SlideShare a Scribd company logo

Don zaal a 11.15 11.45 fccu

webwinkelvakdag
webwinkelvakdag

Hacktivists, cyber spies, and internet fraudsters pose serious threats in today's digital era. To protect against these growing threats, an integrated approach is needed to undermine the criminal cyber architecture. The document outlines various cybercrime threats targeting businesses, infrastructure, and individuals through hacking of websites, intrusions into internal networks, and attacks on cloud services. It emphasizes the importance of security measures like encryption, authentication, and backups to defend against these threats.

1 of 29
How to survive in an era of hacktivists, cyber espionnage and internet fraudsters ? The need for an integrated approach to undermine the criminal cyber architecture Brussels, 21 March 2013 e-Shop Expo © 2013 Luc Beirens – Federal Computer Crime Unit - Belgian Federal Judicial Police – Direction economical and financial crime Presentation  @LucBeirens Chief Commissioner Head of the Federal Computer Crime Unit Belgian Federal Judicial Police Direction Economical and financial crime Chairman of the EU Cybercrime task force representing the organization of heads of national hightech crime units of the EU 1
Topics - overview  An analysis of the eSociety situation  Who is threating eSociety and how ? Inside threat / outside threats  Possible damage to eGov and eSociety  Which response to give to this ? What is there to protect ?  Your company / public image  Your market share (even as public service)  Your business activity / products  Your existance as such Cybercrime threats © Belgian Federal Computer Crime Unit 2
What is there to protect ?  Data (stored or in transmission)  Our personal data employees / citizens / customers  Info on the organisation (policy/functioning/financial)  Info on your activity, product (price list, patents, source code)  Our information infrastructure  Internal / external systems  Network connexions  Storage and backup systems  Privacy law requires measures organisational and technical to protect personal data Cybercrime threats © Belgian Federal Computer Crime Unit eShop  Be recognisable to your customers  Beware of imposters  Use of certificates / control over domain  Keep your customers safe  Data  Transactions  Get paid for your services / products  Don’t become unwillingly a criminal service platform Cybercrime threats © Belgian Federal Computer Crime Unit 3
e-Architecture Externally managed infrastructure Certification Authority Externally hosted website VPN Internet DNS Internal network Firewall DMZ own Backup server webserver Cloud service center SCADA End user Roaming user Process control © Luc Beirens General trends today  Evolution towards e-society  replace persons by e-applications  Interconnecting all systems (admin, industrial, control)  Mobile systems – Cloud  Social networks  IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces  Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy  Enduser is not yet educated to act properly 4
What do criminals want ?  Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed  Destabilaze (e-)society by causing troubles First conclusions ?  Society is thus very heavily depending on ICT  ICT = important vulnerability of modern society  End user = weakest link => biggest danger  Need to  Guarantee continuity of ICT functioning  Availability and integrity of data  Data is more and more in the cloud  Accessible from all over the world  Outside jurisdiction of your country 5
Who is threating us ?  Script kiddies  Insider ICT guy in your company  Loosely organized criminals  Firmly organized criminal groups  Terrorists / hacktivists  Foreign states / economical powers  Nation warfare troups What are the outside threats ? Cybercrime threats © Belgian Federal Computer Crime Unit 6
Threats in messages on hackersites  Wiping away the websites in your state  Infiltration in servers of the Public Treasury disrupting tax collection  Infiltration in bank accounts  Attacks on media websites  Attacks on e-commerce websites  Distribution of personnel data and credit card information  Targetting also in the end of the year period Cybercrime threats © Belgian Federal Computer Crime Unit Focus  On individuals  On webservers  On your organization  On your partner’s organization  On your infrastructure  On cyber infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit 7
Hacking webservers  Motives of criminal :  Perform defacement  Use as storage platform for illegal content (childporn)  Use as intermediate platform for criminal activity  Get sensitive information and do extortion (idiot tax)  Get financial information (credit cards)  To do :  Updates SW, strong admin access, no pers data on srvr  Follow up pastebin.com : a hackers drop off Cybercrime threats © Belgian Federal Computer Crime Unit Cybercrime threats © Belgian Federal Computer Crime Unit 8
E-Shop risks  “Forgotten” test environments  Use of real data  No logging of  Applications with debugging procedures  Data bases with all user data on webserver instead of inside LAN  User profiles unencrypted / unsalted ?  Credit card information in profiles ?  Use of stolen credit (new payment systems) Cybercrime threats © Belgian Federal Computer Crime Unit 9
Dossier Cybercrime - NVP PNS 2012-2015 Security : encrypted data !  Infection of workstations and servers in company LAN  Using targetted e-mails / social media messages  Malicious encryption of all user data files  Ransom to get decryption key  From those that paid : some got key some didn’t  Others had a recent off-line backup ! Cybercrime threats © Belgian Federal Computer Crime Unit 10
Intrusions in your LAN  Intrusion in your system to intercept data that allows to take away products from your stock  WIFI interception from parking  Infection by trojan (e-mail)  (unreported) burglary in the company to place  hardware keyloggers  complete small computer system WIFI intercept 3G transmit  With valid ticket go fetch cargo  To Do :  Encrypt WIFI transmissions  Patch only active workstation connections Cybercrime threats © Belgian Federal Computer Crime Unit Intrusion in your trading account  Carbon dioxide certificates trade  Open data : contact persons of companies  Spear phishing mail + phishing website  Access to trading account  Millions of € sold in few hours all over EU  Sold far under price & immediately resold  To do : Awareness Cybercrime threats © Belgian Federal Computer Crime Unit 11
Intrusion in your partner’s LAN  Intrusion in LAN of foreign partner (Chinese) and get information on your business and invoices to pay  You get mail with  Slightly different e-mail adresses  Change of bank account number to pay (Due to audit ...)  To do : verify thouroughly any changes before paying Cybercrime threats © Belgian Federal Computer Crime Unit Attacking infrastructure  Remote managed infrastructures in your buildings  Central heating  Elevator  Creating disruption of this infrastructure => leads to high cost  To do : verify if this applies to you and your infrastructure managing company Cybercrime threats © Belgian Federal Computer Crime Unit 12
Hacking into cloud accounts  SME’s that have all their information in cloud accounts  Hacking into these account  Taking over access control  Sending of SOS-e-mails (Robbed money needed)  Deleting all contact information in the account => preventing warning e-mails after getting back access to account  To do :  enforce strong authentication and second ways to access the account  Have backups of these systems Cybercrime threats © Belgian Federal Computer Crime Unit Dossier Cybercrime - NVP PNS 2012-2015 13
Cyber crime against cyber infrastructure  Payment systems  2010 Wikileaks case : “Anonymous” attack on VISA, Paypal, Mastercard,...  DNS – system create fraudulent routing or use for DDOS  Certification autorities (Diginotar)  Data centers (Blocs all servers in it) Dossier Cybercrime - NVP PNS 2012-2015 Dossier Cybercrime - NVP PNS 2012-2015 14
Cybercrime focusing individuals  Individuals are  also working in companies / government  Use social networks / webmail  Often used to exchange business related info  Containing access code information  Hacking of these profiles / webmails  Abuse to infect people you know  Get personal information of you and your contacts  Commit fraud  Internet fraud of all kinds  Webcam sex interception to do extortion Luc Beirens - FCCU -2012 What are the criminals tech tools to hack and attack ?  Malware attacks (viruses, worms, trojans, ...) fast spreading day zero infections => no immediate cure => lot of victims (especially home PC’s – 24 / 365 available)  Abuse of infected computers to create botnets (large “armies” of PC’s under control of 1 master) => used to make massive attacks on webservers or network nodes => high risk for your critical ICT infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit 15
Webserver / node Computer Crash Hacker Internet Info Access line Cmd blocked My IP is x.y.z.z Command & Botnet attack on a webserver / node Control Server Webserver / node Hacker Knowledge server Internet trigger event MW update Very frequent MW update request Malware update server Command & Malware update / knowledge transfer Control Server 16
