SlideShare a Scribd company logo
Peering in the Soul of Hackers:
HPP V2.0 reloaded

(The Hacker’s Profiling Project)
Raoul “Nobody” Chiesa
Founder, President, Security Brokers SCpA
Principal, Cyberdefcon Ltd.
Member of ENISA PSG (Permanent Stakeholders Group)
Special Advisor on the HPP project at UNICRI
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Agenda








# whois
From Crime to Cybercrime
Hacker’s generations
HPP V1.0 (2004-2011)
HPP V2.0 (2011-2015)
Conclusions
Contacts, Q&A
2

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Disclaimer
●

The views expressed are those of the
author(s) and speaker(s) and do not
necessary reflect the views of UNICRI,
ENISA and its PSG, nor the companies
and security communities I’m working at
and/or supporting.

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
3
# whois raoul
 President, Founder, The Security Brokers
 Principal, CyberDefcon UK
 HPP Special Advisor @ UNICRI (United Nations Interregional
Crime & Justice Research Institute)
 PSG Member, ENISA (Permanent Stakeholders Group,
European Network & Information Security Agency)
 Founder, Board of Directors and Technical Commitee
Member @ CLUSIT (Italian Information Security Association)
 Steering Committee, AIP/OPSI, Privacy & Security
Observatory
 Member, Manager of the WG «Cyber World» at Italian MoD
 Board of Directors, ISECOM
 Board of Directors, OWASP Italian Chapter

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
4
# whois UNICRI
 UNICRI is the United Nations Crime & Justice Research
Institute
 It’s based in Turin (WHQ), Italy: nice town, give us a
visit!
 We mainly work on:

• Trainings (Legal aspects, Cybercrime, SCADA,
HPP, …)
• Facilitator: allowing cool (and trusted!) entities
to meet and work each others
• Paperworks (somebody gotta do it…)
5

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
6

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Crime->Yesterday
“Every new technology,
opens the door to new criminal approaches”.
 The relationship between technologies and criminality has
always been – since the very beginning – characterized by a
kind of “competition” between the good and the bad guys, just
like cats and mice.

 As an example, at the beginning of 1900, when cars appeared,
the “bad guys” started stealing them (!)
 ….the police, in order to contrast the phenomenon, defined the
mandatory use of car plates…
 ….and the thieves began stealing the car plates from the cars
(and/or falsifying them).
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Crime->Today:Cybercrime
 Cars have been substituted by information
You got the information, you got the power..
(at least, in politics, in the business world, in our personal
relationships…)
• Simply put, this happens because the “information” can be
transformed at once into “something else”:
1. Competitive advantage
2. Sensible/critical information
3. Money
 … that’s why all of us we want to “be secure”.
 It’s not by chance that it’s named “IS”: Information Security 
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
What happened over
the past decades?
Hacking eras &
Hackers’ generations
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Things changed…
 First generation (70’s) was inspired by the need for
knowledge
 Second generation (1980-1984) was driven by curiosity plus
the knowledge starving: the only way to learn OSs was to
hack them; later (1985-1990) hacking becomes a trend.
 The Third one (90’s) was simply pushed by the anger for
hacking, meaning a mix of addiction, curiosity, learning
new stuff, hacking IT systems and networks, exchanging
info with the underground community. Here we saw new
concepts coming, such as hacker’s e-zines (Phrack, 2600
Magazine) along with BBS
 Fourth generation (2000-today) is driven by angerness and
money: often we can see subjects with a very low knowhow, thinking that it’s “cool & bragging” being hackers,
while they are not interested in hacking & phreaking
history, culture and ethics. Here hacking meets with politics
(cyber-hacktivism) or with the criminal world (cybercrime).

€, $

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Cybercrime: why?
 QUESTION:
• May we state that cybercrime – along with its many, many
aspects and views – can be ranked as #1 in rising trend and
global diffusion ?
 ANSWER(S):
 Given that all of you are attendees and speakers here today, I
would say that we already are on the right track in order to
analyze the problem 

 Nevertheless, some factors exist for which the spreading of
“e-crime-based” attacks relays.
 Let’s take a look at them.

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Reasons/1
 1. There are new users, more and more
every day: this means the total amount
of potential victims and/or attack
vectors is increasing.
 2. Making money, “somehow and
straight away”.

Thanks to
broadband...
WW Economical
crisis…

 3. Technical know-how public
availability & ready-to-go, even when
talking about average-high skills: that’s
what I name “hacking pret-à-porter”

0-days, Internet
distribution
system / Black
Markets

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Reasons/2


4. It’s extremely easy to recruit “idiots” and set up groups, molding those
adepts upon the bad guy’s needs (think about e-mules)

Newbies,
Script Kids


5. “They will never bust me”



6. Lack of violent actions

Psychology, Criminology
Psychology and
Sociology

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
What the heck is changed then??
 What’s really changed is the
attacker’s typology
 From “bored teens”, doing it for
“hobby and curiosity” (obviously:
during night, pizza-hut’s box on the
floor and cans of Red Bull)….
 ...to teenagers and adults not
mandatory “ICT” or “hackers”: they
just do it for the money.
 What’s changed is the attacker’s
profile, along with its justifications,
motivations and reasons.

 Let’s have a quick test!
Key Note @ DefCamp 2013
14
Bucharest, Romania – November 29th , 2013
Hackers in their environment

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
“Professionals”

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
LOL-test

17

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
There’s a difference: why?

 Why were the guys in the first slide hackers,
and the others professionals ?
 Because of the PCs ?
 Because of their “look” ?
 Due to the environments surrounding them ?
 Because of the “expression on their faces” ?
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Surprise! Everything has changed…

 Erroneus media information pushed
“normal people” minds to run this
approach
 Today, sometimes the professionals
are the real criminals, and hackers
“the good guys”…Think about a few
incidents:
• Telecom Italia scandal, Vodafone
Greece Affair, NSA, GCHQ, etc…)
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Welcome to HPP!

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V1.0
 Back in 2004 we launched the Hacker’s
Profiling Project - HPP:
http://www.unicri.it/emerging_crimes/cybercrime/
cyber_crimes/hpp.php)

 Since that year:
• +1.200 questionnaires collected &
analyzed
• 9 Hackers profiles emerged
• Two books (one in English)
• Profilo Hacker, Apogeo, 2007
• Profiling Hackers: the Science of Criminal
Profiling as Applied to the World of Hacking,
Taylor&Francis Group, CRC Press (2009)
21
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V1.0: purposes & goals
Analyse the hacking phenomenon in its several aspects
(technological, social, legal, economical) through
technical and criminological approaches.
Understand the different motivations and identify the
actors involved (who, not “how”).

Observe those true criminal actions “on the field” .

Apply the profiling methodology to collected data
(4W: who, where, when, why).

Acquire and disseminate knowledge.

