SlideShare a Scribd company logo
1 of 96
Download to read offline
Public Release for
HES 2011 delegates




             From the good, old hacking days to
                      good
                   nowadays cybercrime:
                     what happened??
                             A presentation by Raoul Chiesa
                             Senior Advisor, on Cybercrime

       United Nations - Interregional Crime and Justice Research Institute (UNICRI)

                                   HES 2011 – Hackito Ergo Sum
                                      Key Note Talk Day
                                      K N t T lk - D 3

                                         Paris, April 9th 2011
Disclaimer


●   The information contained in this presentation does not break any
    intellectual property, nor does it provide detailed information that
    may be in conflict with recent controversial French laws.

●   Registered brands belong to their legitimate owners.

●   The opinion here represented are my personal ones and do not
    necessary reflect the United Nations nor UNICRI or ENISA and
    ENISA’s
    ENISA’ PSG views.
                  i
Agenda
# whois
Introduction and Key Concepts
Yesterday’s h ki
Y t d ’ hacking VS today’s crime
                   t d ’     i
Hacking eras and Hacker’s generations
Cybercrime
Hackers…
Profiling the enemy: the Hackers Profiling Project (HPP)
Hacking, today: Underground Economy
What’s next? The Dark Links
Cybercrime: the responses
Conclusions
#whois
Who am I?
Raoul “Nobody” Chiesa

•   Old-school Hacker from 1986 to 1995
•   Infosec Professional since 1997 @ Mediaservice.net
•   OSSTMM Key Contributor; HPP Project Manager; ISECOM
                   y            ;         j         g ;
    International Trainer
•   Co-founder of CLUSIT, Italian Computer Security Association
    (CLUSI* : Belgium, France, Luxembourg, Switzerland)
•   Member of TSTF.net – Telecom Security Task Force, APWG,
    ICANN, etc
•   I work worldwide (so I don’t get bored ;)
•   My areas of interest: Pentesting, SCADA/DCS/PLC National
                             Pentesting SCADA/DCS/PLC,
    Critical Infrastructures, Security R&D+Exploiting weird stuff, ,
    Security People, X.25, PSTN/ISDN, Hackers Profiling,
    Cybercrime, Information Warfare, Security methodologies,
    vertical Trainings.




•   Basically, I do not work in this field just to get my salary
    every month and pay the home/car/whatever loan: I really
    love it ☺
UNICRI


                   What is UNICRI?

United Nations Interregional Crime & Justice Research Institute

A United Nations entity established in 1968 to support countries
worldwide in crime prevention and criminal justice

UNICRI carries out applied research, training,           technical
cooperation and documentation / information activities

UNICRI disseminates information and maintains contacts with
professionals and experts worldwide

Emerging Crimes Unit (ECU): cyber crimes, counterfeiting,
environmental crimes, trafficking in stolen works of art…


Fake Bvlgari &Rolex, but also     Guess how they update each others?
                       Water systems with “sensors”…
 Viagra & Cialis (aka SPAM)             Email, chat&IM, Skype…
Conficker (December 2009)
Stuxnet (December 2010)
Talk for the next
year ;)
UNICRI & Cybercrime


     Overview on UNICRI projects
         against cybercrime

    Hackers Profiling Project (HPP)


    SCADA & NCI s security
            NCI’s


    Digital Forensics and digital investigation
                        SCADA Security
    techniques

    Cybersecurity Trainings at the UN Campus
2011
Strategic relationships and Information-sharing
      Networks, in order to fight cybercrime
                              g    y
Along the years we have been able to build a network of special relationships and direct
contacts with the following organizations, working towards specific areas of interest and
shared research topics:
(this li t i
(thi list is may not complete due to NDAs)
                   t     l t d t NDA )




                 Slide or text not supplied with the Public Release of this
                   talk: you should have attended HES 2011 to see this!
Yesterday
         y
and today’s
  Hacking
Crime->Yesterday

    “Every new technology, opens the door to new criminal approaches”.

•   The relationship between technologies and criminality has always been –
    since the very beginning – characterized by a kind of “competition” between
    the good and the bad guys, just like cats and mice.

•   As an example, at the beginning of 1900, when cars appeared, the “bad
    guys” started stealing them (!)

•   ….the police, in order to contrast the phenomenon, defined the mandatory
    use of car plates…

•   ….and the thieves began stealing the car plates from the cars (and/or
    falsifying them).
Crime->Today:Cybercrime
•   Cars have been substituted by information

                    You got the information, you got the power..

    (at least, in politics, in the business world, in our personal relationships…)

•   Simply p , this happens because the “information” can be transformed at once
        p y put,       pp
    into “something else”:
    Competitive advantage (reputation)
    Sensible/critical information (blackmailing)
                                  (           g)
    Money

•   … that’s why all of us we want to “be secure”.
                                       be secure

•   It’s not by chance that it’s named “IS”: Information Security ☺
Hacking eras &
         g
Hackers’ generations
Things changed…

First generation (70’s) was inspired by the need for
knowledge
Second generation (1980-1984) was driven by curiosity plus
the knowledge starving: the only way to learn OSs was to hack
them; later (1985-1990) hacking becomes a trend.
The Third one (90’s) was simply pushed by the anger for
hacking, meaning a mix of addiction, curiosity, learning new
stuff, hacking IT systems and networks, exchanging info
with the underground community Here we saw new concepts
                     community.
coming, such as hacker’s e-zines (Phrack, 2600 Magazine)
along with BBS
Fourth generation (2000-today) is driven by angerness and
                       (2000 today)
money: often we can see subjects with a very low know-how,
thinking that it’s “cool & bragging” being hackers, while they are
not interested in hacking & phreaking history, culture and
ethics. Here hacking meets with politics (cyber-hacktivism) or       €,
                                                                     € $
with the criminal world (cybercrime).
Cybercrime: why?


• QUESTION:
   – May we state that cybercrime – along with its many, many aspects and
     views – can be ranked as #1 in rising trend and global diffusion ?

• ANSWER(S):
• Given that all of you are attendees and speakers here today, I would say
  that
  th t we already are on the right track i order t analyze the problem ☺
           l    d          th i ht t    k in d to       l    th      bl

• Nevertheless, some factors exist for which the spreading of
  “e-crime-based” attacks relays.

• Let’s take a look at them.
Reasons/1

• 1. There are new users, more and more
  every day: this means the total amount of
       y y                                      Thanks to broadband...
                                                          broadband
  potential victims and/or attack vectors is
  increasing.


• 2. Making money, “somehow and straight        WW Economical
  away”.
      y                                         crisis…


• 3. Technical know-how public availability &   0-days, Internet
                                                distribution system /
  ready-to-go, even when talking about
                                                Black Markets
  average-high skills: that’s what I name
  “hacking p et à po te
    ac g pret-à-porter”
Darkness DDoS botnet
Reasons/2


•   4. It s
    4 It’s extremely easy to recruit “idiots” and set up groups molding those adepts
                                      idiots             groups,
    upon the bad guy’s needs (think about e-mules)              Newbies, Script Kiddies


•   5. “They will never bust me”            Psycology, Criminology


•   6.
    6 Lack of violent actions                Psycology and Sociology
What the heck is changed then??

What’s really changed is the attacker’s
typology
From “bored teens”, doing it for “hobby
and curiosity” (obviously: during night,
pizza hut s
pizza-hut’s box on the floor and cans of
Red Bull)….
...to teenagers and adults not
           g
mandatory “ICT” or “hackers”: they just
do it for the money.
What’s changed is the attacker’s
profile, along with its justifications,
motivations and reasons.
Let’s have a quick test!


                                           25
Hackers in their environment
“Professionals”
There’s a difference: why?

• Why were the guys in the first slide hackers,
  and the others professionals ?

• Because of the PCs ?

• Because of their “look” ?

• Due to the environments surrounding them ?

