Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber crime &_info_security

570 views

Published on

cyber crime & information security is most famous in the world..day by day increase cyber crime in internet world. that see. the detail about of cyber security.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Cyber crime &_info_security

  1. 1. CYBER CRIME & INFORMATION “Aut viam inveniam aut faciam ” Hannibal Barca SECURITY
  2. 2. DO YOU KNOW? there is 10 kinds of people in the world , those that know they've been hacked and those that don't. 2
  3. 3. DISCLAIMER(S) • The opinion here represented are my personal ones and do not necessary reflect my employers views. • Registered brands belong to their legitimate owners. • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with actual laws (hopefully...) :) 3
  4. 4. REFERENCES • Information and resources from Internet were extensively used for the creation of this presentation. 4
  5. 5. BEFORE WE START • Why are we here? • Interactive Session…. • Get the maximum out of this session. 5
  6. 6. CONTENTS INTRODUCTION INFORMATION SECURITY INFORMATION SECURITY INFORMATION SECURITY CONCLUSION 6
  7. 7. OBJECTIVE • To take you from the “don’t know” state to “know” state. 7
  8. 8. 3 UPCOMING DOMAINS • The 3 upcoming technology areas (Triple-S – 3S) 8
  9. 9. 3 UPCOMING DOMAINS • The 3 upcoming technology areas (Triple-S – 3S). • Synchronize (Collaboration) • Store (Storage), • Secure – (Security) • Its challenging • You need to have the “stuff” 9
  10. 10. SCOPE – SECURITY PRO • Almost all the major / critical networks like: • Defense, • Communication, • Financial, • Infra networks, (Power Grids,) • anywhere & everywhere.... 10
  11. 11. THE MONEY FACTOR 11
  12. 12. FINANCIALS – SKILLED “PRO” • Average hourly rate – $40 – $60 • Skilled Security Pro’s – $100 – $120 - $150 • 100 X 8 hrs = 800 • 800 X 5 days = 4000 • 4000 X 4 weeks = 16,000 • $ 16,000 to INR (Rs 50) = 8,00,000 12
  13. 13. # IT‘S A LONG JOURNEY Always remember - you cannot master everything in a single day or through a single course "Be not afraid of growing slowly, be afraid of standing still" 13
  14. 14. INTERNET – THE BIG PICTURE • World wide internet usage (2008) - 694 Million • World wide internet usage ( Jun 2010) - 1.97 Billion • World wide internet usage ( Dec, 31 2011) - 6,930,055,154 (6.93 Billion) 14
  15. 15. EMAIL – THE BIG PICTURE • 107 trillion – Emails sent on the Internet (2010) • 294 billion – Average # of email messages per day. • 1.88 billion – # of email users worldwide. • 89.1% – The share of emails that were spam. • 262 billion – The number of spam emails per day 15
  16. 16. POSSIBILITIES? So what are the possibilities when you get connected? 16
  17. 17. THE BIGGER PICTURE • 6.93 Billion users can communicate with your system or • Your system can communicate with 6.93 Billion users. 17
  18. 18. THE BIGGER PICTURE • Out of the 6.93 Billion, some can rattle your door to your computer to see if it is locked or not • locked – Its fine • not locked – not fine 18
  19. 19. CAN YOU HANDLE IT? • Out of the 1.8 Billion, if 1% connects to your system, what will happen? • 1 % = ? 19
  20. 20. # DO YOU REMEMBER CAT 2K9? 20
  21. 21. # CASE STUDY 21
  22. 22. # CASE STUDY • The most powerful and costliest (physics) experiment ever built • 5000 high power magnets arranged in a 27 km giant tunnel. • will re-create the conditions present in the Universe just after the Big Bang • Large Hadron Collider (LHC) • CERN - European Organization for Nuclear Research • Hacked on 10 Sep 08 22
  23. 23. # CASE STUDY 23
  24. 24. CASE STUDY 24
  25. 25. CASE STUDY 25
  26. 26. VICTIMS 26
  27. 27. VICTIMS 27
  28. 28. VICTIMS 28
  29. 29. WHAT’S THE LATEST HAPPENING? • What’s happening in the Indian Web Space? • 14 Aug – Independence day of Pakistan • Underground cracking groups • http://www.pakcyberarmy.net/ • http://www.pakhaxors.com/forum.php 29
  30. 30. WHAT’S THE LATEST HAPPENING? • The Two Pakistani Cracker Groups reportedly defaced a dozen of Indian Websites including: • http://mallyainparliament.in/ and • http://malegaonkahero.com/ 30
  31. 31. What’s the latest happening? 31
  32. 32. EVEN THE PM WAS NOT SPARED 32
  33. 33. WHAT’S THE LATEST HAPPENING? • 15 Aug 2010 • In return an Indian underground group called as Indian Cyber Army (http://indishell.in) defaced around 1226 websites of Pakistan. 33
