EMERGING CYBER CRIME TRENDS Cyber Crime 24-nov-2011 By Samweg Modi BE III sem CSE,Branch
Topic Overview1.Current Security Threats & Cases2.Cyber Crime Incident Handling3.Working With Law Enforcement
Security Threats & Cases1. TYPES OF PERPETRATORS2. INTERNET FRAUD - Identity Theft, Phishing Schemes, Remailer Schemes3. COMPUTER INTRUSIONS & DISRUPTIONS – 1. RATs (Remote Access Trojans), 2. Extortion by DDoS (distributed denial of service), 3. “Hacker for Hire” Investigation, 4. Wireless Networks Concerns4. INTELLECTUAL PROPERTY RIGHTS CRIMES – Warez/Movie Servers, P2P
How Severe is the Threat? •Professional Cyber CriminalsTH & Terrorists (hard to detect)RE •Disgruntled EmployeesAT •Competitors •Hacktivists •Script Kiddies (Advertises Actions)
Identity Theft•Growing sophistication of phishing emails•Exploitation of Banking System•Keystroke Loggers deployed by worms•Exploding International Market for StolenCredit Card Databases and Identity Data•FTC - $50B lost in Identity Theft in 2003•300M manhours devoted to repairingdamage caused by this theft
Growing Trends•Overall increase in sophistication bya geographically diverse criminalelement •Virus/Worm Payloads Used to Facilitate Intrusion/Fraud Schemes •Mercenary Distributed Denial Of Service Attacks •Extortion Schemes Fueled by DDOS and Intrusion •Spamming used to spread malicious payloads, phish, and pay using adware/malware, spyware •Identity Theft Underpins Most Computer Crime
Banking and Brokerage Account Compromise•Internet Worms propagate keystroke loggerin payload to steal account usernames &passwords•U.S. citizens recruited to wire proceedscashed counterfeit checks for 30% fee•Internet purchase funds first transmitted toother U.S. accounts, then to the Easternbloc.
World’s Largest Computer Equipment Supplier•A union of computer intrusion and wire fraud•Subjects have placed at least $10M in fraudulentorders•Subjects use work-from-home web sites torecruit unwitting U.S. participants•11 convictions to date in the U.S., at least adozen to follow
REMOTE ACCESS TROJANS (RATs)•HACKER versions – Subseven, Backorifice,Netbus •Sometimes contained in email or programs downloads, i.e. P2P programs like Kazaa•COMMERCIAL PROGRAMS – GotomyPC, PCAnywhere, Laplink•OPERATING SYSTEMS PROGRAMS –Telnet, ftp, Secure Shell (SSH), rlogin
Trojans and RAT’sSub-Seven Screen Capture (1999 version)
Trojans and RAT’s Sub-Seven Screen CaptureWhen run, the backdoor copies itself to the Windows directorywith the original name of the file it was run from or asSERVER.EXE, KERNEL16.DL, RUNDLL16.COM, SYSTEMTRAYICON!.EXE or WINDOW.EXE (names are different indifferent versions of SubSeven).Then it unpacks a single DLL file to the Windows Systemdirectory - WATCHING.DLL (some versions dont do this).
Wireless Security Concerns 1) Availability of free WAP detection and logging tools like Netstumbler and Kismet 2) War Driving-where individuals drive (or walk) Around to find unprotected and accessible WAPs 3) Consumer and even system administrators fail to configure their systems adequately
Wireless Security Measures Wireless Encryption Protocol or Wireless Equivalency Protection (WEP)1. Uses 128-bit encryption2. WEP’s poor implementation of the algorithm caused it to be broken whichis available to hackers.3. Replacement for WEP called WiFi Protected Access (WPA) not widelyimplemented.4. WEP is not configured out of the box and therefore, not protecting thesystem.5. When WEP is configured by owner the default password is used -ADMIN
Preventing Disgruntled Employee Problems• Terminating System Access BEFORE TERMINATED EMPLOYEES ARE WALKING OUT THE DOOR• Well Documented and Proliferated Non- Disclosure and Authorized Activity Agreements/Notifications• Review Adequate Logging/Tracking• Enforce Your Rules• PRACTICE EXCERCISE – “RED TEAMING”• BANNER during Log-in of company computers
CYBER CRIME INCIDENT HANDLING1. Continuing Operations v. Preservation of Evidence2. Identify the Incident Manager and Team – usually department heads or officers3. Assess Systems Impaired and Damages4. Review Adequate Logging/Tracking5. Note Unusual Activities By Employees or on Computer Network
Prepare for Incident Response • Have A Disaster Plan for Human- made and Natural Disasters – Need some ideas, try Risk Management Organizations - NIST.GOV,SANS.ORG • Practice The Plan! • Review The Plan Annually! – Include contacts with law enforcement or disaster officials