• Because of the “expression on their faces” ?
Surprise!
  Everything has changed


• Erroneus media information pushed
  “normal people” minds to run this
          p p
  approach

• Today, sometimes the professionals are
  the real criminals, and hackers “the
  good guys … (Telecom Italia Scandal,
        guys”…
  Vodafone Greece Affair, etc…)
Some more examples…



 Sells pens and                                                Sys Admin
 toner on e-bay                                              erasing log files
that he steals at                                                  after
      work.                                                   downloading
                                                             movies all night.
                                        Forwards
                                      emails from
                                       boss to her
                                     reporter friend
                                     ever since she
                                     didn t
                                     didn't get that
                                         bonus.




                    Laughing with
                     a friend over
                       corporate
                      photos she                        Changing the
                    found on your                      timestamps on
                     unprotected                        tax records to
                    wi-fi network.
                    wi fi network                       prepare for an
                                                             audit.
                                                                                 30
Understanding Hackers


• It’ extremely important th t we understand the so-called
  It’s t      l i     t t that      d t d th          ll d
  “hacker’s behaviours”
   – Don’t limit yourself to analyse attacks and intrusion techniques: let’s analyze
     Don t                                                             let s
     their social behaviours


• Try to identify those not-written rules of hacker’s subculture


• Explore hacker’s social organization


• Let’s zoom on those existing links between hacking and
  organized crime
Welcome to HPP
The Hackers Profiling Project (HPP)



                         Hackers

The term hacker has been heavily misused since the 80’s;
since the 90’ the mainstream h
 i     h 90’s, h       i        have used i to j if every
                                         d it  justify
kind of “IT crime”, from lame attacks to massive DDoS


 Lamers,   script-kiddies,   industrial    spies,   hobby
 hackers….for the mass, they are all the same


 From a business point of view, companies don’t clearly
 know who they should be afraid of To them they’re all
                                 of.        they re
 just “hackers”
The Hackers Profiling Project (HPP)




              Hackers: a blurred image

         Yesterday: hacking was an emerging
                 y         g           g g
         phenomenon – unknown to people &
         ignored by researchers

         Today: research carried out in “mono”: →
                                         mono :
         one type of hacker: ugly (thin, myopic),
         bad (malicious, destructive, criminal
         purposes) and “dirty” (asocial, without
         ethics,
         ethics anarchic)

         Tomorrow (HPP is the future): inter-
         disciplinary     studies     that merge
         criminology and information security →
         different typologies of hackers
The Hackers Profiling Project (HPP)


                       HPP purposes
       Analyse the hacking phenomenon in its several
       aspects    (technological,  social,   economic)
       through technical and criminological approaches

        Understand the different       motivations   and
        identify the actors involved

        Observe those true criminal actions “in the
        field”

        Apply the profiling methodology to collected
        data (4W: who, where, when, why)


        Acquire and disseminate knowledge
The Hackers Profiling Project (HPP)




        Project phases – starting: September 2004
           j    p               g    p


1 – Theoretical collection:                5 – Gap analysis:
                                                  p     y
                                           of data from: questionnaire, honey-
Questionnaire
                                           net, existing literature

2 – Observation:                           6 – HPP “live” assessment
                                                     live
Participation in IT underground security   of profiles and correlation of modus
events                                     operandi through data from phase 4

3 - Filing:                                7 – Final profiling:
Database for elaboration/classification    Redefinition/fine-tuning of hackers
of data (phase 1)                          profiles used as “de-facto” standard
4 - Live collection:                       8 – Diffusion of the model:
Highly customised, new generation          elaboration of results, publication of
Honey-net systems                          the methodology, raising awareness
The Hackers Profiling Project (HPP)


                          Project phases - detail
      PHASE              CARRIED OUT            DURATION        NOTES
  1 – Theoretical                                            Distribution on
                        YES          ON-GOING   16 months
     collection                                               more levels
                                                             From different
  2 – Observation       YES          ON-GOING
                                     ON GOING   24 months
                                                             points of view
                                                               The hardest
     3 – Filing                ON-GOING         21 months
                                                                 phase
                                                              The funniest
4 – “Live” collection   TO BE COMMENCED         21 months
                                                                phase ☺
     5 – Gap &                YET TO COME       18 months    The Next Thing
                                                                          g
Correlation Analysis
     6 – “Live”                                              The biggest part
                               PENDING          16 months
   Assessment                                                 of the Project
 7 – Final Profiling           PENDING          12 months     “Satisfaction”
                                                               Satisfaction
8 – Diffusion of the                                         Methodology’s
                               PENDING          GNU/FDL ;)
       model                                                 public release
The Hackers Profiling Project (HPP)



            Profiling Hackers – the book
The Hackers Profiling Project (HPP)




          Evaluation and correlation standards

Modus Operandi (MO)                      Hacking career

Lone hacker or as a
member of a group                        Principles of the hacker's ethics
                                               p


Motivations                              Crashed or damaged systems

                                         Perception of the illegality of
Selected targets
                                         their own activity

Relationship between                     Effect of laws convictions and
                                                   laws,
motivations and targets                  technical difficulties as a deterrent
The Hackers Profiling Project (HPP)

       Detailed analysis and correlation of
                profiles – table #1
The Hackers Profiling Project (HPP)




                                      ?
The Hackers Profiling Project (HPP)

                               Detailed analysis and correlation of profiles – table #2
                           OFFENDER ID                LONE / GROUP HACKER         TARGET                    MOTIVATIONS /
                                                                                                            PURPOSES

Wanna Be Lamer             9-16 years                 GROUP                       End-User                  For fashion, It’s “cool” => to
                           “I would like to be a                                                            boast and brag
                           hacker, but I can’t”
Script Kiddie              10-18 years                GROUP: but they act alone   SME / Specific security   To give vent of their anger /
                           The script boy                                         flaws                     attract mass-media
                                                                                                            attention
Cracker                    17-30 years                LONE                        Business company          To demonstrate their powe
                           The destructor, burned                                                           / attract mass-media
                           ground                                                                           attention
Ethical Hacker             15-50
                           15 50 years                LONE /                      Vendor / Technology       For curiosity (to learn) and
                           The “ethical” hacker’s     GROUP (only for fun)                                  altruistic purposes
                           world
Quiet, Paranoid, Skilled   16-40 years                LONE                        On necessity              For curiosity (to learn) =>
Hacker                     The very specialized and                                                         egoistic purposes
                           paranoid attacker
Cyber-Warrior              18-50 years                LONE                        “Symbol” business         For profit
                           The soldier, hacking for                               company / End-User
                           money
Industrial Spy             22-45 years                LONE                        Business company /        For profit
                           Industrial espionage                                   Corporation
Government Agent           25-45 years                LONE / GROUP                Government / Suspected    Espionage/
                           CIA, Mossad, FBI, etc.                                 Terrorist/                Counter-espionage
                                                                                  Strategic company/        Vulnerability test
                                                                                  Individual                Activity-monitoring
Military Hacker            25-45 years                LONE / GROUP                Government / Strategic    Monitoring /
                                                                                  company                   controlling /
                                                                                                            crashing systems
Ok Raoul…
so what ?!?
Hacking, today

                                Numbers

  285 million records compromised in 2008 (source: Verizon 2009 Data Breach
Investigations Report)
 2 Billion of US dollars: that’s RBN’s 2008 turnover
 +80 MLN of US$: IMU’s 2010 Turn Over
                 IMU s
 3 Billion of Euros: worldwide Cybercrime turnover in 2010 (?)
 +148% increasing in ATM frauds: more than 500 000 000 € business each
                                                  500.000.000
year, just in Europe (source: ENISA “ATM Crime Report 2009”)
 .......bla bla bla


 Uh ?!?    RBN ?      WTH??
RBN

Russian Business Network
It’s not that easy to explain what it is...
First of all, cybercrime IRL means:
     Phishing & co
     Malware (rogue AVs, driven-by attacks, fake mobile games, + standard
   stuff)
     Frauds & Scams
     DDoS Attacks
     DD S Att k
     Digital Paedophilia (minors rather than <10 children pornography )
     Generic Porn (who would bother for 10 bucks lost??)
     On-line games (those fake web sites)
RBN & phishing