22

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP Questionnaires: the modules
Module A
Personal data (gender, age, social status,
family context, study/work)
Module B
Relational data (relationship with:
the Authorities, teachers/employers,
friends/colleagues, other hackers)

All questions allow
anonymous
answers

Module C
Technical and criminological data (targets,
techniques/tools, motivations, ethics,
perception of the illegality of their own
activity, crimes committed, deterrence)
23

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Some numbers
Total received questionnaires: # +1200
Full questionnaires filled out - # +600*

Compact questionnaires filled out - #573*
*since September 2006
Mainly from:
USA
Italy
UK
Canada
Lithuania
Australia
Malaysia
Germany
Brazil
24

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Evaluation & Correlation standards
Modus Operandi (MO)

Hacking career

Lone hacker or as a
member of a group

Principles of the hacker's ethics

Motivations

Crashed or damaged systems

Selected targets

Perception of the illegality of
their own activity

Relationship between
motivations and targets

Effect of laws, convictions and
technical difficulties as a deterrent

25

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Zoom: correlation standards
Gender and age group
Background and place of residence
How hackers view themselves
Family background
Socio-economic background
Social relationships
Leisure activities
Education
Professional environment
Psychological traits
To be or to appear: the level of self-esteem
Presence of multiple personalities
Psychophysical conditions
Alcohol & drug abuse and dependencies
Definition or self-definition: what is a real hacker?
Relationship data
Handle and nickname
Starting age
Learning and training modalities
The mentor's role
Technical capacities (know-how)
Hacking, phreaking or carding: the reasons behind the choice
Networks, technologies and operating systems
Techniques used to penetrate a system

Individual and group attacks
The art of war: examples of attack techniques
Operating inside a target system
The hacker’s signature
Relationships with the System Administrators
Motivations
The power trip
Lone hackers
Hacker groups
Favourite targets and reasons
Specializations
Principles of the Hacker Ethics
Acceptance or refusal of the Hacker Ethics
Crashed systems
Hacking/phreaking addiction
Perception of the illegality of their actions
Offences perpetrated with the aid of IT devices
Offences perpetrated without the use of IT devices
Fear of discovery, arrest and conviction
The law as deterrent
Effect of convictions
Leaving the hacker scene
Beyond hacking

26

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V1.0: the emerged profiles…

27

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Profile

OFFENDER ID

LONE / GROUP
HACKER

TARGET

MOTIVATIONS /
PURPOSES

Wanna Be Lamer

9-16 years
“I would like to be a
hacker, but I can’t”

GROUP

End-User

For fashion, It’s “cool” =>
to boast and brag

Script Kiddie

10-18 years
The script boy

GROUP: but they may act
alone

SME / Specific security
flaws

To give vent of their anger
/ attract mass-media
attention

Cracker

17-30 years
The destructor, burned
ground

LONE

Business company

To demonstrate their
power / attract massmedia attention

Ethical Hacker

15-50 years
The “ethical” hacker’s
world

LONE /
GROUP (only for fun)

Vendor / Technology

For curiosity (to learn) and
altruistic purposes

Quiet, Paranoid, Skilled
Hacker

16-40 years
The very specialized and
paranoid attacker

LONE

On necessity

For curiosity (to learn) =>
egoistic purposes

Cyber-Warrior

18-50 years
The soldier, hacking for
money

LONE

“Symbol” business
company / End-User

For profit

Industrial Spy

22-45 years
Industrial espionage

LONE

Business company /
Corporation

For profit

Government Agent

25-45 years
CIA, Mossad, FBI, etc.

LONE / GROUP

Government / Suspected
Terrorist/
Strategic company/
Individual

Espionage/
Counter-espionage
Vulnerability test
Activity-monitoring

Military Hacker

25-45 years

LONE / GROUP

Government / Strategic
company

Monitoring /
controlling /
crashing systems

28

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Some comments
 Since 1999 I’ve attended most of the socalled «hacking conferences».
 Over the last 5 years, I’ve travelled as a
speaker, evangelist, security bitch and
whatever in:
•
•
•
•
•

.mil environments (EU, Eastern Europe)
India
China
GCC Area
29
Malaysia

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
OBEDIENCE TO
THE
“HACKER
ETHICS”

CRASHED / DAMAGED
SYSTEMS

PERCEPTION OF THE
ILLEGALITY OF THEIR
OWN ACTIVITY

Wanna Be Lamer

NO: they don’t
know “Hacker
Ethics” principles

YES: voluntarily or not
(inexperience, lack of
technical skills)

YES: but they think they
will never be caught

Script Kiddie

NO: they create
their own ethics

NO: but they delete /
modify data

YES: but they justify their
actions

Cracker

NO: for them the
“Hacker Ethics”
doesn’t exist

YES: always voluntarily

YES but: MORAL
DISCHARGE

Ethical Hacker

YES: they defend it

NEVER: it could happen
only incidentally

YES: but they consider
their activity morally
acceptable

Quiet, Paranoid, Skilled
Hacker

NO: they have their
own personal ethics,
often similar to the
“Hacker Ethics”

NO

YES: they feel guilty for
the upset caused to
SysAdmins and victims

Cyber-Warrior

NO

YES: they also
delete/modify/steal and sell
data

YES: but they are without
scruple

Industrial Spy

NO: but they follow
some unwritten
“professional” rules

NO: they only steal and
sell data

YES: but they are without
scruple

Government Agent

NO: they betray the
“Hacker Ethics”

YES (including
deleting/modifying/stealing
data) / NO (in stealth
attacks)

Military Hacker

NO: they betray the
“Hacker Ethics”

YES (including
deleting/modifying/stealing
data) / NO (in stealth
30 attacks)

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
PROFILE

MAY BE LINKED TO

Wanna Be Lamer

WILL CHANGE ITS
BEHAVIOR?

TARGET

(NEW) MOTIVATIONS
& PURPOSES

No

Script Kiddie

Urban hacks

No

Wireless Networks, Internet
Café, neighborhood, etc..

Cracker

Phishing
Spam
Black ops

Yes

Companies, associations,
whatever

Money, Fame, Politics,
Religion, etc…

Ethical Hacker

Black ops

Probably

Competitors (Telecom
Italia Affair), end-users

Big money

Quiet, Paranoid, Skilled
Hacker

Black ops

Yes

High-level targets

Hesoteric request (i.e.,
hack “Thuraya” for us)

Cyber-Warrior

CNIs attacks
Gov. attacks

Yes

“Symbols”: from Dali Lama
to UN, passing through
CNIs and business
companies

Intelligence ?

