A presentation on the state of cyber security, current threats and opportunities at the national level.
An overview of current readiness analysis for countries, along-with a recommended strategic approach to developing capabilities and partnerships locally, regionally, and globally.
Eddan Katz of the Electronic Frontier Foundation gave a presentation on global perspectives on cybercrime. He discussed international efforts over the past few decades to harmonize laws around cybercrime through various organizations. He also addressed defining cybercrime and key issues around intent, jurisdiction, and balancing security with privacy and access to knowledge.
This document discusses sovereignty and governance in cyberspace, focusing on three key sites: the NSA and encryption policy, WIPO and anti-circumvention measures, and ICANN and internet identifier management. For each site, it analyzes the rhetoric used, realpolitik motivations, governance processes and challenges, and lack of legitimacy and effectiveness due to limited stakeholder participation and global technical constraints. Overall it argues that regulating technology and technologizing regulation in these areas has faced major challenges due to differing stakeholder positions and the difficulty of controlling cryptography, code, and network protocols on an open global internet.
Profile Of The Worlds Top Hackers Webinar Slides 063009Lumension
Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing damage. The current economic climate combined with new technologies such as Web 2.0 and Cloud Computing have undoubtedly created more opportunities for hackers, criminals, and industrial espionage firms who are targeting critical infrastructures and systems to steal sensitive information. This presentation from the Profile of the World's Top Hackers with Byron Acohido of USA Today, Mafiaboy, and Paul Henry provides critical insight into the inner workings of the cybercrime underground and outlines what businesses can do to protect their vital systems and information.
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
This document summarizes computer crime laws in the United States, including statutes governing child pornography, computer fraud, spam laws, criminal copyright provisions, and anti-circumvention measures. It also discusses constitutional issues regarding free speech and search/seizure. Key concepts covered include authorization, intent, and reasonable expectations of privacy in the context of unauthorized access and cybercrime conventions. The Computer Fraud and Abuse Act and its penalties are explained in detail.
Balancing Your Internet Cyber-Life with Privacy and Securityevolutionaryit
A quick yet expansive overview of internet security and privacy basics in plain English. The digital world can be a dangerous place, this presentation will give you the practical knowledge to protect yourself.
The document discusses a proposal to allow private companies to conduct cyber retaliation against foreign attackers. It summarizes the key challenges with this approach, including: [1] It is difficult to accurately identify attackers due to use of compromised systems. [2] Most companies lack the expertise and resources to conduct effective counterattacks. [3] Allowing private retaliation could escalate tensions and cause international incidents. While improved cyber defense is needed, alternative approaches may be better than outsourcing retaliation to private companies.
Eddan Katz of the Electronic Frontier Foundation gave a presentation on global perspectives on cybercrime. He discussed international efforts over the past few decades to harmonize laws around cybercrime through various organizations. He also addressed defining cybercrime and key issues around intent, jurisdiction, and balancing security with privacy and access to knowledge.
This document discusses sovereignty and governance in cyberspace, focusing on three key sites: the NSA and encryption policy, WIPO and anti-circumvention measures, and ICANN and internet identifier management. For each site, it analyzes the rhetoric used, realpolitik motivations, governance processes and challenges, and lack of legitimacy and effectiveness due to limited stakeholder participation and global technical constraints. Overall it argues that regulating technology and technologizing regulation in these areas has faced major challenges due to differing stakeholder positions and the difficulty of controlling cryptography, code, and network protocols on an open global internet.
Profile Of The Worlds Top Hackers Webinar Slides 063009Lumension
Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing damage. The current economic climate combined with new technologies such as Web 2.0 and Cloud Computing have undoubtedly created more opportunities for hackers, criminals, and industrial espionage firms who are targeting critical infrastructures and systems to steal sensitive information. This presentation from the Profile of the World's Top Hackers with Byron Acohido of USA Today, Mafiaboy, and Paul Henry provides critical insight into the inner workings of the cybercrime underground and outlines what businesses can do to protect their vital systems and information.
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
This document summarizes computer crime laws in the United States, including statutes governing child pornography, computer fraud, spam laws, criminal copyright provisions, and anti-circumvention measures. It also discusses constitutional issues regarding free speech and search/seizure. Key concepts covered include authorization, intent, and reasonable expectations of privacy in the context of unauthorized access and cybercrime conventions. The Computer Fraud and Abuse Act and its penalties are explained in detail.