  34. 34. CASE STUDY – SONY OWNED • 1 million passwords exposed • 25 million entertainment users Info @ Risk • More than 20,000 credit card and bank account numbers @ Risk • Initial attack – leak of over 70 million accounts from Sony’s Playstation Network Ref: - http://www.wired.com/gamelife/2011/05/sony-online-entertainment-hack/ 34
  35. 35. CASE STUDY – SONY OWNED •LulzSec - The Hacker Group - Statement: “Why do you put such faith in a company that allows itself to become open to these simple attacks?“ • Your clients trust your network? Ref: - http://www.thedailybeast.com/cheat-sheet/item/sony-hacked-again/tech/# 35
  36. 36. WHO IS THIS? 36
  37. 37. ARE WE AFFECTED? 37
  38. 38. ARE WE AFFECTED? • India – The largest democracy in the world. • Election / Voting – The heart of this democracy • Is this voting secure? • Indian Electronic Voting Machines are Vulnerable • Mr Hariprasad – Arrested on 22 Aug 2011 • http://indiaevm.org/ 38
  39. 39. BOT TAKEDOWN • 11 Nov 2011 – Biggest Botnet Takedown ever • Operation Ghost Click – by FBI • Raided two data centers in Chicago and NY. • Command and Control (C&C) Center consisting of more than 100 servers • Combined Operation - Trend Micro, Mandiant, Neustar, Spamhaus and the University of Alabama at Birmingham's computer forensics research group. Reference: http://computerworld.co.nz/news.nsf/security/feds-lead-biggest-botnet-takedown-ever-end-massive-clickjack-fraud 39
  40. 40. BOT TAKEDOWN Vladimir Tsastsin, CEO of Rove Digital 40
  41. 41. VODAFONE GREECE SCANDAL • 100+ VIP mobile subscribers have been eavesdropped. (Govt members, Defence officials including Greek PM, Foreign Minister, Defence Minister, etc) 41
  42. 42. TELECOM CASE STUDY? • Also known as SISMI-Telecom scandal • Uncovered in 2006 • Surveillance scandal believed to have begun in 1996, under which more than 5,000 persons phones were tapped 42
  43. 43. TELECOM CASE STUDY? 43
  44. 44. 44
  45. 45. LORDS OF DHARMARAJA • United States-China Economic and Security Review Commission(USCC) • Tactical Network for Cellular Surveillance (TANCS) • Escrow • Source code of Norton Antivirus 45
  46. 46. NO BOUNDERIES • What does this mean? • Internet = No boundaries • You(r network) could be the next target 46
  47. 47. TRADITIONAL SECURITY CONCEPT Protecting the resources by locking it under the lock and key 47
  48. 48. CURRENT SECURITY CONCEPT • Security is a state of well being • Security is all about being prepared for the unexpected. 48
  49. 49. DIGITAL ATTACKS & CYBER CRIMES • What is a Cyber Crime? “Any criminal activity that uses a computer either as an: • instrument or tool, • Target, or • as a means / incidental to crime for committing crimes” 49
  50. 50. DIFFERENCE • Physical Presence • Can be performed without revealing your identity. • White Collar Crime • Faster crime execution • Remote execution 50
  51. 51. VICTIMS • Naïve computer users • Greedy people • Users who are not aware about the latest mode of cyber crimes. 51
  52. 52. # CREDIT & DEBIT CARDS? • How many of you use credit cards? • What is the trust factor here? 52
  53. 53. # CASE STUDY • Crackers / Intruders have broken into Web servers owned by domain registrar and hosting provider Network Solutions, planting rogue code that resulted in the compromise of more than 573,000 debit and credit card accounts over a period of three months 53
  54. 54. CASE STUDY 54
  55. 55. SSL Image Source: http://www.awghost.com/images/ssl-cert.jpg 55
  56. 56. SSL • Replaced by TLS • Protects the communication by encryption • Data is secure in-transit. • But: • Is it secure at the client side? • Is it secure at the server side? 56
  57. 57. # CREDIT & DEBIT CARDS? 57
  58. 58. # HACKING • What’s the image that comes to your mind when you hear about “hacker” or “hacking”? 58
  59. 59. BEFORE WE START…. 59
  60. 60. # HACKING • Commonly defined in the media as: “Illegal intrusion into a computer system without the permission of the computer owner/user” 60
  61. 61. # MISCONCEPTIONS • Most people associate hacking with breaking the law. • Assume that everyone who engages in hacking activities is a criminal 61
  62. 62. # HACKING 62
  63. 63. # HACKING Linux Penguin 63
  64. 64. # HACKING 64
  65. 65. BSD Daemon # HACKING 65
  66. 66. # HACKING 66
  67. 67. PERL Camel # HACKING 67