Industrial Spy

Yes

Business company /
Corporation

For profit

Government Agent

Probably

Government / Suspected
Terrorist/
Strategic company/
Individual

Espionage/
Counter-espionage
Vulnerability test
Activity-monitoring

Military Hacker

Probably

Government / Strategic
company

Monitoring /
controlling /
crashing systems

31

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
DETERRENCE
EFFECT OF:

LAWS

CONVICTIONS
SUFFERED BY
OTHER
HACKERS

Wanna Be Lamer

NULL

NULL

ALMOST NULL

HIGH
HIGH

CONVICTIONS
SUFFERED BY
THEM

TECHNICAL
DIFFICULTIES

Script Kiddie

NULL

NULL

HIGH: they stop
after the 1st
conviction

Cracker

NULL

NULL

NULL

MEDIUM
NULL

Ethical Hacker

NULL

NULL

HIGH: they stop
after the 1st
conviction

Quiet, Paranoid,
Skilled Hacker

NULL

NULL

NULL

NULL

Cyber-Warrior

NULL

NULL

NULL

NULL: they do it
as a job

Industrial Spy

NULL

NULL

NULL

NULL: they do it
as a job

32

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V2.0: what happened?
 VERY simple:
 Lack of funding: for phases 3&4 we need money!
• HW, SW, Analysts, Translators

 We started back in 2004: «romantic hackers», +
we foreseen those «new» actors tough: .GOV,
.MIL, Intelligence.
 We missed out:
•
•
•
•

Hacktivism (!);
Cybercriminals out of the «hobbystic» approach;
OC;
The financial aspects (Follow the Money!!).
33

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V2.0: next enhancements
1. Wannabe Lamer
2. Script kiddie: under development (Web Defacers, DDoS, links with
distributed teams i.e. Anonymous….)
3. Cracker: under development (Hacking on-demand, “outsourced”;
links with Organized Crime)
4. Ethical hacker: under development (security researchers, ethical
hacking groups)
5. Quiet, paranoid, skilled hacker (elite, unexplained hacks? Vodafone
GR? NYSE? Lybia TLC systems?)
6. Cyber-warrior: to be developed
7. Industrial spy: to be developed (links with Organized Crimes &
Governments i.e. Comodo, DigiNotar and RSA hacks?)
8. Government agent: to be developed (“N” countries..)
9. Military hacker: to be developed (India, China, N./S. Korea, etc.)
34
X. Money Mules? Ignorant “DDoSsers”? (i.e. LOIC by Anonymous)

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
35

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
HPP V2.0: upcoming goals
Going after Cybercriminals:
 Kingpins & Master minds (the “Man at the Top”)
o

Organized Crime

o

MO, Business Model, Kingpins – “How To”

 Techies hired by the Organized Crime (i.e. Romania &
skimming at the very beginning; Nigerian cons; Ukraine Rogue
AV; Pharma ADV Campaigns; ESTDomains in Estonia; etc..)
 Structure, Infrastructures (possible links with Govs & Mils?)
 Money Laundering: Follow the money (Not just “e-mules”: new
frameworks to “cash-out”)
 Outsourcing: malware factories36
(Stuxnet? DuQu? Flame? ….)
Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Conclusions
The whole Project is self-funded and based on independent research
methodologies.


Despite many problems, we have been carrying out the Project for
years.


The final methodology will be released under GNU/FDL and distributed
through ISECOM.


It is welcome the research centres, public and private institutions, and
governmental agencies' interest in the Project.






We think that we are elaborating something beautiful...
…something that did not exist…

…and it seems – really – to have a sense ! :)


It is not a simple challenge. However, we think to be on the right path.
37

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Useful Community Sources
Kingpin, 2012

●

Profiling Hackers: the Science of Criminal Profiling as applied to the world of hacking, CRC Press/Taylor & Francis Group,
2009
●

H.P.P. Questionnaires 2005-2010

●

Fatal System Error: the Hunt for the new Crime Lords who are bringing down the Internet, Joseph Menn, Public Affairs,
2010
●

●

Stealing the Network: How to 0wn a Continent, (an Identity), (a Shadow) (V.A.), Syngress Publishing, 2004, 2006, 2007

●

Stealing the Network: How to 0wn the Box, (V.A.), Syngress Publishing, 2003

Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, Suelette Dreyfus, Random House
Australia, 1997
●

The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, DoubleDay (1989), Pocket
(2000)
●

●

Masters of Deception: the Gang that Ruled Cyberspace, Michelle Stalalla & Joshua Quinttner, Harpercollins, 1995

●

Kevin Poulsen, Serial Hacker, Jonathan Littman, Little & Brown, 1997

●

Takedown, John Markoff and Tsutomu Shimomura, Sperling & Kupfler, (Hyperion Books), 1996

●

The Fugitive Game: online with Kevin Mitnick, Jonathan Littman, Little & Brown, 1997

●

The Art of Deception, Kevin D. Mitnick & William L. Simon, Wiley, 2002

●

The Art of Intrusion, Kevin D. Mitnick & William L. Simon, Wiley, 2004

●

@ Large: the Strange Case of the World’s Biggest Internet Invasion, Charles Mann & David Freedman, Touchstone, 1998

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Useful Community Sources
The Estonia attack: Battling Botnets and online Mobs, Gadi Evron, 2008 (white paper)

●

Who is “n3td3v”?, by Hacker Factor Solutions, 2006 (white paper)

●

Mafiaboy: How I cracked the Internet and Why it’s still broken, Michael Calce with Craig Silverman, 2008

●

The Hacker Diaries: Confessions of Teenage Hackers, Dan Verton, McGraw-Hill Osborne Media, 2002

●

Cyberpunk: Outlaws and Hackers on the Computer Frontier, Katie Hafner, Simon & Schuster, 1995

●

Cyber Adversary Characterization: auditing the hacker mind, Tom Parker, Syngress, 2004

●

Inside the SPAM Cartel: trade secrets from the Dark Side, by Spammer X, Syngress, 2004

●

Hacker Cracker, Ejovu Nuwere with David Chanoff, Harper Collins, 2002

●

Compendio di criminologia, Ponti G., Raffaello Cortina, 1991

●

Criminalità da computer, Tiedemann K., in Trattato di criminologia, medicina criminologica e psichiatria forense, vol.X, Il
cambiamento delle forme di criminalità e devianza, Ferracuti F. (a cura di), Giuffrè, 1988
●

United Nations Manual on the Prevention and Control of Computer-related Crime, in International Review of Criminal
Policy – Nos. 43 and 44
●

Criminal Profiling: dall’analisi della scena del delitto al profilo psicologico del criminale, Massimo Picozzi, Angelo
Zappalà, McGraw Hill, 2001
●

Deductive Criminal Profiling: Comparing Applied Methodologies Between Inductive and Deductive Criminal Profiling
Techniques, Turvey B., Knowledge Solutions Library, January, 1998
●

Malicious Hackers: a framework for Analysis and Case Study, Laura J. Kleen, Captain, USAF, US Air Force Institute of
Technology
●

Criminal Profiling Research Site. Scientific Offender Profiling Resource in Switzerland. Criminology, Law, Psychology,
Täterpro
●