Balancing Your Internet Cyber-Life with Privacy and Securityevolutionaryit
A quick yet expansive overview of internet security and privacy basics in plain English. The digital world can be a dangerous place, this presentation will give you the practical knowledge to protect yourself.
The document discusses a proposal to allow private companies to conduct cyber retaliation against foreign attackers. It summarizes the key challenges with this approach, including: [1] It is difficult to accurately identify attackers due to use of compromised systems. [2] Most companies lack the expertise and resources to conduct effective counterattacks. [3] Allowing private retaliation could escalate tensions and cause international incidents. While improved cyber defense is needed, alternative approaches may be better than outsourcing retaliation to private companies.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
Dni nato cyber panel via the interceptBaddddBoyyyy
Russia and China pose the greatest cyber threats to NATO computer networks. Russia is considered the most strategic threat due to its capabilities and intent to target and disrupt NATO infrastructures. China's cyber espionage operations against military networks have expanded dramatically and NATO information is likely a target. While hacktivist groups get media attention, nation-states like Russia pose a greater threat through proxy operations. Classified NATO networks remain at risk from insider threats and vulnerabilities like infected thumb drives. Prioritizing the most critical data and networks could help allocate resources to address gaps and develop response plans.
On How the Darknet and its Access to SCADA is a Threat to National Critical I...Matthew Kurnava
This document analyzes how the darknet poses a threat to national critical infrastructure. It begins with an introduction that defines the darknet and describes some of the illegal activities that occur there. The research question asks how the darknet threatens critical infrastructure and how vulnerable different sectors are. The hypothesis is that the darknet poses a primary threat to US cyber critical infrastructure due to criminal, hacktivist, and terrorist use that could significantly damage health and welfare. A literature review discusses research on darknet cyber attacks, hacktivist and terrorist groups using the darknet, and critical infrastructure's growing dependency on technology and vulnerability. The methodology will use an analytical approach to examine threats to each of the 16 US critical infrastructure sectors.
The document discusses cyber crimes and IT risk management. It describes the nature of cyber crimes, highlighting that they can often be committed across jurisdictions without physical presence. It also outlines various types of cyber crimes and security challenges in India given its increasing reliance on technology. The document advocates implementing security systems and processes as well as following information security frameworks and standards to combat cyber crimes and manage IT risks.
This document summarizes a presentation on cybercrime. It defines cybercrime and discusses the underground economy where cybercriminals buy and sell stolen data and hacking tools. It provides statistics on the top countries and sectors targeted by cyberattacks. Examples of cybercriminal business models are given, showing how they mimic legitimate business models. The types of stolen data for sale in cybercrime forums are listed, along with their typical price ranges.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
Public Private Partnership - Combating CyberCrime by Mohamed Shihab - Advisor (Technical) IMPACT at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
This document discusses different types of computer crimes and criminals. It describes computer crimes as those that target computers, use computers to facilitate traditional crimes, or are unique computer crimes like computer viruses or hacking. It categorizes computer criminals as novices, deranged individuals, organized criminals, con artists, or ideologues. The document differentiates between hackers and crackers and their motivations. It notes some computer criminals act from arrogance, ego, or to be technologically abusive.
עומר נגד עומאר תגרת ההאקטיביזם והרשת החברתית של זירת ההאקרים הדיגיטלית מצגתDr. Anat Klumel
מציג: ד"ר נמרוד קוזלובסקי, עו"ד
nimrod@internetlaws.co.il
הרצאה מעולה בנושא "לוחמת סייבר" ביום העיון "רשתות חברתיות 2012" במסגרת הכנס הבינלאומי למידע 2012 אשר התקיים במלון הילטון בתל-אביב בתאריך 14.5.2012.
If You Don't Like the Game, Hack the Playbook... (Zatko)Michael Scovetta
This document summarizes Peiter Zatko's presentation on DARPA's Cyber Fast Track program. It discusses how small groups of skilled security researchers have shown significant capabilities despite barriers to entry. The Cyber Fast Track program aims to cultivate relationships with these "maker spaces and boutique security firms" through short, inexpensive projects to help address cyber threats faster than adversaries can evolve. The summary provides details on current Cyber Fast Track efforts including the performers, efforts, and periods of performance for 8 initial awards made through the program.
