CYBER CRIME & CYBER WAR
English . Reality . Data
• Purely academic debate. Do not read otherwise
• No room for discussion, but for arguments.
• My opinion on a deck and your opinion as voice
• Abuse of English
• Based on evidence ?
• Fact vs Fiction
• Cyber Crime Business Models
• Budget Meeting
• I am Uday
• I work as a pen tester
• Currently into Data Analysis & Machine Learning Learning
• Yawn, Steam, Argue, Debate, Learn
• Big Data can change the world or solve some problems.
• Big data for hacking ? People are really doing that.
• Alejandro Caceres http://www.hyperiongray.com/
BEFORE WE START, PLEASE BE ASSURED
• All my words are an outcome of months of research
• We are always assured
• “The president of India would be visiting Hyderabad
tomorrow” and I have this information from an impeccable
source from the president’s staff at Rastrapathi Bhavan
HOW DOES ASSURANCE WORK ?
• Authoritative speech powerful enough to make me believe
that men are from mars and aliens are from earth
• When assured, there is no question left to ask
ASSURANCE & CYBER WAR
• Are we being assured that Cyber War is in progress ?
• Audience: What is Cyber War ?
• Audience: What is Cyber Crime ?
• Espionage vs Cyber War vs Cyber Crime ?
• Your responses are invaluable!
WHO HAS DEFINED CYBER WAR
• International Laws are still WIP
• Has EU or US declared definitions ? The answer is no.
• What has been taken into account to call this as a war ?
THE ‘ULTIMATELY’ JUSTIFICATION
• Ultimately, Cyber Wars have a toll on our daily lives.
WHATEVER HAPPENS ONLINE WITH US
• Is not cyber war
• Is not Cyber Terrorism
• Could be Cyber Bullying
• Could be violation of privacy
• Could have legal implications
• Could be cumbersome
• Affects our personal lives indirectly especially longterm
• Do We have some data as evidence to argue upon ?
• Yes we do!
• Measuring Pay-per-Install: The Commoditization of Malware Distribution
• White Paper fromJuan Caballero, Chris Grier, Christian Kreibich, Vern
• Is this Authentic data ?
• Please be assured that this is more genuine than pure cocaine
CRIME AS A BUSINESS MODEL
• Can I design crime ?
• Instance: CarderPlanet.com
• PPI Model – Pay Per Install
• Exploit as a service
• Malware is the new commodity
• Better off than your shares and market
• Who the bullish ? What the bearish ?
• What is this PPI Market
• I am the bad
Service • I run the show
WHAT IS THIS BUSINESS MODEL ?
• This is one observed business model that generates the
• Offerings are highly customized
ARTICLE A YEAR AGO
• IAmA a malware coder and botnet operator, AMA
• TOR + Dedicated Enhanced Service
• Stealthy really
• Past present Future
• Corrupted Pointer, Uninitialized Pointer Access, Out of bounds
• Subversion of logic
• This is relevant even today even after 20 years
SO WHAT DEFINITION IS WRONG ?
• Cyber War vs Cyber Crime
• We have never had a Cyber War yet
• This comes from the definition of traditional war
• We can have a separate debate on this
• When a conventional war follows the strategy of “Greater the
offense, Greater the defense”, Cyber War is opposite.
• Many people are using this word already & extensively
• David Rappaport has not coined this term.
• I believe that the word “Cyber Terrorism” is completely wrong.
• You can have your view.
• $100-180 for Unique thousand installs, This is for US/UK/Europe
• $7-8 is the lowest for the same service, least popular
• Rivalry in PPI
• Often difficult to validate on the installs when using two rival
• Affiliates receive credit for confirmed Installs
• To build botnet variants
• Instance zbot
• This is not an exhaustive talk on cyber crime
• We can have a dedicated session for a deep dive on cyber
• Let’s quickly see what someone from NATO has to say