Sec Wars Episode 3


Published on

Describing the paradigm shift of Information security at Mass Internet age.

Bot Net Order look like Order 66.
What are "New Hopes " of cyber warfare ?

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sec Wars Episode 3

  1. 1. Security Wars episode 3 Revenge of Myth. Ikuo Takahashi
  2. 2. A long time ago in a network far ,far away Internet has been messed up by the unprecedented attacks from people who covet the Internet by lust, people who impose on others for economic interests, people who juggle with the bot. The society has made up the mind to defend the Internet. However, conventional law enforcement measures are useless against organized attack such as phishing and botnet. Is messed up Internet dying to Wild World Web? How can we repair the Internet ? ……………… ..
  3. 3. previously Security Wars <ul><li>Episode 1 Dark side of Hackers </li></ul><ul><ul><li>dark side hackers </li></ul></ul><ul><ul><li>Society’s decision </li></ul></ul>エピソートⅠ 闇に堕ちたハッカー
  4. 4. Sec Wars Episode 2 Attack of anonymous troops エピソード2 匿名軍団の攻撃
  5. 5. Anonymous Troops <ul><li>Cyber Attack as Organized Crime </li></ul><ul><li>Anonymity </li></ul><ul><ul><li>2 channel </li></ul></ul><ul><ul><li>misuse of encryption e.g. overlay network </li></ul></ul><ul><li>Order “Bot Net” </li></ul><ul><ul><li>rental of attacking troops </li></ul></ul>匿名軍団 ・匿名BBS ・ボットネット
  6. 6. Change of backgrounds of Cyber crime <ul><li>from curiosity, self exhibition </li></ul><ul><li>personal fun </li></ul><ul><ul><li>individual attack </li></ul></ul><ul><li>domestic </li></ul><ul><li>organisation crime </li></ul><ul><li>monetary greed </li></ul><ul><li>transborder </li></ul>サイバー犯罪の組織化・金銭目的化・国際化
  7. 7. Order 66 vs ”Bot net” Order <ul><li>Order 66 </li></ul><ul><ul><li>Holoscan appeared on the palm of his gauntlet ”It is time ” the holoscan said.” Execute Order Sixty-Six ” </li></ul></ul><ul><ul><li>Standing Order Number One was,apparently,Kill Everything That moves. </li></ul></ul><ul><ul><li>Combat droids were equipped with sophisticated self-motivators that kicked in automatically. </li></ul></ul><ul><ul><ul><li>Star Wars ep3 Chapter 18 </li></ul></ul></ul><ul><li>Bot net Order </li></ul><ul><ul><li>Bot net were equipped to attack the target by D-Dos or posting spam </li></ul></ul><ul><ul><li>They communicate each other with sophisticated self-motivators that kicked in automatically. They change their using port or protocol in order to hide themselves. </li></ul></ul>
  8. 8. Order “Bot Net” & ISP’s Network Management Honey Pot ② infroamtion sharing A ブロック B ブロック C ブロック ADSL/ 光 ISP-A ISP-B ISP-C ・・ ・・ ISP-D DDoS! ・・ ① detection ・・ ・・ ? ? ? ? ・・
  9. 9. Dark side of Web 2.0 <ul><li>phishing is dark “long tail”- </li></ul><ul><ul><li>abuse of long tail effect </li></ul></ul>cannot be defraud defraud
  10. 10. Conventional ways against phishing <ul><li>Infringement of copyright </li></ul><ul><ul><li>duplicate the “Logo” service mark of business </li></ul></ul><ul><li>Anti-Spam Law </li></ul><ul><ul><li>Amendment (May 30,2008) </li></ul></ul><ul><ul><ul><li>From “Opt out” to “Opt in” </li></ul></ul></ul><ul><ul><ul><li>strengthen enforcement of law </li></ul></ul></ul>著作権侵害を理由とする刑事事件・特定電子メール法
  11. 11. Actual cases 1 <ul><li>“ Yafoo!” false site </li></ul><ul><ul><li>Accused duplicated the homepage of Yahoo company without authorisation, publish “Yafoo” webpage and unauthorised accessed real Yahoo site with ID and passwords which he stole with above false site. </li></ul></ul><ul><ul><li>Tokyo district court Judgement Sep.12,2005 </li></ul></ul><ul><ul><ul><li>violation of Anti illegal access law and copyright law </li></ul></ul></ul><ul><ul><ul><li>imprison 1 year and 10months /suspended 4 years </li></ul></ul></ul>