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...Lior Rotkovitch
This document provides a weekly summary of recent cybersecurity news from July 13th 2022. It discusses several major data breaches and cyber attacks that occurred, including a data leak of personal information on 1 billion Chinese citizens, ransomware attacks targeting the healthcare and NFT industries, and nation-state sponsored cyber espionage between China and Russia. The summary also provides technical details on newly discovered malware like Orbit targeting Linux devices and techniques used by the LockBit ransomware group.
This document discusses cyber threats such as cyberterrorism, cyberwarfare, and different types of cyber attacks including Trojan horses, viruses, phishing, denial of service attacks, and distributed denial of service attacks. It provides examples of significant cyber attacks including Titan Rain, attacks on Estonia in 2007, and the GhostNet cyberespionage network. The document also outlines the roles of the Department of Homeland Security and U.S. Cyber Command in defending against cyber threats.
This document provides an overview and table of contents for an open source intelligence toolkit. It discusses open source intelligence, how to use it, and lists topics and sources of open source information organized by category. These include intelligence resources on topics like terrorism, weapons, military forces, infrastructure and more. The document encourages sharing additional open source intelligence sources to expand the toolkit and make it useful for multiple purposes including military intelligence and civilian agencies.
1. Hacking techniques will become more sophisticated as hackers combine different technologies like mobile, bio, and advanced malware.
2. Both black hat and white hat communities will continue innovating new hacking methods to either carry out attacks or strengthen security defenses.
3. Issues around stopping hacking will remain challenging as the internet allows rapid global transmission of viruses and malware that are difficult to contain or attribute.
This document discusses different types of computer criminals and their motivations. It describes computer criminals as either hackers, crackers, cybercriminals using computers as tools, or cybercriminals targeting computers. Hackers may be motivated by technical challenge, curiosity or fame, while crackers are primarily motivated by malicious intent such as destroying data. Cybercriminals may use computers to facilitate traditional crimes like fraud, theft or communication crimes. Those targeting computers include virus creators and the Unabomber. The document also notes differences between novice criminals, deranged individuals, organized crime groups, and career criminals in their online activities.
TOTEM: Threat Observation, Tracking, and Evaluation ModelJohn Gerber
Merriam-Webster defines a totem as any supposed entity that watches over or assists a group of people, such as a family, clan, or tribe. In this presentation I will focus on how TOTEM assists in watching over and evaluating the threat an IP represents. The idea behind TOTEM is simple: compare threat information from sources such as watchlists (DShield, Emerging Threats, SenderBase, etc.) to activities with the organization (IDS/IPS, flow logs, etc.) and other locations (SANS ISC, DOE federated model, etc.). As new threat information and activity sources are added, a better evaluation can be rendered.
The document discusses key challenges in defending against insider threats, specifically the problem of information leakage. It notes that once sensitive data is leaked online through means like file sharing networks, it can circulate forever on the internet. Technological solutions for tracking data spread, like provable data possession, and legal approaches around "right to be forgotten" are discussed. Examples of data leaks from government and healthcare organizations in Japan that occurred through peer-to-peer networks are also provided.
Quantitative Risk Analysis Workshop - focused on working with business risk and factoring in cyber elements, and how to optimize the application of controls for the most effective risk management.
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.
Cyber(in)security: systemic risks and responsesblogzilla
Presented at National Security 2008 in Brussels. Updated for British Computer Society, Deutsche Bank, Oxford University, and University of Southern Denmark.
Presentation to OECD project group on Global Risk. Expanded version presented to British Computer Society, Deutsche Bank and University of Southern Denmark.
Dni nato cyber panel via the interceptBaddddBoyyyy
Russia and China pose the greatest cyber threats to NATO computer networks. Russia is considered the most strategic threat due to its capabilities and intent to target and disrupt NATO infrastructures. China's cyber espionage operations against military networks have expanded dramatically and NATO information is likely a target. While hacktivist groups get media attention, nation-states like Russia pose a greater threat through proxy operations. Classified NATO networks remain at risk from insider threats and vulnerabilities like infected thumb drives. Prioritizing the most critical data and networks could help allocate resources to address gaps and develop response plans.