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
And...a gift for you all
here! 
Get your own, FREE copy of “F3” (Freedom from

●

Fear, the United Nations magazine) issue #7,
totally focused on Cybercrimes!
●

DOWNLOAD:

●

www.FreedomFromFearMagazine.org

●

Or, email me and I will send you the full PDF (10MB)

●

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013
Contacts
• Contact presenter at rc@security-brokers.com if you
are interested in:

• Asking questions, getting material (links, books..)
Contact presenter at chiesa@UNICRI.it if you are
interested in:

• Helping with the project, supporting us, donations

Public Key:

http://raoul.EU.org/RaoulChiesa.asc

Key Note @ DefCamp 2013
Bucharest, Romania – November 29th , 2013

More Related Content

Viewers also liked

El Mejor Anime De Todos
El Mejor Anime De TodosEl Mejor Anime De Todos
El Mejor Anime De Todos
guest2bf503
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Mostafa El-Beheiry
 
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
CESINE Centro Universitario
 
Futur des Maps lafrenchmobile Octobre 2013
Futur des Maps lafrenchmobile Octobre 2013Futur des Maps lafrenchmobile Octobre 2013
Futur des Maps lafrenchmobile Octobre 2013
Labyala
 
Sedes formación parvularia sector privado y agentes educativos
Sedes formación  parvularia sector privado y agentes educativosSedes formación  parvularia sector privado y agentes educativos
Sedes formación parvularia sector privado y agentes educativos
Desarrollo Profesional Docente
 
Presentacion Corporativa Grupo EIP
Presentacion Corporativa Grupo EIPPresentacion Corporativa Grupo EIP
Presentacion Corporativa Grupo EIP
EIP Galicia
 
nueva metodologia diseno acpa street pave
 nueva metodologia diseno acpa street pave  nueva metodologia diseno acpa street pave
nueva metodologia diseno acpa street pave
Rafael Mateo Cabrera
 
Campoo los valles
Campoo los vallesCampoo los valles
Campoo los valles
juangilskate
 
El agua de quimsacocha entre la codicia y la vida
El agua de quimsacocha entre la codicia y la vidaEl agua de quimsacocha entre la codicia y la vida
El agua de quimsacocha entre la codicia y la vida
Centro de Derechos Económicos y Sociales - CDES
 
Sitrep 20 ukraine - 28 november 2014
Sitrep 20   ukraine - 28 november 2014Sitrep 20   ukraine - 28 november 2014
Sitrep 20 ukraine - 28 november 2014
nalianalia
 
Welltherm broschuere englisch
Welltherm broschuere englischWelltherm broschuere englisch
Welltherm broschuere englisch
Aragon Valencia
 
Printed product catalogues
Printed product cataloguesPrinted product catalogues
Printed product catalogues
labhgroup901
 
La mujer publicitaria
La mujer publicitariaLa mujer publicitaria
La mujer publicitaria
Marta Arce Marín
 
Nguyenthao so do phan ung hoa vo co
Nguyenthao so do phan ung hoa vo coNguyenthao so do phan ung hoa vo co
Nguyenthao so do phan ung hoa vo co
meocondilac2009
 
B&K vibro
B&K vibroB&K vibro
Overcoming The Challenges of Implementing a Lockout Program
Overcoming The Challenges of Implementing a Lockout ProgramOvercoming The Challenges of Implementing a Lockout Program
Overcoming The Challenges of Implementing a Lockout Program
TENAQUIP
 
Google Adwords Step by step from Digital Marketing Paathshala
Google Adwords Step by step from Digital Marketing PaathshalaGoogle Adwords Step by step from Digital Marketing Paathshala
Google Adwords Step by step from Digital Marketing Paathshala
Simplilearn
 
Curriculum
CurriculumCurriculum
Curriculum
dalilac
 

Viewers also liked (18)

El Mejor Anime De Todos
El Mejor Anime De TodosEl Mejor Anime De Todos
El Mejor Anime De Todos
 
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
Challenges in VoIP Systems - Mostafa Ahmed Mostafa El Beheiry - First Draft F...
 
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
Conoce las oportunidades de trabajar en el extranjero y cómo adaptar tu currí...
 
Futur des Maps lafrenchmobile Octobre 2013
Futur des Maps lafrenchmobile Octobre 2013Futur des Maps lafrenchmobile Octobre 2013
Futur des Maps lafrenchmobile Octobre 2013
 
Sedes formación parvularia sector privado y agentes educativos
Sedes formación  parvularia sector privado y agentes educativosSedes formación  parvularia sector privado y agentes educativos
Sedes formación parvularia sector privado y agentes educativos
 
Presentacion Corporativa Grupo EIP
Presentacion Corporativa Grupo EIPPresentacion Corporativa Grupo EIP
Presentacion Corporativa Grupo EIP
 
nueva metodologia diseno acpa street pave
 nueva metodologia diseno acpa street pave  nueva metodologia diseno acpa street pave
nueva metodologia diseno acpa street pave
 
Campoo los valles
Campoo los vallesCampoo los valles
Campoo los valles
 
El agua de quimsacocha entre la codicia y la vida
El agua de quimsacocha entre la codicia y la vidaEl agua de quimsacocha entre la codicia y la vida
El agua de quimsacocha entre la codicia y la vida
 
Sitrep 20 ukraine - 28 november 2014
Sitrep 20   ukraine - 28 november 2014Sitrep 20   ukraine - 28 november 2014
Sitrep 20 ukraine - 28 november 2014
 
Welltherm broschuere englisch
Welltherm broschuere englischWelltherm broschuere englisch
Welltherm broschuere englisch
 
Printed product catalogues
Printed product cataloguesPrinted product catalogues
Printed product catalogues
 
La mujer publicitaria
La mujer publicitariaLa mujer publicitaria
La mujer publicitaria
 
Nguyenthao so do phan ung hoa vo co
Nguyenthao so do phan ung hoa vo coNguyenthao so do phan ung hoa vo co
Nguyenthao so do phan ung hoa vo co
 
B&K vibro
B&K vibroB&K vibro
B&K vibro
 
Overcoming The Challenges of Implementing a Lockout Program
Overcoming The Challenges of Implementing a Lockout ProgramOvercoming The Challenges of Implementing a Lockout Program
Overcoming The Challenges of Implementing a Lockout Program
 
Google Adwords Step by step from Digital Marketing Paathshala
Google Adwords Step by step from Digital Marketing PaathshalaGoogle Adwords Step by step from Digital Marketing Paathshala
Google Adwords Step by step from Digital Marketing Paathshala
 
Curriculum
CurriculumCurriculum
Curriculum
 

Similar to DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded

Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
CRS4 Research Center in Sardinia
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
Goutama Bachtiar
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013
Kappa Data
 
Digitalisation and ethics
Digitalisation and ethicsDigitalisation and ethics
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
Andris Soroka
 
