SlideShare a Scribd company logo

Rsa europe 2012 active defense-hack back lecture

David Willson, Attorney, CISSP, Security +
David Willson, Attorney, CISSP, Security +

Is hack back or active defense legal?

Technology
1 of 45
Download to read offline
Session ID: Session Classification: DAVI OTTENHEIMER ACTIVE DEFENSE HT-302 Intermediate DAVID WILLSON
Davi Ottenheimer David Willson Agenda  Emerging Attacks  Current Defenses  How to Build an Active Defense 2
Attacks 3
Davi Ottenheimer David Willson A Study of Attacks  Motive  Means  Opportunity 4
Davi Ottenheimer David Willson Attack - Motive  Of MICE and MEECES  Money  Entertainment  Ego  Cause  Entrance to Social Groups  Status 5 Hackers are stepping up the intensity of their attacks, moving from "disruption" to "destruction" of key computer systems. - General Keith Alexander, NSA Director and Commander of US Cyber Command http://phys.org/news/2012-10-hackers-shifting-destruction-cyber-chief.html http://www.aic.gov.au/documents/1/B/A/%7B1BA0F612-613A-494D-B6C5-06938FE8BB53%7Dhtcb006.pdf
Davi Ottenheimer David Willson Attack - Motive 6  (Anti)collaborative  Collaborative  Hyper-Collaborative h @ ctivism
Davi Ottenheimer David Willson Attack - Means  Getting easier all the time 7 Global Coffee Consumption http://www.fao.org/docrep/006/Y4343E/y4343e05.htm Commodification of caffeine Source: UN FAO
Davi Ottenheimer David Willson Attack - Means  May be hidden… 8 Commodification of caffeine Source: Mayo Clinic
Davi Ottenheimer David Willson Attack - Means 9 Commodification of…lulz
Davi Ottenheimer David Willson 10 http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031901439.html * http://www.h-online.com/security/news/item/Only-9-of-22-virus-scanners-block-Java-exploit-1696462.html http://www.scmagazine.com/report-finds-1200-percent-boom-in-android-malware/article/242542/ Malware Detected by Year 1,200% increase in Android malware Attack - Means “Only 9 of the 22 tested products managed to block both variants of the exploit” (31 August 2012) * Sources:
Davi Ottenheimer David Willson 11 http://ddos.arbornetworks.com/2012/05/dirt-jumper-ddos-bot-increasingly-popular/ Attack - Means dirtjumper Source: Arbor
Davi Ottenheimer David Willson Attack - Opportunity 12 Mobile subscriptions (per 100 people) Source: World Bank http://www.google.com/publicdata/explore
Davi Ottenheimer David Willson Attack - Opportunity 13 http://bhc3.com/2010/01/19/ Am I Anon?
Davi Ottenheimer David Willson Attacks 14  Opportunity  More Connectivity  More Links / Social Networks  More Personal Data Available in More Places  Outsiders Become Insiders (e.g. Cloud) http://www.flyingpenguin.com/?p=18259
Davi Ottenheimer David Willson Pop Quiz  Stuxnet  Gauss  Flame  Zeus 15 “I think what you're talking about is a moral crime.” – Marcus Ranum “…a good tool to allow nation states to exert force without having to blow people up.” – Jeff Moss “Ultimately the ethics of this don't really matter – the decision has been made and this kind of stuff is going to be unavoidable.” – Mikko Hypponen http://www.theregister.co.uk/2012/07/26/stuxnet_moral_crime/
Davi Ottenheimer David Willson 16 “The whole point of the doomsday machine is lost if you keep it a secret!” “Why didn't you tell the world?” http://www.flyingpenguin.com/?p=9621
Defense 17
Davi Ottenheimer David Willson Philosophy of Self-Defense This makes him willing to quit a condition, which, however free, is full of fears and continual dangers: and it is not without reason, that he seeks out, and is willing to join in society with others, who are already united, or have a mind to unite, for the mutual preservation of their lives, liberties and estates, which I call by the general name, property. -- John Locke, 1689, Two Treatises of Government 1. Imminent Danger 2. Immediate Defense Believed Necessary to Prevent Danger 3. No More Action Than Necessary to Defend Against Danger 18 http://books.google.com/books?id=3e_JisWPODoC&pg=PA109
Davi Ottenheimer David Willson Philosophy of Self-Defense  Legal Hind-sight  Beckford v R (1988) 1 AC 130: A defendant is entitled to use reasonable force to protect himself, others for whom he is responsible and his property. It must be reasonable.  R v Owino (1996) 2 Cr. App. R. 128 at 134: A person may use such force as is [objectively] reasonable in the circumstances as he [subjectively] believes them to be.  InfoSec Fore-sight  Threat Prediction  Vulnerability Assessment 19
