• Save
Security Wars
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Security Wars

on

  • 1,308 views

describing Internet security issued from aspects of the balance of light side and dark side of "hacker power"

describing Internet security issued from aspects of the balance of light side and dark side of "hacker power"

Statistics

Views

Total Views
1,308
Views on SlideShare
1,303
Embed Views
5

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 5

http://www.slideshare.net 3
http://www.linkedin.com 2

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security Wars Presentation Transcript

  • 1. Security Wars Ikuo Takahashi
  • 2. A long time ago in a network far ,far away The word “hacker”used to be a respectful word for the master of computer.However many hackers fell into the Dark World led by dark side of their power-anger, exhibitionism and temporary joy. Internet has been messed up by the unprecedented attacks from people who covet the Internet by lust, people who impose on others for economic interests, people who juggle with the bot. This "Saga" is about the epic of the battle with the society, Engineers who crossed the line of social activity, and ISP who stand up against the messed up Internet. ……………… .. ハッカーは、選ばれし者。 多数の者が、怒り、自己顕示欲、楽しみのために堕ちていった。 社会は、暗黒の技術者と永遠の初心者からネットワークを 守る決心をした。
  • 3. Episodes
    • Episode 1 Dark side of Hackers
      • dark side hackers
      • Society’s decision
    • Episode 2 Attack of anonymous troops
      • Attackers and “forever beginner”
      • Messed Internet
    • Episode 3 Repair or Despair
      • Beyond secrecy of communication
      • Grief of ISP
    エピソートⅠ 闇に堕ちたハッカー エピソードⅡ 匿名軍団の攻撃 エピソードⅢ 希望か絶望か
  • 4. Episode 1 Dark Side of Hackers エピソートⅠ ハッカーと暗黒面
  • 5. Dark side of Hackers
    • Definition
      • A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
    • Refer; dark side of force
      • The Force has a "dark side", which feeds off emotions such as anger and fear from“wikipedia”
    ハッカーは、尊称であった 怒りや恐れから暗黒面に堕ちるのか
  • 6. “ Office” case in JP
    • Kawai (handle name “Office”)
      • office found the CGI vulnerability of webpage ASKACCS ( copyright. privacy BBS) operated ACCS
      • stolen the personal information of 1,200 people, including their names, addresses and phone numbers, from the Association of Copyright for Computer Software Web site between Nov. 6 and 8.
      • office unauthorised access at least four times using above way
      • On Nov.8,2003,Office taught people attending an event in Tokyo how to gain unauthorized access to computers at”A.D.2003”
      • explained the way of attack with ppt slide with actual personal information
      • Above ppt slide was downloaded by 12 persons
      • noticed the vulnerability to ACCS by e-mail in the evening of his presentation
      • Asahi newspaper reported on Jan.4,2004. “warning to vulnerability”
      • Police arrested Kawai on suspicion of breaking into computer and obstructing business.
    ACCS ハッカー事件 シンポジウムでの「侵入」事件の公表
  • 7. Hacking method-Office
    • cgi vulnerability
      • ACCS page’s posting form used the cgi for the confirming the contents of posting.
      • cgi’s vulnerability reveal the source of cgi when put the cgi into parameter.
      • confirm the file name where the excel file is stored.
      • If put the file name into cgi parameter,the contents of excel file is revealed.
    二つのステップを踏んで、エクセルファイルを取得
  • 8. Issues in Office’s case
    • applicability of Unauthorized access prohibition law
      • preparing the file,finally he put the file name to address bar.
    • obstructing the association's business-not prosecuted
    • freedom of expression and vulnerability information
    • ACCS as webhosting user
    • crisis communication of Kyoto university
    • injunction
    不正アクセス禁止法の適用、脆弱性情報の公開手法、メディア対応の問題など
  • 9. Sentenced guilty
    • Tokyo district court March25,2005
      • “ Access administrator didn’t authorise any people by this access activity.”