Why ? Making money !  Sometimes still for fun (scriptkiddies)  Spam distribution via Zombie  Click generation on banner publicity  Dialer installation on zombie to make premium rate calls  Spyware installation  Espionage => banking details / passwords / keylogging  Ransom bot => encrypts files => money for password  Capacity for distributed denial of service attacks DDOS => disturb functioning of internet device (server/router) Cybercrime threats © Belgian Federal Computer Crime Unit How big is the problem ?  Already criminal cases in several countries  Botnets detected  Several hundreds of botnets worldwide  Several thousands of C&C worldwide  Thousands upto millions of zombie computers online  generated huge datatraffic upto 40 Gbps  Dismantling / crippling botnets 17
e-Crime underground business  Underground fora and chatrooms  Restricted access – on invitation  Secured by encryption  Botnets for hire  Control over bot for spam : 0,04 $ / bot / day Small scale attack 20 Mbps : 50 – 100 $ / day  Large scale attack 10Gbps : 1000 $ / day  Malware development on demand Cybercrime threats © Belgian Federal Computer Crime Unit Important DDOS cases  UK 2004 : gambling website down (+ hoster + ISP)  NL 2005 : 2 botnets : millions of zombies  BE 2005 : DDOS on chatnetwork of Media firms  BE 2005 : DDOS on Firm (social conflict)  US 2006 : Blue security firm stops activity  SE 2006 : Website Gov and Police down due to DDOS after police raid on P2P  EE 2007 : Widespread DDOS attack on Estonia after incidents on moving soldier statue  Georgia 2008 : cyber war during military conflict  World 2010 : Wikileaks case : Visa Mastercard paypal  World 2012 : CIA FBI USDOJ EU Arcelor Mittal ... Cybercrime threats © Belgian Federal Computer Crime Unit 18
Latest malware developments  Stuxnet : very complex and elaborated trojan  Several replication vectors :  Networks  USB keys  Connects to C&C botnet server  Focused on industrial control system  Searches for systems with this control system  Collects information on Siemens PLC systems  Changes process logic on infected machines  Duqu based upon Stuxnet : spying purposes Cybercrime threats © Belgian Federal Computer Crime Unit © Luc Beirens Biggest threat ? Criminal’s Knowledge database  SQL (standard query language) databases  Several backup servers  Content  Keylogging (everything also userids, passwords)  Screenshots (of all opened windows, websites,...)  URL  IP-addresses  Base for reverse R&D to counter new security Cybercrime threats © Belgian Federal Computer Crime Unit 19
Cases ?  e-Banking fraud  Hacking of large institutions / firms  Long time unaware of hacking  Keylogging  Encrypted files on PC  Internal botnet  Intermediate step to other networks  Often no complaint Cybercrime threats © Belgian Federal Computer Crime Unit Large firm hacking using internal botnet Internet Hacker Company network © Luc Beirens 20
And the victims ?  Who ?  Transactional websites  Communication networks  ISPs and all other clients  Reaction  Unaware of incidents going on  ISPs try to solve it themselves  Nearly no complaints made – even if asked ...  Result ? The hackers go on developing botnets Combined threat  What if abused by terrorists ? ... simultaniously with a real world attack?  How will you handle the crisis ? Your telephone system is not working ! Cybercrime threats © Belgian Federal Computer Crime Unit 21
Risks  Economical disaster  Large scale : critical infrastructure  Small scale : enterprise  Individual data  Loss of trust in e-society Cybercrime threats © Belgian Federal Computer Crime Unit Who investigates ICT crime ?  Prosecutors / Examining Judges  Specialised police forces (nat’l & Internat’l)  Legal expert witnesses  Specialised forensic units of consulting firms  Associations defending commercial interests  Security firms => vulnerabilities  Activist groups => publish info on « truth » © Luc Beirens 22
E-Police organisation and tasks Integrated police Federal 1 Federal Computer Crime Unit Police 24 / 7 (inter)national contact National Policy Operations : Intelligence Level Internet & ePayment fraude Training Forensic ICT analysis Cybercrime 33 persons Equipment ICT Crime combating www.ecops.be hotline FCCU Network Internat internet ID requests Federal Police 25 Regionale Computer Crime Units (1 – 2 Arrondissementen) Regional level Assistance for housesearches, Investigations of ICT crime case 180 persons forensic analysis of ICT, taking (assisted by FCCU) statements, internet investigations Local Level First line police Federal Police “Freezing” the situation until the arrival of CCU or FCCU Local Police Selecting and safeguarding of digital evidence © 2013 - Luc Beirens - FCCU - Belgian Federal Police Our services  Help to take a complaint  Descend on the scene of crime  Make drawing of architecture of hacked system  Image backup of hacked system (if possible)  Internet investigations (Identification, location)  House searches  Taking statements of concerned parties  Forensic analysis of seized machines  Compile conclusive police report © Luc Beirens 23
Investigative problems - tracking  Victims : Unfamiliar and fear for “Corporate image” => belated complaints – trashed / no more traces  Rather “unknown” world for police & justice => Delay before involvement specialised units Limited ICT investigation capacity (technical & police skills)  Multiplication and integration of services / providers / protocols / devices  Lack of harmonised international legislation & instruments  Anonymous / hacked connections – subscriptions - WIFI  Intermediate systems often cut track to purpetrator © Luc Beirens Investigative problems – evidence gathering  Delocalisation of evidence : the cloud ?  Exponential growth of storage capacity => time consuming :  backups & verification processes  Analysis  New legislation / jurisprudence imposes more rigorous procedures for evidence gathering in cyber space  Bad ICT-security : give proof of the source and the integrity of evidence © Luc Beirens 24
Brussels, we have a problem ...  Complainer  Politie  OK  Hello, can you help ?  A few questions to start  We are a Belgian hosting firm our file …  Who, where, what, when  We have a problem …  Our webservers are hacked  & several websites of our Belgian customers have been defaced © Luc Beirens Who is where ? © Luc Beirens 25
Who / where / what  In the USA  In Belgium  Hacked webserver Defaced website  Hosting firm :  nothing in Belgium  In the Netherlands  Hacked server  Customer : nothing in Belgium  In the UK  Hacker ?  Hacked firm :  In the Luxemburg nothing in Belgium  Hacker ? © Luc Beirens Conclusions ...  Competence Belgian Justice authorities ? Discussion  viewpoint Public Prosecutor General : not competent  viewpoint lawyer victim : competent  viewpoint suspect’s defence : ????  If choice was made for storage in foreign country  Why ? Cost ? Evade regulations & obligations ?  No (?) protection of Belgian Law  No (?) intervention of Law Enforcement in Belgium  Protection by law & LE in country where server is © Luc Beirens 26
Preventive Recommendations  Draw up a general ICT usage directive (normal usage)  Awareness program for management & users ICT security policy is part of the global security policy  Appoint an ICT security responsible => control on application of ICT usage & security policy  Keep critical systems separate from the Internet if possible !  Use software from a trusted source  Install recent Anti-virus and Firewall programms (laptops)  Synchronize the system clocks regularly  Activate and monitor log files on firewall, proxy, access  Make & test backups & keep them safe (generations) ! © Luc Beirens Recommendations for victims of ICT crime  Disconnect from the outside world  Take note of last internet activities & exact date and time  Evaluate : damage more important than restart ?  Restart most important: make full backup before restore  Damage more important : don’t touch anything  Safeguard all messages, log files in original state  Inform ASAP the Federal Judicial Police and ask for assistance of the Federal or Regional CCU  Force change all passwords  Reestablish the connection only if ALL failures patched © Luc Beirens 27
Where to make a complaint ?  Within a police force …  Local Police service => not specialised => not the right place for ICT-crime (hacking/sabotage/espionage) => place to make complaints on Internet fraud  Federal judicial police (FGP) => better but … Regional CCU => The right place to be for ICT crime  Federal Computer Crime Unit => 24/7 contact Risks on vital or crucial ICT systems => call urgently  Illegal content (childporn, …) => www.ecops.be  … or immediately report to a magistrate ?  Local prosecutor (Procureur) => will send it to police => can decide not to prosecute  Examining Judge => complaint with deposit of a bail => obligation to investigate the case © Luc Beirens For the sys admin  Several layers of protection  Internal firewalls  Encrypted communications  Encrypted data bases  Check active sys admin profiles on svrs  Log and follow up FW, IDS : IP + port + time  Certificates should be signed by 2 CA Cybercrime threats © Belgian Federal Computer Crime Unit 28
Contact information Federal Judicial Police Direction for Economical and Financial crime Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium Tel office : +32 2 743 74 74 Fax : +32 2 743 74 19 E-mail : luc.beirens@fccu.be Twitter : @LucBeirens Cybercrime threats © Belgian Federal Computer Crime Unit 29