  12. 12. Actual cases 2 <ul><li>Phishing fraud gangsters </li></ul><ul><ul><li>8 persons were prosecuted </li></ul></ul><ul><ul><ul><li>stealing the personal information of some 1,000 people since last year and to have defrauded some 700 people out of about 100 million yen by using the data </li></ul></ul></ul><ul><ul><ul><li>using Internet BBS to recruit members </li></ul></ul></ul><ul><ul><li>First -Takayuki Matsuoka- </li></ul></ul><ul><ul><ul><li>leader of group </li></ul></ul></ul><ul><ul><ul><li>April 18,2006 Kyoto district court </li></ul></ul></ul><ul><ul><ul><ul><li>imprison 4 years and three million yen monetary penalty </li></ul></ul></ul></ul>組織犯罪としてのフィッシング
  13. 13. Limitation of conventional measure <ul><li>After battle of Mustafer, many Jedi and Padaone were killed. </li></ul><ul><ul><li>Emperor’s tactical enterprise. </li></ul></ul><ul><li>Master Yoda </li></ul><ul><ul><li>“ My failure,this was.Failed the Jedi.I did.” </li></ul></ul><ul><ul><li>“ Too old I was””Too rigid. Too arrogant to see that the old way in not the only way” </li></ul></ul><ul><li>Law enforcement system </li></ul><ul><ul><li>recover actual damage </li></ul></ul><ul><ul><li>punish wrongdoer </li></ul></ul><ul><ul><li>ability to trace wrongdoer </li></ul></ul><ul><li>not effective </li></ul><ul><ul><li>international organisation crime </li></ul></ul>
  14. 14. Episodes3 Revenge of Myth. エピソード3    通信の秘密の足かせ
  15. 15. Paradigm shift to Mass Internet society <ul><li>Concept of Internet Society </li></ul><ul><ul><li>“ Jefferson Democracy” as Ideal </li></ul></ul><ul><ul><ul><li>“ Thomas” of Congress Database </li></ul></ul></ul><ul><ul><ul><li>Based on rich educated </li></ul></ul></ul><ul><ul><ul><li>Self fulfillment and self governance </li></ul></ul></ul><ul><ul><ul><li>Netizen and Netiquette </li></ul></ul></ul><ul><li>Mass Internet Society </li></ul><ul><ul><li>“ forever beginner” </li></ul></ul><ul><ul><li>Mass society </li></ul></ul><ul><ul><li>“ anonymous coward” </li></ul></ul><ul><ul><li>No Self-fulfillment & governance </li></ul></ul>  大衆インターネット社会へのパラダイムシフト ・ジェファーンデモクラシー 自己実現 自己統治 ・「永遠のビギナー」「匿名の卑怯者」
  16. 16. Defend “Innocent User (Forever Beginner)” <ul><li>“ Research Group concerning next generation information security policy” (MIC) </li></ul><ul><ul><li>(Jisedai no jyohou security seisaku ni kansuru kenkyukai houkokusyo) Soumusho </li></ul></ul><ul><ul><li>User who is not highly conscious to information security or highly skilled. </li></ul></ul><ul><ul><li>They (e.g. retired post war generation) are joining to network community. </li></ul></ul><ul><li>Start from actual facts </li></ul>
  17. 17. “ Weapon” of Cyber Attack <ul><li>“ Transborder” </li></ul><ul><ul><li>difficulties of international cooperation of law enforcement activities </li></ul></ul><ul><li>“ Anonymity” </li></ul><ul><ul><li>economic hurdle to trace wrongdoer. </li></ul></ul><ul><ul><li>privacy of communication is barrier to defense activities. </li></ul></ul>
  18. 18. Is this WAR? <ul><li>Presumably </li></ul><ul><ul><li>Start from actual fact. </li></ul></ul><ul><li>definition of “War” </li></ul><ul><ul><li>“ asymmetric war” </li></ul></ul><ul><ul><li>no nation, no blood </li></ul></ul><ul><li>Defend the “Innocent User” </li></ul><ul><ul><li>Refer; “Wire fraud recovery Act” </li></ul></ul><ul><li>“ Victory?” Yoda echoed with great skepticism. ”The shroud of the dark side has fallen. Begun,this clone War has!” </li></ul><ul><ul><li>Master Yoda after “War of Geonosis” </li></ul></ul>
  19. 19. How to “repair” the Internet <ul><li>Defense concept-”Cloud defense” </li></ul><ul><ul><li>from client to “in the cloud” </li></ul></ul><ul><ul><li>from reactive to proactive </li></ul></ul><ul><ul><li>compare “ furikome sagi -telephone fraud” </li></ul></ul><ul><li>against misuse of transborder character </li></ul><ul><li>against misuse of anonymity </li></ul>
