サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011

Gohsuke Takama / , Meta Associates, 2011 11

http://www.slideshare.net/gohsuket
Friday, November 4, 2011

about…

✴ Gohsuke Takama
✴ Meta Associates (http://www.meta-associates.com/)
✴founder & president, connector, analyst, planner
✴ local organizer of security conferences: BlackHat Japan, PacSec
✴ liaison of security businesses: Patch Advisor, SecWest
✴ security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/
✴ organizer of tech entrepreneur / startup support events
✴ independent tech journalist for over 10 years
✴ Privacy International (London, UK http://www.privacyinternational.org/)
✴advisory board member
✴ Computer Professionals for Social Responsibility (http://cpsr.org/)
✴Japan chapter founding supporter


A
Attacks


"what happened in the last 2 years"

• OperationAurora, ShadyRAT, , ...

• Stuxnet, Duqu

• Sony PSN

• Wikileaks *new

• Anonymous *new

• (MENA) *new

• Indira Gandhi


"what happened in the last 2 years"

• OperationAurora, ShadyRAT, , ...
= = APT (Advanced Persistent Threat)

• Stuxnet = SCADA

• Sony PSN: 3 , DDoS, ,

• Wikileaks *new = :

• Anonymous *new = +

• *new=

• Indira Gandhi =

"whom targeted, why"

http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/

"whom targeted, why"

• ,

• Sony PSN, Sony

• ,

•
• :


"Stuxnet"


"Anonymous"

http://www.youtube.com/watch?v=2Tm7UKo4IBc
http://www.youtube.com/watch?v=kZNDV4hGUGw

"know your enemy: techniques"

• phishing • website spooﬁng
• targeted phishing • content altering
• trojan • XSRF
• spyware • XSS
• keylogger • code injection
• rootkit • IP hijacking
• botnet DDoS • rogue WiFi AP
• sniffer


"emerging attack techniques"

• malware: ,

• VM , bios
• : VNC, Spycam,

• : keylogger, GPS logger
• : Stuxnet

• DDoS:
JavaScript (LOIC)
($8/h~),


"know your enemy: techniques"

http://www.ipa.go.jp/security/vuln/newattack.html

"layer approach"

•examle: OSI model


"a security layer model "

7 Psychological ,
6 Custom (Habit) ,
5 Operation
4 Content
3 OS/Application
2 Hardware
1 Physical

"a security layer model "

7 Psychological ,
Human Factor 6 Custom (Habit) ,
5 Operation
4 Content
Intangibles
3 OS/Application
2 Hardware
Tangibles
1 Physical

"attacks vs. counter measures "

APT, espionage, phishing,
Psychological
social engineering ?
spoofing, pharming, accustomed best practice,
Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI,
spyware, ID spoof/theft digital ID, SSL certificate
DoS, spam, ransom-ware, routing, filtering, policy,
Operation
sabotage-ware audit, CIRT

sniffing, spyware, spam, encryption, filtering,
Content
alteration content-scan, host IDS

OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS,
Application rootkit, botnet anti-virus, OS/app patch

direct access, tampering, perimeter guard, anti-
Hardware
alteration tampering, hard seal

lock pick, break in, surveillance, perimeter
Physical
vandalism alarm, armed guard

"spooﬁng, phishing & targeted attack"
/ 1


"cybercrime, cyber espionage & identity "

✴ APT,
• =

•
• : , ,

• → → →
✴ ( )
• =

•
•
→

"cybercrime, cyber espionage,
primary target = individual identity"


B
Behavior


"social change on Internet"
2000
•
•
•
•
•
•


"social change on Internet"
2001
• •
• •
• •
• •
• •
• •
• • (Wiki )

• / •
• • 3D

•

"real world vs. social data world"


"disseminate motives"
Law, Market, Norm, Architecture



-
-
-
-



$Money

-
-
-
-


Power

$Money

-
-
-
-


Power

$Money

-
-
-
-

Control

Power

$Money Ideology

-
-
-
-

Control

Autocracy, Crime, Extremism, Hacker
Power

Autocratic
Government

Infra
APT Disruption

Organized Extremist
$Money Crime Hacktivist Ideology
Theft Hacktivism
Fraud
Lulz
:
-
Hacker -
Cracker -
-