On How the Darknet and its Access to SCADA is a Threat to National Critical I...Matthew Kurnava
This document analyzes how the darknet poses a threat to national critical infrastructure. It begins with an introduction that defines the darknet and describes some of the illegal activities that occur there. The research question asks how the darknet threatens critical infrastructure and how vulnerable different sectors are. The hypothesis is that the darknet poses a primary threat to US cyber critical infrastructure due to criminal, hacktivist, and terrorist use that could significantly damage health and welfare. A literature review discusses research on darknet cyber attacks, hacktivist and terrorist groups using the darknet, and critical infrastructure's growing dependency on technology and vulnerability. The methodology will use an analytical approach to examine threats to each of the 16 US critical infrastructure sectors.
The document discusses cyber crimes and IT risk management. It describes the nature of cyber crimes, highlighting that they can often be committed across jurisdictions without physical presence. It also outlines various types of cyber crimes and security challenges in India given its increasing reliance on technology. The document advocates implementing security systems and processes as well as following information security frameworks and standards to combat cyber crimes and manage IT risks.
This document summarizes a presentation on cybercrime. It defines cybercrime and discusses the underground economy where cybercriminals buy and sell stolen data and hacking tools. It provides statistics on the top countries and sectors targeted by cyberattacks. Examples of cybercriminal business models are given, showing how they mimic legitimate business models. The types of stolen data for sale in cybercrime forums are listed, along with their typical price ranges.
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
The cyber insecurity conundrum cuts across all things digital or networked. How can we prioritize defensive efforts across such a vast domain? This talk will describe a framework for engineering systems and policymaking based on the work factors for cyber attack and defense. After developing the work factor concept, it will be illustrated in several examples
Public Private Partnership - Combating CyberCrime by Mohamed Shihab - Advisor (Technical) IMPACT at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
This document discusses different types of computer crimes and criminals. It describes computer crimes as those that target computers, use computers to facilitate traditional crimes, or are unique computer crimes like computer viruses or hacking. It categorizes computer criminals as novices, deranged individuals, organized criminals, con artists, or ideologues. The document differentiates between hackers and crackers and their motivations. It notes some computer criminals act from arrogance, ego, or to be technologically abusive.
עומר נגד עומאר תגרת ההאקטיביזם והרשת החברתית של זירת ההאקרים הדיגיטלית מצגתDr. Anat Klumel
מציג: ד"ר נמרוד קוזלובסקי, עו"ד
nimrod@internetlaws.co.il
הרצאה מעולה בנושא "לוחמת סייבר" ביום העיון "רשתות חברתיות 2012" במסגרת הכנס הבינלאומי למידע 2012 אשר התקיים במלון הילטון בתל-אביב בתאריך 14.5.2012.
If You Don't Like the Game, Hack the Playbook... (Zatko)Michael Scovetta
This document summarizes Peiter Zatko's presentation on DARPA's Cyber Fast Track program. It discusses how small groups of skilled security researchers have shown significant capabilities despite barriers to entry. The Cyber Fast Track program aims to cultivate relationships with these "maker spaces and boutique security firms" through short, inexpensive projects to help address cyber threats faster than adversaries can evolve. The summary provides details on current Cyber Fast Track efforts including the performers, efforts, and periods of performance for 8 initial awards made through the program.
The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage - F5 SIRT This Week...Lior Rotkovitch
This document provides a weekly summary of recent cybersecurity news from July 13th 2022. It discusses several major data breaches and cyber attacks that occurred, including a data leak of personal information on 1 billion Chinese citizens, ransomware attacks targeting the healthcare and NFT industries, and nation-state sponsored cyber espionage between China and Russia. The summary also provides technical details on newly discovered malware like Orbit targeting Linux devices and techniques used by the LockBit ransomware group.
This document discusses cyber threats such as cyberterrorism, cyberwarfare, and different types of cyber attacks including Trojan horses, viruses, phishing, denial of service attacks, and distributed denial of service attacks. It provides examples of significant cyber attacks including Titan Rain, attacks on Estonia in 2007, and the GhostNet cyberespionage network. The document also outlines the roles of the Department of Homeland Security and U.S. Cyber Command in defending against cyber threats.