  68. 68. # HACKING 68
  69. 69. # HACKING Open Source Log 69
  70. 70. # HACKING So what is hacker’s logo? 70
  71. 71. # HACKING But what is hacking in its real sense? 71
  72. 72. # HACKING • The Glider • The mathematical game – The Game of Life. • http://en.wikipedia.org/wiki/Hacker_Emblem 72
  73. 73. # HACKER DEFINED HACKER (Originally, someone who makes furniture with an Ax. 73
  74. 74. # HACKER • Someone involved in computer security/insecurity • An enthusiastic home computer hobbyist • A programmer(ing) culture that originated in US academia in the 1960’s - nowadays closely related with open source / free software. 74
  75. 75. # HISTORY OF HACKING • Started off – MIT – Late 1950’s • Tech Model Rail Road club of MIT • Donated old telephone equipment • They re-worked & re-created a complex system that allowed multiple operators to control different parts of the track by dialing into the appropriate sections. 75
  76. 76. # hacking & open source 76
  77. 77. # THEY CALLED IT HACKING They called this new and inventive use of telephone equipment hacking 77
  78. 78. # HACKER EVOLUTION • The conventional boundaries were broken also at MIT Rail Road Club. 78
  79. 79. # DO YOU KNOW HIM? • Often known as “Programmer's programmer” • Creator of Ghostscript, Open Source implementation of the PostScript language. • Founder of Aladdin Enterprises • Authored or co-authored various RFCs - RFC 190, RFC 446, RFC 550, RFC 567, RFC 606, RFC 1950, RFC 1951 and RFC 79 1952
  80. 80. # DO YOU KNOW HIM? • Dr. L. Peter Deutsch • Started programming at the age of 11. • He was accepted to the MIT Rail Road club at the age of 12 when he demonstrated his knowledge of the TX-0 and his desire to learn. 80
  81. 81. # TX-0 • Fully transistorized computer • Transistorized Experimental computer zero • TX-0 - affectionately referred to as tixo (pronounced "tix oh") 81
  82. 82. # SHORT-PANT HACKER • Age • Race, • Gender, • Appearance, • Academic degrees, and • Social status were defied in search for free information 82
  83. 83. Know the difference between a cracker and a hacker. # HACKING 83
  84. 84. CRACKING & PIRACY Cracking – Criminal Hacking • Pirated Software - Objectives • Opening your doors for the attackers 84
  85. 85. DENIAL OF SERVICE (DOS) ATTACKS Flooding the bandwidth of the victim's network so that he cannot use the internet or other services or Spamming the victim mail box 85
  86. 86. DENIAL OF SERVICE ATTACKS • DoS Attacks possible at the application layer. • Succeed by starving a system of critical resources, vulnerability exploit, or abuse of functionality. • DoS at the application layer may target the web server, database server or an authentication server 86
  87. 87. DO YOU KNOW? 87
  88. 88. DO YOU KNOW? 88
  89. 89. WWW.MEGAUPLOAD.COM • Megaupload Limited • Used to provide file hosting / storing and viewing services. • Hong Kong Based - started in 2005 • Founder – Kim Dotcom • Domain name seized and shut down by US on 19 Jan 2012. 89
  90. 90. DO YOU KNOW? 90
  91. 91. WWW.MEGAUPLOAD.COM • The shut down led to a DoS attacks on websites belonging to US Govt and Copyright organizations. • Anonymous Launches #OpMegaupload, "Largest Attack Ever on Government and Music Industry Sites" • In Retaliation for Action Against Megaupload.Com 91
  92. 92. LOIC • #OpMegaupload - Anonymous used Low Orbit Ion Cannon (LOIC) to take its targets offline is the • http://sourceforge.net/projects/loic/ 92
  93. 93. TYPES OF DOS • DoS - Simple DoS • DDoS – Distributed Denial of Service Attack • DRDoS – Distributed Reflective Denail of Service Attack. 93
  94. 94. MALWARE FAMILY  • Malware • Spyware • Adware • Scareware • Scamware • Virus • Worm • Trojan 94
  95. 95. MOBILE MAINFRAME & MALWARE • 15 millions cell phones sold a month. • 509 million cell phones in use • Larger than US as a telephone market 95
  96. 96. MOBILE MAINFRAME & MALWARE • Spreading via Bluetooth, MMS & Sending SMS messages • Infecting files and Stealing data • Enabling remote control of the smartphone • Installing "fake" or non-working fonts and applications • Combating antivirus programs • Installing other malicious programs • Locking memory cards 96
  97. 97. MOBILE MAINFRAME & MALWARE • Spreading via removable media (memory sticks) • Damaging user data • Disabling operating system security mechanisms • Downloading other files from the Internet • Calling paid services • Polymorphism 97
