Iran Iraq US $$ UK US CN Crime War
    31. 31. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 31 The Future (Ilustrated) CLOUDS
    32. 32. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 32 Deterrence Think: Article 5 for the Cyber Commons! An attack agains one or more states, shall be considered an attack against all member states, who agree, to exercise their right to assist the attacked party, including the right to use armed forces. NATO Article 5 - abridged
    33. 33. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 33 Attribution? • Technical - not feasible • Political - should be obvious • Defending state? • Should have the responsibility to “clean up” its portion of the Cyber Commons in order to enable a sustainable economic and civil environment.
    34. 34. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 34 Summary Good Bad Formal training on cybersecurity by nations Commercial development of malware still reigns Ugly Good meet Bad: money changes hands, less tracks to cover, criminal ops already creating the weapons and are linked to terrorist organizations...
    35. 35. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 35 Summary The Future Lack of legislation and cooperation on multi-national level is creating de-facto “safe haven” for cybercrime. <- FIx this! (see article 5 suggestions) Treaties and anti-crime activities may prove to be beneficial. <- nukes? (i.e. treaties...)
    36. 36. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 36 Thanks! www.security-art.com iamit@security-art.com twitter.com/iiamit blog.security-art.com

    ×