Cyber Crime : Incident Highlights of 2011-2012

  • 1,898 views
Uploaded on

Presentation highlighting incidents from the Web Hacking Incident Database over the last 18 months. Incidents only from WHID an project started by the Web Application Security Consortium. Source : …

Presentation highlighting incidents from the Web Hacking Incident Database over the last 18 months. Incidents only from WHID an project started by the Web Application Security Consortium. Source : http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database Embedded video link: http://rt.com/usa/news/anonymous-attack-video-cia-219/ (not vewable in the ppt. )

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,898
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
69
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Nullcon 2012International Security Conference
  • 2. What is the talk about?•Only reported incidents•Mostly pertaining to government and corporate establishments.What is the Talk not about?•Unreported activities of intelligence agencies•Data gatheredIntelligence agencies
  • 3. Who am I?
  • 4. Hacked IndustriesHealthcare Automotive Hospitality Internet Credit Card Issuer Service Provider Education Finance Government Music Sports
  • 5. Hacked IndustriesUnited States Search Engines Newspaper University Recruitment Web 2.0 Travel Social Networking Internet Service Provider News Entertainment
  • 6. Statistics Application Weakness in the Outcome in the Year 2011-12 Year 2011-12 Miscellaneous Defacement Monetary Loss 13% 16% Improper IO 7% Misc Handling(IPV,ITLP,PRL 25% Planting of etc) Malware 41% 7% Downtime Leakage of 30% Information Insufficient 27% Inefficient Anti- AAA Automation 7% 27% Source : projects.webappsec.org
  • 7. StatisticsAttack Entity Geography Year Attacked Entity Field in Year 2011-12 2011-12 Australia Europe Government 4% 17% 24% North America Misc (Retail, 44% 36% Education Asia 3% 19% Technology 20% Entertainment Africa South America 9% 3% 13% Finance 8% Source : projects.webappsec.org
  • 8. Reasons why cybercrimes occur? Monetary Hackers steal $6.7M in cyber bank 1st April 2012 robbery all this over new year breakMonetary (Computer hacker tries to steal$1.8 million from Arlingtons bank account Jan 18th 2012
  • 9. Reasons why cybercrimes occur? Recognition Hactivism: DOS/DDOS Attacks April 2012, February 2012, June 2011 CIA website Downed by Anonymous on three occasions
  • 10. Reasons why cybercrimes occur? Political North Korea, South Korea
  • 11. Reasons why cybercrimes occur? PoliticalGeopolitical rivalry manifesting in corporate cybercrime3rd January 2012 Saudi Hackers Post Israeli Credit CardNumbers Online Intelligence:FBI Partner website hacked FBI Partner Organization Website Dayton FBI partner website hacked
  • 12. Reasons why cybercrimes occur? Defacement 27th April 2012 Taliban Website Hacked As Afghan Cyberwar Heats
  • 13. Reasons why cybercrimes occur? Fun black hat/ white hat/GreyHat?? January 2012 to March 2012 15-year-old arrested for hacking 259 companies Google kills Iranian blog with 3 million hacked bank accounts
  • 14. Anonymous video : anonymous message to the world and CIA who are they?“First, who is this group called Anonymous? Put simply, it is aninternational cabal of criminal hackers dating back to 2003, who haveshut down the websites of the U.S. Department of Justice and theF.B.I. They have hacked into the phone lines of Scotland Yard. They areresponsible for attacks against MasterCard, Visa, Sony and theGovernments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya,Iran, Chile, Colombia and New Zealand. ” —Canadian MP Marc Garneau, 2012
  • 15. Hacktivist Group
  • 16. AnonymousGovt site taken down in censorship protest - Jun 10, 2012
  • 17. Hacks in 2012CSLEA hack Taking down Monsantos Hungarian websiteOccupy Nigeria Symantec source code leakOperation Megaupload April 2012 Chinese attackAnti-ACTA activism in EuropeOperation Russia Operation Bahrain and Formula One attacksBoston Police Department attacks Occupy PhilippinesSyrian Government E-mail Hack Operation IndiaAntiSec Leak and CIA Attack Operation QuebecInterpol Attack Operation JapanAIPAC Attack Operation AnaheimVatican website DDoS Attacks AAPT attackBureau of Justice leak Operation Myanmar
  • 18. Case 1 Tunisian GovernmentDate :18 December 2010 – 14 January 2011who:Tunisian Revolution• 8 websites affected (including, the president, prime minister, ministry of industry, ministry of foreign affairs, and the stock exchange.)• Ben Alis administration has tightly restricted the flow of information out of Tunisia• Reports of civil disobedience and police action filtered out on Twitter.• Anonymous claimed responsibility for the cyber attack (called it #OpTunisia)• Part of #OpPayback, initially aligned with wikileaks (Zimbabwe) then the people of Tunisia.• felt government had unilaterally declared war on free speech, democracy, and even [its] own people".• "Cyber attacks will persist until the Tunisian government respects all Tunisian citizens right to free speech and information and ceases the censoring of the internet".