 David Bizeul (Head of CERT at Societe Generale, France) wrote an excellent study on
RBN. One page was so interesting:
           p g                 g
http://194.146.207.18/config
storage_send_interval="600" config_file ="$_2341234.TMP" storage_file ="$_2341233.TMP" www_domains_list =
"pageshowlink.com" redirector_url ="citibusinessonline.da-us.citibank.com /cbusol/uSignOn.do {www}
/usa/citibusiness.php
/usa/citibusiness php 2 0 3" redirector url = "*fineco it /fineco/PortaleLogin {www} /it/fineco.php 2 0 3"
                            3 redirector_url    fineco.it                            /it/fineco php     3
redirector_url = "onlineid.bankofamerica.com /cgi-bin/sso.login.controller* {www} /usa/boa_pers/sso.login.php
2 0 2" redirector_url = "onlinebanking-nw.bankofamerica.com /login.jsp* {www} /usa/boa_pers/sso.login.php
2 0 2" redirector_url = "online.wellsfargo.com /signon* {www} /usa/wellsfargo.php 2 0 2" redirector_url =
"ibank barclays co uk /olb/*/LoginPasscode do {www} /uk/barc/LoginPasscode php 2 0 2" redirector url =
 ibank.barclays.co.uk /olb/ /LoginPasscode.do             /uk/barc/LoginPasscode.php         2 redirector_url
"*ebank.hsbc.co.uk /servlet/com.hsbc.ib.app.pib.logon.servlet.OnLogonVerificationServlet {www}
/uk/hsbc/hsbc.php 2 0 2" redirector_url = "online*.lloydstsb.* /miheld.ibc {www} /uk/lloyds/lloyds.php 2 0 2"
redirector_url = "*halifax-online.co.uk /_mem_bin/UMLogonVerify.asp {www} /uk/halifax.co.uk.php 2 0 3"
redirector_url olb2.nationet.com /signon/SinglePageSignon wp1 asp*
redirector url = "olb2 nationet com /signon/SinglePageSignon_wp1.asp {www} /uk/nationwide.php 2 0 3"
                                                                                  /uk/nationwide php       3
redirector_url = "webbank.openplan.co.uk /core/webbank.asp {www} /uk/woolwich.co.uk.php 2 0 3" #DE
redirector_url = "meine.deutsche-bank.de /mod/WebObjects/dbpbc.woa/* {www}
/de/deutsche-bank.de/login.php 2 0 3" redirector_url = "banking.postbank.de /app/login.prep.do* {www}
/de/postbank/postbank.de.php
/de/postbank/postbank de php 2 0 3" redirector url = "portal*.commerzbanking.de /P-
                                     3 redirector_url portal commerzbanking de /P
Portal/XML/IFILPortal/pgf.html* {www} /de/commerzbanking/login.php 2 0 2" redirector_url = "www.dresdner-
privat.de /servlet/P/SSA_MLS_PPP_INSECURE_P/pinLogin.do {www} /de/dresdner-privat/pers.php 2 0 3"
redirector_url = "www.dresdner-privat.de /servlet/N/SSA_MLS_PPP_INSECURE_N/pinLogin.do {www}
/de/dresdner privat/corp.php
/de/dresdner-privat/corp php 2 0 3 3"
What about the other IP
addresses?
RBN’s model
Underground
     g
 Economy
“Cybercriminals”
UE


Underground Economy is the concept thanks to which we will not experience
anymore – in the next future – “bank robbings”

Nowadays the ways in order to fraud and steal money are SO MANY. And, the
world is just full of unexperienced, not-educated users.

What is needed is to “clean” the money: money laundering. They need the
                                     y      y          g     y
mules.
UE: the approach


1.
1    Basics: Malware and Botnets
      Create the malware, build the botnet

2.   Identity theft
      Stealing personal and financial credentials (e-banking)

3.   Running the e-crime
              g
      i.e.: e-Banking attacks and e-commerce frauds (Ebay docet)

4.   Money laundering
      Setup money laundering’s networks
UE Business Model
UE Cooperation Model


         Cybercrime Group
Surprise....


This was happening last time one year ago
                                      ago.

Now there’s IMU (Innovative Marketing Ukraine) and other “spare” organized
crime gangs.

So, they’ve changed their business model (!)
Who’s beyond ?

 Next slides will contain images from real
Law Enforcement operations, as well as
undercover operations.

 Please, stop video recording, no pictures
and….DO
and DO NOT DO THIS AT HOME ! ;)

 Thanks.
 Thanks
Carding 101




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Who lays behind
this ?




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Slide or text not supplied with the Public Release of this
  talk: you should have attended HES 2011 to see this!
The organizational
model
Who’s beyond?




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Who’s beyond ?




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Slide or text not supplied with the Public Release of this
  talk: you should have attended HES 2011 to see this!
Who’s beyond?
Early
                          Arrests

    Markus Kellerer aka
        Matrix001                   Renu Subramaniam aka
                                            JiLsi
& Five Others, May 2007-Oct.
           2007                           July 2007
                                             y
         Germany                       United Kingdom
        Co-Founder                        Founder
Max Butler, aka Iceman
September 2007
San Francisco/Richmond
Founder of CardersMarket
$86 Million in actual Fraud Loss
Who’s beyond?




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Who’s beyond?




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Chi c’è dietro ?




   Slide or text not supplied with the Public Release of this
     talk: you should have attended HES 2011 to see this!
Who’s beyond?
Le feste per “i dealer”




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Girls, money, cars..




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Girls, money, cars..




  Slide or text not supplied with the Public Release of this
    talk: you should have attended HES 2011 to see this!
Videoclip Romania (2010)

Hi-Tech Crime Police Unit enters
    in ATM Skimmer factory
Some more bad guys…
                   g y


NOTE: the following slides will NOT be published

NOTE: PLEASE DO NOT SHOOT ANY PICTURES
Global Trail of an Online Crime Ring


  “Agents connected the ICQ user name to
   Agents connected the ICQ user name to 
  an e‐mail address at a Russian‐based 
  Internet provider…
  Internet provider ”




  “Open sources can provide up to 90% of the information
  needed to meet most U.S. intelligence needs” -- Deputy
  Director of National Intelligence, Thomas Fingar
                              g    ,           g
                                                   Image: NY Times

                                                                     81
Cybercriminals
We must investigate the Disease, not just the Symptoms
        Malware is extensively reverse engineered --




      Slide or text not supplied with the Public Release of this
        talk: you should have attended HES 2011 to see this!




   Yet the organizations that release it are often ignored
                                                   ignored…

                                                                   82
This is the end,my friends
                                Final toughts
 The hacking world has not always been linked to those true criminal actions.
 Those researches carried out until now, have not properly snapshot the
hacking world and its “tunings”.
                       tunings
 At the same time, nowaday’s hacking is moving (transforming?) towards crime.
And, different elements began working together (see next slides).
  Cybercrime and Underground Economy problem is not “a tech-people issue”:
rather, it is an issue for ALL of us, representing an impact on the countries’
ecosystem that could reveal itself as devastating.
 Also, forget fighting cybercrime on your own: you just can’t.
 That s
 That’s why my last slides are on cybercrime’s answers and VTFs (Virtual Task
                                  cybercrime s
Forces).
What’s next? The Dark Links
Human Organs trafficking

 September 2010, Asti (North-West of Italy)

 Police was eavesdropping on phone calls from and to the “Capo dei Capi” of a
Nigerian gang, specialized in cloned credit cards and elite cars theft.

 In one of this calls, a guy said to the Boss: “the Kidneys are ready”.

 So,
 So what we have here? Organized Crime “buying” Human Organs from Nigeria –
                                          buying
using the money gathered from cybercrime – then selling into EU (!).
Coke for cards?

 March/May 2010, Turin (North-West of Italy)
 Turin has got the biggest Romania s community of Italy
                           Romania’s              Italy.
 We also have a very big Nigeria’s community.

 Historically, Romenian gangs drive the business of ATM skimmers…
            y,          g g
 …and Nigerian the Cocaine business.

 After a joined FBI/US Secret Service/Interpol/Italian Postal Police operation, the
         j                                 p                          p
Romanians decided to “sell” the business to Nigerians.
 Cloned cards were paid with Cocaine.

 This happens because the Romenians also run the prostitutes business…
 …and, prostitute’s customers want coke as well.