Davi Ottenheimer David Willson Philosophy of Self-Defense “…in line with their rules of engagement…” 20 “Turkey will never leave unanswered such kinds of provocation by the Syrian regime against our national security” -- Turkish Prime Minister Tayyip Erdogan's office http://www.jpost.com/MiddleEast/Article.aspx?id=286516
Davi Ottenheimer David Willson Economics of Defense – Accidental Harm 21 2011 1950 55mph Seatbelt Airbag Nader http://www.nytimes.com/interactive/2012/09/17/science/driving-safety-in-fits-and-starts.html Fatalitiesper100,000 Miles driven per capita 25 20 10K6K.gov - Interstate - V8 Engine
Davi Ottenheimer David Willson Economics of Defense – Intentional Harm 22 http://blog.priceonomics.com/post/30393216796/what-happens-to-stolen-bicycles Source: priceonomics Malware?
Davi Ottenheimer David Willson Economics of Defense – Intentional Harm 23 “While the police may not penalize bicycle thieves, it’s becoming easier for the person whose bike was stolen to investigate the bike theft themselves.” http://blog.priceonomics.com/post/30393216796/what-happens-to-stolen-bicycles Online Market Street $perStolenBicycle Professional Amateur This is making it harder for the amateur thief to casually flip a stolen bike.” Hot Bike Sales
Davi Ottenheimer David Willson Economics of Defense - Malware 24 http://www.securelist.com/en/analysis/204792084/Brazil_a_country_rich_in_banking_Trojans 2009 Kaspersky on .br Banking Trojan Horses  Motive: Low income population drawn into crime  Means: Delphi (not taught in University)  Opportunity: 1/3 of Brazil (70m) online. eBanking:  Banco do Brasil – 7.9mil  Bradesco – 6.9mil  Itau – 4.3mil “…banks wish to avoid public investigation of such thefts. In order to protect their reputation, banks prefer to compensate customers for losses incurred by infection with malicious code…”
Davi Ottenheimer David Willson Economics of Defense - Malware 25 http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems 2012 Kaspersky on .br 4.5mil ADSL device CSRF <form action=http://192.168.1.1/password.cgi; method=“POST” name=“form”> <input type=“hidden” name=“sysPassword” value=“newpassword”> “…all of them in sunny, beautiful Brazil”
Davi Ottenheimer David Willson Economics of Defense - Malware 26 * http://www.exploit-db.com/exploits/16275/ 2012 Kaspersky on .br 4.5mil ADSL CSRF  Motive: Steal banking credentials  Means: Public Disclosure 2011-03-04 - Comtrend ADSL Router CT-5367 C01_R12 Remote Root*  dispara.sh: if [ $ativos –le $simultaneos ];  roda.sh: curl $copts http://$ip_completo/password.cgi...dnscfg.cgi echo $ip_completo >> modem-owned.log  Opportunity: Scanned IP ranges on Internet (5 of 6 known vulnerable routers sold in Brazil and used by Brazil’s National Telecommunications Agency)
Davi Ottenheimer David Willson Defense Law  Who has the job of defense?  Who defines what is reasonable?  Can a higher authority defend you?  If No: are you responsible to defend yourself?  If Yes: what level and by which laws do you abide? 27  1097 Pope Urban II bans the crossbow  1139 Pope Innocent II bans the crossbow  2007 Chester MP: “…a Welsh person found within the city walls after sunset can be taken out with a crossbow” http://www.bbc.co.uk/dna/place-nireland/A2866061 http://www.discoverchester.co.uk/BattleofChester616AD.html
Davi Ottenheimer David Willson Defense Law  European and International Considerations  Computer Misuse Act  Section 1 – unauthorized access to computer material  Section 2 – unauthorized access with intent  Section 3 – unauthorized modification (add/del) with intent  Budapest Convention on Cyber Crime - CETS 185  UN Convention Against Transnational Organized Crime 28
Davi Ottenheimer David Willson Defense Law  American Considerations  Computer Fraud and Abuse Act (CFAA)  State Computer Trespass Laws  Electronic Espionage Law  Stored Communications Act  Privacy Laws 29
Davi Ottenheimer David Willson Defense Law  What jurisdiction are you in?  What jurisdiction(s) will you operate in?  What tools do you plan to use?  How do you plan to use them?  What impact to you is anticipated?  What impact to others is anticipated?  Retribution  Bystanders  Reputation 30 40 DNS Servers Used Were Outside Brazil
