This document provides a summary of a presentation by Raoul Chiesa on cybercrime trends from the past to present. It discusses how hacking has evolved from curiosity-driven activities by bored teens to profit-motivated crimes by adults. Reasons for the rise of cybercrime include the increasing number of internet users and victims, economic incentives, availability of hacking tools, recruitment of inexperienced people, and lack of consequences. The presentation also notes how media portrayal has changed perceptions of who hackers are.
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
This covers the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.
Social Engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
My presentation that was given at North Texas ISSA Second Annual Cyber Security Conference on 4/25/2015. This presentation covers the basics of Social Engineering and provides a good base of knowledge for anyone looking to understand more about this skill, along with where to learn more.
Social engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
This covers the basics of Social Engineering, different attack vectors that have worked with real world examples from friends currently conducting such tests, provide different sources to gather information on this topic, and present ways to prevent such attacks from happening in the future.
Social Engineering 101 or The Art of How You Got Owned by That Random StrangerSteven Hatfield
My presentation that was given at North Texas ISSA Second Annual Cyber Security Conference on 4/25/2015. This presentation covers the basics of Social Engineering and provides a good base of knowledge for anyone looking to understand more about this skill, along with where to learn more.
Our digital society has undergone profound transformations in the way we work, learn, live and participate. Having transformed our world into a great co-creation Wiki challenges many assumptions and models that need to be revisited. Based on several examples in the area of security drawn from the industry and our research, we argue there is an emerging notion of Digital Responsibility paving the way to further significant societal changes. A new world order or incremental changes ? One thing is sure, ICT has and will continue to challenge our historical assumptions requiring major mindset changes and more transparency.
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
Talk from IoT World in Santa Clara, May 12, 2016. How to make IoT objects interoperable and adapble by adding JavaScript. Introduces XS6 open source JavaScript engine optimized for embedded development. Hat tip to Hallelujah the Hills for the epigrams.
This is still a good idea, but there are some similar projects out now. Think this is 2002 or so. Very simple concept, make some basic alarms that can trigger a pre-stored alert via the cellphone network. Example, someone trips up a door in your remote cabin, device calls in with a code, that triggers a pre-written text or recorded voicemail by you and gets sent 'someone has opened your cabin's door'. You can decide to call police after that. I did a ton of research on this, as you can see in the deck. Dropped it as the dollars required would have been massive to get it off the ground.
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
Nonprofits - This security-focused educational webinar will be presented by Erich Kron, a Security Awareness Advocate at KnowBe4!
Abstract:
Social Engineering is a practice we use almost every day of our lives. It is apparent in how we interact with our families, our friends, strangers and even those coworkers we don't really like. It's really just the practice of dealing with other humans.
By studying these interactions, attackers can become very adept at using these skills to manipulate people into actions that benefit them. Phishing, smishing, vishing are all tools of the trade that attackers use. The psychology used in these attacks to bypass critical thinking is becoming more and more advanced. By leveraging techniques like focus redirection and exploiting the way our brain filters can be tricked in to perceiving a different reality, attackers are outpacing our best efforts to defend ourselves. We do know that throwing money at a problem doesn’t make it go away. Social engineering methods and the cyber criminals behind the attacks are furiously innovating.
Fear, anxiety and outrage are all being used to spread ransomware and other types of malware, scam people and organizations out of money and disrupt business. It’s no wonder that social engineering and phishing are the most common way that successful breaches get started.
This session will look at the things social engineers use to trick users into performing the kinds of actions that lead to security breaches and ways to identify and counteract these attacks. It will also discuss recent real-world attacks and the social engineering tricks that made them effective.
Topics include:
- The Perception vs. Reality Dilemma
- Focus redirection
- Psychology behind the attacks
- Identifying and developing defensive practices
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
Cyber is one of our areas that we also promote in Must HighTech Expo. We invite you to participate in our virtual exhibitions, on different high tech thematic and especially on cybersecurity.
Cybersecurity Strategies - time for the next generationHinne Hettema
In this talk, presented in June 2016 at KAIST, I argue that it is time for the next generation of cybersecurity strategies. These must have a governance focus, and be based on international laws, declarations and agreements, basic internet rights and public good provisions.
Our digital society has undergone profound transformations in the way we work, learn, live and participate. Having transformed our world into a great co-creation Wiki challenges many assumptions and models that need to be revisited. Based on several examples in the area of security drawn from the industry and our research, we argue there is an emerging notion of Digital Responsibility paving the way to further significant societal changes. A new world order or incremental changes ? One thing is sure, ICT has and will continue to challenge our historical assumptions requiring major mindset changes and more transparency.
