SlideShare a Scribd company logo

A perspective for counter strategy against cybercrime and cyber espionage

Gohsuke Takama
Gohsuke Takama

Gohsuke Takama is the founder and president of Meta Associates, an organizer of security conferences in Japan, and a longtime tech journalist. In this presentation, he summarizes major cybersecurity events from the past two years, including Operation Aurora, Stuxnet, Wikileaks, Sony PSN hacks, and Anonymous operations. He then discusses common attack techniques used by cybercriminals and nation-states, and strategies for defense, including the use of soft power and social intelligence to counter threats.

1 of 50
Download to read offline
Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
"what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
"whom targeted, why" • , • Sony PSN, Sony • , • • :
"whom targeted, why" http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/
"spoofing, phishing & targeted attack" / 1
"cybercrime, cyber espionage, primary target = individual"
"know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
"know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
"know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
"disseminate characters" • • • • • • • • •
"disseminate characters"
"disseminate characters" https://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
"disseminate characters" how cyber criminals lure talents?
"disseminate characters" http://www.youtube.com/watch?v=2Tm7UKo4IBc http://www.youtube.com/watch?v=kZNDV4hGUGw
"disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
"disseminate motives" • , • • hacktivism, •
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
"disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
"disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
"social change on Internet" 2000 • • • • • •
"social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
"real world vs. social data world"
"real world vs. social data world" :
"emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
"layer approach" •examle: OSI model
"a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
"attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
"state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
"perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
"perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
"perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
"perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
"perspective for counter strategy" be creative: Soft Power
"perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
"perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
"perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27
A perspective for counter strategy against cybercrime and cyber espionage

Recommended

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation DataPhannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
Klaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
hackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Hacking
HackingHacking
Hacking
Dianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
Nerium International
 

Recommended

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation DataPhannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
Klaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
hackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Hacking
HackingHacking
Hacking
Dianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
Nerium International
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナーGohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
Gohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
Gohsuke Takama
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
Mike Nowakowski
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
Winston & Strawn LLP
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
arx-deidentifier
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
arx-deidentifier
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาMuay31
 
Hacking
HackingHacking
HackingPurohit Rock
 
hacking
hackinghacking
hacking
mayank1293
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
danish3
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
EC-Council
 

More Related Content

Viewers also liked

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナーGohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
Gohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
Gohsuke Takama
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
Mike Nowakowski
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
Winston & Strawn LLP
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
arx-deidentifier
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
arx-deidentifier
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 

Viewers also liked (17)

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 

Similar to A perspective for counter strategy against cybercrime and cyber espionage

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาMuay31
 
hacking
hackinghacking
hacking
mayank1293
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
danish3
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
EC-Council
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
PECB
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
Sibghatullah Khattak
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle BH
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
Farwa Ansari
 
Hacking
HackingHacking
Hacking
mubeenm50
 
Hacking
HackingHacking
Hacking
Yhannah
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
arohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
Er Mahendra Yadav
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
CRS4 Research Center in Sardinia
 
HACKING
HACKINGHACKING
HACKING
Shubham Agrawal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Pradeep Sharma
 

Similar to A perspective for counter strategy against cybercrime and cyber espionage (20)

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
HACKING
HACKINGHACKING
HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Recently uploaded

ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
Sam H
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
seoforlegalpillers
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
KaiNexus
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
zoyaansari11365
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
uae taxgpt
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
Ben Wann
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
Erika906060
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
Lital Barkan
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 

Recently uploaded (20)

ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Unveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdfUnveiling the Secrets How Does Generative AI Work.pdf
Unveiling the Secrets How Does Generative AI Work.pdf
 
What is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdfWhat is the TDS Return Filing Due Date for FY 2024-25.pdf
What is the TDS Return Filing Due Date for FY 2024-25.pdf
 
Enterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdfEnterprise Excellence is Inclusive Excellence.pdf
Enterprise Excellence is Inclusive Excellence.pdf
 
Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111Introduction to Amazon company 111111111111
Introduction to Amazon company 111111111111
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
VAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and RequirementsVAT Registration Outlined In UAE: Benefits and Requirements
VAT Registration Outlined In UAE: Benefits and Requirements
 
Improving profitability for small business
Improving profitability for small businessImproving profitability for small business
Improving profitability for small business
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Attending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learnersAttending a job Interview for B1 and B2 Englsih learners
Attending a job Interview for B1 and B2 Englsih learners
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024LA HUG - Video Testimonials with Chynna Morgan - June 2024
LA HUG - Video Testimonials with Chynna Morgan - June 2024
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 

A perspective for counter strategy against cybercrime and cyber espionage

  • 1. Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
  • 2. about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
  • 3. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
  • 4. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
  • 5. "what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
  • 6. "whom targeted, why" • , • Sony PSN, Sony • , • • :
  • 8. "spoofing, phishing & targeted attack" / 1
  • 9. "cybercrime, cyber espionage, primary target = individual"
  • 10. "know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
  • 11. "know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
  • 12. "know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
  • 16. "disseminate characters" how cyber criminals lure talents?
  • 18. "disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
  • 19. "disseminate motives" • , • • hacktivism, •
  • 23. "disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
  • 24. "disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
  • 25. "disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
  • 26. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
  • 27. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
  • 28.
  • 29. "social change on Internet" 2000 • • • • • •
  • 30. "social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
  • 31. "real world vs. social data world"
  • 32. "real world vs. social data world" :
  • 33. "emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
  • 34. "layer approach" •examle: OSI model
  • 35. "a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
  • 36. "attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
  • 37. "state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
  • 38. "perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
  • 39. "perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
  • 40. "perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
  • 41. "perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
  • 42. "perspective for counter strategy" be creative: Soft Power
  • 43. "perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
  • 44. "perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
  • 45. "perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
  • 46. references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
  • 47. references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
  • 48. references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
  • 49. references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27