Recommended

20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
Luc Beirens
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world
Luc Beirens
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimes
Prof. (Dr.) Tabrez Ahmad
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
American Chamber of Commerce in Bahrain
 

Recommended

20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat20120208 Strategical approach to tacle cybercrime & the botnet threat
20120208 Strategical approach to tacle cybercrime & the botnet threat
Luc Beirens
 
20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world20120329 Cybercrime threats on e-world
20120329 Cybercrime threats on e-world
Luc Beirens
 
Cyber
Cyber Cyber
Cyber Alberto Peñaranda Echevarría
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk
 
An overview of cyberimes
An overview of cyberimesAn overview of cyberimes
An overview of cyberimes
Prof. (Dr.) Tabrez Ahmad
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Cybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slidesCybersecurity in ME April 25 slides
Cybersecurity in ME April 25 slides
American Chamber of Commerce in Bahrain
 
E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce SecurityLindsey Landolfi
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
Ulf Mattsson
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...INSPIRIT BRASIL
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
Hai Nguyen
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
kbzdox ivanovich
 
English in written
English in writtenEnglish in written
English in writtenazhar manap
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Jon ppoint
Jon ppointJon ppoint
Jon ppointCheryl White
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
The Lorenzi Group
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
lmgangi
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)
華穗 徐
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
cparimala
 
IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM (Middle East and Africa)
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
Maran Corporate Risk Associates, Inc.
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabiltyMaran Corporate Risk Associates, Inc.
 