This document provides an overview and table of contents for an open source intelligence toolkit. It discusses open source intelligence, how to use it, and lists topics and sources of open source information organized by category. These include intelligence resources on topics like terrorism, weapons, military forces, infrastructure and more. The document encourages sharing additional open source intelligence sources to expand the toolkit and make it useful for multiple purposes including military intelligence and civilian agencies.
1. Hacking techniques will become more sophisticated as hackers combine different technologies like mobile, bio, and advanced malware.
2. Both black hat and white hat communities will continue innovating new hacking methods to either carry out attacks or strengthen security defenses.
3. Issues around stopping hacking will remain challenging as the internet allows rapid global transmission of viruses and malware that are difficult to contain or attribute.
This document discusses different types of computer criminals and their motivations. It describes computer criminals as either hackers, crackers, cybercriminals using computers as tools, or cybercriminals targeting computers. Hackers may be motivated by technical challenge, curiosity or fame, while crackers are primarily motivated by malicious intent such as destroying data. Cybercriminals may use computers to facilitate traditional crimes like fraud, theft or communication crimes. Those targeting computers include virus creators and the Unabomber. The document also notes differences between novice criminals, deranged individuals, organized crime groups, and career criminals in their online activities.
TOTEM: Threat Observation, Tracking, and Evaluation ModelJohn Gerber
Merriam-Webster defines a totem as any supposed entity that watches over or assists a group of people, such as a family, clan, or tribe. In this presentation I will focus on how TOTEM assists in watching over and evaluating the threat an IP represents. The idea behind TOTEM is simple: compare threat information from sources such as watchlists (DShield, Emerging Threats, SenderBase, etc.) to activities with the organization (IDS/IPS, flow logs, etc.) and other locations (SANS ISC, DOE federated model, etc.). As new threat information and activity sources are added, a better evaluation can be rendered.
The document discusses key challenges in defending against insider threats, specifically the problem of information leakage. It notes that once sensitive data is leaked online through means like file sharing networks, it can circulate forever on the internet. Technological solutions for tracking data spread, like provable data possession, and legal approaches around "right to be forgotten" are discussed. Examples of data leaks from government and healthcare organizations in Japan that occurred through peer-to-peer networks are also provided.
Quantitative Risk Analysis Workshop - focused on working with business risk and factoring in cyber elements, and how to optimize the application of controls for the most effective risk management.
This document discusses DevSecOps at Cimpress, an online printing company. It outlines some of the challenges of their worldwide and decentralized operations with varying technology stacks. Their approach involves threat modeling to identify threats, assets, and controls. They create security assertions based on the threat model and assure test case coverage. The focus is on integrating security into development in a way that is not burdensome to developers. The expected deliverables include automated unit test coverage and tool scans to address the threat model.
Risk metric frameworks cover most of the elements that organizations deal with from an operational perspective. We have identified a gap in those, in which social media activities are not represented well (albeit being the highest growing attack vector). In this talk we’ll present a social media risk metric framework that allows organizations to measure and track both individuals as well as 3rd party entities risk to the organization.
This document discusses cyber security risks in the financial and healthcare industries and their impact on homeland security. It covers three parts: examples of information disclosure vulnerabilities in access points; connecting these vulnerabilities to critical infrastructure protection and homeland security; and arguing that an asset-centric rather than product-centric approach is needed to address industry-specific security challenges.
The document discusses the roles and techniques of red teams and blue teams, with the red team focusing on simulating real threats through activities like social engineering and identifying vulnerabilities, while the blue team aims to assess risks, minimize damage from attacks, and apply lessons learned to strengthen processes, people, and technology. It provides examples of tactics for each team and emphasizes the importance of collaboration between red and blue teams to continuously improve an organization's security.
"Cyber" security - all good, no need to worry?Iftach Ian Amit
This document discusses cyber security risks and incidents over time. It notes that 52% of all incidents are from businesses, with government, medical, and education each accounting for around 15-20% of incidents. The majority (57%) of incidents are caused by outside actors, while 20% are from insider threats and 10% are accidental insider incidents. The number of reported data loss incidents has increased significantly over time from just over 100 in 2004 to over 1600 in 2013. The document advocates returning to basic risk management practices, including prioritizing remediation based on risk, impact, costs, and addressing the most critical gaps in assets, processes, technologies and threats based on priority. It warns against overspending on products and focusing
This document discusses the importance of application logs for security purposes. It notes that while network, system and other logs have improved, application logs are still often lacking crucial context about user actions and application state. To effectively investigate issues, security analysts need a unified view of all log data, including details applications have about user sessions, access and functionality used. The document urges application developers to make more of this type of contextual log data available to defenders to help connect dots between different system components and entities.