Control

I
Identity


"Identity"

entity, identity, relationship

me = entity

me{Attributes}


Identification & Authentication

Identity Identification Authentication Authorization
Credential{Identifier}

Validation

me{Attributes}
me = entity


Identification & Authentication

Identity Identification Authentication Authorization
Credential{Identifier}

Validation

me{Attributes}
me = entity

Identity

Identification


"Identity"

Erik H. Erikson
1967

Sydney Shoemaker
1963


"Identity"

me{Attributes} * t→


AxBxI
= WTF?


"state of security methodology"

✴ (F/W)
•( + )
✴
•= ( )
✴ : 100%
• ( ?)
✴ PKI = DigiNotar
✴ =

•(
)

"perspective for counter strategy"
set basic security measures:

✴ ,
= ,

✴ (APT )
✴ PET ( )

✴ prevention, detection, response

•
•
•

be creative:

✴ counter social engineering
•
•
✴ social intelligence
✴ soft power
•
• PR deﬂective PR


be creative: Counter Social Engineering

•
•
•
•
•
•
•
• (
)

be creative: Soft Power

• Soft Power = 1990 Joseph Nye

• Hard Power
•
• http://en.wikipedia.org/wiki/Soft_power
• /

•

references

• CEOs - the new corporate fraudstersds http://www.iol.co.za/
sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649

• PwC Survey Says: Telecoms Are Overconﬁdent About Security http://
www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php

• Cyber attack led to IGI shutdown http://www.indianexpress.com/news/
cyber-attack-led-to-igi-shutdown/851365/

• Anonymous announces global plans http://www.digitaltrends.com/
computing/video-anonymous-announces-global-plans/

• ANONYMOUS - OPERATION PAYBACK - Sony Press Release http://
www.youtube.com/watch?v=2Tm7UKo4IBc

• Operation Payback - Anonymous Message About ACTA Laws, Internet
Censorship and Copyright http://www.youtube.com/watch?
v=kZNDV4hGUGw

• Anonymous: Message to Scientology http://www.youtube.com/watch?
v=JCbKv9yiLiQ

• Anonymous http://www.atmarkit.co.jp/
fsecurity/special/161dknight/dknight01.html

references

• 28 Nation States With Cyber Warfare Capabilities http://
jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html

• Far East
Research http://scan.netsecurity.ne.jp/archives/52017036.html

• CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability
http://www.youtube.com/watch?v=DP_rRf468_Y

• MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/
204792193/MYBIOS_Is_BIOS_infection_a_reality

• McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/
html/identity_theft/NAVirtualCriminologyReport07.pdf

• Google Zeitgeist http://blog.f-secure.jp/
archives/50630539.html

• "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V
http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959


references

• -- DEFCON CTF
http://scan.netsecurity.ne.jp/archives/52002536.html

• PET
http://www.soumu.go.jp/denshijiti/pdf/
jyumin_p_s3.pdf

• PIA
http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf

• http://
jp.reuters.com/article/topNews/idJPJAPAN-21406320110527

• GIE
http://d.hatena.ne.jp/ukky3/20110829/1314685819

• Diginotar Black.Spook
http://blog.f-secure.jp/archives/50626009.html


references

• Computer virus hits US Predator and Reaper drone ﬂeet http://
arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits-
drone-ﬂeet.ars

• F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case
R2D2") http://www.f-secure.com/weblog/archives/00002249.html

• State-sponsored spies collaborate with crimeware gang | The Unholy APT-
botnet union http://www.theregister.co.uk/2011/09/13/
apt_botnet_symbiosis/

• NISC 10 7 http://www.nisc.go.jp/
conference/seisaku/index.html#seisaku27

•
http://news.livedoor.com/article/detail/5685674/


references

• http://
www.sakimura.org/2011/06/1124/

• http://ja.wikipedia.org/wiki/

• http://ja.wikipedia.org/wiki/


サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011

More Related Content

Viewers also liked

Similar to サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011

Recently uploaded

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011