Davi Ottenheimer David Willson Defense Law  Potential liabilities of action outside  Expand harm to bystanders, mistaken target  Escalation or Conflagration  Reputational loss, weakened alliances  Law suit or regulatory violation  Potential benefits of action outside  Block or deny attacks  Stop loss  Potential offset to defense costs  Strengthened partnership, alliances 31
Davi Ottenheimer David Willson Pop Quiz  Fortune 500 Company  Suspicious Activity Detected  Investigation Initiated  …then DDoS  Executive Meeting  Damage Assessment  Cost of Containment and Recovery  Options? 32
33 Build an Active Defense
Davi Ottenheimer David Willson Three Steps 1. Assessment a) Internal b) External 2. Calculation 3. Action 34
Davi Ottenheimer David Willson Step One – a) Internal Assessment  Evidence of Imminence and Danger/Persistence  State of Your Security 35
Davi Ottenheimer David Willson Step One – b) External Assessment  Reconnaissance  Attack Tools  Attack Connections  Attack Links and Relationships  Intelligence  Attacker Vulnerabilities  Attacker Assets 36
Davi Ottenheimer David Willson Step Two – Calculation  Nature (Motive) of the Attack  Threat: Imminence and Danger  Terms: Jurisdiction and Restrictions  Cost: Liabilities versus Benefits 37 Level Commitment Resources Intensity Stealth Time Power Ability Opportunity 3 H H Long Organized H H 2 M M Varied Grouped M M 1 L L Short Isolated L L
Davi Ottenheimer David Willson Step Two – Calculation (Intriligator-Brito) 38 http://www.cas.buffalo.edu/classes/psc/fczagare/PSC%20504/Intriligator.pdf  Defensive Capabilities  Block Attackers  Damage Attacker  Speed of Defense  Time to Discovery  Time to Retaliation  Thresholds  Minimum unacceptable damage, estimated by attacker  Maximum acceptable casualties of retaliation
Davi Ottenheimer David Willson Step Three - Action  Plan  Tool and Procedure Development  Survey  Access  Dump  Defend 39 http://arstechnica.com/security/2012/08/ddos-take-down-manual/ Level Commitment Resources Intensity Stealth Time Power Ability Opportunity 3 H H Long Organized H H 2 M M Varied Grouped M M 1 L L Short Isolated L L
Davi Ottenheimer David Willson Example #1 – DDoS Takedown Manual 1. Trace Attacks (Three Degrees from Bacon) 2. Map Services and Vulnerabilities (Dirt Jumper) 3. SQL injection to Dump Config (sqlmap) 4. Command and Control 40 ./sqlmap.py --level=5 --risk=3 -u http://www.evilsite.com/dj5/ -p k --data="k=" --technique=t --dbms=mysql -- fileread=”/var/www/html/evilsite.com/djv5/config.php” http://www.prolexic.com/knowledge-center-ddos-threat-advisory-pandora-and-vulnerability-disclosure-dirt-jumper/banners.html http://arstechnica.com/security/2012/08/ddos-take-down-manual/
Davi Ottenheimer David Willson Example #2 – Project MARS 1. Trace Attacks (Elirks via Plurk, Nitol) 2. Sinkhole Communications 3. Reverse / Tag Infected Systems 4. Shutdown C&C 41 http://www.secureworks.com/research/threats/chasing_apt/ http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-80-54/3755.Microsoft-Study-into-b70.pdf http://blogs.technet.com/b/microsoft_blog/archive/2012/10/02/microsoft-reaches-settlement-with-defendants-in-nitol-case.aspx “In the 16 days since we began collecting data on the 70,000 malicious subdomains, we have been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious 3322.org subdomains. In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked 3322.org subdomains. For example, on Sept 25, we successfully processed 34,954,795 DNS requests for 3322.org subdomains that were not on our block list.”
Davi Ottenheimer David Willson Example #3 – Wycores Investigation 1. Trace Attacks 2. Profile IDs 3. Dump (QQ#) 4. ?? 42 http://cyb3rsleuth.blogspot.com/2011/08/chinese-threat-actor-identified.html http://cyb3rsleuth.blogspot.com/2012/03/chinese-threat-actor-part-3.html
Davi Ottenheimer David Willson Conclusion 1. Political and Economic Shift  Attacks High Profit Low Risk  Imminent Danger 2. A Right to Self-Defense  Risk and Cost Assessment  Terms of Authorization (Limited Action) 3. Reverse Shift a) Outlier b) Cooperative c) Group 43 “a condition, which, however free, is full of fears and continual dangers” “mutual preservation of their lives, liberties and estates”
Davi Ottenheimer David Willson Apply 1. Assess Rights and Options  Technical Capabilities  Legal Frameworks and Guidelines 2. Active Defense – Change the Equation 44
Session ID: Session Classification: DAVI OTTENHEIMER ACTIVE DEFENSE HT-302 Intermediate DAVID WILLSON