  • 19. Case 2 GovernmentDate :09/12/11who:Congress Website hacked(congress.org.in & aicc.org.in)what(Defacement)Sonia Gandhi profile changed with oneparagraph of obscene Language.(Photo of Sonia Gandhi)why:KapilSibal asked social media networks, including Facebook,Twitter and Google, to remove offensive material from their websites.Interesting Fact :
  • 20. Case 3 GovernmentDate :Dec 2010- Jun 2011who:117 Govt. of India Websites (NIC, Army, CBI)Group responsible:Indian offshoot of Anonymous, PCA(well….at least reportedly, alsohacked 270 other sites)why:Retaliation for ICAs Attack on 26/11/10Interesting Fact :Indian government departments and agencies do not follow theprocedures set for regular audits of the sites
  • 21. Case 1 CorporateDate :15/01/12who:Zappos (Aquired by Amazon since 2008)what:24m Records Breached Information including names, emailaddresses, billing and shipping addresses, phone numbers, thelast four digits of credit card numbers, and encrypted passwordsmay have been exposed.how:zero day vulnerabilityInteresting Fact :
  • 22. Case 2 CorporateZuckerbergsFacebook Account HackedDate :Till Nov 27, 2011who:Bug in the applicationhow:A subscriber uses the Report/Block link that appears in the bottom rightwhen you roll over a picture to report another subscribers photo aspornographic. The blocking tool then asks for your help in identifyingother photos that should be blocked as part of that account - which iswhere the bug comes in. Not only were the public photos of thataccount presented, but private photos as well.Output:Mark Zuckebergs private photos started to show upacross the web
  • 23. Case 3 CorporateDate :06/06/12who:Linkedinhow:Vulnerable Front endSQL Injection (could have been sqlmap or Havij)Outcome:According to Per Thorsheim, security analyst, A list of 6.5 millionpasswords appeared on a russian forum. • All hashed using the SHA-1 algorithm. No Salting • Many Password "1234LinkedIn" with SHA-1 Hash is ―abf26a4849e5d97882fcdce5757ae6028281192a.‖ • No Username or Data, but Could be a plan to crowd source hacking effort, because some unique passwords also found.
  • 24. Case 4 CorporateDate :19/04/2012 (realised 7 days later.)who:Sony Playstation, Playstation portable, &Qriocity(MusicStreaming)what:•Supposed hacker chat-logs reveal PSN security lapses• 77m stolen names, addresses, birthdates, PSN passwords and credit card numbers.•55m (PSN, PS3 + playstation Mobile ) and 22m (Qriocity)•all details stolen indicate they were in unencrypted form (against common Industry practice.)
  • 25. Other HacksWhen:May 22ndWho: GreeceWhat:HackedAttack mode:SQL injection, automated
  • 26. Other HacksArticle mentions that when this whole attack on Sony is over it mightcome to be one of the most secure web presence on the www.When:May 24th 2012Who:Sony music JapanWhat:HackedBy:Lulzsec
  • 27. Other HacksWhen:June 5th 2011Who:Sony Music BrazilBy:Lulzsec
  • 28. Other HacksWhen:June 6th 2012Who:Sony EuropeBy:Lebanese Hacker (Idahc)What:Stole 120usernames, passwords, email addresses throughAttack mode:SQL injection
  • 29. Other HacksWhen:July 5 2011Who:Sony MusicIreland websiteBy:Hackers
  • 30. Other HacksWhen:January 6th 2012Who:Sony picturewebsite and FBWhat:page hackedBy:
  • 31. Other HacksWhen:August 2012Who:SonyWhat:hacked againBy: SQL Injection Vaccination?
  • 32. Types of Attacks in 2011When Who By & How OutcomeMarch 17, 2011 Hacked by an Advanced Used SecurId codes Persistent Threat (APT) they stole from the RSA break-in to hack Lockheed MartinJune 2, 2011 Through Spear phishing Gmail accounts of used by Chinese Hackers select members of the U.S. Government had been compromisedMay, 2011 200,000 Customer A/c were Citi ordered new compromised by a cyber- credit cards for attack. Hackers accessed 100,000 customers account holders absorbing the $2 names, email million cost addresses, and account numbersJune 11, 2011 Hackers used a "spear Degree of the phishing" technique compromise was not specified
  • 33. Types of Attacks in 2012When Who By & How OutcomeAugust, 2012 Hactivist Group Site was unavailable Anonymous Demanding freedom for Wikileaks founder JulianAssange Interpol British Police SOCAJuly 12, 2012 Group of Hackers used SQL injection retrieved Union based SQL 453,000 user names injection and passwords stored in plaintextSeptember 25, Muslim hackers launched Bank was forced to2012 a distributed a denial-of- shut down the website service attack against it
  • 34. • Incidents will continue to happen• Regulatory Authority required to Penalize for no compliance
  • 35. Thank You