  20. 20. Suggestions from War against ” furikome – fraud ” <ul><li>furikome – fraud ” </li></ul><ul><ul><li>spohisticated telephone fraud </li></ul></ul><ul><ul><li>organization crime-affiliated group of Yakuza </li></ul></ul><ul><li>Against ” furikome – fraud ” </li></ul><ul><ul><li>national movement, culture-kind warnings </li></ul></ul><ul><ul><li>“ to prevent your parents” </li></ul></ul><ul><ul><li>legal defense </li></ul></ul>
  21. 21. Suggestions from War against ” furikome – fraud ” legal aspect <ul><li>against “furikome – fraud ” </li></ul><ul><ul><li>multiple package of legal methods </li></ul></ul><ul><li>Identifying account holder law (amended 2004) </li></ul><ul><li>Anti misuse of cellphone law(2005) </li></ul><ul><ul><li>request IDs @ contract of cellphpne </li></ul></ul><ul><ul><li>Chief of police ask ISP to produce account information </li></ul></ul><ul><li>Remedies of damage from furikome – fraud law (2008) </li></ul><ul><ul><li>freeze the criminal’s account </li></ul></ul><ul><ul><li>distribute the assets of account by easy way </li></ul></ul>
  22. 22. The Other Star Wars concept <ul><li>Strategic Defense Initiative </li></ul><ul><ul><li>proposal by U.S. President Ronald Reagan on March 23, 1983[1] to use ground and space-based systems to protect the United States from attack by strategic nuclear ballistic missiles. </li></ul></ul>
  23. 23. Rediscover of Communication sovereign -role of sovereign- <ul><li>“ Constitution of the International Telecommunication Union” </li></ul><ul><ul><li>Article 34 bis Member States also reserve the right to cut off, in accordance with their national law, any other private telecommunications which may appear dangerous to the security of the State or contrary to its laws, to public order or to decency. </li></ul></ul><ul><ul><li>Article 35 Each Member State reserves the right to suspend the international telecommunication service, either generally or only for certain relations and/or for certain kinds of correspondence, outgoing, incoming or in transit, provided that it immediately notifies such action to each of the other Member States through the Secretary-General. </li></ul></ul>
  24. 24. Inspection of border <ul><li>Quarantine Law </li></ul><ul><ul><li>The objective of this law is to prevent pathogen causing infectious diseases nonexistent in Japan from entering the country through vessels or aircraft, and to take measures necessary for prevention of other infectious diseases borne through vessels or aircraft. </li></ul></ul><ul><li>How about communication? </li></ul><ul><ul><li>Information security 80% from outside Japan </li></ul></ul><ul><ul><li>contents </li></ul></ul><ul><ul><li>execution of sovereign-wide discretion </li></ul></ul>
  25. 25. Concept of proactive defense <ul><li>ISP activity </li></ul><ul><ul><li>security </li></ul></ul><ul><ul><li>phishing </li></ul></ul><ul><ul><li>inappropriate information </li></ul></ul><ul><ul><li>copyright </li></ul></ul><ul><li>Domain Registrar's take down procedure </li></ul>
  26. 26. ISP against Myth.-dogma (JP) “secrecy of communication “ <ul><li>Secrecy of communication </li></ul><ul><ul><li>Electronic communication business law sec.4 </li></ul></ul><ul><li>Dogma </li></ul><ul><ul><li>Intermediates cannot reveal the sender information </li></ul></ul><ul><ul><li>ISP can act as long as the “defence” stands. </li></ul></ul><ul><ul><ul><li>Appropriate business activity </li></ul></ul></ul><ul><ul><ul><li>Self defence </li></ul></ul></ul><ul><ul><ul><li>crime prevention </li></ul></ul></ul>通信の秘密のドグマとの闘い ・電気通信事業法4条 ・違法性阻却事由のなかでの活動
