• Save
Robin Hoods And Criminals
Upcoming SlideShare
Loading in...5
×
 

Robin Hoods And Criminals

on

  • 330 views

April 2012 - DoS, DDoS, Cyber Crime and What can be done.

April 2012 - DoS, DDoS, Cyber Crime and What can be done.

Statistics

Views

Total Views
330
Views on SlideShare
330
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Orchestrated by a Brazilian guy Havittaja, these attacks were for the lulz, but also for public attention to arrested Anonymous supporters participating in last 24 months attacks, mainly in the UK and the US.
  • What happens after the Backend server clogs depends on the type of CDN service provided, two options here:Static content still provided by CDN, dynamic content unavailable2. Service is not provided at all when backend server is not responsive

Robin Hoods And Criminals Robin Hoods And Criminals Presentation Transcript

  • Cyber Security Robin Hoods and CriminalsZiv IchilovDefensePro Product Manager, RadwareICTExpo Helsinki, April 2012
  • Breaking NewsAnonymous has taken down the following this week• Central Intelligence Agency (CIA)• Department of Justice (DOJ)• Federal Bureau of Investigation (FBI)• National Aeronautics and Space Administration (NASA)• Secret Intelligence Service (MI6) 2
  • AGENDDoS – What is it about?2011 DoS AttacksRobin Hoods or CriminalsProtect Yourself – What is Missing?Radware Attack Mitigation System
  • AGENDADoS – What is it about?2011 DoS AttacksRobin Hoods or CriminalsProtect Yourself – What is Missing?Radware Attack Mitigation System
  • DoS – Originators and Goals• Hacktivisim – Gain Public Attention • Protestors• Cyber Crime – Extortion • Criminals – Business Affairs • Competition – Data Theft • DoS for Covering Surreptitious Attacks (criminals)• Cyber War – Country Level Attacks – Business / Military Intelligence – “Real” Critical Infrastructure Paralysis 5
  • DoS – Digital Sit-in or Crime• Protest – Digital Sit-in “A sit-in or sit-down is a form of direct action that involves one or more persons nonviolently occupying an area for a protest, often to promote political, social, or economic change.” Wikipedia “There’s no such thing as a DDoS attack. A DDoS is a protest, it’s a digital sit-it. It is no different than physically occupying a space. It’s not a crime, it’s speech. Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit-in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era” Jay Leiderman (sept 2011, TPM) 6
  • DoS – How does it Look• Simple Way – Excessive or specially crafted traffic causing network/server/application resources misuse, thus preventing legitimate traffic to reach its destination and limits the service providing, generated by tools, humans or both. Can be based on Volume / Rate / Vulnerability Exploitation• Detailed – Layer 3 Floods – targeting the network equipment, and the actual pipe capacity – Layer 4 Floods – targeting the servers (physical or virtual), their stack resources – Layer 7 Floods – targeting real applications and services 7
  • DoS – Effects• Direct Effects – Embarrassing nuisance and inconvenience – Revenue and reputation loss• Side Effect – Immediate Data Loss – Penetration to the Organization• Long Term Effect – Infection – Involuntary Be Harness to Future Attacks 8
  • AGENDADoS – What is it about?2011 DoS AttacksRobin Hoods or CriminalsProtect Yourself – What is Missing?Radware Attack Mitigation System
  • Size does not matter! – Most organization may never experience an intense attack – Less intensive application attacks can cause more damage than network attacks The impact of application flood attacks are much more severe than network flood attacks 76 percent of the attacks surveyed were under 1Gbps76% of attacks are below 1Gbps 10
  • Network Attacks and Application Attacks Coexist 11
  • Which Elements Are Bottlenecks For DDoS?Internet link Stateful devices areis saturated vulnerable to DDoS(27% of the (36% of the attacks) attacks) 12
  • More Organization Are Threatened by DoS 13
  • Anonymous Attacks Grow 14
