Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybercrime Inc. v2.2

146 views

Published on

In this session we will discuss how technology evolution has allowed syndicate criminals to become organised criminal “corporations”. We will be looking at how the evolution of hacking and the cyber world is putting our society at risk. This presentation will be useful for people working in IT security or anyone with interest in cybercrime.

Published in: Internet
  • Be the first to comment

Cybercrime Inc. v2.2

  1. 1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. World Class z Specialists Cybercrime, Inc. Rui Miguel Feio – Technical Lead
  2. 2. Agenda • Evolution • The next-generation criminal organisation • The Cybercrime Inc. organisation • Adapt to the new • Examples • Technological targets • Hackers – The bread and butter • Taking security seriously (or not) • What can we do? • Conclusion • Questions
  3. 3. Introduction – Technical lead at RSM Partners – Been working with mainframes for the past 17 years – Started as an MVS Systems Programmer with IBM – Specialises in mainframe security – Experience in non-mainframe platforms as well – Been given presentations all over the world
  4. 4. Evolution
  5. 5. In the early years… not so long ago… Picture from the short movie “KUNG FURY”
  6. 6. In the early years… not so long ago… Technology • Phones • PC • Bulletin Board Systems • Internet The ‘curious bunch’ – Phreakers – Crackers – Hackers
  7. 7. Today…
  8. 8. In nowadays… Technology • Phones • PC • Internet • Smart phones • Tablets • Dark Web • Internet of Things (IoT) • Advent of Robotics ‘Curious bunch’ turned Pro – Phreakers – Crackers – Hackers – Carders – Nation-states – Intelligence Services – Hacktivists – Insiders – Organised Crime Groups
  9. 9. Internet, the new frontier • Tech evolution + Internet = New Business Opportunities – Individuals started online businesses – New major companies have been founded: • Google, Facebook, Yahoo, etc. – Existing business sectors turned online to increase their earnings: • Retail, financial, insurance, etc.
  10. 10. Society has also evolved… • The internet allowed the creation of new economic markets and opportunities • This new economic market has no borders • A market with hundreds of millions of users • An economic market worth… Trillions of Dollars, Euros, Pounds…!! • Many countries and companies are now dependent on this new economic market
  11. 11. Where there is money, there is crime! • Criminal gangs and organisations moved into the new economic market: – Started recruiting Hackers – Started devising new “business ideas” – Developed a “business plan” • Organised crime became professional in the new internet world.
  12. 12. Old boys in a new age • Traditional criminal organisations have ‘started’ cybercrime divisions: – Cosa Nostra (Italian Mafia) – Japanese Yakuza – Chinese Triads – Russian Mafia – Nigerian mobs – Mexican cartels – …
  13. 13. The next-generation of criminal organisation: CYBERCRIME INC.
  14. 14. Cybercrime Inc. • Highly profitable (it’s always about the money) • Low risk (anonymity and geographical location) • More efficient due to technology • Globally dispersed, with special concentration in: • Ukraine • China • Brazil • Russia • Indonesia • USA • Romania • Taiwan • Turkey • Bulgaria • India • Nigeria
  15. 15. Cybercrime Inc. • 80% of Hackers work with or are part of an organised crime group * • Highly organised • Deeply sophisticated: – Business approach – Towards the ‘client’ * 2014 study by the Rand Corporation
  16. 16. Cybercrime Inc. Use typical corporate strategies: – Creative financing – Global logistics – Supply chain management – ‘Workforce’ management – ‘Client’ needs – Business and market analysis
  17. 17. Cybercrime Inc. - Business model • Take advantage of ‘anonymous’ services to advertise and sell their ‘normal’ products and services online • Some of the new ‘business’ opportunities: • Identity theft • Intellectual property theft • Trade secrets • Industrial espionage • Sensitive data theft • Online extortion • Financial crime • Data manipulation
  18. 18. Cybercrime Inc. - Tactics used • Some of the tactics and methods used by Cybercrime Inc: – Phishing and spear phishing – Man-in-the-middle – Vulnerabilities – Trojan horse software – Spam – Botnets – Scareware – Ransomware – Malware – DoS and DDoS
  19. 19. The Cybercrime Inc. organisation