 Compared to these guys, S
 C      d     h          Scarface was nearly a kid
                             f            l
Cybercrime: the answers
• Cybercrime is typically a transnational crime, borderless, that includes so
  many actors and different roles.
• That’s why you just can’t think about a single answer.

• Instead, it is necessary to think and act in a distributed approach, creating
  Virtual Task Forces (VTFs).

• It is essential the collaboration among Law Enforcement, Internet
  community, Finance sector, ISPs and carriers (voice & data), vertical groups, in
  order to identify a specific group, malware or facilitator.

• From the investigative point of view, challenges are the following:
      Analyze the malware
      Map the infrastructure
        p
      Eavesdrop/Intercept/Sniff the communication and/or the links
      Explore the executed attacks
      Identify the developers and its crime-rings
                                      crime-rings.
Vertical Groups & VTFs
•   That’s why, along these years, Vertical Groups have been raised,
    among which we can list the following:
       Team Cymru
       APWG –Anti Phishing Working Group
       IEEE-SA
       Shadow Server Foundation
       UNICRI – Emerging Crimes Unit
       Host Exploit
       Cyberdefcon
       ………..
•   …working along with :
       INTERPOL
       EUROPOL
       “Hi-Tech Crimes” groups into each National LEAs
While..you better watch
out!
Must-read books / 1

During the different phases of bibliography research, the Authors have made reference (also) to the following publications and on-line
resources:
●   H.P.P. Questionnaires 2005-2011
Kingpin: How One Hacker Took over The Billion Dollar Cyber Crime Underground, Kevin Poulsen, Crown Publishers, 2011
●



●   Fatal System Error: the Hunt for the new Crime Lords who are bringing down the Internet, Joseph Menn, Public Affairs, 2010
           y                                                         g g                   ,     p      ,               ,
●   Stealing the Network: How to 0wn a Continent, (an Identity), (a Shadow) (V.A.), Syngress Publishing, 2004, 2006, 2007
●   Stealing the Network: How to 0wn the Box, (V.A.), Syngress Publishing, 2003
●Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, Suelette Dreyfus, Random House
        g                    g,                                                 ,             y ,
Australia, 1997
●   The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, DoubleDay (1989), Pocket (2000)
●   Masters of Deception: the Gang that Ruled Cyberspace, Michelle Stalalla & Joshua Quinttner, Harpercollins, 1995
●   Kevin Poulsen, Serial Hacker, Jonathan Littman, Little & Brown, 1997
●   Takedown, John Markoff and Tsutomu Shimomura, Sperling & Kupfler, (Hyperion Books), 1996
●   The Fugitive Game: online with Kevin Mitnick, Jonathan Littman, Little & Brown, 1997
●   The Art of Deception, Kevin D. Mitnick & William L. Simon, Wiley, 2002
●   The Art of Intrusion, Kevin D. Mitnick & William L. Simon, Wiley, 2004
●   @ Large: the Strange Case of the World’s Biggest Internet Invasion, Charles Mann & David Freedman, Touchstone, 1998
Must-read books / 2

The Estonia attack: Battling Botnets and online Mobs, Gadi Evron, 2008 (white paper)
●


Who is “n3td3v”?, by Hacker Factor Solutions, 2006 (white paper)
●                  y                               (      p p )
Mafiaboy: How I cracked the Internet and Why it’s still broken, Michael Calce with Craig Silverman, 2008
●


The Hacker Diaries: Confessions of Teenage Hackers, Dan Verton, McGraw-Hill Osborne Media, 2002
●


Cyberpunk: Outlaws and Hackers on the Computer Frontier, Katie Hafner, Simon & Schuster, 1995
●


Cyber Adversary Characterization: auditing the hacker mind, Tom Parker, Syngress, 2004
●


Inside the SPAM Cartel: trade secrets from the Dark Side, by Spammer X, Syngress, 2004
●


Hacker Cracker, Ejovu Nuwere with David Chanoff, Harper Collins, 2002
●


Compendio di criminologia, P ti G., Raffaello C ti
C
●     di       i i l i Ponti G R ff ll Cortina, 1991
●Criminalità da computer, Tiedemann K., in Trattato di criminologia, medicina criminologica e psichiatria forense, vol.X, Il
cambiamento delle forme di criminalità e devianza, Ferracuti F. (a cura di), Giuffrè, 1988
●United Nations Manual on the Prevention and Control of Computer-related Crime, in International Review of
Criminal Policy – Nos 43 and 44
                  Nos.
●Criminal Profiling: dall’analisi della scena del delitto al profilo psicologico del criminale, Massimo Picozzi, Angelo
Zappalà, McGraw Hill, 2001
● Deductive Criminal Profiling: Comparing Applied Methodologies Between Inductive and Deductive Criminal

Profiling Techniques, Turvey B., Knowledge Solutions Library, January, 1998
        g       q   ,      y ,          g                  y,       y,
●Malicious Hackers: a framework for Analysis and Case Study, Laura J. Kleen, Captain, USAF, US Air Force Institute of
Technology
●Criminal Profiling Research Site. Scientific Offender Profiling Resource in Switzerland. Criminology, Law,
Psychology, Täterpro
Must-read books / 3


●   Profiling Hackers: the Science of Criminal Profiling as applied to the World of Hacking
●   ISBN: 978-1-4200-8693-5-90000
And...a gift for you all here! ☺




●   Get your own, FREE copy of “F3” (Freedom from
●Fear, the United Nations magazine) issue #7,
totally focused on Cybercrimes!



DOWNLOAD:
DOWNLOAD
●



●   www.FreedomFromFearMagazine.org

●   Or, email me and I will send you the full PDF (10MB)
Q
      Questions?

                           Contacts, Q&A


           Raoul Chiesa

   E-mail: chiesa@UNICRI.it

          Thanks folks!


 UNICRI Cybercrime Home Page:
         y                g                    http://www.unicri.it
http://www.unicri.it/emerging_crimes/cybercrime/

More Related Content

What's hot

Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Digital citizenship
Digital citizenship Digital citizenship
Digital citizenship groot83
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentPositive Hack Days
 
Digital Responsibility: towards a new world order ?
Digital Responsibility: towards a new world order ?Digital Responsibility: towards a new world order ?
Digital Responsibility: towards a new world order ?University of Geneva
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA (European Emergency Number Association)
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure OutPeter Hoddie
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSmart Assessment
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
189 Remote Alarm - Simple Disposable Cellphone based
189 Remote Alarm - Simple Disposable Cellphone based189 Remote Alarm - Simple Disposable Cellphone based
189 Remote Alarm - Simple Disposable Cellphone basedChief Innovation
 
Social Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersSocial Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
 
CS101- Introduction to Computing- Lecture 40
CS101- Introduction to Computing- Lecture 40CS101- Introduction to Computing- Lecture 40
CS101- Introduction to Computing- Lecture 40Bilal Ahmed
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of nortonspkiely
 
Hacking and Civic Hacking
Hacking and Civic HackingHacking and Civic Hacking
Hacking and Civic HackingDiego Donaggio
 
Cyber crime Introduction
Cyber crime Introduction Cyber crime Introduction
Cyber crime Introduction Vinil Patel
 

What's hot (17)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
hackers
hackershackers
hackers
 
Digital citizenship
Digital citizenship Digital citizenship
Digital citizenship
 
Sovereignty in Cyberspace
Sovereignty in CyberspaceSovereignty in Cyberspace
Sovereignty in Cyberspace
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
 
Digital Responsibility: towards a new world order ?
Digital Responsibility: towards a new world order ?Digital Responsibility: towards a new world order ?
Digital Responsibility: towards a new world order ?
 
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
EENA 2021: Keynote – Open-Source Intelligence (OSINT) for emergency services ...
 