Recommended

University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Hacking back in self defense
Hacking back in self defenseHacking back in self defense
Hacking back in self defenseDavid Willson, Attorney, CISSP, Security +
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Forensic3e ppt ch06
Forensic3e ppt ch06Forensic3e ppt ch06
Forensic3e ppt ch06Skillspire LLC
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
CyberSecurity: Intellectual Property dispute fuels Cyberwar
CyberSecurity: Intellectual Property dispute fuels CyberwarCyberSecurity: Intellectual Property dispute fuels Cyberwar
CyberSecurity: Intellectual Property dispute fuels CyberwarElyssa Durant
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 

Recommended

University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...Nicholas Davis
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Hacking back in self defense
Hacking back in self defenseHacking back in self defense
Hacking back in self defenseDavid Willson, Attorney, CISSP, Security +
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Forensic3e ppt ch06
Forensic3e ppt ch06Forensic3e ppt ch06
Forensic3e ppt ch06Skillspire LLC
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
CyberSecurity: Intellectual Property dispute fuels Cyberwar
CyberSecurity: Intellectual Property dispute fuels CyberwarCyberSecurity: Intellectual Property dispute fuels Cyberwar
CyberSecurity: Intellectual Property dispute fuels CyberwarElyssa Durant
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryNicholas Davis
 
BGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima NormsBGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima NormsAllan Cytryn
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
How-to-start-a-captive
How-to-start-a-captiveHow-to-start-a-captive
How-to-start-a-captiveMegan M. Brooks, ARM
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference BriefingJesse Wilkins
 
Bb prezi
Bb preziBb prezi
Bb preziBruno Bertocchi
 
Si greferat constr_geom
Si greferat constr_geomSi greferat constr_geom
Si greferat constr_geomValeriu Licu
 
160511 バス列(内部向け10分)
160511 バス列(内部向け10分)160511 バス列(内部向け10分)
160511 バス列(内部向け10分)隆 司
 
sonya ware electronic technician 1
sonya ware electronic technician 1sonya ware electronic technician 1
sonya ware electronic technician 1Sonya Ware
 
Correos electronicos
Correos electronicosCorreos electronicos
Correos electronicos0271998
 
YChevalier Prior Case Listv2
YChevalier Prior Case Listv2YChevalier Prior Case Listv2
YChevalier Prior Case Listv2Yvette Chevalier, Esq.
 
ABell2015
ABell2015ABell2015
ABell2015Mia Campbell
 
Bag awal
Bag awal Bag awal
Bag awal Dwi Anita
 
physics
physicsphysics
physicsmarindomillete
 
YChevalier Resume 2015v2
YChevalier Resume 2015v2YChevalier Resume 2015v2
YChevalier Resume 2015v2Yvette Chevalier, Esq.
 
Redes sociales
Redes socialesRedes sociales
Redes sociales0271998
 
Karya Tulis Ilmiah
Karya Tulis IlmiahKarya Tulis Ilmiah
Karya Tulis IlmiahDwi Anita
 
T3 1
T3 1T3 1
T3 1Informatics and Maths
 
Final Assessment Report
Final Assessment ReportFinal Assessment Report
Final Assessment ReportChad Warrick
 

More Related Content

What's hot

BGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima NormsBGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima NormsAllan Cytryn
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To YouRonald E. Laub Jr
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickMAXfocus
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference BriefingJesse Wilkins
 

What's hot (8)

BGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima NormsBGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
BGF-G7-Summit-Initiative-Official-1 Ise-Shima Norms
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Cyber Security, Why It's important To You
Cyber Security, Why It's important To YouCyber Security, Why It's important To You
Cyber Security, Why It's important To You
 
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul FenwickDelivering Security with the MAX RemoteManagement Platform - Paul Fenwick
Delivering Security with the MAX RemoteManagement Platform - Paul Fenwick
 
How-to-start-a-captive
How-to-start-a-captiveHow-to-start-a-captive
How-to-start-a-captive
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing
 

Viewers also liked

Si greferat constr_geom
Si greferat constr_geomSi greferat constr_geom
Si greferat constr_geomValeriu Licu
 
160511 バス列(内部向け10分)
160511 バス列(内部向け10分)160511 バス列(内部向け10分)
160511 バス列(内部向け10分)隆 司
 
sonya ware electronic technician 1
sonya ware electronic technician 1sonya ware electronic technician 1
sonya ware electronic technician 1Sonya Ware
 
Correos electronicos
Correos electronicosCorreos electronicos
Correos electronicos0271998
 
Redes sociales
Redes socialesRedes sociales
Redes sociales0271998
 
Karya Tulis Ilmiah
Karya Tulis IlmiahKarya Tulis Ilmiah
Karya Tulis IlmiahDwi Anita
 
Final Assessment Report
Final Assessment ReportFinal Assessment Report
Final Assessment ReportChad Warrick
 
evaluacion del tercer parcial
evaluacion del tercer parcialevaluacion del tercer parcial
evaluacion del tercer parcial0271998
 
bus network ppt by pearl patel
bus network ppt by pearl patelbus network ppt by pearl patel
bus network ppt by pearl patelpatel12300
 
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai Dunia
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai DuniaTabel perbandingan upaya AS dan Uni Soviet untuk Menguasai Dunia
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai DuniaDwi Anita
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management SystemDwi Anita
 

Viewers also liked (20)