20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
Luc Beirens
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?
Luc Beirens
 

More Related Content

What's hot

What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
Ulf Mattsson
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...INSPIRIT BRASIL
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
Jim Brashear
 
Maloney slides
Maloney slidesMaloney slides
Maloney slidesOnkar Sule
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
Hai Nguyen
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
kbzdox ivanovich
 
English in written
English in writtenEnglish in written
English in writtenazhar manap
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
Iaetsd Iaetsd
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
The Lorenzi Group
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
lmgangi
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)
華穗 徐
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
cparimala
 
IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM (Middle East and Africa)
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
Maran Corporate Risk Associates, Inc.
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 

What's hot (20)

E-commerce Security
E-commerce SecurityE-commerce Security
E-commerce Security
 
What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019What i learned at the infosecurity isaca north america expo and conference 2019
What i learned at the infosecurity isaca north america expo and conference 2019
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
Watchguard - How Cloud‐based Security Delivers   Up‐to‐the‐Minute Network Pro...
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 
Maloney slides
Maloney slidesMaloney slides
Maloney slides
 
Thornton e authentication guidance
Thornton e authentication guidanceThornton e authentication guidance
Thornton e authentication guidance
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
 
English in written
English in writtenEnglish in written
English in written
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
 
Jon ppoint
Jon ppointJon ppoint
Jon ppoint
 
Iaetsd cyber crimeand
Iaetsd cyber crimeandIaetsd cyber crimeand
Iaetsd cyber crimeand
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
Ch12(revised 20071226)
Ch12(revised 20071226)Ch12(revised 20071226)
Ch12(revised 20071226)
 
Cyber law assignment
Cyber law assignmentCyber law assignment
Cyber law assignment
 
IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...IBM Software Day 2013. Defending against cyber threats with security intellig...
IBM Software Day 2013. Defending against cyber threats with security intellig...
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabilty
 

Similar to Don zaal a 11.15 11.45 fccu

20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
Luc Beirens
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?
Luc Beirens
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Netpluz Asia Pte Ltd
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
prtabal_25
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
Imran Khan
 
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
NilKhunt
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & SecurityNetstarterSL
 
Week nine- Securing info systems lecture
Week nine- Securing info systems lectureWeek nine- Securing info systems lecture
Week nine- Securing info systems lecture
Aiman Niazi
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
cyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testingcyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testing
akshayathetopper
 
CYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourCYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester four
ssuser24dae7
 
CYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesCYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examples
VivekanandaGN1
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.ppt
Praveen362297
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
IBM Danmark
 

Similar to Don zaal a 11.15 11.45 fccu (20)

20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops20130321 Cybercrime threats on e-commerce online shops
20130321 Cybercrime threats on e-commerce online shops
 
20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?20121119 Cybercrime : a basis for cyberwar ?
20121119 Cybercrime : a basis for cyberwar ?
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™
 
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptxCyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
CyberSecurityPPdddsdsddssdsdssaT_V3_1.pptx
 
Cybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awarenessCybersecurity about Phishing and Secutity awareness
Cybersecurity about Phishing and Secutity awareness
 
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
CyberSecurityPPT_V3_1CyberSecurityPPT_V3_1
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Week nine- Securing info systems lecture
Week nine- Securing info systems lectureWeek nine- Securing info systems lecture
Week nine- Securing info systems lecture
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
cyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testingcyber crimes ppt computer vulnerability softeware testing
cyber crimes ppt computer vulnerability softeware testing
 
CYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester fourCYBER CRIME PRESENTATION for Law Students for Semester four
CYBER CRIME PRESENTATION for Law Students for Semester four
 
CYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examplesCYBER-CRIME PRESENTATION with real-time examples
CYBER-CRIME PRESENTATION with real-time examples
 
CYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.pptCYBER-CRIME PRESENTATION.ppt
CYBER-CRIME PRESENTATION.ppt
 
PCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio PanadaPCTY 2012, IBM Security and Strategy v. Fabio Panada
PCTY 2012, IBM Security and Strategy v. Fabio Panada
 

More from webwinkelvakdag

ISM eCompany: Sander Berlinski
ISM eCompany: Sander BerlinskiISM eCompany: Sander Berlinski
ISM eCompany: Sander Berlinski
webwinkelvakdag
 
Social Nomads - Lynn
Social Nomads - LynnSocial Nomads - Lynn
Social Nomads - Lynn
webwinkelvakdag
 
Thuiswinkel.org & Omoda: Alicja Van Ewijk
Thuiswinkel.org & Omoda: Alicja Van EwijkThuiswinkel.org & Omoda: Alicja Van Ewijk
Thuiswinkel.org & Omoda: Alicja Van Ewijk
webwinkelvakdag
 
Worldpay: Maria Prados
Worldpay: Maria PradosWorldpay: Maria Prados
Worldpay: Maria Prados
webwinkelvakdag
 
Van Moof: Simon Vreeman
Van Moof: Simon VreemanVan Moof: Simon Vreeman
Van Moof: Simon Vreeman
webwinkelvakdag
 
ANWB: Carolina van den Hoven & Margot van Leeuwen
ANWB: Carolina van den Hoven & Margot van LeeuwenANWB: Carolina van den Hoven & Margot van Leeuwen
ANWB: Carolina van den Hoven & Margot van Leeuwen
webwinkelvakdag
 
