Cyber Crime : Incident Highlights of 2011-2012


Published on

Presentation highlighting incidents from the Web Hacking Incident Database over the last 18 months. Incidents only from WHID an project started by the Web Application Security Consortium. Source : Embedded video link: (not vewable in the ppt. )

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cyber Crime : Incident Highlights of 2011-2012

  1. 1. Nullcon 2012International Security Conference
  2. 2. What is the talk about?•Only reported incidents•Mostly pertaining to government and corporate establishments.What is the Talk not about?•Unreported activities of intelligence agencies•Data gatheredIntelligence agencies
  3. 3. Who am I?
  4. 4. Hacked IndustriesHealthcare Automotive Hospitality Internet Credit Card Issuer Service Provider Education Finance Government Music Sports
  5. 5. Hacked IndustriesUnited States Search Engines Newspaper University Recruitment Web 2.0 Travel Social Networking Internet Service Provider News Entertainment
  6. 6. Statistics Application Weakness in the Outcome in the Year 2011-12 Year 2011-12 Miscellaneous Defacement Monetary Loss 13% 16% Improper IO 7% Misc Handling(IPV,ITLP,PRL 25% Planting of etc) Malware 41% 7% Downtime Leakage of 30% Information Insufficient 27% Inefficient Anti- AAA Automation 7% 27% Source :
  7. 7. StatisticsAttack Entity Geography Year Attacked Entity Field in Year 2011-12 2011-12 Australia Europe Government 4% 17% 24% North America Misc (Retail, 44% 36% Education Asia 3% 19% Technology 20% Entertainment Africa South America 9% 3% 13% Finance 8% Source :
  8. 8. Reasons why cybercrimes occur? Monetary Hackers steal $6.7M in cyber bank 1st April 2012 robbery all this over new year breakMonetary (Computer hacker tries to steal$1.8 million from Arlingtons bank account Jan 18th 2012
  9. 9. Reasons why cybercrimes occur? Recognition Hactivism: DOS/DDOS Attacks April 2012, February 2012, June 2011 CIA website Downed by Anonymous on three occasions
  10. 10. Reasons why cybercrimes occur? Political North Korea, South Korea
  11. 11. Reasons why cybercrimes occur? PoliticalGeopolitical rivalry manifesting in corporate cybercrime3rd January 2012 Saudi Hackers Post Israeli Credit CardNumbers Online Intelligence:FBI Partner website hacked FBI Partner Organization Website Dayton FBI partner website hacked
  12. 12. Reasons why cybercrimes occur? Defacement 27th April 2012 Taliban Website Hacked As Afghan Cyberwar Heats
  13. 13. Reasons why cybercrimes occur? Fun black hat/ white hat/GreyHat?? January 2012 to March 2012 15-year-old arrested for hacking 259 companies Google kills Iranian blog with 3 million hacked bank accounts
  14. 14. Anonymous video : anonymous message to the world and CIA who are they?“First, who is this group called Anonymous? Put simply, it is aninternational cabal of criminal hackers dating back to 2003, who haveshut down the websites of the U.S. Department of Justice and theF.B.I. They have hacked into the phone lines of Scotland Yard. They areresponsible for attacks against MasterCard, Visa, Sony and theGovernments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya,Iran, Chile, Colombia and New Zealand. ” —Canadian MP Marc Garneau, 2012
  15. 15. Hacktivist Group
  16. 16. AnonymousGovt site taken down in censorship protest - Jun 10, 2012
  17. 17. Hacks in 2012CSLEA hack Taking down Monsantos Hungarian websiteOccupy Nigeria Symantec source code leakOperation Megaupload April 2012 Chinese attackAnti-ACTA activism in EuropeOperation Russia Operation Bahrain and Formula One attacksBoston Police Department attacks Occupy PhilippinesSyrian Government E-mail Hack Operation IndiaAntiSec Leak and CIA Attack Operation QuebecInterpol Attack Operation JapanAIPAC Attack Operation AnaheimVatican website DDoS Attacks AAPT attackBureau of Justice leak Operation Myanmar
  18. 18. Case 1 Tunisian GovernmentDate :18 December 2010 – 14 January 2011who:Tunisian Revolution• 8 websites affected (including, the president, prime minister, ministry of industry, ministry of foreign affairs, and the stock exchange.)• Ben Alis administration has tightly restricted the flow of information out of Tunisia• Reports of civil disobedience and police action filtered out on Twitter.• Anonymous claimed responsibility for the cyber attack (called it #OpTunisia)• Part of #OpPayback, initially aligned with wikileaks (Zimbabwe) then the people of Tunisia.• felt government had unilaterally declared war on free speech, democracy, and even [its] own people".• "Cyber attacks will persist until the Tunisian government respects all Tunisian citizens right to free speech and information and ceases the censoring of the internet".