      • Viewing of cgi and this case log file were access controlled.”
    • Don’t misunderstand
      • He actually broke into computer.
      • He was not prosecuted in the security symposium presentation.
    アクセス管理者は、そのような行為によるアクセスは認めていない
  • 10. Tsunami hacker case in UK
    • Daniel Cuthbert
      • security consultant at ABN   Amro, lecturer at Westminster and Royal Holloway universities
    • convicted of breaking the Computer Misuse Act, fined £400, and ordered to pay £600 in costs.
    • December 31, 2004, Cuthbert became concerned that a website collecting credit card details for donations to the Tsunami appeal could be a phishing site.
    • After making a donation, and not seeing a final confirmation or thank-you page, Cuthbert put ../../../ into the address line.
    • Alarm of Intrusion Detection System at BT's offices and call the police.
    英国におけるツナミ ハッカー事件
  • 11. Winny Network
    • Application of Pure P2P network
    • Each nord duplicate file at back ground
    • Retrieve file via “Key file” which is encrypted.
    • Difficult to find first sender
    Winny ネットワーク P2P バックでの複製 暗号化 匿名性特徴 Key (summarized Information) Nord file Key (summarized Information)
  • 12. Winny programmer criminal case
    • Main case (Kyoto district court Nov.30,2004)
      • Two Winny users guilty for Winny to distribute twenty-eight movies and games (violation of copyright law).
    • Mr.Kaneko, programmer, was prosecuted
    • Cause of prosecution
      • Aiding and abetting two users
      • provide above two users to download the Winny2.Oβ 6.47
    正犯者事件あり 作者への刑事事件 「提供行為」についての違法性が認定されている
  • 13. Kaneko’s allegation
    • not guilty
      • merely experimenting with a new technology
      • not intend to promote any illegal activity
    金子氏は、無罪を主張
  • 14. Kyoto District court Dec.13,2006
    • Guilty convicted fined 1,500,000-($14,400)
    • mens rea
      • Recognition and admission
        • recognized
          • the program was used for transmitting copyright protected works by general public widely
        • admit
          • above situation and intentionally upload Winny program to the public.
    一五○万円の罰金 主観面において、当時の状況を認容して・アップロードして提供
  • 15. Comments
    • accused activity
      • providing the software
      • not making, developing
      • often misunderstood
    • misuse of anonymity
    • no software forensic technique in trial
    • Scope is not so wide
    公訴事実 状況を前提としてアップロード ( 誤解されがち ) ソースコードの鑑定はないのに意思を判断している
  • 16. Harada virus case introduced in Ms.Koyama’s presentation
    • Masato Nakatsuji,
      • 24- a graduate student at Osaka Electro-Communication University,
    • Guilty (Kyoto district May16,2008) -two years in prison, suspended for three years
    • spreading a virus
      • Motivation-”catch the eyes” from world
    • Cause of prosecution
      • – no anti-computer virus law
      • bedding it in an image from a Japanese animation film that he illegally copied and distributed over the Internet.
    原田ウイルス事件 ウイルス作成罪がない ( 日本 ) 自己顕示欲を認定
  • 17. Society’s Combat
    • Society have to combat against high tech crime.
      • In general, “Integrity” is most important security element.
    • vulnerability-Responsible disclosure
    • Cyber crime convention “hacker tool”
      • (JP) pending of amendment of criminal law& criminal procedure law; (political situation)
    「侵入者」への厳しい対処の必要性 脆弱性情報の開示への制限 サイバー犯罪条約
  • 18. Information Security Early Warning Partnership Discoverers of Vulnerability
    • Control the occurrence of computer security incidents through effective cooperation with related organizations
    • Built the international cooperation structure for vulnerability handling among JPCERT/CC, CERT/CC, and NISCC
    • Closed down many websites which announce vulnerability information
    • Have already received 120 pieces of vulnerability information since July, 2004