HEMA: Ilse Lankhorst, Bas Karsemeijer
HEMA: Ilse Lankhorst, Bas KarsemeijerHEMA: Ilse Lankhorst, Bas Karsemeijer
HEMA: Ilse Lankhorst, Bas Karsemeijer
webwinkelvakdag
 
ISM eCompany: Kees Beckeringh
ISM eCompany: Kees BeckeringhISM eCompany: Kees Beckeringh
ISM eCompany: Kees Beckeringh
webwinkelvakdag
 
ING: Dirk Mulder
ING: Dirk MulderING: Dirk Mulder
ING: Dirk Mulder
webwinkelvakdag
 
Martijn Kozijn: Jessica van Haaster & Martijn Leclaire
Martijn Kozijn: Jessica van Haaster & Martijn LeclaireMartijn Kozijn: Jessica van Haaster & Martijn Leclaire
Martijn Kozijn: Jessica van Haaster & Martijn Leclaire
webwinkelvakdag
 
ING: Dirk Mulder
ING: Dirk MulderING: Dirk Mulder
ING: Dirk Mulder
webwinkelvakdag
 
Cemex trescon: Marloe de Ruiter
Cemex trescon: Marloe de RuiterCemex trescon: Marloe de Ruiter
Cemex trescon: Marloe de Ruiter
webwinkelvakdag
 
LINDA.Foundation: Jocelyn Nassenstein-Brouwer
LINDA.Foundation: Jocelyn Nassenstein-BrouwerLINDA.Foundation: Jocelyn Nassenstein-Brouwer
LINDA.Foundation: Jocelyn Nassenstein-Brouwer
webwinkelvakdag
 
Maersk: Niek Minderhoud
Maersk: Niek MinderhoudMaersk: Niek Minderhoud
Maersk: Niek Minderhoud
webwinkelvakdag
 
Q&A: Brenda Hoekstra
Q&A: Brenda HoekstraQ&A: Brenda Hoekstra
Q&A: Brenda Hoekstra
webwinkelvakdag
 
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha SoorsAanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
webwinkelvakdag
 
ISM eCompany: Ralph van Woensel
ISM eCompany: Ralph van WoenselISM eCompany: Ralph van Woensel
ISM eCompany: Ralph van Woensel
webwinkelvakdag
 
Lecot: Raf Maesen
Lecot: Raf MaesenLecot: Raf Maesen
Lecot: Raf Maesen
webwinkelvakdag
 
Lobbes: Berry de Snoo
Lobbes: Berry de SnooLobbes: Berry de Snoo
Lobbes: Berry de Snoo
webwinkelvakdag
 
ISM eCompany: Sander Lems
ISM eCompany: Sander LemsISM eCompany: Sander Lems
ISM eCompany: Sander Lems
webwinkelvakdag
 

More from webwinkelvakdag (20)

ISM eCompany: Sander Berlinski
ISM eCompany: Sander BerlinskiISM eCompany: Sander Berlinski
ISM eCompany: Sander Berlinski
 
Social Nomads - Lynn
Social Nomads - LynnSocial Nomads - Lynn
Social Nomads - Lynn
 
Thuiswinkel.org & Omoda: Alicja Van Ewijk
Thuiswinkel.org & Omoda: Alicja Van EwijkThuiswinkel.org & Omoda: Alicja Van Ewijk
Thuiswinkel.org & Omoda: Alicja Van Ewijk
 
Worldpay: Maria Prados
Worldpay: Maria PradosWorldpay: Maria Prados
Worldpay: Maria Prados
 
Van Moof: Simon Vreeman
Van Moof: Simon VreemanVan Moof: Simon Vreeman
Van Moof: Simon Vreeman
 
ANWB: Carolina van den Hoven & Margot van Leeuwen
ANWB: Carolina van den Hoven & Margot van LeeuwenANWB: Carolina van den Hoven & Margot van Leeuwen
ANWB: Carolina van den Hoven & Margot van Leeuwen
 
HEMA: Ilse Lankhorst, Bas Karsemeijer
HEMA: Ilse Lankhorst, Bas KarsemeijerHEMA: Ilse Lankhorst, Bas Karsemeijer
HEMA: Ilse Lankhorst, Bas Karsemeijer
 
ISM eCompany: Kees Beckeringh
ISM eCompany: Kees BeckeringhISM eCompany: Kees Beckeringh
ISM eCompany: Kees Beckeringh
 
ING: Dirk Mulder
ING: Dirk MulderING: Dirk Mulder
ING: Dirk Mulder
 
Martijn Kozijn: Jessica van Haaster & Martijn Leclaire
Martijn Kozijn: Jessica van Haaster & Martijn LeclaireMartijn Kozijn: Jessica van Haaster & Martijn Leclaire
Martijn Kozijn: Jessica van Haaster & Martijn Leclaire
 
ING: Dirk Mulder
ING: Dirk MulderING: Dirk Mulder
ING: Dirk Mulder
 
Cemex trescon: Marloe de Ruiter
Cemex trescon: Marloe de RuiterCemex trescon: Marloe de Ruiter
Cemex trescon: Marloe de Ruiter
 
LINDA.Foundation: Jocelyn Nassenstein-Brouwer
LINDA.Foundation: Jocelyn Nassenstein-BrouwerLINDA.Foundation: Jocelyn Nassenstein-Brouwer
LINDA.Foundation: Jocelyn Nassenstein-Brouwer
 
Maersk: Niek Minderhoud
Maersk: Niek MinderhoudMaersk: Niek Minderhoud
Maersk: Niek Minderhoud
 
Q&A: Brenda Hoekstra
Q&A: Brenda HoekstraQ&A: Brenda Hoekstra
Q&A: Brenda Hoekstra
 
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha SoorsAanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
Aanhangwagendirect & PI Marketing: Merin Eggink & Mascha Soors
 