  • AGENDADoS – What is it about?2011 DoS AttacksRobin Hoods or CriminalsProtect Yourself – What is Missing?Radware Attack Mitigation System
  • Robin Hoods or Criminals?• SONY Example – Massive DoS attack taking down the PlayStation network for hours – Initiated after filing a sue against hacker who broke PS3 protection mechanism – During attack CC data of millions of users was stolen – Anonymous involvement was partially denied 16
  • Robin Hoods or Criminals?• Sic Semper Tyrannis – Long campaign against the Vatican web infrastructure – Started with a failed attempt to hack Vatican systems and databases – Continued as a massive DoS attack lasting for days, in repeating waves 17
  • Robin Hoods or Criminals?• Russian Presidential Elections – During elections time in Russia, first Duma and then for Presidency ... – DDoS attacks on protestors blogs, parties websites, reporting websites etc. ““It can’t be long before we observe a DDoS attack between two political parties based on one and the same botnet.” Eugene Kaspersky (blog) 18
  • Robin Hoods or Criminals?• The Israeli CaseJanuary 3rd Saudi hacker 0xOmar leaks tens of thousands Israeli credit card numbers and other personal sensitive information.January 16th 0xOmar and the Pro-Palestinian “Nightmare” hacker group sends an email to the Jerusalem Post, threatening to attack EL-AL website. EL-AL, Tel-Aviv Stock Exchange, First International Bank of Israel and Discount Bank websites are attacked and are unavailable for hours.January 17th Israeli hacker group “IDF-Team” retaliates by attacking Saudi and UAE’s Stock Exchanges websitesJanuary 18th More Israeli websites targeted: Bank of Israel website under attack 19
  • Robin Hoods or Criminals?• The Israeli Case In the following weeks, dozens of Israeli web sites were attacked by Pro-Palestinian hacker groups A Cyber War emerged 20
  • Robin Hoods or Criminals?"One mans terrorist is another mans freedom fighter." ?• DoS activity is considered today as illegal activity in most of the world• DoS attacks are used for launching surreptitious attack• Well known examples for criminal hacktivism 21
  • AGENDADoS – What is it about?2011 DoS AttacksRobin Hoods or CriminalsProtect Yourself – What is Missing?Radware Attack Mitigation System
  • What is MissingWhat We Have?• Most of DDoS/DoS Attack Types are Known – Network floods, SYN floods, GET floods, Invite floods, etc.• Protection Methodologies are Known – Rate limit, Black list/haul, Authentication (Challenge), Behavioral Analysis, etc.• High Performance Mitigation Devices Exist 23
  • What is MissingWhat is Missing?• Intelligence – In detection – application data consideration – In identification of attackers – smart algorithms and authentication methods – In mitigation – real-time dynamic filtering• Capabilities – Dealing with new challenges – further analysis, secured traffic, etc. – Experienced Human Touch – for visibility and expertise• Cooperation – On premises always-on immediate detection (including layer 7) – In-the-Cloud detection & mitigation for high rate attacks (link saturation) – More than Anti-DoS protection devices – WAF/NG-FW/IPS/Etc. 24
  • What is Missing? – ExmapleIsrael Attacks Example – Attackers Distribution • Usage of bots reduces Geo-IP importance d 25
  • DDoS Attack Tools Become Prevalent Public Attacks LOIC Mobile LOIC webLOIC Inner Circle AttacksNetwork Application Low & Slow Vulnerability based FloodUDP floods Dynamic HTTP floods Slowloris Intrusion attemptsSYN floods HTTPS floods Pyloris SQL InjectionsFragmented floods R.U.D.Y #RefRefFIN+ACK floods XerXes 26
  • Attack Mitigation System
  • Radware Attack Mitigation System (AMS) 31
  • Radware end-to-end mitigation solution On-premises protection against: • Application DDoS attacks • SSL based attacks Internet • Low & Slow attacksSSL attacks ISP Core Network Protection NBA Anti-DoS IPS In-the-cloud Anti-DoS Service Attack Mitigation System Anti-DoS Attack Mitigation System In-the cloud protection against: Customer site • Volumetric bandwidth attacks 32
  • Thank youZiv Ichilov zivi@radware.comDefensePro Product Manager, Radware