Derbycon 2013 - Seeing Red in Your Future?
This talk is designed to complement the “Fifty Shades of Red” talk tomorrow, and provide context for organizations who either think about engaging in a red team test, or have been doing red teaming and want to see more value out of it. In this talk we’ll cover some of the basic elements of what red teaming is, and specifically how it benefits an organization engaging in such a practice. Red teaming by itself is a high-interaction test. Unlike many other tests (namely penetration testing, compliance engagements, vulnerability assessments and other IT related practices), red team is not limited to the technical scope of the organization’s security infrastructure. As such, it is imperative to be able to extract as much value out of a red team engagement as possible, and see return on that investment in as many different areas of the organization as possible. Based on years of experience in conducting red team tests, training and helping organizations improve their security through red teaming, these insights will be applicable to everyone who is seeing red in their future (and you all should in order to really address security in an organization that has people working in it and not just machines).
Hacking involves a single target and shallow attacks using common tools and techniques, motivated by financial or political goals. Cyber attacks are part of cyber warfare involving strategic targets across physical, social, intelligence and electronic domains using custom tools in a coordinated campaign. Cyber defenses require a strategic defense in depth approach across all domains with awareness training, unlike typical IT security products. Hacking is an individual battle while cyber attacks are part of a larger warfare strategy.
This document discusses best practices for securely storing passwords. It notes that passwords are often stored insecurely, such as in plain text. To securely store passwords, it recommends encrypting them using cryptographic hash functions with salts. Specifically, it advises using functions such as SHA-2, bcrypt, and scrypt, which can include salts and be slowed down through key stretching to make passwords very difficult to hack or crack. Following these guidelines helps protect users and companies by securing password data.
This document provides an introduction to bitcoin, including what it is, how it works, advantages, disadvantages, weaknesses, history, data, mining process over time, physical representations, and future possibilities. Bitcoin is described as a decentralized digital currency based on cryptography, without a central authority. Transactions are confirmed by miners who are rewarded with new bitcoins. Key aspects covered include how users can send and receive bitcoins, security issues, increasing difficulty of mining over time, and the currency's value and adoption over its history.
The document discusses strategies for maximizing home-field advantage in cybersecurity defense. It argues that defenders should flip the perspective of red team attackers by mapping assets and security issues, correlating internal and external threat data over time, and taking proactive measures like counterintelligence operations. Examples given include infiltrating hacker communities to booby-trap tools and using attackers' own tools against them. The presentation calls on vendors to develop integrative security products and defenders to own their security data and intelligence in order to focus defenses on real risks rather than compliance.
Second Life is a free online virtual world where users can generate content. Users can exchange the virtual currency, Linden Dollars, for real money. Key industries include real estate, adult entertainment, and fashion. Some users exploit the system by creating weapons to annoy others or using third-party viewers to crash clients and copy content illegally. In response, Linden Lab banned over 10,000 users and tightened policies around virtual weapons and third-party viewers.
This document discusses cheating in games and the techniques used. It covers reasons for cheating such as fun, profit, and gaining knowledge. It also discusses common cheating methods like bots, trainers, patching, and hooking. It provides examples of how to hook into the Windows API and examples of anti-cheating techniques used by game developers. Overall, the document is about cheating techniques in games and the ongoing challenge for developers to create uncheatable games.
1. CYBER STATE
Threats, Opportunities and the Future of Cyber Strategy at a National Level
Presented for:
the Organization of American States
Caribbean Telecommunications Union
9th Ministerial Strategic Seminar (Cyber Security)
Thursday, December 8, 11
2. Iftach Ian Amit
VP Consulting at Security-Art
16 years in the Security Industry
Cyber Defense at the Israeli Air-Force
Founding member - the Penetration Testing Execution Standard
SME for NATO’s Cyber Commons Strategy 2011 (CCD-COE)
Thursday, December 8, 11
3. Agenda
Review of the current state of Cyber Threats at a national level
Linking criminal efforts to state interests
National readiness - where are we?