  98. 98. MOBILE MAINFRAME & MALWARE Source: http://www.securelist.com/en/analysis?pubid=204792080 98
  99. 99. MOBILE MAINFRAME & MALWARE 99
  100. 100. MOBILE CRIMES • PAN – Blue-Tooth • Switch it off when not in use – why? • Insecure, • Used for Pairing • Can be used for something which you can’t even think of…… 100
  101. 101. MOBILE PHONE CRIMES • What is 11/3 or 11-M • Series of coordinated bombings against the Cercanías (commuter train) system of Madrid, Spain on the morning of 11 March 2004 (three days before Spain's general elections), killing 191 people and wounding 1,755 101
  102. 102. 11/3 or 11-M • Mobile phones were used. • Do not allow strangers to make calls from your mobile – your phone could be detonating a bomb. 102
  103. 103. CREDIT CARD FRAUDS • 3 Information required for payment • Credit Card Number • Expiry Date • Card Verification Value Code (CVV) 103
  104. 104. SKIMMERS • Used to steam credit card information • Easily available in the black market for cheap rates 104
  105. 105. • Hotel – Access Cards • Booking and Stay Info. • May also provide the attacker: • Address / Identify Proof • Credit Card Details • SMART CARDS 105
  106. 106. SPOOFING • One computer in the network acting as another to gain access to other resources on the network 106
  107. 107. PORNOGRAPHY • Pornography - The first consistently successful ecommerce product. • Case Study - Bazee.com – CEO Arrest • We all are responsible 107
  108. 108. PEDOPHILES • Sexual attraction to children by an adult 108
  109. 109. CHAT CRIMES When chat rooms are used for carrying out Digital Attacks and Cyber crimes. • Hackers & Criminals meeting and attacking • Cyber stalking – giving phone numbers publically • https://opindia.posterous.com/pages/anony mous-irc 109
  110. 110. ***SHING •Phishing •Smishing •Vishing 110
  111. 111. PHISHING • Technique of pulling out confidential information from the bank/financial institutional account holders by deceptive means 111
  112. 112. PHISHING 112
  113. 113. PHISHING 113
  114. 114. PHISHING 114
  115. 115. PHISHING 115
  116. 116. PHISHING 116
  117. 117. PHISHING 117
  118. 118. SMISHING • SMiShing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. • SMiShing is short for "SMS phishing." 118
  119. 119. VISHING • Vishing is the criminal practice of using social engineering and Voice over IP (VoIP) to gain access to private personal and financial information from the public for the purpose of financial reward. 119
  120. 120. NET EXTORTION • Copying / Encrypting the company's confidential data in order to extort huge money 120
  121. 121. CYBER STALKING • Cyber Stalking - The criminal follows the victim by sending mails, entering chat rooms, etc • Cyber Defamation -disgruntled employee, ex-boy friend against girls, divorced husbands against wife • Cyber Threatening - Sends threatening emails / messages to the victim. 121
  122. 122. SALAMI ATTACK • Criminal makes insignificant changes in such a manner that such changes would go unnoticed. 122
  123. 123. SALE OF BANNED ITEMS • Narcotic Sale - Sale of banned drugs through the internet. • Endangered Species / Animals – Sale through internet. • Other Banned items like Elephant Trunks , Skins of animals likes Leopard / Tiger, etc 123
  124. 124. NIGERIAN SCAM • Mail claiming you will get money 124
  125. 125. DUMPSTER DIVING 125
  126. 126. DUMPSTER DIVING • Practice of sifting through commercial or residential trash to find items that have been discarded by their owners, but which may be useful to the attacker. 126
  127. 127. WAR DRIVING 127
  128. 128. WAR DRIVING • Also called access point mapping • The act of locating and possibly exploiting connections to wireless LANs while driving around a city or elsewhere. 128
  129. 129. WAR DRIVING • You need • a vehicle, • a laptop, • a wireless Ethernet card (promiscuous mode), and • an antenna 129
  130. 130. ATTACK ON NETWORK SERVICES Some of the common network services / protocols: • FTP • SSH • LDAP • SMTP 130
  131. 131. CRYPTOGRAPHIC ATTACKS • Attack on cryptographic systems. • Example: Cold Boot Attack 131
  132. 132. CLOUD BASED ATTACKS • One of the best platform for launching an attack. • Power • Certain level of anonymity • Scalability • A 64 node Linux cluster can be online in just five minutes 132

×