20220301 digital person v15
20220301 digital person v1520220301 digital person v15
20220301 digital person v15
ISSIP
 
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
PaulDalfio
 
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Lars Hilse Global Thought Leader in #CyberSecurity, #CyberTerrorism, #CyberDefence, #CyberCrime
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
e-SIDES.eu
 
120": Future trends in IoT
120": Future trends in IoT120": Future trends in IoT
120": Future trends in IoT
JIC
 
20 famous quotes that should help you to think about cyber attacks!
20 famous quotes that should help you to think about cyber attacks!20 famous quotes that should help you to think about cyber attacks!
20 famous quotes that should help you to think about cyber attacks!
Charles Steve
 
European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016
Omer Coskun
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
ITnation Luxembourg
 
Carl Miller
Carl MillerCarl Miller
Carl Miller
MRS
 
E crime thesis Cyber Crime and its several types
E crime thesis  Cyber Crime and its several typesE crime thesis  Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
Assignment Studio
 
Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...
Dave Holland
 
Privacy by Design workshop for Developers - School for Computer Science (HBO-...
Privacy by Design workshop for Developers - School for Computer Science (HBO-...Privacy by Design workshop for Developers - School for Computer Science (HBO-...
Privacy by Design workshop for Developers - School for Computer Science (HBO-...
Anne Marleen
 
Trend Report dld2017
Trend Report dld2017Trend Report dld2017
Trend Report dld2017
pssst... Petra Sammer
 

Similar to DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded (20)

Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013KASPERSKY SECURITY BULLETIN 2013
KASPERSKY SECURITY BULLETIN 2013
 
Digitalisation and ethics
Digitalisation and ethicsDigitalisation and ethics
Digitalisation and ethics
 
DSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital worldDSS @ Digital ERA 2014 - Security in the digital world
DSS @ Digital ERA 2014 - Security in the digital world
 
20220301 digital person v15
20220301 digital person v1520220301 digital person v15
20220301 digital person v15
 
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
Snapchat Hacking Services Exploring the Domain of Professional Snapchat Hacke...
 
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
Cyberterrorism: The Security of Critical Infrastructure and Public Places in ...
 
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
"Towards Value-Centric Big Data" e-SIDES Workshop - Slide-deck
 
120": Future trends in IoT
120": Future trends in IoT120": Future trends in IoT
120": Future trends in IoT
 
20 famous quotes that should help you to think about cyber attacks!
20 famous quotes that should help you to think about cyber attacks!20 famous quotes that should help you to think about cyber attacks!
20 famous quotes that should help you to think about cyber attacks!
 
European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016European Cyber Security Perspectives 2016
European Cyber Security Perspectives 2016
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
 
Carl Miller
Carl MillerCarl Miller
Carl Miller
 
E crime thesis Cyber Crime and its several types
E crime thesis  Cyber Crime and its several typesE crime thesis  Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
 
Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...Privacy vs personalization: advisory for brand and comms practitioners into 2...
Privacy vs personalization: advisory for brand and comms practitioners into 2...
 
Privacy by Design workshop for Developers - School for Computer Science (HBO-...
Privacy by Design workshop for Developers - School for Computer Science (HBO-...Privacy by Design workshop for Developers - School for Computer Science (HBO-...
Privacy by Design workshop for Developers - School for Computer Science (HBO-...
 
Trend Report dld2017
Trend Report dld2017Trend Report dld2017
Trend Report dld2017
 

More from DefCamp

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
DefCamp
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
DefCamp
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
DefCamp
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
DefCamp
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
DefCamp
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
DefCamp
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
DefCamp
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
DefCamp
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
DefCamp
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
DefCamp
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
DefCamp
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
DefCamp
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
DefCamp
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
DefCamp
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
DefCamp
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
DefCamp
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
DefCamp
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
DefCamp
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
DefCamp
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
DefCamp
 

More from DefCamp (20)

Remote Yacht Hacking
Remote Yacht HackingRemote Yacht Hacking
Remote Yacht Hacking
 
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!Mobile, IoT, Clouds… It’s time to hire your own risk manager!
Mobile, IoT, Clouds… It’s time to hire your own risk manager!
 
The Charter of Trust
The Charter of TrustThe Charter of Trust
The Charter of Trust
 
Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?Internet Balkanization: Why Are We Raising Borders Online?
Internet Balkanization: Why Are We Raising Borders Online?
 
Bridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UXBridging the gap between CyberSecurity R&D and UX
Bridging the gap between CyberSecurity R&D and UX
 
Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...Secure and privacy-preserving data transmission and processing using homomorp...
Secure and privacy-preserving data transmission and processing using homomorp...
 
Drupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the AttackerDrupalgeddon 2 – Yet Another Weapon for the Attacker
Drupalgeddon 2 – Yet Another Weapon for the Attacker
 
Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)Economical Denial of Sustainability in the Cloud (EDOS)
Economical Denial of Sustainability in the Cloud (EDOS)
 
Trust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFATrust, but verify – Bypassing MFA
Trust, but verify – Bypassing MFA
 
Threat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical ApplicationThreat Hunting: From Platitudes to Practical Application
Threat Hunting: From Platitudes to Practical Application
 
Building application security with 0 money down
Building application security with 0 money downBuilding application security with 0 money down
Building application security with 0 money down
 
Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...Implementation of information security techniques on modern android based Kio...
Implementation of information security techniques on modern android based Kio...
 
Lattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epochLattice based Merkle for post-quantum epoch
Lattice based Merkle for post-quantum epoch
 
The challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcareThe challenge of building a secure and safe digital environment in healthcare
The challenge of building a secure and safe digital environment in healthcare
 
Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?Timing attacks against web applications: Are they still practical?
Timing attacks against web applications: Are they still practical?
 
Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured Tor .onions: The Good, The Rotten and The Misconfigured
Tor .onions: The Good, The Rotten and The Misconfigured
 
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
Needles, Haystacks and Algorithms: Using Machine Learning to detect complex t...
 
We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.We will charge you. How to [b]reach vendor’s network using EV charging station.
We will charge you. How to [b]reach vendor’s network using EV charging station.
 
Connect & Inspire Cyber Security
Connect & Inspire Cyber SecurityConnect & Inspire Cyber Security
Connect & Inspire Cyber Security
 
The lions and the watering hole
The lions and the watering holeThe lions and the watering hole
The lions and the watering hole
 

Recently uploaded

Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
Safe Software
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
kumarjarun2010
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
Anant Gupta
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
RaminGhanbari2
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
Priyanka Aash
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
Adam Dunkels
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
Management Institute of Skills Development
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 

Recently uploaded (20)

Data Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining DataData Integration Basics: Merging & Joining Data
Data Integration Basics: Merging & Joining Data
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSECHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
CHAPTER-8 COMPONENTS OF COMPUTER SYSTEM CLASS 9 CBSE
 
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes..."Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
"Mastering Graphic Design: Essential Tips and Tricks for Beginners and Profes...
 