Creating Cyber Capabilities - the right way
eGovernance
Partnerships
Public-Private
Thursday, December 8, 11
4. Cyber Threats
Locality
Global
Regional
Local
Thursday, December 8, 11
5. Cyber Threats
Locality Threat Communities
Global Criminals
Regional Hacktivists
Local Terrorists
Thursday, December 8, 11
6. Cyber Threats
Locality Threat Communities Approach Vectors
Global Criminals Public
Internet
Regional Hacktivists Communication
Infrastructure
Local Terrorists Private
Networks
Thursday, December 8, 11
7. Cyber Threats
Locality Threat Communities Approach Vectors
Global Criminals Public
Internet
Regional Hacktivists Communication
Infrastructure
Local Terrorists Private
Networks
Thursday, December 8, 11
8. Cyber Threats
Locality Threat Communities Approach Vectors Assets
Global Criminals Public
Internet
$
Public
Regional Hacktivists Communication
Opinion
Infrastructure
Private Critical
Local Terrorists
Networks Infrastructure
Thursday, December 8, 11
9. Cyber Threats
Locality Threat Communities Approach Vectors Assets
Global Criminals Public
Internet
$
Public
Regional Hacktivists Communication
Opinion
Infrastructure
Private Critical
Local Terrorists
Networks Infrastructure
Thursday, December 8, 11
10. Quick Summary:
Crime and War are
NOT FAIR
Deal with it!
Thursday, December 8, 11
12. A-Symmetrical conflict
Crime enterprises are operating like global businesses
Legislation is behind ==> more freedom to run fraud
Law enforcement success is only at the low-end (small fish)
Defensive mechanisms focus on post-infection
Thursday, December 8, 11
17. Cyber Terrorists
Much more disperse
Local
Regional
International
Focus on recruiting
Both physical actions, as well as Cyber actions
Thursday, December 8, 11
24. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
13
Thursday, December 8, 11
25. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
13
Thursday, December 8, 11
26. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
13
Thursday, December 8, 11
27. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
Network provider
13
Thursday, December 8, 11
28. Russian
Crime
Government
ESTDomains ESTDom RBN
Atrivo
McColo UkrTeleGroup
HostFresh
Hosted by
Customer
Network provider
13
Thursday, December 8, 11
29. National Readiness?
More focus on eGovernance
Financial systems are still exposed
Critical Infrastructure is behind a “feel good” solution
Capability building is lacking a strategic goal!
Lack of Intelligence and correlation of data
Thursday, December 8, 11
30. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
31. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
32. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
33. eGovernance
Developing outreach is great, efficient and transparent
Remember to THREAT MODEL when providing services
Threat communities may surprise you (examples: Mexico,
Colombia, Russia, South Korea)
Thursday, December 8, 11
34. Public-Private Partnerships
You don’t own the Internet
A lot of critical infrastructure and communication is privately
owned or privately operated.
Symbiotic relationships are a MUST! (See US CyberStorm III)
Advantage (state): Access to more raw information, early warning
Advantage (private sector): More accessibility, broadening threat
community detection and intelligence (readiness)
Thursday, December 8, 11
35. Global Partnerships
Model after the CERT community
Global intelligence on threat communities
Early warning
Sample sharing
Proactive defense and incident handling
Helps to bypass legal/political issues
Thursday, December 8, 11
36. Strategic Approach
Start from the basics
No - advanced offensive capabilities come LAST!
Build an intelligence and correlation infrastructure
Early warning, feeds from multiple sources (open and closed)
Remember social media!
Defense is not a reactive practice. Push forward, place yourself in
“enemy” territory
Thursday, December 8, 11
37. Strategic Approach
Offensive capability building
Coupled with the defensive requirements
Focused on what is needed - not what everyone else is using...
Working alone == FAIL. Establish partnerships, work on
international legislation on crime/war treaties
NATO article 5 for the cyber commons?
Thursday, December 8, 11
38. Questions?
Thank you!
Iftach Ian Amit
VP Consulting, Security-Art
iamit@iamit.org
www.iamit.org/blog
Thursday, December 8, 11