IoT is Something to Figure Out
IoT is Something to Figure OutIoT is Something to Figure Out
IoT is Something to Figure Out
 
Security Challenges in Emerging Technologies
Security Challenges in Emerging TechnologiesSecurity Challenges in Emerging Technologies
Security Challenges in Emerging Technologies
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
189 Remote Alarm - Simple Disposable Cellphone based
189 Remote Alarm - Simple Disposable Cellphone based189 Remote Alarm - Simple Disposable Cellphone based
189 Remote Alarm - Simple Disposable Cellphone based
 
Social Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by AttackersSocial Engineering 101: Don't Get Manipulated by Attackers
Social Engineering 101: Don't Get Manipulated by Attackers
 
CS101- Introduction to Computing- Lecture 40
CS101- Introduction to Computing- Lecture 40CS101- Introduction to Computing- Lecture 40
CS101- Introduction to Computing- Lecture 40
 
Stop in the name of norton
Stop in the name of nortonStop in the name of norton
Stop in the name of norton
 
Hacking and Civic Hacking
Hacking and Civic HackingHacking and Civic Hacking
Hacking and Civic Hacking
 
Cyber crime Introduction
Cyber crime Introduction Cyber crime Introduction
Cyber crime Introduction
 

Similar to HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Underground Economy

ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
 
nullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark linksnullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark linksn|u - The Open Security Community
 
article cybersecurity must B2B metaverse
article cybersecurity must B2B metaversearticle cybersecurity must B2B metaverse
article cybersecurity must B2B metaverseMext Metaverse
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its PreventionDinesh O Bareja
 
Geek Is Good Innovation In The Networked Society Cp Mexico 09
Geek Is Good   Innovation In The Networked Society Cp Mexico 09Geek Is Good   Innovation In The Networked Society Cp Mexico 09
Geek Is Good Innovation In The Networked Society Cp Mexico 09Carlos Domingo
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxOxfordRiNorth
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionBharat Thakkar
 
E crime thesis Cyber Crime and its several types
E crime thesis  Cyber Crime and its several typesE crime thesis  Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesAssignment Studio
 
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers:  HPP V2.0 reloadedDefCamp 2013 - Peering in the Soul of Hackers:  HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloadedDefCamp
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentationwremes
 

Similar to HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Underground Economy (20)

ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
nullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark linksnullcon 2010 - Corporate Security and Intelligence – the dark links
nullcon 2010 - Corporate Security and Intelligence – the dark links
 
article cybersecurity must B2B metaverse
article cybersecurity must B2B metaversearticle cybersecurity must B2B metaverse
article cybersecurity must B2B metaverse
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Hacking And Its Prevention
Hacking And Its PreventionHacking And Its Prevention
Hacking And Its Prevention
 
Geek Is Good Innovation In The Networked Society Cp Mexico 09
Geek Is Good   Innovation In The Networked Society Cp Mexico 09Geek Is Good   Innovation In The Networked Society Cp Mexico 09
Geek Is Good Innovation In The Networked Society Cp Mexico 09
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptxTopic-2.2_InfoPrivacy-IT-Ethics.pptx
Topic-2.2_InfoPrivacy-IT-Ethics.pptx
 
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
 
Forensics Expo, London 2015
Forensics Expo, London  2015Forensics Expo, London  2015
Forensics Expo, London 2015
 
Course on Ehtical Hacking - Introduction
Course on Ehtical Hacking - IntroductionCourse on Ehtical Hacking - Introduction
Course on Ehtical Hacking - Introduction
 
E crime thesis Cyber Crime and its several types
E crime thesis  Cyber Crime and its several typesE crime thesis  Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
 
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers:  HPP V2.0 reloadedDefCamp 2013 - Peering in the Soul of Hackers:  HPP V2.0 reloaded
DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Computer Crime Essay
Computer Crime EssayComputer Crime Essay
Computer Crime Essay
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
 
Brucon presentation
Brucon presentationBrucon presentation
Brucon presentation
 

More from Hackito Ergo Sum

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHackito Ergo Sum
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHackito Ergo Sum
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHackito Ergo Sum
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHackito Ergo Sum
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHackito Ergo Sum
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHackito Ergo Sum
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHackito Ergo Sum
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHackito Ergo Sum
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHackito Ergo Sum
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHackito Ergo Sum
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7Hackito Ergo Sum
 
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...Hackito Ergo Sum
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHackito Ergo Sum
 

More from Hackito Ergo Sum (13)

HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talkHES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
HES 2011 - Gal Diskin - Binary instrumentation for hackers - Lightning-talk
 
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - StackjackingHES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
HES2011 - Jon Oberheide and Dan Rosenberg - Stackjacking
 
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profitHES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
HES2011 - Gabriel Gonzalez - Man In Remote PKCS11 for fun and non profit
 
HES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you canHES2011 - Sebastien Tricaud - Capture me if you can
HES2011 - Sebastien Tricaud - Capture me if you can
 
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum CrackmeHES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
HES2011 - Eloi Vanderbeken - Hackito Ergo Sum Crackme
 
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe ShockwaveHES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
HES2011 - Aaron Portnoy and Logan Brown - Black Box Auditing Adobe Shockwave
 
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on LinuxHES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
HES2011 - Jon Larimer - Autorun Vulnerabilities on Linux
 
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARFHES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
HES2011 - James Oakley and Sergey bratus-Exploiting-the-Hard-Working-DWARF
 
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor PerspectiveHES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
HES2011 - joernchen - Ruby on Rails from a Code Auditor Perspective
 
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X SandboxHES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
HES2011 - Richard Johnson - A Castle Made of Sand Adobe Reader X Sandbox
 
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
HES2011 - Tarjei Mandt – Kernel Pool Exploitation on Windows 7
 
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
HES2011 - Yuval Vadim Polevoy – Money Is In The Eye Of The Beholder: New And ...
 
HES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet YouHES2011 - Itzik Kolter - Let me Stuxnet You
HES2011 - Itzik Kolter - Let me Stuxnet You
 

Recently uploaded

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 

Recently uploaded (20)

Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 

HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Underground Economy

  • 1. Public Release for HES 2011 delegates From the good, old hacking days to good nowadays cybercrime: what happened?? A presentation by Raoul Chiesa Senior Advisor, on Cybercrime United Nations - Interregional Crime and Justice Research Institute (UNICRI) HES 2011 – Hackito Ergo Sum Key Note Talk Day K N t T lk - D 3 Paris, April 9th 2011
  • 2. Disclaimer ● The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with recent controversial French laws. ● Registered brands belong to their legitimate owners. ● The opinion here represented are my personal ones and do not necessary reflect the United Nations nor UNICRI or ENISA and ENISA’s ENISA’ PSG views. i
  • 3. Agenda # whois Introduction and Key Concepts Yesterday’s h ki Y t d ’ hacking VS today’s crime t d ’ i Hacking eras and Hacker’s generations Cybercrime Hackers… Profiling the enemy: the Hackers Profiling Project (HPP) Hacking, today: Underground Economy What’s next? The Dark Links Cybercrime: the responses Conclusions
  • 6. Raoul “Nobody” Chiesa • Old-school Hacker from 1986 to 1995 • Infosec Professional since 1997 @ Mediaservice.net • OSSTMM Key Contributor; HPP Project Manager; ISECOM y ; j g ; International Trainer • Co-founder of CLUSIT, Italian Computer Security Association (CLUSI* : Belgium, France, Luxembourg, Switzerland) • Member of TSTF.net – Telecom Security Task Force, APWG, ICANN, etc • I work worldwide (so I don’t get bored ;) • My areas of interest: Pentesting, SCADA/DCS/PLC National Pentesting SCADA/DCS/PLC, Critical Infrastructures, Security R&D+Exploiting weird stuff, , Security People, X.25, PSTN/ISDN, Hackers Profiling, Cybercrime, Information Warfare, Security methodologies, vertical Trainings. • Basically, I do not work in this field just to get my salary every month and pay the home/car/whatever loan: I really love it ☺
  • 7. UNICRI What is UNICRI? United Nations Interregional Crime & Justice Research Institute A United Nations entity established in 1968 to support countries worldwide in crime prevention and criminal justice UNICRI carries out applied research, training, technical cooperation and documentation / information activities UNICRI disseminates information and maintains contacts with professionals and experts worldwide Emerging Crimes Unit (ECU): cyber crimes, counterfeiting, environmental crimes, trafficking in stolen works of art… Fake Bvlgari &Rolex, but also Guess how they update each others? Water systems with “sensors”… Viagra & Cialis (aka SPAM) Email, chat&IM, Skype…
  • 8.
  • 9.
  • 12. Talk for the next year ;)
  • 13. UNICRI & Cybercrime Overview on UNICRI projects against cybercrime Hackers Profiling Project (HPP) SCADA & NCI s security NCI’s Digital Forensics and digital investigation SCADA Security techniques Cybersecurity Trainings at the UN Campus
  • 14. 2011
  • 15. Strategic relationships and Information-sharing Networks, in order to fight cybercrime g y Along the years we have been able to build a network of special relationships and direct contacts with the following organizations, working towards specific areas of interest and shared research topics: (this li t i (thi list is may not complete due to NDAs) t l t d t NDA ) Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 16. Yesterday y and today’s Hacking
  • 17. Crime->Yesterday “Every new technology, opens the door to new criminal approaches”. • The relationship between technologies and criminality has always been – since the very beginning – characterized by a kind of “competition” between the good and the bad guys, just like cats and mice. • As an example, at the beginning of 1900, when cars appeared, the “bad guys” started stealing them (!) • ….the police, in order to contrast the phenomenon, defined the mandatory use of car plates… • ….and the thieves began stealing the car plates from the cars (and/or falsifying them).
  • 18. Crime->Today:Cybercrime • Cars have been substituted by information You got the information, you got the power.. (at least, in politics, in the business world, in our personal relationships…) • Simply p , this happens because the “information” can be transformed at once p y put, pp into “something else”: Competitive advantage (reputation) Sensible/critical information (blackmailing) ( g) Money • … that’s why all of us we want to “be secure”. be secure • It’s not by chance that it’s named “IS”: Information Security ☺
  • 19. Hacking eras & g Hackers’ generations
  • 20. Things changed… First generation (70’s) was inspired by the need for knowledge Second generation (1980-1984) was driven by curiosity plus the knowledge starving: the only way to learn OSs was to hack them; later (1985-1990) hacking becomes a trend. The Third one (90’s) was simply pushed by the anger for hacking, meaning a mix of addiction, curiosity, learning new stuff, hacking IT systems and networks, exchanging info with the underground community Here we saw new concepts community. coming, such as hacker’s e-zines (Phrack, 2600 Magazine) along with BBS Fourth generation (2000-today) is driven by angerness and (2000 today) money: often we can see subjects with a very low know-how, thinking that it’s “cool & bragging” being hackers, while they are not interested in hacking & phreaking history, culture and ethics. Here hacking meets with politics (cyber-hacktivism) or €, € $ with the criminal world (cybercrime).
  • 21. Cybercrime: why? • QUESTION: – May we state that cybercrime – along with its many, many aspects and views – can be ranked as #1 in rising trend and global diffusion ? • ANSWER(S): • Given that all of you are attendees and speakers here today, I would say that th t we already are on the right track i order t analyze the problem ☺ l d th i ht t k in d to l th bl • Nevertheless, some factors exist for which the spreading of “e-crime-based” attacks relays. • Let’s take a look at them.
  • 22. Reasons/1 • 1. There are new users, more and more every day: this means the total amount of y y Thanks to broadband... broadband potential victims and/or attack vectors is increasing. • 2. Making money, “somehow and straight WW Economical away”. y crisis… • 3. Technical know-how public availability & 0-days, Internet distribution system / ready-to-go, even when talking about Black Markets average-high skills: that’s what I name “hacking p et à po te ac g pret-à-porter”
  • 24. Reasons/2 • 4. It s 4 It’s extremely easy to recruit “idiots” and set up groups molding those adepts idiots groups, upon the bad guy’s needs (think about e-mules) Newbies, Script Kiddies • 5. “They will never bust me” Psycology, Criminology • 6. 6 Lack of violent actions Psycology and Sociology
  • 25. What the heck is changed then?? What’s really changed is the attacker’s typology From “bored teens”, doing it for “hobby and curiosity” (obviously: during night, pizza hut s pizza-hut’s box on the floor and cans of Red Bull)…. ...to teenagers and adults not g mandatory “ICT” or “hackers”: they just do it for the money. What’s changed is the attacker’s profile, along with its justifications, motivations and reasons. Let’s have a quick test! 25
  • 26. Hackers in their environment
  • 28. There’s a difference: why? • Why were the guys in the first slide hackers, and the others professionals ? • Because of the PCs ? • Because of their “look” ? • Due to the environments surrounding them ? • Because of the “expression on their faces” ?
  • 29. Surprise! Everything has changed • Erroneus media information pushed “normal people” minds to run this p p approach • Today, sometimes the professionals are the real criminals, and hackers “the good guys … (Telecom Italia Scandal, guys”… Vodafone Greece Affair, etc…)
  • 30. Some more examples… Sells pens and Sys Admin toner on e-bay erasing log files that he steals at after work. downloading movies all night. Forwards emails from boss to her reporter friend ever since she didn t didn't get that bonus. Laughing with a friend over corporate photos she Changing the found on your timestamps on unprotected tax records to wi-fi network. wi fi network prepare for an audit. 30
  • 31. Understanding Hackers • It’ extremely important th t we understand the so-called It’s t l i t t that d t d th ll d “hacker’s behaviours” – Don’t limit yourself to analyse attacks and intrusion techniques: let’s analyze Don t let s their social behaviours • Try to identify those not-written rules of hacker’s subculture • Explore hacker’s social organization • Let’s zoom on those existing links between hacking and organized crime
  • 33. The Hackers Profiling Project (HPP) Hackers The term hacker has been heavily misused since the 80’s; since the 90’ the mainstream h i h 90’s, h i have used i to j if every d it justify kind of “IT crime”, from lame attacks to massive DDoS Lamers, script-kiddies, industrial spies, hobby hackers….for the mass, they are all the same From a business point of view, companies don’t clearly know who they should be afraid of To them they’re all of. they re just “hackers”