  19. 19. Case 2 GovernmentDate :09/12/11who:Congress Website hacked( & Gandhi profile changed with oneparagraph of obscene Language.(Photo of Sonia Gandhi)why:KapilSibal asked social media networks, including Facebook,Twitter and Google, to remove offensive material from their websites.Interesting Fact :
  20. 20. Case 3 GovernmentDate :Dec 2010- Jun 2011who:117 Govt. of India Websites (NIC, Army, CBI)Group responsible:Indian offshoot of Anonymous, PCA(well….at least reportedly, alsohacked 270 other sites)why:Retaliation for ICAs Attack on 26/11/10Interesting Fact :Indian government departments and agencies do not follow theprocedures set for regular audits of the sites
  21. 21. Case 1 CorporateDate :15/01/12who:Zappos (Aquired by Amazon since 2008)what:24m Records Breached Information including names, emailaddresses, billing and shipping addresses, phone numbers, thelast four digits of credit card numbers, and encrypted passwordsmay have been day vulnerabilityInteresting Fact :
  22. 22. Case 2 CorporateZuckerbergsFacebook Account HackedDate :Till Nov 27, 2011who:Bug in the applicationhow:A subscriber uses the Report/Block link that appears in the bottom rightwhen you roll over a picture to report another subscribers photo aspornographic. The blocking tool then asks for your help in identifyingother photos that should be blocked as part of that account - which iswhere the bug comes in. Not only were the public photos of thataccount presented, but private photos as well.Output:Mark Zuckebergs private photos started to show upacross the web
  23. 23. Case 3 CorporateDate :06/06/12who:Linkedinhow:Vulnerable Front endSQL Injection (could have been sqlmap or Havij)Outcome:According to Per Thorsheim, security analyst, A list of 6.5 millionpasswords appeared on a russian forum. • All hashed using the SHA-1 algorithm. No Salting • Many Password "1234LinkedIn" with SHA-1 Hash is ―abf26a4849e5d97882fcdce5757ae6028281192a.‖ • No Username or Data, but Could be a plan to crowd source hacking effort, because some unique passwords also found.
  24. 24. Case 4 CorporateDate :19/04/2012 (realised 7 days later.)who:Sony Playstation, Playstation portable, &Qriocity(MusicStreaming)what:•Supposed hacker chat-logs reveal PSN security lapses• 77m stolen names, addresses, birthdates, PSN passwords and credit card numbers.•55m (PSN, PS3 + playstation Mobile ) and 22m (Qriocity)•all details stolen indicate they were in unencrypted form (against common Industry practice.)
  25. 25. Other HacksWhen:May 22ndWho: GreeceWhat:HackedAttack mode:SQL injection, automated
  26. 26. Other HacksArticle mentions that when this whole attack on Sony is over it mightcome to be one of the most secure web presence on the www.When:May 24th 2012Who:Sony music JapanWhat:HackedBy:Lulzsec
  27. 27. Other HacksWhen:June 5th 2011Who:Sony Music BrazilBy:Lulzsec
  28. 28. Other HacksWhen:June 6th 2012Who:Sony EuropeBy:Lebanese Hacker (Idahc)What:Stole 120usernames, passwords, email addresses throughAttack mode:SQL injection
  29. 29. Other HacksWhen:July 5 2011Who:Sony MusicIreland websiteBy:Hackers
  30. 30. Other HacksWhen:January 6th 2012Who:Sony picturewebsite and FBWhat:page hackedBy:
  31. 31. Other HacksWhen:August 2012Who:SonyWhat:hacked againBy: SQL Injection Vaccination?
  32. 32. Types of Attacks in 2011When Who By & How OutcomeMarch 17, 2011 Hacked by an Advanced Used SecurId codes Persistent Threat (APT) they stole from the RSA break-in to hack Lockheed MartinJune 2, 2011 Through Spear phishing Gmail accounts of used by Chinese Hackers select members of the U.S. Government had been compromisedMay, 2011 200,000 Customer A/c were Citi ordered new compromised by a cyber- credit cards for attack. Hackers accessed 100,000 customers account holders absorbing the $2 names, email million cost addresses, and account numbersJune 11, 2011 Hackers used a "spear Degree of the phishing" technique compromise was not specified
  33. 33. Types of Attacks in 2012When Who By & How OutcomeAugust, 2012 Hactivist Group Site was unavailable Anonymous Demanding freedom for Wikileaks founder JulianAssange Interpol British Police SOCAJuly 12, 2012 Group of Hackers used SQL injection retrieved Union based SQL 453,000 user names injection and passwords stored in plaintextSeptember 25, Muslim hackers launched Bank was forced to2012 a distributed a denial-of- shut down the website service attack against it
  34. 34. • Incidents will continue to happen• Regulatory Authority required to Penalize for no compliance
  35. 35. Thank You