    Users (System Administrators, Individual Users, etc.) Foreign CSIRTs (CERT/CC, NISCC, etc.) Coordination IT Vendors Cooperation Vulnerability Information Portal Site (JVN) http://jvn.jp/ Vulnerability Information Countermeasures JPCERT/CC IPA Countermeasures System Integrators Countermeasures Vulnerability Information Countermeasures from METI presentation
  • 19. Outline of the Partnership Reporting Receiving Organization Discoverer (JPCERT/CC) Coordinating Organizations Notification Users [Web Applications] Reporting Notification [Software Products] Vendors Coordination Website Operation Manager Foreign CERTs System Integrators Coordinate SPREAD Publicity Portal Site (JPN: JP Vendor Status Notes) Publicity* (IPA) (IPA) Analysis Analyzing Organization - Governments - Companies - Individuals *: When personal data has leaked.
  • 20. Cyber Crime Convention
    • article 6 dual use
    • Each Party shall adopt such legislative and other measures as may be necessary to establish as criminal offences under its domestic law, when committed intentionally and without right:
    • a. the production, sale, procurement for use, import, distribution or otherwise making available of:
      • i. a device, including a computer program, designed or adapted primarily for the purpose of committing any of the offences established in accordance with Article 2 - 5;
    サイバー犯罪条約六条 ハッカーツールの禁止
  • 21. Computer Misuse Act through the Police and Justice Act 2006;
    • 3A Making, supplying or obtaining articles for use in offence under section 1 or 3
    • (1) A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending it to be used to commit , or to assist in the commission of, an offence under section 1 or 3.
    • (2) A person is guilty of an offence if he supplies or offers to supply any article believing that it is likely to be used to commit , or to assist in the commission of, an offence under section 1 or 3.
    • (3) A person is guilty of an offence if he obtains any article with a view to its being supplied for use to commit, or to assist in the commission of, an offence under section 1 or 3.
    • (4) In this section “article” includes any program or data held in electronic form.
    • (5) A person guilty of an offence under this section shall be liable—
      • (a) on summary conviction in England and Wales, to imprisonment for a term not exceeding 12 months or to a fine not exceeding the statutory maximum or to both;
      • (b) on summary conviction in Scotland, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both;
      • (c) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine or to both.”
    英国 コンピュータミスユース法の改正 悪用されるだろうという意識のもとでの提供が有罪とされる。作成については、犯罪利用目的が必要
  • 22. “ Hackers” concern
    • Academic curiosity
    • cannot predict the user’s activity.
    • How - draw the line?
    学術的研究なのに? 悪用の可能性まではビジョンを見れない? 一線を画す?
  • 23. guidelines for the application of Computer Misuse Act.
    • Prosecutors dealing with dual use articles should consider the following factors in deciding whether to prosecute:
      • Does the institution, company or other body have in place robust and up to date contracts, terms and conditions or acceptable use polices?
      • Are students, customers and others made aware of the CMA and what is lawful and unlawful?
      • Do students, customers or others have to sign a declaration that they do not intend to contravene the CMA?
    英国 コンピュータミスユース法の適用についてのガイドライン ちゃんとした会社なのか、CMAへの意識はどうか 違反意図はあるのか
  • 24. If you cannot find Mater Yoda,
    • The Council of Registered Ethical Security Testers (Crest)
      • On May,2008
      • Industrial standard
      • To standardize ethical penetration testing and provide professional qualifications for the testers
    倫理的セキュリティテスト評議会
  • 25. Sec Wars Episode2 Attack of anonymous troops エピソード2 匿名軍団の攻撃
  • 26. Anonymous Troops
    • Anonymous BBS
      • 2 channel
      • misuse of encryption e.g. overlay network
    • Bot Net
      • rental of attacking troops
    匿名軍団 ・匿名BBS ・ボットネット
  • 27. Change of backgrounds of Cyber crime