ISM eCompany: Ralph van Woensel
ISM eCompany: Ralph van WoenselISM eCompany: Ralph van Woensel
ISM eCompany: Ralph van Woensel
 
Lecot: Raf Maesen
Lecot: Raf MaesenLecot: Raf Maesen
Lecot: Raf Maesen
 
Lobbes: Berry de Snoo
Lobbes: Berry de SnooLobbes: Berry de Snoo
Lobbes: Berry de Snoo
 
ISM eCompany: Sander Lems
ISM eCompany: Sander LemsISM eCompany: Sander Lems
ISM eCompany: Sander Lems
 

Don zaal a 11.15 11.45 fccu

  • 1. How to survive in an era of hacktivists, cyber espionnage and internet fraudsters ? The need for an integrated approach to undermine the criminal cyber architecture Brussels, 21 March 2013 e-Shop Expo © 2013 Luc Beirens – Federal Computer Crime Unit - Belgian Federal Judicial Police – Direction economical and financial crime Presentation  @LucBeirens Chief Commissioner Head of the Federal Computer Crime Unit Belgian Federal Judicial Police Direction Economical and financial crime Chairman of the EU Cybercrime task force representing the organization of heads of national hightech crime units of the EU 1
  • 2. Topics - overview  An analysis of the eSociety situation  Who is threating eSociety and how ? Inside threat / outside threats  Possible damage to eGov and eSociety  Which response to give to this ? What is there to protect ?  Your company / public image  Your market share (even as public service)  Your business activity / products  Your existance as such Cybercrime threats © Belgian Federal Computer Crime Unit 2
  • 3. What is there to protect ?  Data (stored or in transmission)  Our personal data employees / citizens / customers  Info on the organisation (policy/functioning/financial)  Info on your activity, product (price list, patents, source code)  Our information infrastructure  Internal / external systems  Network connexions  Storage and backup systems  Privacy law requires measures organisational and technical to protect personal data Cybercrime threats © Belgian Federal Computer Crime Unit eShop  Be recognisable to your customers  Beware of imposters  Use of certificates / control over domain  Keep your customers safe  Data  Transactions  Get paid for your services / products  Don’t become unwillingly a criminal service platform Cybercrime threats © Belgian Federal Computer Crime Unit 3
  • 4. e-Architecture Externally managed infrastructure Certification Authority Externally hosted website VPN Internet DNS Internal network Firewall DMZ own Backup server webserver Cloud service center SCADA End user Roaming user Process control © Luc Beirens General trends today  Evolution towards e-society  replace persons by e-applications  Interconnecting all systems (admin, industrial, control)  Mobile systems – Cloud  Social networks  IP is common platform offered by many ISPs integrating telephony / data / VPN & all new apps =opportunities / Achilles tendon / scattered traces  Poor security in legacy applications and protocols (userid+pw)=> identity fraud is easy  Enduser is not yet educated to act properly 4
  • 5. What do criminals want ?  Become rich / powerfull rapidly, easily, very big ROI in an illegal way if needed  Destabilaze (e-)society by causing troubles First conclusions ?  Society is thus very heavily depending on ICT  ICT = important vulnerability of modern society  End user = weakest link => biggest danger  Need to  Guarantee continuity of ICT functioning  Availability and integrity of data  Data is more and more in the cloud  Accessible from all over the world  Outside jurisdiction of your country 5
  • 6. Who is threating us ?  Script kiddies  Insider ICT guy in your company  Loosely organized criminals  Firmly organized criminal groups  Terrorists / hacktivists  Foreign states / economical powers  Nation warfare troups What are the outside threats ? Cybercrime threats © Belgian Federal Computer Crime Unit 6
  • 7. Threats in messages on hackersites  Wiping away the websites in your state  Infiltration in servers of the Public Treasury disrupting tax collection  Infiltration in bank accounts  Attacks on media websites  Attacks on e-commerce websites  Distribution of personnel data and credit card information  Targetting also in the end of the year period Cybercrime threats © Belgian Federal Computer Crime Unit Focus  On individuals  On webservers  On your organization  On your partner’s organization  On your infrastructure  On cyber infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit 7
  • 8. Hacking webservers  Motives of criminal :  Perform defacement  Use as storage platform for illegal content (childporn)  Use as intermediate platform for criminal activity  Get sensitive information and do extortion (idiot tax)  Get financial information (credit cards)  To do :  Updates SW, strong admin access, no pers data on srvr  Follow up pastebin.com : a hackers drop off Cybercrime threats © Belgian Federal Computer Crime Unit Cybercrime threats © Belgian Federal Computer Crime Unit 8
  • 9. E-Shop risks  “Forgotten” test environments  Use of real data  No logging of  Applications with debugging procedures  Data bases with all user data on webserver instead of inside LAN  User profiles unencrypted / unsalted ?  Credit card information in profiles ?  Use of stolen credit (new payment systems) Cybercrime threats © Belgian Federal Computer Crime Unit 9
  • 10. Dossier Cybercrime - NVP PNS 2012-2015 Security : encrypted data !  Infection of workstations and servers in company LAN  Using targetted e-mails / social media messages  Malicious encryption of all user data files  Ransom to get decryption key  From those that paid : some got key some didn’t  Others had a recent off-line backup ! Cybercrime threats © Belgian Federal Computer Crime Unit 10
  • 11. Intrusions in your LAN  Intrusion in your system to intercept data that allows to take away products from your stock  WIFI interception from parking  Infection by trojan (e-mail)  (unreported) burglary in the company to place  hardware keyloggers  complete small computer system WIFI intercept 3G transmit  With valid ticket go fetch cargo  To Do :  Encrypt WIFI transmissions  Patch only active workstation connections Cybercrime threats © Belgian Federal Computer Crime Unit Intrusion in your trading account  Carbon dioxide certificates trade  Open data : contact persons of companies  Spear phishing mail + phishing website  Access to trading account  Millions of € sold in few hours all over EU  Sold far under price & immediately resold  To do : Awareness Cybercrime threats © Belgian Federal Computer Crime Unit 11