  • 34. The Hackers Profiling Project (HPP) Hackers: a blurred image Yesterday: hacking was an emerging y g g g phenomenon – unknown to people & ignored by researchers Today: research carried out in “mono”: → mono : one type of hacker: ugly (thin, myopic), bad (malicious, destructive, criminal purposes) and “dirty” (asocial, without ethics, ethics anarchic) Tomorrow (HPP is the future): inter- disciplinary studies that merge criminology and information security → different typologies of hackers
  • 35. The Hackers Profiling Project (HPP) HPP purposes Analyse the hacking phenomenon in its several aspects (technological, social, economic) through technical and criminological approaches Understand the different motivations and identify the actors involved Observe those true criminal actions “in the field” Apply the profiling methodology to collected data (4W: who, where, when, why) Acquire and disseminate knowledge
  • 36. The Hackers Profiling Project (HPP) Project phases – starting: September 2004 j p g p 1 – Theoretical collection: 5 – Gap analysis: p y of data from: questionnaire, honey- Questionnaire net, existing literature 2 – Observation: 6 – HPP “live” assessment live Participation in IT underground security of profiles and correlation of modus events operandi through data from phase 4 3 - Filing: 7 – Final profiling: Database for elaboration/classification Redefinition/fine-tuning of hackers of data (phase 1) profiles used as “de-facto” standard 4 - Live collection: 8 – Diffusion of the model: Highly customised, new generation elaboration of results, publication of Honey-net systems the methodology, raising awareness
  • 37. The Hackers Profiling Project (HPP) Project phases - detail PHASE CARRIED OUT DURATION NOTES 1 – Theoretical Distribution on YES ON-GOING 16 months collection more levels From different 2 – Observation YES ON-GOING ON GOING 24 months points of view The hardest 3 – Filing ON-GOING 21 months phase The funniest 4 – “Live” collection TO BE COMMENCED 21 months phase ☺ 5 – Gap & YET TO COME 18 months The Next Thing g Correlation Analysis 6 – “Live” The biggest part PENDING 16 months Assessment of the Project 7 – Final Profiling PENDING 12 months “Satisfaction” Satisfaction 8 – Diffusion of the Methodology’s PENDING GNU/FDL ;) model public release
  • 38. The Hackers Profiling Project (HPP) Profiling Hackers – the book
  • 39. The Hackers Profiling Project (HPP) Evaluation and correlation standards Modus Operandi (MO) Hacking career Lone hacker or as a member of a group Principles of the hacker's ethics p Motivations Crashed or damaged systems Perception of the illegality of Selected targets their own activity Relationship between Effect of laws convictions and laws, motivations and targets technical difficulties as a deterrent
  • 40. The Hackers Profiling Project (HPP) Detailed analysis and correlation of profiles – table #1
  • 41. The Hackers Profiling Project (HPP) ?
  • 42. The Hackers Profiling Project (HPP) Detailed analysis and correlation of profiles – table #2 OFFENDER ID LONE / GROUP HACKER TARGET MOTIVATIONS / PURPOSES Wanna Be Lamer 9-16 years GROUP End-User For fashion, It’s “cool” => to “I would like to be a boast and brag hacker, but I can’t” Script Kiddie 10-18 years GROUP: but they act alone SME / Specific security To give vent of their anger / The script boy flaws attract mass-media attention Cracker 17-30 years LONE Business company To demonstrate their powe The destructor, burned / attract mass-media ground attention Ethical Hacker 15-50 15 50 years LONE / Vendor / Technology For curiosity (to learn) and The “ethical” hacker’s GROUP (only for fun) altruistic purposes world Quiet, Paranoid, Skilled 16-40 years LONE On necessity For curiosity (to learn) => Hacker The very specialized and egoistic purposes paranoid attacker Cyber-Warrior 18-50 years LONE “Symbol” business For profit The soldier, hacking for company / End-User money Industrial Spy 22-45 years LONE Business company / For profit Industrial espionage Corporation Government Agent 25-45 years LONE / GROUP Government / Suspected Espionage/ CIA, Mossad, FBI, etc. Terrorist/ Counter-espionage Strategic company/ Vulnerability test Individual Activity-monitoring Military Hacker 25-45 years LONE / GROUP Government / Strategic Monitoring / company controlling / crashing systems
  • 44. Hacking, today Numbers 285 million records compromised in 2008 (source: Verizon 2009 Data Breach Investigations Report) 2 Billion of US dollars: that’s RBN’s 2008 turnover +80 MLN of US$: IMU’s 2010 Turn Over IMU s 3 Billion of Euros: worldwide Cybercrime turnover in 2010 (?) +148% increasing in ATM frauds: more than 500 000 000 € business each 500.000.000 year, just in Europe (source: ENISA “ATM Crime Report 2009”) .......bla bla bla Uh ?!? RBN ? WTH??
  • 45. RBN Russian Business Network It’s not that easy to explain what it is... First of all, cybercrime IRL means: Phishing & co Malware (rogue AVs, driven-by attacks, fake mobile games, + standard stuff) Frauds & Scams DDoS Attacks DD S Att k Digital Paedophilia (minors rather than <10 children pornography ) Generic Porn (who would bother for 10 bucks lost??) On-line games (those fake web sites)
  • 46. RBN & phishing David Bizeul (Head of CERT at Societe Generale, France) wrote an excellent study on RBN. One page was so interesting: p g g http://194.146.207.18/config storage_send_interval="600" config_file ="$_2341234.TMP" storage_file ="$_2341233.TMP" www_domains_list = "pageshowlink.com" redirector_url ="citibusinessonline.da-us.citibank.com /cbusol/uSignOn.do {www} /usa/citibusiness.php /usa/citibusiness php 2 0 3" redirector url = "*fineco it /fineco/PortaleLogin {www} /it/fineco.php 2 0 3" 3 redirector_url fineco.it /it/fineco php 3 redirector_url = "onlineid.bankofamerica.com /cgi-bin/sso.login.controller* {www} /usa/boa_pers/sso.login.php 2 0 2" redirector_url = "onlinebanking-nw.bankofamerica.com /login.jsp* {www} /usa/boa_pers/sso.login.php 2 0 2" redirector_url = "online.wellsfargo.com /signon* {www} /usa/wellsfargo.php 2 0 2" redirector_url = "ibank barclays co uk /olb/*/LoginPasscode do {www} /uk/barc/LoginPasscode php 2 0 2" redirector url = ibank.barclays.co.uk /olb/ /LoginPasscode.do /uk/barc/LoginPasscode.php 2 redirector_url "*ebank.hsbc.co.uk /servlet/com.hsbc.ib.app.pib.logon.servlet.OnLogonVerificationServlet {www} /uk/hsbc/hsbc.php 2 0 2" redirector_url = "online*.lloydstsb.* /miheld.ibc {www} /uk/lloyds/lloyds.php 2 0 2" redirector_url = "*halifax-online.co.uk /_mem_bin/UMLogonVerify.asp {www} /uk/halifax.co.uk.php 2 0 3" redirector_url olb2.nationet.com /signon/SinglePageSignon wp1 asp* redirector url = "olb2 nationet com /signon/SinglePageSignon_wp1.asp {www} /uk/nationwide.php 2 0 3" /uk/nationwide php 3 redirector_url = "webbank.openplan.co.uk /core/webbank.asp {www} /uk/woolwich.co.uk.php 2 0 3" #DE redirector_url = "meine.deutsche-bank.de /mod/WebObjects/dbpbc.woa/* {www} /de/deutsche-bank.de/login.php 2 0 3" redirector_url = "banking.postbank.de /app/login.prep.do* {www} /de/postbank/postbank.de.php /de/postbank/postbank de php 2 0 3" redirector url = "portal*.commerzbanking.de /P- 3 redirector_url portal commerzbanking de /P Portal/XML/IFILPortal/pgf.html* {www} /de/commerzbanking/login.php 2 0 2" redirector_url = "www.dresdner- privat.de /servlet/P/SSA_MLS_PPP_INSECURE_P/pinLogin.do {www} /de/dresdner-privat/pers.php 2 0 3" redirector_url = "www.dresdner-privat.de /servlet/N/SSA_MLS_PPP_INSECURE_N/pinLogin.do {www} /de/dresdner privat/corp.php /de/dresdner-privat/corp php 2 0 3 3"
  • 47. What about the other IP addresses?
  • 49. Underground g Economy
  • 51. UE Underground Economy is the concept thanks to which we will not experience anymore – in the next future – “bank robbings” Nowadays the ways in order to fraud and steal money are SO MANY. And, the world is just full of unexperienced, not-educated users. What is needed is to “clean” the money: money laundering. They need the y y g y mules.
  • 52. UE: the approach 1. 1 Basics: Malware and Botnets Create the malware, build the botnet 2. Identity theft Stealing personal and financial credentials (e-banking) 3. Running the e-crime g i.e.: e-Banking attacks and e-commerce frauds (Ebay docet) 4. Money laundering Setup money laundering’s networks
  • 54. UE Cooperation Model Cybercrime Group
  • 55. Surprise.... This was happening last time one year ago ago. Now there’s IMU (Innovative Marketing Ukraine) and other “spare” organized crime gangs. So, they’ve changed their business model (!)
  • 56.
  • 57.
  • 58.
  • 59. Who’s beyond ? Next slides will contain images from real Law Enforcement operations, as well as undercover operations. Please, stop video recording, no pictures and….DO and DO NOT DO THIS AT HOME ! ;) Thanks. Thanks
