Your SlideShare is downloading. ×
Cyber Terror ICT Conference
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Terror ICT Conference

1,736

Published on

Mapping connections between CyberCrime and CyberTerrorism groups. …

Mapping connections between CyberCrime and CyberTerrorism groups.
Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,736
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
97
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Completely financially motivated
    Read: no political affiliation, unless $$$
    Highly connected
    Transactions can be traced across organizations
    Hierarchical in nature
    Need to know basis, highly professional business units, many small profit centers
  • Highly connected and hierarchical
  • Highly sophisticated botnets
    Usually rented by the hour/day for spamming or DDOS
    Harvesting specific information (credit cards, financial data, personal information, emails, documents, applications, credentials, etc...)
  • Engulfed in fog... information & dis-information all over the place.
    Events:
    Cast Led and 2nd Lebanon war
    kinetic and cyber links hard to find
    Palestinian TV station hacked for propaganda
    Maybe? - Syrian nuclear facility bombing in 2007 (no proof - no radar accountability of ANY aircraft in the area...)
  • An example of an organization that wears two hats:
    Running “hacker” forum by day
    Mostly tools, techniques, targets in the US, Israel and some Nordic states
    Actively running cybercrime organization:
    Carding, password theft and trade (major provider of hacked swiss/dutch/danish FTP sites to cybercrime groups)
  • At the Ashiyane forums, there’s an ongoing contest called “WarGames”:
    Sites are being targeted, participants are called to attack them - SQL injections, data theft, defacement, anything goes...
  • Landscape highly unclear!
    Where does that put “developing” nations
    Africa? OLPC + zero enforcement of licensing = largest infected PC population in the world!
    Arms race is on. Government/military commissioned attacks more likely, but mainly surgical strikes
    No Cybergeddon for you so far (sorry CNN...)
    Massive connectivity is still the WMD of CyberWar (and is a commodity)
    No problem getting it from questionable “arms dealers” (bot herders) - just like we do now with conventional weapons....
  • Transcript

    • 1. Iftach Ian Amit | November 2010 www.security-art.comAll rights reserved to Security Art ltd. 2002-2010 Cyber[Crime|Terror] Links between crime and terror on the cyber front: analysis and mitigation strategies Iftach Ian Amit VP Business Development, Security Art Board Member - CSA Israel IL-CERT Dreamer
    • 2. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 2 So, I heard that crime has something to do with state? You heard right...
    • 3. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 3
    • 4. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 4
    • 5. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 5 Hungry yet? That was just the appetizer...
    • 6. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 6 CyberWar “Cyberwarfare, is the use of computers and the Internet in conducting warfare in cyberspace.” Wikipedia
    • 7. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 7 It did not happen yet Being an exceptionEstoniaGeorgiaTitan RainIndiaGoogleAdobe
    • 8. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 8 Many faces of how CyberWar is perceived... From McAfee’s “Virtual Criminology Report 2009” Image caption: “countries developing advanced offensive cyber capabilities”
    • 9. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 9 CyberWar - Attack Highly selective targeting of military (and critical) resources In conjunction with a kinetic attack OR Massive DDOS in order to “black-out” a region, disrupt services, and/or push political agenda (propaganda)
    • 10. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 10 CyberWar - Defense • Never just military • Targets will be civilian • Physical and logical protections = last survival act • Availability and Integrity of services • Can manifest in the cost of making services unavailable for most civilians
    • 11. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 11 CyberCrime 11
    • 12. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 12 You want money, you gotta play like the big boys do...
    • 13. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 13 CyberCrime - Ammunition =≈ APT
    • 14. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 14
    • 15. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 15 CyberCrime - Defense• Anti [ Virus | Malware | Spyware | Rootkit | Trojan ] • Seriously? • Firewalls / IDS / IPS • Seriously? • Brought to you by the numbers 80, 443, 53... • SSL...
    • 16. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 16 How do these connect? Claim: CyberCrime is being used to conduct CyberWar/Terror Proof: Let’s start with some history...
    • 17. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 17 History - Revisited... Israel September 6th, 2007 Source: http://en.wikipedia.org/wiki/Operation_ Orchard Source: Der Spiegel Operation Orchard
    • 18. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 18 All attacks on targets are Attributed to Hacktivists Israeli Arabic 18 Cast-Led, 2nd Lebanon war
    • 19. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 19 Mid-east crime-war links ARHack Hacker/Political forum by day Cybercrime operations by night
    • 20. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 20 Political post Buying/Selling cards for 1/2 their balance Selling 1600 visa cards
    • 21. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 21 History - Revisited... Iran 2009 Twitter DNS hack attributed to Iranian activity. Political connections are too obvious to ignore (elections) UN Council Decisions Protests by leadership opposition in Tehran Timing was right on:
    • 22. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 22
    • 23. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 23 Iran-Twitter connecting dots • Twitter taken down December 18th 2009 • Attack attributed eventually to a group named “Iranian Cyber Army” • Until December 2009 there was no group known as “Iranian Cyber Army”... • BUT - “Ashiyane” (Shiite group) is from the same place as the “Iranian Cyber Army”
    • 24. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 24
    • 25. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 25 Iran-Twitter - Ashiyane • Ashiyane was using the same pro- Hezbolla messages that were used on the Twitter attack with their own attacks for some time... • AND the “Iranian Cyber Army” is an active group on the Ashiyane forums www.ashiyane.com/forum Let’s take a look at how Ashiyane operates...
    • 26. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 26 On [Crime|Terror] training Ashiyane forums WarGames 26
    • 27. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 2727 Wargames targets includes:
    • 28. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 28 Back to [Crime|Terror] Links: What else happened on the 18th? Additional targets - Baidu taken down with the same MO (credentials)
    • 29. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 29 Mapping Iran’s [Crime|Terror] More recently: Iranian Cyber Army expanding into the “Crime” business Along with the cybercrime “honeypot” tactics…
    • 30. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 30 Ashiyane Iranian Cyber Army DDoS Botnet Herding Site Defacemen t Credit Card Theft Strategic Attacks Mapping Iran’s [Crime|Terror] Iran Iraq US $$ UK US CN Crime War
    • 31. Iftach Ian Amit | November 2010 All rights reserved to Security Art ltd. 2002-2010 31 The Future (Ilustrated) CLOUDS
    • 32. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 32 Deterrence Think: Article 5 for the Cyber Commons! An attack agains one or more states, shall be considered an attack against all member states, who agree, to exercise their right to assist the attacked party, including the right to use armed forces. NATO Article 5 - abridged
    • 33. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 33 Attribution? • Technical - not feasible • Political - should be obvious • Defending state? • Should have the responsibility to “clean up” its portion of the Cyber Commons in order to enable a sustainable economic and civil environment.
    • 34. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 34 Summary Good Bad Formal training on cybersecurity by nations Commercial development of malware still reigns Ugly Good meet Bad: money changes hands, less tracks to cover, criminal ops already creating the weapons and are linked to terrorist organizations...
    • 35. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 35 Summary The Future Lack of legislation and cooperation on multi-national level is creating de-facto “safe haven” for cybercrime. <- FIx this! (see article 5 suggestions) Treaties and anti-crime activities may prove to be beneficial. <- nukes? (i.e. treaties...)
    • 36. All rights reserved to Security Art ltd. 2002-2010 Iftach Ian Amit | November 2010 36 Thanks! www.security-art.com iamit@security-art.com twitter.com/iiamit blog.security-art.com

    ×