Bb prezi
Bb preziBb prezi
Bb prezi
 
Si greferat constr_geom
Si greferat constr_geomSi greferat constr_geom
Si greferat constr_geom
 
160511 バス列(内部向け10分)
160511 バス列(内部向け10分)160511 バス列(内部向け10分)
160511 バス列(内部向け10分)
 
sonya ware electronic technician 1
sonya ware electronic technician 1sonya ware electronic technician 1
sonya ware electronic technician 1
 
Correos electronicos
Correos electronicosCorreos electronicos
Correos electronicos
 
YChevalier Prior Case Listv2
YChevalier Prior Case Listv2YChevalier Prior Case Listv2
YChevalier Prior Case Listv2
 
ABell2015
ABell2015ABell2015
ABell2015
 
Bag awal
Bag awal Bag awal
Bag awal
 
physics
physicsphysics
physics
 
YChevalier Resume 2015v2
YChevalier Resume 2015v2YChevalier Resume 2015v2
YChevalier Resume 2015v2
 
Redes sociales
Redes socialesRedes sociales
Redes sociales
 
Karya Tulis Ilmiah
Karya Tulis IlmiahKarya Tulis Ilmiah
Karya Tulis Ilmiah
 
T3 1
T3 1T3 1
T3 1
 
Final Assessment Report
Final Assessment ReportFinal Assessment Report
Final Assessment Report
 
evaluacion del tercer parcial
evaluacion del tercer parcialevaluacion del tercer parcial
evaluacion del tercer parcial
 
bus network ppt by pearl patel
bus network ppt by pearl patelbus network ppt by pearl patel
bus network ppt by pearl patel
 
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai Dunia
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai DuniaTabel perbandingan upaya AS dan Uni Soviet untuk Menguasai Dunia
Tabel perbandingan upaya AS dan Uni Soviet untuk Menguasai Dunia
 
Transcripts Chevalier, Yvette (1)
Transcripts Chevalier, Yvette (1)Transcripts Chevalier, Yvette (1)
Transcripts Chevalier, Yvette (1)
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Quality Management System
Quality Management SystemQuality Management System
Quality Management System
 

Similar to Rsa europe 2012 active defense-hack back lecture

Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenienceDon Lovett
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Open Letter to President Obama Opposing Backdoors and Defective Encryption
Open Letter to President Obama Opposing Backdoors and Defective EncryptionOpen Letter to President Obama Opposing Backdoors and Defective Encryption
Open Letter to President Obama Opposing Backdoors and Defective EncryptionAlvaro Lopez Ortega
 
Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Xtandit_Marketing
 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?Brian K. Dickard
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1Brett L. Scott
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextBrian Pichman
 
Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsDavid Wood
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Donna Koger
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacynetapprad
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdfRamya Nellutla
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Rhetorical Essay Outline A Rhetorical Analysis Essay
Rhetorical Essay Outline A Rhetorical Analysis EssayRhetorical Essay Outline A Rhetorical Analysis Essay
Rhetorical Essay Outline A Rhetorical Analysis EssayTonia Wallace
 

Similar to Rsa europe 2012 active defense-hack back lecture (20)

Iot privacy vs convenience
Iot privacy vs convenienceIot privacy vs convenience
Iot privacy vs convenience
 
28658043 cyber-terrorism
28658043 cyber-terrorism28658043 cyber-terrorism
28658043 cyber-terrorism
 
Cyber Threat Landscape
Cyber Threat LandscapeCyber Threat Landscape
Cyber Threat Landscape
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Open Letter to President Obama Opposing Backdoors and Defective Encryption
Open Letter to President Obama Opposing Backdoors and Defective EncryptionOpen Letter to President Obama Opposing Backdoors and Defective Encryption
Open Letter to President Obama Opposing Backdoors and Defective Encryption
 
Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?Hoe gemakkelijk is het om digitaal in te breken?
Hoe gemakkelijk is het om digitaal in te breken?
 
Sem 003
Sem 003Sem 003
Sem 003
 
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
There's a Crippling Cyber Attack Coming Your Way! Are we prepared to stop it?
 
CWFI Presentation Version 1
CWFI Presentation Version 1CWFI Presentation Version 1
CWFI Presentation Version 1
 
I’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take NextI’ve Been Hacked  The Essential Steps to Take Next
I’ve Been Hacked  The Essential Steps to Take Next
 
Privacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable ClaimsPrivacy Concerns related to Verifiable Claims
Privacy Concerns related to Verifiable Claims
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
 
Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01Hr Wcu General Security Awareness Training Ed01
Hr Wcu General Security Awareness Training Ed01
 
Tech Topic Privacy
Tech Topic PrivacyTech Topic Privacy
Tech Topic Privacy
 
- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf- Social Engineering Unit- II Part- I.pdf
- Social Engineering Unit- II Part- I.pdf
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
Rhetorical Essay Outline A Rhetorical Analysis Essay
Rhetorical Essay Outline A Rhetorical Analysis EssayRhetorical Essay Outline A Rhetorical Analysis Essay
Rhetorical Essay Outline A Rhetorical Analysis Essay
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Rsa europe 2012 active defense-hack back lecture