  • 12. Intrusion in your partner’s LAN  Intrusion in LAN of foreign partner (Chinese) and get information on your business and invoices to pay  You get mail with  Slightly different e-mail adresses  Change of bank account number to pay (Due to audit ...)  To do : verify thouroughly any changes before paying Cybercrime threats © Belgian Federal Computer Crime Unit Attacking infrastructure  Remote managed infrastructures in your buildings  Central heating  Elevator  Creating disruption of this infrastructure => leads to high cost  To do : verify if this applies to you and your infrastructure managing company Cybercrime threats © Belgian Federal Computer Crime Unit 12
  • 13. Hacking into cloud accounts  SME’s that have all their information in cloud accounts  Hacking into these account  Taking over access control  Sending of SOS-e-mails (Robbed money needed)  Deleting all contact information in the account => preventing warning e-mails after getting back access to account  To do :  enforce strong authentication and second ways to access the account  Have backups of these systems Cybercrime threats © Belgian Federal Computer Crime Unit Dossier Cybercrime - NVP PNS 2012-2015 13
  • 14. Cyber crime against cyber infrastructure  Payment systems  2010 Wikileaks case : “Anonymous” attack on VISA, Paypal, Mastercard,...  DNS – system create fraudulent routing or use for DDOS  Certification autorities (Diginotar)  Data centers (Blocs all servers in it) Dossier Cybercrime - NVP PNS 2012-2015 Dossier Cybercrime - NVP PNS 2012-2015 14
  • 15. Cybercrime focusing individuals  Individuals are  also working in companies / government  Use social networks / webmail  Often used to exchange business related info  Containing access code information  Hacking of these profiles / webmails  Abuse to infect people you know  Get personal information of you and your contacts  Commit fraud  Internet fraud of all kinds  Webcam sex interception to do extortion Luc Beirens - FCCU -2012 What are the criminals tech tools to hack and attack ?  Malware attacks (viruses, worms, trojans, ...) fast spreading day zero infections => no immediate cure => lot of victims (especially home PC’s – 24 / 365 available)  Abuse of infected computers to create botnets (large “armies” of PC’s under control of 1 master) => used to make massive attacks on webservers or network nodes => high risk for your critical ICT infrastructure Cybercrime threats © Belgian Federal Computer Crime Unit 15
  • 16. Webserver / node Computer Crash Hacker Internet Info Access line Cmd blocked My IP is x.y.z.z Command & Botnet attack on a webserver / node Control Server Webserver / node Hacker Knowledge server Internet trigger event MW update Very frequent MW update request Malware update server Command & Malware update / knowledge transfer Control Server 16
  • 17. Why ? Making money !  Sometimes still for fun (scriptkiddies)  Spam distribution via Zombie  Click generation on banner publicity  Dialer installation on zombie to make premium rate calls  Spyware installation  Espionage => banking details / passwords / keylogging  Ransom bot => encrypts files => money for password  Capacity for distributed denial of service attacks DDOS => disturb functioning of internet device (server/router) Cybercrime threats © Belgian Federal Computer Crime Unit How big is the problem ?  Already criminal cases in several countries  Botnets detected  Several hundreds of botnets worldwide  Several thousands of C&C worldwide  Thousands upto millions of zombie computers online  generated huge datatraffic upto 40 Gbps  Dismantling / crippling botnets 17
  • 18. e-Crime underground business  Underground fora and chatrooms  Restricted access – on invitation  Secured by encryption  Botnets for hire  Control over bot for spam : 0,04 $ / bot / day Small scale attack 20 Mbps : 50 – 100 $ / day  Large scale attack 10Gbps : 1000 $ / day  Malware development on demand Cybercrime threats © Belgian Federal Computer Crime Unit Important DDOS cases  UK 2004 : gambling website down (+ hoster + ISP)  NL 2005 : 2 botnets : millions of zombies  BE 2005 : DDOS on chatnetwork of Media firms  BE 2005 : DDOS on Firm (social conflict)  US 2006 : Blue security firm stops activity  SE 2006 : Website Gov and Police down due to DDOS after police raid on P2P  EE 2007 : Widespread DDOS attack on Estonia after incidents on moving soldier statue  Georgia 2008 : cyber war during military conflict  World 2010 : Wikileaks case : Visa Mastercard paypal  World 2012 : CIA FBI USDOJ EU Arcelor Mittal ... Cybercrime threats © Belgian Federal Computer Crime Unit 18
  • 19. Latest malware developments  Stuxnet : very complex and elaborated trojan  Several replication vectors :  Networks  USB keys  Connects to C&C botnet server  Focused on industrial control system  Searches for systems with this control system  Collects information on Siemens PLC systems  Changes process logic on infected machines  Duqu based upon Stuxnet : spying purposes Cybercrime threats © Belgian Federal Computer Crime Unit © Luc Beirens Biggest threat ? Criminal’s Knowledge database  SQL (standard query language) databases  Several backup servers  Content  Keylogging (everything also userids, passwords)  Screenshots (of all opened windows, websites,...)  URL  IP-addresses  Base for reverse R&D to counter new security Cybercrime threats © Belgian Federal Computer Crime Unit 19
  • 20. Cases ?  e-Banking fraud  Hacking of large institutions / firms  Long time unaware of hacking  Keylogging  Encrypted files on PC  Internal botnet  Intermediate step to other networks  Often no complaint Cybercrime threats © Belgian Federal Computer Crime Unit Large firm hacking using internal botnet Internet Hacker Company network © Luc Beirens 20
  • 21. And the victims ?  Who ?  Transactional websites  Communication networks  ISPs and all other clients  Reaction  Unaware of incidents going on  ISPs try to solve it themselves  Nearly no complaints made – even if asked ...  Result ? The hackers go on developing botnets Combined threat  What if abused by terrorists ? ... simultaniously with a real world attack?  How will you handle the crisis ? Your telephone system is not working ! Cybercrime threats © Belgian Federal Computer Crime Unit 21
