Cybercrime and Business Process Hacking
•Download as KEY, PDF•
1 like•1,239 views
A presentation on the rise of cyber crime and the trend towards Business Process hacking
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Cybercrime and Business Process Hacking
Similar to Cybercrime and Business Process Hacking (20)
More from Richard Stiennon
More from Richard Stiennon (15)
Recently uploaded
Recently uploaded (20)
Cybercrime and Business Process Hacking
- 1. Cyber Crime Prepare for the next wave: Business Process Hacking Richard Stiennon – Chief Research Analyst, IT-Harvest
- 2. The Rise of Cybercrime INHIBITORS Better security International cooperation (or not) BPH! Organization Insider recruitment 30 million bots Success (profits) Market for identities New vulnerabilities Ubiquitous Internet DRIVERS IT-Harvest 2011
- 4. The first wave: the adware economy E-commerce Sites Affiliate Web Sites Software parasites Hit Stats Worms Fake “Top Ten” Viruses Brokers Spam Webrings Infected Desktops ADware IT-Harvest 2011
- 5. The Adware economy E-commerce Sites Affiliate Web Sites Hit Stats Software parasites Popularity- Stats Worms Brokers Viruses Webrings Spam Infected Desktops ADware IT-Harvest 2011
- 6. IP theft as a service in Israel IT-Harvest 2011
- 7. Physical presence targets “where the money is” - Willie Sutton • Sumitomo Mitsui Bank Branch IT-Harvest 2011
- 8. Cyber Defense :-) Sumitomo Best Practice IT-Harvest 2011
- 10. Stop&Shop cyber defense IT-Harvest 2011
- 11. TJX: targeting data repositories TJ MAXX, Marshall’s 45 Million Credit cards @ $80/card =$3.6 Billion in costs! Pringle’s can or…? IT-Harvest 2011
- 12. Business Process Hacking • Step one: identify the business process • Step two: identify key vulnerabilities and trust relationships Insiders Customers Partners • Step three: steal something • Step four: monitization IT-Harvest 2011 12
- 13. An insider’s perspective • Major railroad in US • Major computer manufacturer in US IT-Harvest 2011 13
- 14. Pump and dump • Break in to online trading account • Sell off owner’s portfolio • Purchase penny stocks • Dump attacker’s holdings when stock price jumps • Leave account holder with worthless portfolio • Canadian attacks thwarted $11 million frozen in Lithuanian bank. IT-Harvest 2011 14
- 15. E-ticketing fraud • Indian railway reservations. Scalpers use software to corner the market for tickets and resell them at a mark up. • Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000) • Even better: scammers buy seats and block others from getting seats. IT-Harvest 2011 15
- 16. Carbon credits • 2010 Phishing attack against dozens of companies • Seven out of 2,000 German companies fall for it • Carbon credits transferred to two accounts owned by attackers • $4 million stolen • 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million. IT-Harvest 2011 16
- 17. Vulnerable business processes • Treasury functions • Logistics • Payroll • Trading platforms for energy, natural resources, commodities, securities • Voting platforms • Gaming sites • Foreign Exchange • “Deal rooms” • Central banks • IT-Harvest 2011 17
- 18. Beyond theft • Commerce relies on trust. Break that trust and commerce fails. IT-Harvest 2011 18
Editor's Notes
- \n
- The purpose of this presentation is to depict a scenario. It is only through imagining the worst that we can prepare for it and hopefully curtail the chances of a particular scenario playing out in real life. \n\nThe cyber crime scenario is fueled by the lack of balance between the fundemental drivers and the countervailing inhibitors. \nDRIVERS\nCriminals historically prey on their immediate neighbors. The Internet changes all that\nThe monthly barrage of vulnerability announcements, particularly from MSFT give cyber criminals the opportunities they need. Total impact of Vista will be…ZERO\nOnline trading sites for identities create a market for thieves to sell to more sophisticated criminals.\nSuccess (profits) breeds more success. Just as eBay created a new generation of garage sale entrepreneurs, Cyber crime is sucking in more and more players. \nLarge botnets, in particular a million member army being prepped for the holiday season indicate growing power. \nOrganized crime is turning to bribery and infiltration to steal identities. \n
- The Wild West, Chicago in the 20’s, the Caribbean previous centuries and Columbia as well as aspects of Russia and Italy today are all examples of where unchecked crime can lead. This is the scenario that we must avoid. \n
- \n
- \n
- Since May 30, Memorial Day weekend, Israel’s business community has been in an uproar. Here is a snapshot of the outbreak of a major industrial espionage incident. Spyware plays a crucial role in this fiasco. \n\nThis slide depicts the targets, the perpetrators, and the Private Investigators that carried off these invasions. The story started when an Israeli author noticed that his unpublished works were being posted to the Internet. Suspecting his step-daughters ex-husband he called in the Israeli police. The police discovered the HotWar Trojan on his home computer. Files, emails, and everything the author typed were being sent to FTP servers in Germany, the UK and the US. When those servers were seized by local authorities in each country they were found to contain internal documents from dozens of companies in Israel including the state owned telephone company, Bezeq, a cell phone company, a car dealer, satellite TV company(Hot!), a cell phone company (Patner), a water company (Gal-Al), a defense contractor and more. \n\nIt turns out that at least a dozen companies in Israel had hired Private Investigators to gather competitive intelligence on their counterparts. The PI’s had purchased software from Michael Hephrati in the UK and sent it to the targets disguised as a legitimate email proposal. While 22 people are under arrest, one was indicted this week (June 20), and the investigation continues.:\n-The CEO of one of the PI firms through himself down a stairwell at the police station and is in critical condition with multiple head and spine injuries. \n-The private firms that were in the process of purchasing Bezeq have asked for a new sale to take place. \n-The water company that was hacked lost documents that detailed heavy water extraction techniques. Heavy water is critical to the manufacture of H bombs. \n-Israeli authorities themselves have been using spyware to gather information from PC of the wife of the Syrian President. \nStay tuned. \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n