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyyActive Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
(CISOPlatform Summit & SACON 2024) Digital Personal Data Protection Act.pdf
 
How to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptxHow to Build a Profitable IoT Product.pptx
How to Build a Profitable IoT Product.pptx
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
Figma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdfFigma AI Design Generator_ In-Depth Review.pdf
Figma AI Design Generator_ In-Depth Review.pdf
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 

DefCamp 2013 - Peering in the Soul of Hackers: HPP V2.0 reloaded

  • 1. Peering in the Soul of Hackers: HPP V2.0 reloaded (The Hacker’s Profiling Project) Raoul “Nobody” Chiesa Founder, President, Security Brokers SCpA Principal, Cyberdefcon Ltd. Member of ENISA PSG (Permanent Stakeholders Group) Special Advisor on the HPP project at UNICRI Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 2. Agenda        # whois From Crime to Cybercrime Hacker’s generations HPP V1.0 (2004-2011) HPP V2.0 (2011-2015) Conclusions Contacts, Q&A 2 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 3. Disclaimer ● The views expressed are those of the author(s) and speaker(s) and do not necessary reflect the views of UNICRI, ENISA and its PSG, nor the companies and security communities I’m working at and/or supporting. Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013 3
  • 4. # whois raoul  President, Founder, The Security Brokers  Principal, CyberDefcon UK  HPP Special Advisor @ UNICRI (United Nations Interregional Crime & Justice Research Institute)  PSG Member, ENISA (Permanent Stakeholders Group, European Network & Information Security Agency)  Founder, Board of Directors and Technical Commitee Member @ CLUSIT (Italian Information Security Association)  Steering Committee, AIP/OPSI, Privacy & Security Observatory  Member, Manager of the WG «Cyber World» at Italian MoD  Board of Directors, ISECOM  Board of Directors, OWASP Italian Chapter Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013 4
  • 5. # whois UNICRI  UNICRI is the United Nations Crime & Justice Research Institute  It’s based in Turin (WHQ), Italy: nice town, give us a visit!  We mainly work on: • Trainings (Legal aspects, Cybercrime, SCADA, HPP, …) • Facilitator: allowing cool (and trusted!) entities to meet and work each others • Paperworks (somebody gotta do it…) 5 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 6. 6 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 7. Crime->Yesterday “Every new technology, opens the door to new criminal approaches”.  The relationship between technologies and criminality has always been – since the very beginning – characterized by a kind of “competition” between the good and the bad guys, just like cats and mice.  As an example, at the beginning of 1900, when cars appeared, the “bad guys” started stealing them (!)  ….the police, in order to contrast the phenomenon, defined the mandatory use of car plates…  ….and the thieves began stealing the car plates from the cars (and/or falsifying them). Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 8. Crime->Today:Cybercrime  Cars have been substituted by information You got the information, you got the power.. (at least, in politics, in the business world, in our personal relationships…) • Simply put, this happens because the “information” can be transformed at once into “something else”: 1. Competitive advantage 2. Sensible/critical information 3. Money  … that’s why all of us we want to “be secure”.  It’s not by chance that it’s named “IS”: Information Security  Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 9. What happened over the past decades? Hacking eras & Hackers’ generations Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 10. Things changed…  First generation (70’s) was inspired by the need for knowledge  Second generation (1980-1984) was driven by curiosity plus the knowledge starving: the only way to learn OSs was to hack them; later (1985-1990) hacking becomes a trend.  The Third one (90’s) was simply pushed by the anger for hacking, meaning a mix of addiction, curiosity, learning new stuff, hacking IT systems and networks, exchanging info with the underground community. Here we saw new concepts coming, such as hacker’s e-zines (Phrack, 2600 Magazine) along with BBS  Fourth generation (2000-today) is driven by angerness and money: often we can see subjects with a very low knowhow, thinking that it’s “cool & bragging” being hackers, while they are not interested in hacking & phreaking history, culture and ethics. Here hacking meets with politics (cyber-hacktivism) or with the criminal world (cybercrime). €, $ Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 11. Cybercrime: why?  QUESTION: • May we state that cybercrime – along with its many, many aspects and views – can be ranked as #1 in rising trend and global diffusion ?  ANSWER(S):  Given that all of you are attendees and speakers here today, I would say that we already are on the right track in order to analyze the problem   Nevertheless, some factors exist for which the spreading of “e-crime-based” attacks relays.  Let’s take a look at them. Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 12. Reasons/1  1. There are new users, more and more every day: this means the total amount of potential victims and/or attack vectors is increasing.  2. Making money, “somehow and straight away”. Thanks to broadband... WW Economical crisis…  3. Technical know-how public availability & ready-to-go, even when talking about average-high skills: that’s what I name “hacking pret-à-porter” 0-days, Internet distribution system / Black Markets Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 13. Reasons/2  4. It’s extremely easy to recruit “idiots” and set up groups, molding those adepts upon the bad guy’s needs (think about e-mules) Newbies, Script Kids  5. “They will never bust me”  6. Lack of violent actions Psychology, Criminology Psychology and Sociology Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 14. What the heck is changed then??  What’s really changed is the attacker’s typology  From “bored teens”, doing it for “hobby and curiosity” (obviously: during night, pizza-hut’s box on the floor and cans of Red Bull)….  ...to teenagers and adults not mandatory “ICT” or “hackers”: they just do it for the money.  What’s changed is the attacker’s profile, along with its justifications, motivations and reasons.  Let’s have a quick test! Key Note @ DefCamp 2013 14 Bucharest, Romania – November 29th , 2013