  • 22. Risks  Economical disaster  Large scale : critical infrastructure  Small scale : enterprise  Individual data  Loss of trust in e-society Cybercrime threats © Belgian Federal Computer Crime Unit Who investigates ICT crime ?  Prosecutors / Examining Judges  Specialised police forces (nat’l & Internat’l)  Legal expert witnesses  Specialised forensic units of consulting firms  Associations defending commercial interests  Security firms => vulnerabilities  Activist groups => publish info on « truth » © Luc Beirens 22
  • 23. E-Police organisation and tasks Integrated police Federal 1 Federal Computer Crime Unit Police 24 / 7 (inter)national contact National Policy Operations : Intelligence Level Internet & ePayment fraude Training Forensic ICT analysis Cybercrime 33 persons Equipment ICT Crime combating www.ecops.be hotline FCCU Network Internat internet ID requests Federal Police 25 Regionale Computer Crime Units (1 – 2 Arrondissementen) Regional level Assistance for housesearches, Investigations of ICT crime case 180 persons forensic analysis of ICT, taking (assisted by FCCU) statements, internet investigations Local Level First line police Federal Police “Freezing” the situation until the arrival of CCU or FCCU Local Police Selecting and safeguarding of digital evidence © 2013 - Luc Beirens - FCCU - Belgian Federal Police Our services  Help to take a complaint  Descend on the scene of crime  Make drawing of architecture of hacked system  Image backup of hacked system (if possible)  Internet investigations (Identification, location)  House searches  Taking statements of concerned parties  Forensic analysis of seized machines  Compile conclusive police report © Luc Beirens 23
  • 24. Investigative problems - tracking  Victims : Unfamiliar and fear for “Corporate image” => belated complaints – trashed / no more traces  Rather “unknown” world for police & justice => Delay before involvement specialised units Limited ICT investigation capacity (technical & police skills)  Multiplication and integration of services / providers / protocols / devices  Lack of harmonised international legislation & instruments  Anonymous / hacked connections – subscriptions - WIFI  Intermediate systems often cut track to purpetrator © Luc Beirens Investigative problems – evidence gathering  Delocalisation of evidence : the cloud ?  Exponential growth of storage capacity => time consuming :  backups & verification processes  Analysis  New legislation / jurisprudence imposes more rigorous procedures for evidence gathering in cyber space  Bad ICT-security : give proof of the source and the integrity of evidence © Luc Beirens 24
  • 25. Brussels, we have a problem ...  Complainer  Politie  OK  Hello, can you help ?  A few questions to start  We are a Belgian hosting firm our file …  Who, where, what, when  We have a problem …  Our webservers are hacked  & several websites of our Belgian customers have been defaced © Luc Beirens Who is where ? © Luc Beirens 25
  • 26. Who / where / what  In the USA  In Belgium  Hacked webserver Defaced website  Hosting firm :  nothing in Belgium  In the Netherlands  Hacked server  Customer : nothing in Belgium  In the UK  Hacker ?  Hacked firm :  In the Luxemburg nothing in Belgium  Hacker ? © Luc Beirens Conclusions ...  Competence Belgian Justice authorities ? Discussion  viewpoint Public Prosecutor General : not competent  viewpoint lawyer victim : competent  viewpoint suspect’s defence : ????  If choice was made for storage in foreign country  Why ? Cost ? Evade regulations & obligations ?  No (?) protection of Belgian Law  No (?) intervention of Law Enforcement in Belgium  Protection by law & LE in country where server is © Luc Beirens 26
  • 27. Preventive Recommendations  Draw up a general ICT usage directive (normal usage)  Awareness program for management & users ICT security policy is part of the global security policy  Appoint an ICT security responsible => control on application of ICT usage & security policy  Keep critical systems separate from the Internet if possible !  Use software from a trusted source  Install recent Anti-virus and Firewall programms (laptops)  Synchronize the system clocks regularly  Activate and monitor log files on firewall, proxy, access  Make & test backups & keep them safe (generations) ! © Luc Beirens Recommendations for victims of ICT crime  Disconnect from the outside world  Take note of last internet activities & exact date and time  Evaluate : damage more important than restart ?  Restart most important: make full backup before restore  Damage more important : don’t touch anything  Safeguard all messages, log files in original state  Inform ASAP the Federal Judicial Police and ask for assistance of the Federal or Regional CCU  Force change all passwords  Reestablish the connection only if ALL failures patched © Luc Beirens 27
  • 28. Where to make a complaint ?  Within a police force …  Local Police service => not specialised => not the right place for ICT-crime (hacking/sabotage/espionage) => place to make complaints on Internet fraud  Federal judicial police (FGP) => better but … Regional CCU => The right place to be for ICT crime  Federal Computer Crime Unit => 24/7 contact Risks on vital or crucial ICT systems => call urgently  Illegal content (childporn, …) => www.ecops.be  … or immediately report to a magistrate ?  Local prosecutor (Procureur) => will send it to police => can decide not to prosecute  Examining Judge => complaint with deposit of a bail => obligation to investigate the case © Luc Beirens For the sys admin  Several layers of protection  Internal firewalls  Encrypted communications  Encrypted data bases  Check active sys admin profiles on svrs  Log and follow up FW, IDS : IP + port + time  Certificates should be signed by 2 CA Cybercrime threats © Belgian Federal Computer Crime Unit 28
  • 29. Contact information Federal Judicial Police Direction for Economical and Financial crime Federal Computer Crime Unit Notelaarstraat 211 - 1000 Brussels – Belgium Tel office : +32 2 743 74 74 Fax : +32 2 743 74 19 E-mail : luc.beirens@fccu.be Twitter : @LucBeirens Cybercrime threats © Belgian Federal Computer Crime Unit 29