  • 1. Session ID: Session Classification: DAVI OTTENHEIMER ACTIVE DEFENSE HT-302 Intermediate DAVID WILLSON
  • 2. Davi Ottenheimer David Willson Agenda  Emerging Attacks  Current Defenses  How to Build an Active Defense 2
  • 4. Davi Ottenheimer David Willson A Study of Attacks  Motive  Means  Opportunity 4
  • 5. Davi Ottenheimer David Willson Attack - Motive  Of MICE and MEECES  Money  Entertainment  Ego  Cause  Entrance to Social Groups  Status 5 Hackers are stepping up the intensity of their attacks, moving from "disruption" to "destruction" of key computer systems. - General Keith Alexander, NSA Director and Commander of US Cyber Command http://phys.org/news/2012-10-hackers-shifting-destruction-cyber-chief.html http://www.aic.gov.au/documents/1/B/A/%7B1BA0F612-613A-494D-B6C5-06938FE8BB53%7Dhtcb006.pdf
  • 6. Davi Ottenheimer David Willson Attack - Motive 6  (Anti)collaborative  Collaborative  Hyper-Collaborative h @ ctivism
  • 7. Davi Ottenheimer David Willson Attack - Means  Getting easier all the time 7 Global Coffee Consumption http://www.fao.org/docrep/006/Y4343E/y4343e05.htm Commodification of caffeine Source: UN FAO
  • 8. Davi Ottenheimer David Willson Attack - Means  May be hidden… 8 Commodification of caffeine Source: Mayo Clinic
  • 9. Davi Ottenheimer David Willson Attack - Means 9 Commodification of…lulz
  • 10. Davi Ottenheimer David Willson 10 http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031901439.html * http://www.h-online.com/security/news/item/Only-9-of-22-virus-scanners-block-Java-exploit-1696462.html http://www.scmagazine.com/report-finds-1200-percent-boom-in-android-malware/article/242542/ Malware Detected by Year 1,200% increase in Android malware Attack - Means “Only 9 of the 22 tested products managed to block both variants of the exploit” (31 August 2012) * Sources:
  • 11. Davi Ottenheimer David Willson 11 http://ddos.arbornetworks.com/2012/05/dirt-jumper-ddos-bot-increasingly-popular/ Attack - Means dirtjumper Source: Arbor
  • 12. Davi Ottenheimer David Willson Attack - Opportunity 12 Mobile subscriptions (per 100 people) Source: World Bank http://www.google.com/publicdata/explore
  • 13. Davi Ottenheimer David Willson Attack - Opportunity 13 http://bhc3.com/2010/01/19/ Am I Anon?
  • 14. Davi Ottenheimer David Willson Attacks 14  Opportunity  More Connectivity  More Links / Social Networks  More Personal Data Available in More Places  Outsiders Become Insiders (e.g. Cloud) http://www.flyingpenguin.com/?p=18259
  • 15. Davi Ottenheimer David Willson Pop Quiz  Stuxnet  Gauss  Flame  Zeus 15 “I think what you're talking about is a moral crime.” – Marcus Ranum “…a good tool to allow nation states to exert force without having to blow people up.” – Jeff Moss “Ultimately the ethics of this don't really matter – the decision has been made and this kind of stuff is going to be unavoidable.” – Mikko Hypponen http://www.theregister.co.uk/2012/07/26/stuxnet_moral_crime/
  • 16. Davi Ottenheimer David Willson 16 “The whole point of the doomsday machine is lost if you keep it a secret!” “Why didn't you tell the world?” http://www.flyingpenguin.com/?p=9621
  • 18. Davi Ottenheimer David Willson Philosophy of Self-Defense This makes him willing to quit a condition, which, however free, is full of fears and continual dangers: and it is not without reason, that he seeks out, and is willing to join in society with others, who are already united, or have a mind to unite, for the mutual preservation of their lives, liberties and estates, which I call by the general name, property. -- John Locke, 1689, Two Treatises of Government 1. Imminent Danger 2. Immediate Defense Believed Necessary to Prevent Danger 3. No More Action Than Necessary to Defend Against Danger 18 http://books.google.com/books?id=3e_JisWPODoC&pg=PA109
  • 19. Davi Ottenheimer David Willson Philosophy of Self-Defense  Legal Hind-sight  Beckford v R (1988) 1 AC 130: A defendant is entitled to use reasonable force to protect himself, others for whom he is responsible and his property. It must be reasonable.  R v Owino (1996) 2 Cr. App. R. 128 at 134: A person may use such force as is [objectively] reasonable in the circumstances as he [subjectively] believes them to be.  InfoSec Fore-sight  Threat Prediction  Vulnerability Assessment 19
