SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

990 views

Published on

Keynote at SecTor 2011 in Toronto / Mikko Hypponen, F-Secure

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
990
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

  1. 1. ONLINE ATTACKS AND ESPIONAGEBY NATION-STATESMikko HypponenCRO, F-Secure Corp twitter.com/mikkoProtecting the irreplaceable | f-secure.com
  2. 2. Fake News? Hacked News site?
  3. 3. 6es7-417
  4. 4. Duqu
  5. 5. Connects to 206.183.111.97aka canoyragomez.rapidns.com
  6. 6. Protecting the irreplaceable | f-secure.com
  7. 7. Protecting the irreplaceable | f-secure.com
  8. 8. 21
  9. 9. Document Exploit CodeEXE DOC Filling
  10. 10. 28
  11. 11. 29
  12. 12. Little financial incentive to target:• Supporters of Tibet• Members of Falun Dafa / Falun Kong• Supporters of the Uighur minorities• Supporters of Inner Mongolian minorities
  13. 13. Data from Messagelabs / Symantec study
  14. 14. Case Agent.BTZ
  15. 15. • 48
  16. 16. • 49
  17. 17. Our desire for success islike wolfs desire for blood.We work together against theenemy like a pack of wolves.
  18. 18. Poison ivy, gh0st rat, zwshell
  19. 19. 20 October, 2011
  20. 20. How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on its own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
  21. 21. Funky hosts? • Some actual hosts weve seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
  22. 22. From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
  23. 23. PATCH, PATCH, PATCH GET RID OF ADOBE READERADD TRAPS TO YOUR FIREWALLSHOPE THAT THEY DON’T TARGET YOU
  24. 24. ONLINE ATTACKS AND ESPIONAGEBY NATION-STATESMikko HypponenCRO, F-Secure Corp twitter.com/mikkoProtecting the irreplaceable | f-secure.com

×