  27. 27. Development of Dogma <ul><li>No distinction between content and communication data </li></ul><ul><ul><li>Traffic data is too protected </li></ul></ul><ul><ul><ul><li>Warrant is necessary for search of traffic data in criminal case </li></ul></ul></ul><ul><ul><ul><li>Disclosure procedure of sender is useless </li></ul></ul></ul><ul><ul><li>Chilling effect to ISP </li></ul></ul><ul><ul><ul><li>Ambiguous legality of ISP’s management activities </li></ul></ul></ul>ドグマの肥大化 ・通信データへの適用  法執行への制限 匿名性強化 発信者情報開示-無用さ ・ISPへの萎縮効果
  28. 28. Two aspects of Secrecy of Communication <ul><li>Traceability </li></ul><ul><ul><li>(civil) difficult to file a litigation against sender </li></ul></ul><ul><ul><li>(criminal) LEA have to overcome high barrier </li></ul></ul><ul><li>No control or restriction of contents </li></ul><ul><ul><li>censorship </li></ul></ul><ul><ul><li>historical issue </li></ul></ul>追跡可能性と伝達の保証
  29. 29. Traceability <ul><li>differences –mixi v. LinkedIn </li></ul><ul><li>economical cost </li></ul><ul><li>“ Such cost is expensive by far in Japan” </li></ul>
  30. 30. Traceability -Beyond the dogma <ul><li>JP </li></ul><ul><ul><li>Warrant for search of traffic data </li></ul></ul><ul><ul><li>Disclosure procedure of sender is useless </li></ul></ul><ul><ul><li>Ambiguous of ISP’S management activities </li></ul></ul><ul><li>US/UK </li></ul><ul><ul><li>Subpoena for traffic data (civil) </li></ul></ul><ul><ul><li>Subpoena for account information and §2703 (d) order (criminal) </li></ul></ul><ul><ul><li>ISP’s code of Practice   in UK </li></ul></ul>追跡可能性におけるドグマを超えるために ・米国における提出命令制度・d命令 ・ISPの行為規範
  31. 31. US network and privacy real time Stored communication acquisition use disclosure content Provider exception Network Neutrality Voluntary disclosure (civil org.) ? (LE) consent exception, computer intruder exception (civil org.) Prohibited/ exception (LE) ditto. compulsory (LE) Title 3(Interception) 、 FISA (LE) search warrant/subpoena with notice Communication data Aggressive acquisition ? (civil org.)? (LE) Pen register/Trace Trap Order (civil org.) subpoena (LE) subpoena/ (d)order
  32. 32. ISP’s cooperation <ul><li>Co-operation with Law Enforcement </li></ul><ul><ul><ul><li>Cooperation against CybercrimeTuesday 1 - Wednesday 2 April 2008 Council of Europe, Strasbourg, France </li></ul></ul></ul><ul><ul><ul><li>Find  - Peter Cassidy, Secretary General, Anti Working Phishing Group </li></ul></ul></ul>ISPとLEとの協力
  33. 33. Against illegal/inappropriate traffic <ul><li>“ traffic” </li></ul><ul><ul><li>not only content </li></ul></ul><ul><ul><ul><li>traffic itself become weapon of attack </li></ul></ul></ul><ul><li>“ illegal” and “Inappropriate” </li></ul><ul><li>History </li></ul><ul><ul><li>Telegram Act article 5 (prohibition of communication) was deleted in 1952at the introduction of Public Electronic Telecommunication Law. </li></ul></ul><ul><ul><li>Authority might order the prohibition from“public safety or good order” </li></ul></ul>
  34. 34. Framework against illegal / inappropriate information against public order misc illegal infringing right harmful to juvenile ISP may delete on contract. disclose suicide information filtering by disclose of sender ISP may delete on contract. ISP may delete on contract. illegal inappropriate
  35. 35. ISP’s issue against illegal traffic <ul><li>take down the Phishing site </li></ul><ul><ul><li>Information sharing </li></ul></ul><ul><ul><li>ISP can delete phishing information file legally. ”Present status of Phishing and direction of ISP’s counter measure” issued by Ministry of Internal Affairs and Communication(Aug,2005) </li></ul></ul><ul><li>warning user whose PC is infected virus. </li></ul><ul><li>warning copyright infringing user </li></ul><ul><li>Throttling the P2P traffic </li></ul>フィッシングの遮断 ウイルス感染 PC のお知らせ P2P トラフィックの制限?