  • 20. Davi Ottenheimer David Willson Philosophy of Self-Defense “…in line with their rules of engagement…” 20 “Turkey will never leave unanswered such kinds of provocation by the Syrian regime against our national security” -- Turkish Prime Minister Tayyip Erdogan's office http://www.jpost.com/MiddleEast/Article.aspx?id=286516
  • 21. Davi Ottenheimer David Willson Economics of Defense – Accidental Harm 21 2011 1950 55mph Seatbelt Airbag Nader http://www.nytimes.com/interactive/2012/09/17/science/driving-safety-in-fits-and-starts.html Fatalitiesper100,000 Miles driven per capita 25 20 10K6K.gov - Interstate - V8 Engine
  • 22. Davi Ottenheimer David Willson Economics of Defense – Intentional Harm 22 http://blog.priceonomics.com/post/30393216796/what-happens-to-stolen-bicycles Source: priceonomics Malware?
  • 23. Davi Ottenheimer David Willson Economics of Defense – Intentional Harm 23 “While the police may not penalize bicycle thieves, it’s becoming easier for the person whose bike was stolen to investigate the bike theft themselves.” http://blog.priceonomics.com/post/30393216796/what-happens-to-stolen-bicycles Online Market Street $perStolenBicycle Professional Amateur This is making it harder for the amateur thief to casually flip a stolen bike.” Hot Bike Sales
  • 24. Davi Ottenheimer David Willson Economics of Defense - Malware 24 http://www.securelist.com/en/analysis/204792084/Brazil_a_country_rich_in_banking_Trojans 2009 Kaspersky on .br Banking Trojan Horses  Motive: Low income population drawn into crime  Means: Delphi (not taught in University)  Opportunity: 1/3 of Brazil (70m) online. eBanking:  Banco do Brasil – 7.9mil  Bradesco – 6.9mil  Itau – 4.3mil “…banks wish to avoid public investigation of such thefts. In order to protect their reputation, banks prefer to compensate customers for losses incurred by infection with malicious code…”
  • 25. Davi Ottenheimer David Willson Economics of Defense - Malware 25 http://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems 2012 Kaspersky on .br 4.5mil ADSL device CSRF <form action=http://192.168.1.1/password.cgi; method=“POST” name=“form”> <input type=“hidden” name=“sysPassword” value=“newpassword”> “…all of them in sunny, beautiful Brazil”
  • 26. Davi Ottenheimer David Willson Economics of Defense - Malware 26 * http://www.exploit-db.com/exploits/16275/ 2012 Kaspersky on .br 4.5mil ADSL CSRF  Motive: Steal banking credentials  Means: Public Disclosure 2011-03-04 - Comtrend ADSL Router CT-5367 C01_R12 Remote Root*  dispara.sh: if [ $ativos –le $simultaneos ];  roda.sh: curl $copts http://$ip_completo/password.cgi...dnscfg.cgi echo $ip_completo >> modem-owned.log  Opportunity: Scanned IP ranges on Internet (5 of 6 known vulnerable routers sold in Brazil and used by Brazil’s National Telecommunications Agency)
  • 27. Davi Ottenheimer David Willson Defense Law  Who has the job of defense?  Who defines what is reasonable?  Can a higher authority defend you?  If No: are you responsible to defend yourself?  If Yes: what level and by which laws do you abide? 27  1097 Pope Urban II bans the crossbow  1139 Pope Innocent II bans the crossbow  2007 Chester MP: “…a Welsh person found within the city walls after sunset can be taken out with a crossbow” http://www.bbc.co.uk/dna/place-nireland/A2866061 http://www.discoverchester.co.uk/BattleofChester616AD.html
  • 28. Davi Ottenheimer David Willson Defense Law  European and International Considerations  Computer Misuse Act  Section 1 – unauthorized access to computer material  Section 2 – unauthorized access with intent  Section 3 – unauthorized modification (add/del) with intent  Budapest Convention on Cyber Crime - CETS 185  UN Convention Against Transnational Organized Crime 28
  • 29. Davi Ottenheimer David Willson Defense Law  American Considerations  Computer Fraud and Abuse Act (CFAA)  State Computer Trespass Laws  Electronic Espionage Law  Stored Communications Act  Privacy Laws 29
  • 30. Davi Ottenheimer David Willson Defense Law  What jurisdiction are you in?  What jurisdiction(s) will you operate in?  What tools do you plan to use?  How do you plan to use them?  What impact to you is anticipated?  What impact to others is anticipated?  Retribution  Bystanders  Reputation 30 40 DNS Servers Used Were Outside Brazil
  • 31. Davi Ottenheimer David Willson Defense Law  Potential liabilities of action outside  Expand harm to bystanders, mistaken target  Escalation or Conflagration  Reputational loss, weakened alliances  Law suit or regulatory violation  Potential benefits of action outside  Block or deny attacks  Stop loss  Potential offset to defense costs  Strengthened partnership, alliances 31