    • from curiosity, self exhibition
    • personal fun
      • individual attack
    • domestic
    • monetary greed
    • organisation crime
    • transborder
    サイバー犯罪の組織化・金銭目的化・国際化
  • 28. Dark side of Web 2.0
    • phising is dark “long tail”
    cannot be defraud defraud
  • 29. ISP’s Network Management Honey Pot ② infroamtion sharing A ブロック B ブロック C ブロック ADSL/ 光 ISP-A ISP-B ISP-C ・・ ・・ ISP-D DDoS! ・・ ① detection ・・ ・・ ? ? ? ? ・・
  • 30. Measure Site Honey pots PCs infected by Bot Programs ・・ ・・ Analysis of source attacking ISP !! Making removal tool 【 CCC Cleaner 】 Analysis Isolation Cyber Clean Center ② Number of unique specimens : 215,338 [Since a number of the specimens collected are the same, those that are identical in size and external characteristics are removed to separate unique specimens (binary files).] ④ Number of specimens reflected in removal tools: 7,833 [Unknown specimens are analyzed to create bot removal tools for those that are high-risk and currently infecting many PCs.] ⑤ Bot-removal tools Updated: 61 times [Bot-removal tools are updated every week.] ⑥ Security alerts: 232,487 times [This is the number of security alerts that cooperating ISPs provided to infected users.] Number of recipients: 54,703 ⑦ Ratio of security alert recipients who download bot-removal tools: 29% 1 2 3 4 8 Cyber Clean Center The Cyber Clean Center is a shared initiative of the Ministry of Internal Affairs and Communications and the Ministry of Economy, Trade and Industry. ① Total number of specimens collected: 7,673,279 [Specimens, such as bot programs are collected from among the countless (binary files).] ③ Number of unknown specimens : 10,082 [Unique specimens are examined using commercial anti-virus software, then those that are undetectable are separated.] Access Infected PC’s IP list ・ ・ ・ ・ 5 Security alert e-mail 6 Download removal tool 7 Total Downloads of Removal Tools : 385,046
  • 31. Conventional ways against phishing
    • Infringement of copyright
      • duplicate the “Logo” service mark of business
    • Anti-Spam Law
      • Amendment
      • To Opt in
    • OB25P block
    著作権侵害を理由とする刑事事件・特定電子メール法・ 25 番ポートブロック
  • 32. Examples against phishing
    • “ Yafoo!”false site
      • Tokyo District court, Sept 12, 2005
      • imprisonment 1 year and 10 months, suspension 4years
      • Unauthorised access prohibition law, infringement of copyright law
    • Organized Fraud group (eight persons prosecuted)
      • Find the actual criminal via Internet
      • Kyoto District court,March 2007,8 years imprisonment
  • 33. Episodes3 Repair or Despair エピソード3    希望か絶望か
  • 34. Paradigm shift to Mass Internet society
    • Concept of Internet Society
      • “ Jefferson Democracy” as Ideal
        • “ Thomas” of Congress Database
        • Based on rich educated
        • Self fulfillment and self governance
        • Netizen and Netiquette
    • Mass Internet Society
      • “ forever beginner”
      • Mass society
      • “ anonymous coward”
      • No Self-fulfillment & governance
      大衆インターネット社会へのパラダイムシフト ・ジェファーンデモクラシー 自己実現 自己統治 ・「永遠のビギナー」「匿名の卑怯者」
  • 35. “ Weapon” of Cyber Attack
    • “ Transborder”
      • difficulties of international cooperation of law enforcement activities
    • “ Anonymity”
      • economic hurdle to trace wrongdoer.
      • privacy of communication is barrier to defense activities.
  • 36. Is this WAR?
    • Presumably
      • Start from actual fact.
    • definition of “War”
    • Defend the mass user
  • 37. How to “repair” the Internet
    • Defense concept
      • from reactive to proactive
    • against misuse of transborder character
    • against misuse of anonymity
  • 38. Rediscover of Communication sovereign -role of sovereign-
    • “ Constitution of the International Telecommunication Union”