  • 15. Hackers in their environment Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 16. “Professionals” Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 17. LOL-test 17 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 18. There’s a difference: why?  Why were the guys in the first slide hackers, and the others professionals ?  Because of the PCs ?  Because of their “look” ?  Due to the environments surrounding them ?  Because of the “expression on their faces” ? Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 19. Surprise! Everything has changed…  Erroneus media information pushed “normal people” minds to run this approach  Today, sometimes the professionals are the real criminals, and hackers “the good guys”…Think about a few incidents: • Telecom Italia scandal, Vodafone Greece Affair, NSA, GCHQ, etc…) Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 20. Welcome to HPP! Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 21. HPP V1.0  Back in 2004 we launched the Hacker’s Profiling Project - HPP: http://www.unicri.it/emerging_crimes/cybercrime/ cyber_crimes/hpp.php)  Since that year: • +1.200 questionnaires collected & analyzed • 9 Hackers profiles emerged • Two books (one in English) • Profilo Hacker, Apogeo, 2007 • Profiling Hackers: the Science of Criminal Profiling as Applied to the World of Hacking, Taylor&Francis Group, CRC Press (2009) 21 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 22. HPP V1.0: purposes & goals Analyse the hacking phenomenon in its several aspects (technological, social, legal, economical) through technical and criminological approaches. Understand the different motivations and identify the actors involved (who, not “how”). Observe those true criminal actions “on the field” . Apply the profiling methodology to collected data (4W: who, where, when, why). Acquire and disseminate knowledge. 22 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 23. HPP Questionnaires: the modules Module A Personal data (gender, age, social status, family context, study/work) Module B Relational data (relationship with: the Authorities, teachers/employers, friends/colleagues, other hackers) All questions allow anonymous answers Module C Technical and criminological data (targets, techniques/tools, motivations, ethics, perception of the illegality of their own activity, crimes committed, deterrence) 23 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 24. Some numbers Total received questionnaires: # +1200 Full questionnaires filled out - # +600* Compact questionnaires filled out - #573* *since September 2006 Mainly from: USA Italy UK Canada Lithuania Australia Malaysia Germany Brazil 24 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 25. Evaluation & Correlation standards Modus Operandi (MO) Hacking career Lone hacker or as a member of a group Principles of the hacker's ethics Motivations Crashed or damaged systems Selected targets Perception of the illegality of their own activity Relationship between motivations and targets Effect of laws, convictions and technical difficulties as a deterrent 25 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 26. Zoom: correlation standards Gender and age group Background and place of residence How hackers view themselves Family background Socio-economic background Social relationships Leisure activities Education Professional environment Psychological traits To be or to appear: the level of self-esteem Presence of multiple personalities Psychophysical conditions Alcohol & drug abuse and dependencies Definition or self-definition: what is a real hacker? Relationship data Handle and nickname Starting age Learning and training modalities The mentor's role Technical capacities (know-how) Hacking, phreaking or carding: the reasons behind the choice Networks, technologies and operating systems Techniques used to penetrate a system Individual and group attacks The art of war: examples of attack techniques Operating inside a target system The hacker’s signature Relationships with the System Administrators Motivations The power trip Lone hackers Hacker groups Favourite targets and reasons Specializations Principles of the Hacker Ethics Acceptance or refusal of the Hacker Ethics Crashed systems Hacking/phreaking addiction Perception of the illegality of their actions Offences perpetrated with the aid of IT devices Offences perpetrated without the use of IT devices Fear of discovery, arrest and conviction The law as deterrent Effect of convictions Leaving the hacker scene Beyond hacking 26 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 27. HPP V1.0: the emerged profiles… 27 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 28. Profile OFFENDER ID LONE / GROUP HACKER TARGET MOTIVATIONS / PURPOSES Wanna Be Lamer 9-16 years “I would like to be a hacker, but I can’t” GROUP End-User For fashion, It’s “cool” => to boast and brag Script Kiddie 10-18 years The script boy GROUP: but they may act alone SME / Specific security flaws To give vent of their anger / attract mass-media attention Cracker 17-30 years The destructor, burned ground LONE Business company To demonstrate their power / attract massmedia attention Ethical Hacker 15-50 years The “ethical” hacker’s world LONE / GROUP (only for fun) Vendor / Technology For curiosity (to learn) and altruistic purposes Quiet, Paranoid, Skilled Hacker 16-40 years The very specialized and paranoid attacker LONE On necessity For curiosity (to learn) => egoistic purposes Cyber-Warrior 18-50 years The soldier, hacking for money LONE “Symbol” business company / End-User For profit Industrial Spy 22-45 years Industrial espionage LONE Business company / Corporation For profit Government Agent 25-45 years CIA, Mossad, FBI, etc. LONE / GROUP Government / Suspected Terrorist/ Strategic company/ Individual Espionage/ Counter-espionage Vulnerability test Activity-monitoring Military Hacker 25-45 years LONE / GROUP Government / Strategic company Monitoring / controlling / crashing systems 28 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 29. Some comments  Since 1999 I’ve attended most of the socalled «hacking conferences».  Over the last 5 years, I’ve travelled as a speaker, evangelist, security bitch and whatever in: • • • • • .mil environments (EU, Eastern Europe) India China GCC Area 29 Malaysia Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 30. OBEDIENCE TO THE “HACKER ETHICS” CRASHED / DAMAGED SYSTEMS PERCEPTION OF THE ILLEGALITY OF THEIR OWN ACTIVITY Wanna Be Lamer NO: they don’t know “Hacker Ethics” principles YES: voluntarily or not (inexperience, lack of technical skills) YES: but they think they will never be caught Script Kiddie NO: they create their own ethics NO: but they delete / modify data YES: but they justify their actions Cracker NO: for them the “Hacker Ethics” doesn’t exist YES: always voluntarily YES but: MORAL DISCHARGE Ethical Hacker YES: they defend it NEVER: it could happen only incidentally YES: but they consider their activity morally acceptable Quiet, Paranoid, Skilled Hacker NO: they have their own personal ethics, often similar to the “Hacker Ethics” NO YES: they feel guilty for the upset caused to SysAdmins and victims Cyber-Warrior NO YES: they also delete/modify/steal and sell data YES: but they are without scruple Industrial Spy NO: but they follow some unwritten “professional” rules NO: they only steal and sell data YES: but they are without scruple Government Agent NO: they betray the “Hacker Ethics” YES (including deleting/modifying/stealing data) / NO (in stealth attacks) Military Hacker NO: they betray the “Hacker Ethics” YES (including deleting/modifying/stealing data) / NO (in stealth 30 attacks) Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 31. PROFILE MAY BE LINKED TO Wanna Be Lamer WILL CHANGE ITS BEHAVIOR? TARGET (NEW) MOTIVATIONS & PURPOSES No Script Kiddie Urban hacks No Wireless Networks, Internet Café, neighborhood, etc.. Cracker Phishing Spam Black ops Yes Companies, associations, whatever Money, Fame, Politics, Religion, etc… Ethical Hacker Black ops Probably Competitors (Telecom Italia Affair), end-users Big money Quiet, Paranoid, Skilled Hacker Black ops Yes High-level targets Hesoteric request (i.e., hack “Thuraya” for us) Cyber-Warrior CNIs attacks Gov. attacks Yes “Symbols”: from Dali Lama to UN, passing through CNIs and business companies Intelligence ? Industrial Spy Yes Business company / Corporation For profit Government Agent Probably Government / Suspected Terrorist/ Strategic company/ Individual Espionage/ Counter-espionage Vulnerability test Activity-monitoring Military Hacker Probably Government / Strategic company Monitoring / controlling / crashing systems 31 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 32. DETERRENCE EFFECT OF: LAWS CONVICTIONS SUFFERED BY OTHER HACKERS Wanna Be Lamer NULL NULL ALMOST NULL HIGH HIGH CONVICTIONS SUFFERED BY THEM TECHNICAL DIFFICULTIES Script Kiddie NULL NULL HIGH: they stop after the 1st conviction Cracker NULL NULL NULL MEDIUM NULL Ethical Hacker NULL NULL HIGH: they stop after the 1st conviction Quiet, Paranoid, Skilled Hacker NULL NULL NULL NULL Cyber-Warrior NULL NULL NULL NULL: they do it as a job Industrial Spy NULL NULL NULL NULL: they do it as a job 32 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 33. HPP V2.0: what happened?  