  • 32. Davi Ottenheimer David Willson Pop Quiz  Fortune 500 Company  Suspicious Activity Detected  Investigation Initiated  …then DDoS  Executive Meeting  Damage Assessment  Cost of Containment and Recovery  Options? 32
  • 34. Davi Ottenheimer David Willson Three Steps 1. Assessment a) Internal b) External 2. Calculation 3. Action 34
  • 35. Davi Ottenheimer David Willson Step One – a) Internal Assessment  Evidence of Imminence and Danger/Persistence  State of Your Security 35
  • 36. Davi Ottenheimer David Willson Step One – b) External Assessment  Reconnaissance  Attack Tools  Attack Connections  Attack Links and Relationships  Intelligence  Attacker Vulnerabilities  Attacker Assets 36
  • 37. Davi Ottenheimer David Willson Step Two – Calculation  Nature (Motive) of the Attack  Threat: Imminence and Danger  Terms: Jurisdiction and Restrictions  Cost: Liabilities versus Benefits 37 Level Commitment Resources Intensity Stealth Time Power Ability Opportunity 3 H H Long Organized H H 2 M M Varied Grouped M M 1 L L Short Isolated L L
  • 38. Davi Ottenheimer David Willson Step Two – Calculation (Intriligator-Brito) 38 http://www.cas.buffalo.edu/classes/psc/fczagare/PSC%20504/Intriligator.pdf  Defensive Capabilities  Block Attackers  Damage Attacker  Speed of Defense  Time to Discovery  Time to Retaliation  Thresholds  Minimum unacceptable damage, estimated by attacker  Maximum acceptable casualties of retaliation
  • 39. Davi Ottenheimer David Willson Step Three - Action  Plan  Tool and Procedure Development  Survey  Access  Dump  Defend 39 http://arstechnica.com/security/2012/08/ddos-take-down-manual/ Level Commitment Resources Intensity Stealth Time Power Ability Opportunity 3 H H Long Organized H H 2 M M Varied Grouped M M 1 L L Short Isolated L L
  • 40. Davi Ottenheimer David Willson Example #1 – DDoS Takedown Manual 1. Trace Attacks (Three Degrees from Bacon) 2. Map Services and Vulnerabilities (Dirt Jumper) 3. SQL injection to Dump Config (sqlmap) 4. Command and Control 40 ./sqlmap.py --level=5 --risk=3 -u http://www.evilsite.com/dj5/ -p k --data="k=" --technique=t --dbms=mysql -- fileread=”/var/www/html/evilsite.com/djv5/config.php” http://www.prolexic.com/knowledge-center-ddos-threat-advisory-pandora-and-vulnerability-disclosure-dirt-jumper/banners.html http://arstechnica.com/security/2012/08/ddos-take-down-manual/
  • 41. Davi Ottenheimer David Willson Example #2 – Project MARS 1. Trace Attacks (Elirks via Plurk, Nitol) 2. Sinkhole Communications 3. Reverse / Tag Infected Systems 4. Shutdown C&C 41 http://www.secureworks.com/research/threats/chasing_apt/ http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-80-54/3755.Microsoft-Study-into-b70.pdf http://blogs.technet.com/b/microsoft_blog/archive/2012/10/02/microsoft-reaches-settlement-with-defendants-in-nitol-case.aspx “In the 16 days since we began collecting data on the 70,000 malicious subdomains, we have been able to block more than 609 million connections from over 7,650,000 unique IP addresses to those malicious 3322.org subdomains. In addition to blocking connections to the malicious domains, we have continued to provide DNS services for the unblocked 3322.org subdomains. For example, on Sept 25, we successfully processed 34,954,795 DNS requests for 3322.org subdomains that were not on our block list.”
  • 42. Davi Ottenheimer David Willson Example #3 – Wycores Investigation 1. Trace Attacks 2. Profile IDs 3. Dump (QQ#) 4. ?? 42 http://cyb3rsleuth.blogspot.com/2011/08/chinese-threat-actor-identified.html http://cyb3rsleuth.blogspot.com/2012/03/chinese-threat-actor-part-3.html
  • 43. Davi Ottenheimer David Willson Conclusion 1. Political and Economic Shift  Attacks High Profit Low Risk  Imminent Danger 2. A Right to Self-Defense  Risk and Cost Assessment  Terms of Authorization (Limited Action) 3. Reverse Shift a) Outlier b) Cooperative c) Group 43 “a condition, which, however free, is full of fears and continual dangers” “mutual preservation of their lives, liberties and estates”
  • 44. Davi Ottenheimer David Willson Apply 1. Assess Rights and Options  Technical Capabilities  Legal Frameworks and Guidelines 2. Active Defense – Change the Equation 44
  • 45. Session ID: Session Classification: DAVI OTTENHEIMER ACTIVE DEFENSE HT-302 Intermediate DAVID WILLSON