  • 60. Carding 101 Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 61. Who lays behind this ? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 62. Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 64. Who’s beyond? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 65. Who’s beyond ? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 66. Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 68. Early Arrests Markus Kellerer aka Matrix001 Renu Subramaniam aka JiLsi & Five Others, May 2007-Oct. 2007 July 2007 y Germany United Kingdom Co-Founder Founder
  • 69. Max Butler, aka Iceman September 2007 San Francisco/Richmond Founder of CardersMarket $86 Million in actual Fraud Loss
  • 70.
  • 71.
  • 72. Who’s beyond? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 73. Who’s beyond? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 74. Chi c’è dietro ? Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 76. Le feste per “i dealer” Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 77. Girls, money, cars.. Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 78. Girls, money, cars.. Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this!
  • 79. Videoclip Romania (2010) Hi-Tech Crime Police Unit enters in ATM Skimmer factory
  • 80. Some more bad guys… g y NOTE: the following slides will NOT be published NOTE: PLEASE DO NOT SHOOT ANY PICTURES
  • 81. Global Trail of an Online Crime Ring “Agents connected the ICQ user name to Agents connected the ICQ user name to  an e‐mail address at a Russian‐based  Internet provider… Internet provider ” “Open sources can provide up to 90% of the information needed to meet most U.S. intelligence needs” -- Deputy Director of National Intelligence, Thomas Fingar g , g Image: NY Times 81
  • 82. Cybercriminals We must investigate the Disease, not just the Symptoms Malware is extensively reverse engineered -- Slide or text not supplied with the Public Release of this talk: you should have attended HES 2011 to see this! Yet the organizations that release it are often ignored ignored… 82
  • 83. This is the end,my friends Final toughts The hacking world has not always been linked to those true criminal actions. Those researches carried out until now, have not properly snapshot the hacking world and its “tunings”. tunings At the same time, nowaday’s hacking is moving (transforming?) towards crime. And, different elements began working together (see next slides). Cybercrime and Underground Economy problem is not “a tech-people issue”: rather, it is an issue for ALL of us, representing an impact on the countries’ ecosystem that could reveal itself as devastating. Also, forget fighting cybercrime on your own: you just can’t. That s That’s why my last slides are on cybercrime’s answers and VTFs (Virtual Task cybercrime s Forces).
  • 84.
  • 85. What’s next? The Dark Links
  • 86. Human Organs trafficking September 2010, Asti (North-West of Italy) Police was eavesdropping on phone calls from and to the “Capo dei Capi” of a Nigerian gang, specialized in cloned credit cards and elite cars theft. In one of this calls, a guy said to the Boss: “the Kidneys are ready”. So, So what we have here? Organized Crime “buying” Human Organs from Nigeria – buying using the money gathered from cybercrime – then selling into EU (!).
  • 87. Coke for cards? March/May 2010, Turin (North-West of Italy) Turin has got the biggest Romania s community of Italy Romania’s Italy. We also have a very big Nigeria’s community. Historically, Romenian gangs drive the business of ATM skimmers… y, g g …and Nigerian the Cocaine business. After a joined FBI/US Secret Service/Interpol/Italian Postal Police operation, the j p p Romanians decided to “sell” the business to Nigerians. Cloned cards were paid with Cocaine. This happens because the Romenians also run the prostitutes business… …and, prostitute’s customers want coke as well. Compared to these guys, S C d h Scarface was nearly a kid f l
  • 88. Cybercrime: the answers • Cybercrime is typically a transnational crime, borderless, that includes so many actors and different roles. • That’s why you just can’t think about a single answer. • Instead, it is necessary to think and act in a distributed approach, creating Virtual Task Forces (VTFs). • It is essential the collaboration among Law Enforcement, Internet community, Finance sector, ISPs and carriers (voice & data), vertical groups, in order to identify a specific group, malware or facilitator. • From the investigative point of view, challenges are the following: Analyze the malware Map the infrastructure p Eavesdrop/Intercept/Sniff the communication and/or the links Explore the executed attacks Identify the developers and its crime-rings crime-rings.
  • 89. Vertical Groups & VTFs • That’s why, along these years, Vertical Groups have been raised, among which we can list the following: Team Cymru APWG –Anti Phishing Working Group IEEE-SA Shadow Server Foundation UNICRI – Emerging Crimes Unit Host Exploit Cyberdefcon ……….. • …working along with : INTERPOL EUROPOL “Hi-Tech Crimes” groups into each National LEAs
  • 91.
  • 92. Must-read books / 1 During the different phases of bibliography research, the Authors have made reference (also) to the following publications and on-line resources: ● H.P.P. Questionnaires 2005-2011 Kingpin: How One Hacker Took over The Billion Dollar Cyber Crime Underground, Kevin Poulsen, Crown Publishers, 2011 ● ● Fatal System Error: the Hunt for the new Crime Lords who are bringing down the Internet, Joseph Menn, Public Affairs, 2010 y g g , p , , ● Stealing the Network: How to 0wn a Continent, (an Identity), (a Shadow) (V.A.), Syngress Publishing, 2004, 2006, 2007 ● Stealing the Network: How to 0wn the Box, (V.A.), Syngress Publishing, 2003 ●Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, Suelette Dreyfus, Random House g g, , y , Australia, 1997 ● The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, DoubleDay (1989), Pocket (2000) ● Masters of Deception: the Gang that Ruled Cyberspace, Michelle Stalalla & Joshua Quinttner, Harpercollins, 1995 ● Kevin Poulsen, Serial Hacker, Jonathan Littman, Little & Brown, 1997 ● Takedown, John Markoff and Tsutomu Shimomura, Sperling & Kupfler, (Hyperion Books), 1996 ● The Fugitive Game: online with Kevin Mitnick, Jonathan Littman, Little & Brown, 1997 ● The Art of Deception, Kevin D. Mitnick & William L. Simon, Wiley, 2002 ● The Art of Intrusion, Kevin D. Mitnick & William L. Simon, Wiley, 2004 ● @ Large: the Strange Case of the World’s Biggest Internet Invasion, Charles Mann & David Freedman, Touchstone, 1998
  • 93. Must-read books / 2 The Estonia attack: Battling Botnets and online Mobs, Gadi Evron, 2008 (white paper) ● Who is “n3td3v”?, by Hacker Factor Solutions, 2006 (white paper) ● y ( p p ) Mafiaboy: How I cracked the Internet and Why it’s still broken, Michael Calce with Craig Silverman, 2008 ● The Hacker Diaries: Confessions of Teenage Hackers, Dan Verton, McGraw-Hill Osborne Media, 2002 ● Cyberpunk: Outlaws and Hackers on the Computer Frontier, Katie Hafner, Simon & Schuster, 1995 ● Cyber Adversary Characterization: auditing the hacker mind, Tom Parker, Syngress, 2004 ● Inside the SPAM Cartel: trade secrets from the Dark Side, by Spammer X, Syngress, 2004 ● Hacker Cracker, Ejovu Nuwere with David Chanoff, Harper Collins, 2002 ● Compendio di criminologia, P ti G., Raffaello C ti C ● di i i l i Ponti G R ff ll Cortina, 1991 ●Criminalità da computer, Tiedemann K., in Trattato di criminologia, medicina criminologica e psichiatria forense, vol.X, Il cambiamento delle forme di criminalità e devianza, Ferracuti F. (a cura di), Giuffrè, 1988 ●United Nations Manual on the Prevention and Control of Computer-related Crime, in International Review of Criminal Policy – Nos 43 and 44 Nos. ●Criminal Profiling: dall’analisi della scena del delitto al profilo psicologico del criminale, Massimo Picozzi, Angelo Zappalà, McGraw Hill, 2001 ● Deductive Criminal Profiling: Comparing Applied Methodologies Between Inductive and Deductive Criminal Profiling Techniques, Turvey B., Knowledge Solutions Library, January, 1998 g q , y , g y, y, ●Malicious Hackers: a framework for Analysis and Case Study, Laura J. Kleen, Captain, USAF, US Air Force Institute of Technology ●Criminal Profiling Research Site. Scientific Offender Profiling Resource in Switzerland. Criminology, Law, Psychology, Täterpro
  • 94. Must-read books / 3 ● Profiling Hackers: the Science of Criminal Profiling as applied to the World of Hacking ● ISBN: 978-1-4200-8693-5-90000
  • 95. And...a gift for you all here! ☺ ● Get your own, FREE copy of “F3” (Freedom from ●Fear, the United Nations magazine) issue #7, totally focused on Cybercrimes! DOWNLOAD: DOWNLOAD ● ● www.FreedomFromFearMagazine.org ● Or, email me and I will send you the full PDF (10MB)
  • 96. Q Questions? Contacts, Q&A Raoul Chiesa E-mail: chiesa@UNICRI.it Thanks folks! UNICRI Cybercrime Home Page: y g http://www.unicri.it http://www.unicri.it/emerging_crimes/cybercrime/