  36. 36. “ Revenge” of secrecy of communication <ul><li>ISP cannot refuse to deliver illegal traffic. </li></ul><ul><ul><li>right of intermediates vs. privacy of parties? </li></ul></ul><ul><ul><li>based on contracts? </li></ul></ul><ul><ul><li>waiver of privacy ? </li></ul></ul><ul><li>compare </li></ul><ul><ul><li>real flu virus/ Post office may refuse (Postal law) </li></ul></ul><ul><ul><li>duties to avoid jamming (Electronic wave law) </li></ul></ul>
  37. 37. Interpretation of secrecy of communication <ul><li>Three elements </li></ul><ul><ul><li>“ actively acquire” </li></ul></ul><ul><ul><ul><li>How about ping? </li></ul></ul></ul><ul><ul><li>“ unauthorised disclose” </li></ul></ul><ul><ul><ul><li>coordinated response ? </li></ul></ul></ul><ul><ul><li>“ Use for self or others” </li></ul></ul><ul><ul><ul><li>public purpose? </li></ul></ul></ul><ul><li>There is no official interpretation at the Internet era. </li></ul>
  38. 38. More burden <ul><li>Block the illegal traffic ? </li></ul><ul><ul><li>Blocking child porno. </li></ul></ul><ul><ul><ul><li>world trend </li></ul></ul></ul><ul><ul><ul><li>Germany </li></ul></ul></ul><ul><ul><ul><ul><li>In Germany, based on the initiative of the Federal Ministry of Family Affairs,Senior Citizens, Women and Youth (BMFSFJ), the government has had discussions for several months now on how to block child pornography sites hosted on servers outside of the country. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>UK via IWF (cleanfeed) </li></ul></ul></ul></ul><ul><ul><li>Copyright guardian. </li></ul></ul>
  39. 39. Copyright Guardian? <ul><li>Three strike law </li></ul><ul><ul><li>France </li></ul></ul><ul><ul><ul><li>3 strikes law pass Parliament (May 13.2009). </li></ul></ul></ul><ul><ul><ul><li>&quot;Creation and Internet&quot; law has finally been adopted by the National Assembly. </li></ul></ul></ul><ul><ul><li>UK </li></ul></ul><ul><ul><ul><li>Agreement between ISP and copyright holder. </li></ul></ul></ul><ul><ul><li>Judgement in Belgium, Denmark </li></ul></ul><ul><ul><ul><li>“ Belgium Says ISPs Must Protect Copyright” </li></ul></ul></ul><ul><ul><ul><li>IFPI Forces Danish ISP to Block The Pirate Bay </li></ul></ul></ul><ul><ul><li>Disconnect Finland </li></ul></ul>著作権制度の擁護者?
  40. 40. ISP’s grief <ul><li>Vador didn’t intend to kill Padome. </li></ul><ul><ul><li>“ I’m very sorry, Lord Vador.(..) It seems in your anger, you killed her” </li></ul></ul><ul><li>“ No…no. it is not possible” (ep3) </li></ul><ul><ul><li>Darth Vader </li></ul></ul>ISPの悲しみ ・言論の自由の制限のつもりはない ・どのように・何を・コストは誰が Does not intend to regulate “Freedom of speech” concepts How to control? What control? Who control? Who pay for costs?
  41. 41. CU @Episode 4 May the Force be with U! どのようなエピソード4を描けるのか