  20. 20. A typical business organisation CEO CFO Management Sales People CIO Management Researchers Developers Engineers QA Testers Tech Support HR Director CMO Management Distributors Affiliates
  21. 21. The Cybercrime Inc. organisation CEO (Boss) CFO (Underboss) Management (Lieutenant) Money Mules (Soldiers & Associates) CIO (Underboss) Management (Lieutenant) Researchers (Soldiers) Developers (Soldiers) Engineers (Soldiers) QA Testers (Soldiers) Tech Support (Soldiers) HR Director (Underboss) CMO (Underboss) Management (Lieutenant) Distributors (Soldiers) Affiliates (Associates)
  22. 22. Cybercrime Inc. – ‘Business’ roles (1) • Chief Executive Officer (CEO) – Boss – Responsible for decision making and overseeing operations • Chief Financial Officer (CFO) – Underboss – Deals with every financial aspect of the cybercrime org. • Chief Information Officer (CIO) - Underboss – Responsible for the IT infrastructure of the organization • Chief Marketing Officer (CMO) - Underboss – Designs effective advertising methods for products and services
  23. 23. Cybercrime Inc. – ‘Business’ roles (2) • Human Resources (HR) Director - Underboss – Recruits the criminal workforce for the organization • Management - Lieutenant – Responsible for managing the ‘criminal’ workforce • Researchers - Soldiers – Look for new exploits and ‘business’ opportunities • Developers & Engineers - Soldiers – The techies, aka the brains!
  24. 24. Cybercrime Inc. – ‘Business’ roles (3) • Quality Assurance (QA) Testers - Soldiers – Test all crimeware to ensure it bypasses any security measures of potential targets • Technical Support - Soldiers – Tech support to clients, affiliates and members of the organization • Affiliates - Associates – Drive potential clients to Cybercrime Inc.
  25. 25. Cybercrime Inc. – ‘Business’ roles (4) • Distributors – Soldiers – Help distribute malware • Money ‘Mule’ – Soldiers & Associates – Helps with the money laundering
  26. 26. Adapt to the new
  27. 27. Cybercrime Inc. – Adapts to the New • Constantly looking to innovate • Overcome obstacles • Meet market demands • Explore new ‘business’ opportunities • Use tools to help measure levels of success (e.g. Web analytics)
  28. 28. Hacking as a service
  29. 29. Some examples
  30. 30. Cybercrime Inc. – Innovative Inc. • Innovative Marketing Inc. (aka IMI) – Founded by Sam Jain and Daniel Sundin (HQ in Ukraine) – Developed scareware rogue security programs: • WinFixer • WinAntiVirus – Offices in 4 continents with hundreds of employees – Support centres in Ohio, Argentina and India – Marketed products under more than 1,000 different brands and in 9 languages – From 2002 to 2008 IMI generated hundreds of millions of dollars in profit.
  31. 31. Cybercrime Inc. – Innovative Inc. Photograph taken in 2003 BJORN DANIEL SUNDIN Wire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud DESCRIPTION Alias: David Sundin Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden Hair: Red Eyes: Hazel Height: 5'10" Weight: 136 pounds Sex: Male Race: White Occupation: Internet Entrepreneur Nationality: Swedish Languages: English, Swedish NCIC: W10511664 REWARD The FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin. REMARKS Sundin has ties to Sweden and the Ukraine. CAUTION Bjorn Daniel Sundin, along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrime scheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting in consumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed on
  32. 32. Cybercrime Inc. – RBN • Russian Business Network (aka RBN) – Registered as an internet site in 2006 – Based in St. Petersburg, Russia – Allegedly founded by the newphew of a powerful Russian politician – Specialises in: • Personal identity theft for resale • Provides web hosting and internet access to illegitimate activities • DoS attacks • Delivery of exploits via fake anti-spyware and anti-malware • Botnet
  33. 33. Cybercrime Inc. – Carbanak Group • The Carbanak Group – Discovered in early 2015 by Kaspersky Lab – Used an APT-style campaign targeting financial institutions – Aim to steal money from banks – Estimated $1 Billion dollars have been stolen in an attack against 100 banks and private customers – Targeted primarily Russia, United States, Germany, China and Ukraine
  34. 34. Cybercrime Inc. – Mexican Cartels • Mexican cartels: – Targeted foreign companies investing in or with presence in Mexico – Used internet to identify high-valued employees – Checked travel arrangements to Mexico – Replaced person at airport waiting for ’high-valued target’ – Kidnapped ’high-valued target’ – Demanded ransom