VERY simple:  Lack of funding: for phases 3&4 we need money! • HW, SW, Analysts, Translators  We started back in 2004: «romantic hackers», + we foreseen those «new» actors tough: .GOV, .MIL, Intelligence.  We missed out: • • • • Hacktivism (!); Cybercriminals out of the «hobbystic» approach; OC; The financial aspects (Follow the Money!!). 33 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 34. HPP V2.0: next enhancements 1. Wannabe Lamer 2. Script kiddie: under development (Web Defacers, DDoS, links with distributed teams i.e. Anonymous….) 3. Cracker: under development (Hacking on-demand, “outsourced”; links with Organized Crime) 4. Ethical hacker: under development (security researchers, ethical hacking groups) 5. Quiet, paranoid, skilled hacker (elite, unexplained hacks? Vodafone GR? NYSE? Lybia TLC systems?) 6. Cyber-warrior: to be developed 7. Industrial spy: to be developed (links with Organized Crimes & Governments i.e. Comodo, DigiNotar and RSA hacks?) 8. Government agent: to be developed (“N” countries..) 9. Military hacker: to be developed (India, China, N./S. Korea, etc.) 34 X. Money Mules? Ignorant “DDoSsers”? (i.e. LOIC by Anonymous) Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 35. 35 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 36. HPP V2.0: upcoming goals Going after Cybercriminals:  Kingpins & Master minds (the “Man at the Top”) o Organized Crime o MO, Business Model, Kingpins – “How To”  Techies hired by the Organized Crime (i.e. Romania & skimming at the very beginning; Nigerian cons; Ukraine Rogue AV; Pharma ADV Campaigns; ESTDomains in Estonia; etc..)  Structure, Infrastructures (possible links with Govs & Mils?)  Money Laundering: Follow the money (Not just “e-mules”: new frameworks to “cash-out”)  Outsourcing: malware factories36 (Stuxnet? DuQu? Flame? ….) Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 37. Conclusions The whole Project is self-funded and based on independent research methodologies.  Despite many problems, we have been carrying out the Project for years.  The final methodology will be released under GNU/FDL and distributed through ISECOM.  It is welcome the research centres, public and private institutions, and governmental agencies' interest in the Project.    We think that we are elaborating something beautiful... …something that did not exist… …and it seems – really – to have a sense ! :)  It is not a simple challenge. However, we think to be on the right path. 37 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 38. Useful Community Sources Kingpin, 2012 ● Profiling Hackers: the Science of Criminal Profiling as applied to the world of hacking, CRC Press/Taylor & Francis Group, 2009 ● H.P.P. Questionnaires 2005-2010 ● Fatal System Error: the Hunt for the new Crime Lords who are bringing down the Internet, Joseph Menn, Public Affairs, 2010 ● ● Stealing the Network: How to 0wn a Continent, (an Identity), (a Shadow) (V.A.), Syngress Publishing, 2004, 2006, 2007 ● Stealing the Network: How to 0wn the Box, (V.A.), Syngress Publishing, 2003 Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, Suelette Dreyfus, Random House Australia, 1997 ● The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, DoubleDay (1989), Pocket (2000) ● ● Masters of Deception: the Gang that Ruled Cyberspace, Michelle Stalalla & Joshua Quinttner, Harpercollins, 1995 ● Kevin Poulsen, Serial Hacker, Jonathan Littman, Little & Brown, 1997 ● Takedown, John Markoff and Tsutomu Shimomura, Sperling & Kupfler, (Hyperion Books), 1996 ● The Fugitive Game: online with Kevin Mitnick, Jonathan Littman, Little & Brown, 1997 ● The Art of Deception, Kevin D. Mitnick & William L. Simon, Wiley, 2002 ● The Art of Intrusion, Kevin D. Mitnick & William L. Simon, Wiley, 2004 ● @ Large: the Strange Case of the World’s Biggest Internet Invasion, Charles Mann & David Freedman, Touchstone, 1998 Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 39. Useful Community Sources The Estonia attack: Battling Botnets and online Mobs, Gadi Evron, 2008 (white paper) ● Who is “n3td3v”?, by Hacker Factor Solutions, 2006 (white paper) ● Mafiaboy: How I cracked the Internet and Why it’s still broken, Michael Calce with Craig Silverman, 2008 ● The Hacker Diaries: Confessions of Teenage Hackers, Dan Verton, McGraw-Hill Osborne Media, 2002 ● Cyberpunk: Outlaws and Hackers on the Computer Frontier, Katie Hafner, Simon & Schuster, 1995 ● Cyber Adversary Characterization: auditing the hacker mind, Tom Parker, Syngress, 2004 ● Inside the SPAM Cartel: trade secrets from the Dark Side, by Spammer X, Syngress, 2004 ● Hacker Cracker, Ejovu Nuwere with David Chanoff, Harper Collins, 2002 ● Compendio di criminologia, Ponti G., Raffaello Cortina, 1991 ● Criminalità da computer, Tiedemann K., in Trattato di criminologia, medicina criminologica e psichiatria forense, vol.X, Il cambiamento delle forme di criminalità e devianza, Ferracuti F. (a cura di), Giuffrè, 1988 ● United Nations Manual on the Prevention and Control of Computer-related Crime, in International Review of Criminal Policy – Nos. 43 and 44 ● Criminal Profiling: dall’analisi della scena del delitto al profilo psicologico del criminale, Massimo Picozzi, Angelo Zappalà, McGraw Hill, 2001 ● Deductive Criminal Profiling: Comparing Applied Methodologies Between Inductive and Deductive Criminal Profiling Techniques, Turvey B., Knowledge Solutions Library, January, 1998 ● Malicious Hackers: a framework for Analysis and Case Study, Laura J. Kleen, Captain, USAF, US Air Force Institute of Technology ● Criminal Profiling Research Site. Scientific Offender Profiling Resource in Switzerland. Criminology, Law, Psychology, Täterpro ● Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 40. And...a gift for you all here!  Get your own, FREE copy of “F3” (Freedom from ● Fear, the United Nations magazine) issue #7, totally focused on Cybercrimes! ● DOWNLOAD: ● www.FreedomFromFearMagazine.org ● Or, email me and I will send you the full PDF (10MB) ● Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013
  • 41. Contacts • Contact presenter at rc@security-brokers.com if you are interested in: • Asking questions, getting material (links, books..) Contact presenter at chiesa@UNICRI.it if you are interested in: • Helping with the project, supporting us, donations Public Key: http://raoul.EU.org/RaoulChiesa.asc Key Note @ DefCamp 2013 Bucharest, Romania – November 29th , 2013