      • Article 34 bis Member States also reserve the right to cut off, in accordance with their national law, any other private telecommunications which may appear dangerous to the security of the State or contrary to its laws, to public order or to decency.
      • Article 35 Each Member State reserves the right to suspend the international telecommunication service, either generally or only for certain relations and/or for certain kinds of correspondence, outgoing, incoming or in transit, provided that it immediately notifies such action to each of the other Member States through the Secretary-General.
  • 39. concept of proactive defense
    • ISP activity
      • security
      • phishing
      • inappropriate information
      • copyright
    • Domain Registrar's take down procedure
  • 40. ISP’s issue
    • take down the Phishing site
      • Information sharing
      • ISP can delete phishing information file legally. ”Present status of Phishing and direction of ISP’s counter measure” issued by Ministry of Internal Affairs and Communication(Aug,2005)
    • warning user whose PC is infected virus.
    • warning copyright infringing user
    • Throttling the P2P traffic
    フィッシングの遮断 ウイルス感染 PC のお知らせ P2P トラフィックの制限?
  • 41. ISP against dogma (JP) “secrecy of communication “
    • Secrecy of communication
      • Electronic communication business law sec.4
    • Dogma
      • ISP can act as long as the “defence” stands.
        • Appropriate business activity
        • Self defence
        • crime prevention
    通信の秘密のドグマとの闘い ・電気通信事業法4条 ・違法性阻却事由のなかでの活動
  • 42. Development of Dogma
    • No distinction between content and communication data
      • Traffic data is too protected
        • Warrant is necessary for search of traffic data in criminal case
        • Disclosure procedure of sender is useless
      • Chilling effect to ISP
        • Ambiguous legality of ISP’s management activities
    ドグマの肥大化 ・通信データへの適用  法執行への制限 匿名性強化 発信者情報開示-無用さ ・ISPへの萎縮効果
  • 43. Beyond the dogma
    • JP
      • Warrant for search of traffic data
      • Disclosure procedure of sender is useless
      • Ambiguous of ISP’S management activities
    • US/UK
      • Subpoena for traffic data (civil)
      • Subpoena for account information and §2703 (d) order (criminal)
      • ISP’s code of Practice   in UK
    ドグマを超えるために ・米国における提出命令制度・d命令 ・ISPの行為規範
  • 44. US network and privacy (civil org.) subpoena (LE) subpoena/ (d)order (civil org.)? (LE) Pen register/Trace Trap Order ? Aggressive acquisition Communication data (LE) search warrant/subpoena with notice compulsory (LE) Title 3(Interception) 、 FISA (civil org.) Prohibited/ exception (LE) ditto. Voluntary disclosure (civil org.) ? (LE) consent exception, computer intruder exception Network Neutrality Provider exception content disclosure use acquisition Stored communication real time
  • 45. ISP’s role
    • ISP as a guardian
      • Shut down the attacking traffic
      • Shut down Phishing mail
      • Delete the defamation message
      • Control Copyright infringing contents (EU copyright enforcement directive)
        • We have to decide whether we admit such ISP’s role.
    • Co-operation with Law Enforcement
        • Cooperation against CybercrimeTuesday 1 - Wednesday 2 April 2008 Council of Europe, Strasbourg, France
        • Find  - Peter Cassidy, Secretary General, Anti Working Phishing Group
    ISPの後見人としての役割 ・攻撃トラフィックの遮断 ・フィッシングメールの遮断 ・名誉毀損文言の削除 ・著作権侵害のコントロール LEとの協力
  • 46. Copyright Guardian?
    • Three strike law
      • France
        • “ If You P2P Download In France: No Internet For You”
      • UK
      • Judgement in Belgium, Denmark
        • “ Belgium Says ISPs Must Protect Copyright”
        • IFPI Forces Danish ISP to Block The Pirate Bay
      • Disconnect Finland
    著作権制度の擁護者?
  • 47. ISP’s grief
    • Does not intend to regulate “Freedom of speech” concepts
    • How to control?
    • What control?
    • Who control?
    • Who pay for costs?
    ISPの悲しみ ・言論の自由の制限のつもりはない ・どのように・何を・コストは誰が
  • 48. CU @Episode 4 May the Force be with U! どのようなエピソード4を描けるのか