  35. 35. Cybercrime Inc. – Mexican Cartels
  36. 36. Technological Targets
  37. 37. Targeting - Mobility • Cybercrime Inc. is focusing on mobile devices: – Used by individuals on a day-to-day basis: • Online banking • Online shopping • Socialising • Emails • Store personal data • GPS – Can be easy to compromise and hack (e.g. install “rootkit” to gain control to all features of the mobile device)
  38. 38. Targeting – The Cloud • Cybercrime Inc. is focusing on The Cloud: – Network of computing resources available online – The Cloud can be used to store, manage and process information – Companies are outsourcing primary business functions using Cloud services – Critical and confidential data is now centralised in the Cloud – Instead of targeting several individual servers let’s focus on the ones in the cloud shall we?
  39. 39. Targeting - Data • Cybercrime Inc. is focusing on Data: – Personal data – Business data – Government data – Military data – Data manipulation and disinformation: • Financial markets • What is displayed in our screens
  40. 40. Targeting - Internet of things (IoT) • Cybercrime Inc. is focusing on IoT devices: – 2013 there were 13 billion online devices – Cisco Systems estimates 50 billion online devices by 2020 – IoT is estimated to drive an additional $6.2 trillion to the global economy by 2025 according to McKinsey Global Institute – IoT devices are developed without having security in mind
  41. 41. But Cybercrime Inc. can also target… • SCADA devices – Supervisory Control And Data Acquisition (SCADA) – Specialised and often old computer systems – Being connected to the broader internet – These systems were not designed with security in mind – 2014 study revealed that 70% had suffered at least one security breach • GPS Systems • Tracking Systems • Implanted medical devices (IMDs) • And so many more!!...
  42. 42. Hackers – The bread and butter
  43. 43. Looking for a Hacker • Hackers are not born hackers, they are trained • Enormous amount of free educational material in the internet and in the underworld (dark web) • PC games: – Uplink – Hacker Experience – Torn City – Hacknet – Hackers (for iOS and Android)
  44. 44. Who wants to be a Hacker? • Anyone who feels attracted or enjoys: – Technology – Challenge – The thrill – Adventure – Danger – Money – Respect – Fame
  45. 45. Taking security seriously (or not)
  46. 46. On a nice Sunday morning…
  47. 47. On its TV screen facing the street
  48. 48. On a business train trip…
  49. 49. On a business train trip…
  50. 50. On a site, somewhere in Europe…
  51. 51. On a site, somewhere in Europe…
  52. 52. What can we do?
  53. 53. What can we do? • Security must be taken seriously by everyone! – Governments, companies, and individuals need to be security conscious and security oriented • Usual security recommendations apply: – Keep security systems updated and up-to-date – Question the origin of everything – Be mindful of: • The information you share and make ’publicly’ available • Free Wifi hotspots (free can be become very expensive)
  54. 54. What can we do? • Consider (as in doing!) regular: – Security audits – Penetration tests – Vulnerability analysis • Seek help for experts in the field to help to improve security • Keep informed (training, conferences, articles, books, …) • Don’t facilitate (weak passwords, use of same password, …)
  55. 55. What can we do? • There must be no at home and at the office attitude. Security awareness must always be present. • Read before you ‘click’. • Search, ask. • Ultimately, if this is too much. Just switch off every electronical device and go back to pen and paper. But will this be enough?
  56. 56. Conclusion
  57. 57. Conclusion • As always the bad guys are ahead of the game: – They have the money – They have the resources – They are well organised – And above all, they have time! • The most important thing is for every one of us (the ‘good’ guys) to be security aware and security focused
  58. 58. Conclusion • Ultimately we need to trust: – The companies who sell us devices, and software – The service providers – Our social network – The government
  59. 59. Conclusion – Most Important! • Be mindful • Be aware
  60. 60. Questions
  61. 61. Rui Miguel Feio, RSM Partners ruif@rsmpartners.com mobile: +44 (0) 7570 911459 linkedin: www.linkedin.com/in/rfeio www.rsmpartners.com Contact

×