Search & Rescue and Missing Persons’ investigations often come to a standstill due to lack of information. How can technology change that? Robert Sell will explore the answer. We will hear how crowdsourced OSINT can be successfully used by emergency services and law enforcement, providing lifesaving information to fill the gaps and bring loved ones back to their families.
Robert Sell, OSINT expert and Founder, Trace Labs
Talk from IoT World in Santa Clara, May 12, 2016. How to make IoT objects interoperable and adapble by adding JavaScript. Introduces XS6 open source JavaScript engine optimized for embedded development. Hat tip to Hallelujah the Hills for the epigrams.
This is still a good idea, but there are some similar projects out now. Think this is 2002 or so. Very simple concept, make some basic alarms that can trigger a pre-stored alert via the cellphone network. Example, someone trips up a door in your remote cabin, device calls in with a code, that triggers a pre-written text or recorded voicemail by you and gets sent 'someone has opened your cabin's door'. You can decide to call police after that. I did a ton of research on this, as you can see in the deck. Dropped it as the dollars required would have been massive to get it off the ground.
Social Engineering 101: Don't Get Manipulated by AttackersNetSquared
Nonprofits - This security-focused educational webinar will be presented by Erich Kron, a Security Awareness Advocate at KnowBe4!
Abstract:
Social Engineering is a practice we use almost every day of our lives. It is apparent in how we interact with our families, our friends, strangers and even those coworkers we don't really like. It's really just the practice of dealing with other humans.
By studying these interactions, attackers can become very adept at using these skills to manipulate people into actions that benefit them. Phishing, smishing, vishing are all tools of the trade that attackers use. The psychology used in these attacks to bypass critical thinking is becoming more and more advanced. By leveraging techniques like focus redirection and exploiting the way our brain filters can be tricked in to perceiving a different reality, attackers are outpacing our best efforts to defend ourselves. We do know that throwing money at a problem doesn’t make it go away. Social engineering methods and the cyber criminals behind the attacks are furiously innovating.
Fear, anxiety and outrage are all being used to spread ransomware and other types of malware, scam people and organizations out of money and disrupt business. It’s no wonder that social engineering and phishing are the most common way that successful breaches get started.
This session will look at the things social engineers use to trick users into performing the kinds of actions that lead to security breaches and ways to identify and counteract these attacks. It will also discuss recent real-world attacks and the social engineering tricks that made them effective.
Topics include:
- The Perception vs. Reality Dilemma
- Focus redirection
- Psychology behind the attacks
- Identifying and developing defensive practices
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...Cyber Security Alliance
This presentation will analyze the Information Warfare scenarios, technical and legal backgrounds, highlighting as well the importance of the terminologies and bringing to the audience real-life examples and known incidents. The last part of the talk will focus on two theorical case studies and on one, very special, theorical case study.
Cyber is one of our areas that we also promote in Must HighTech Expo. We invite you to participate in our virtual exhibitions, on different high tech thematic and especially on cybersecurity.
Cybersecurity Strategies - time for the next generationHinne Hettema
In this talk, presented in June 2016 at KAIST, I argue that it is time for the next generation of cybersecurity strategies. These must have a governance focus, and be based on international laws, declarations and agreements, basic internet rights and public good provisions.
The presentation of a public hearing of the European Parliament in Brussels, Belgium in 2018. Expert witness Lars Hilse was heard on the risks of cyber terrorism against critical infrastructure and public places.
Internet and computers have changed working, communication, meeting and business requirements and conditions all over globe. Due to this high profile technology, everyone can share any activity that was unexpected and unimaginable few decades back. It was the imagination of people that they will live their lives in this manner and do their business quickly and imagination and dream has come true with the introduction of internet only. Modern society is now associated with internet and related technologies, over a quarter of the world's population is wired into the net and this number is growing every day
Ethical hacking refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious hackers. Ethical hacking is also known as penetration testing, intrusion testing, or red teaming.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Underground Economy
1. Public Release for
HES 2011 delegates
From the good, old hacking days to
good
nowadays cybercrime:
what happened??
A presentation by Raoul Chiesa
Senior Advisor, on Cybercrime
United Nations - Interregional Crime and Justice Research Institute (UNICRI)
HES 2011 – Hackito Ergo Sum
Key Note Talk Day
K N t T lk - D 3
Paris, April 9th 2011
2. Disclaimer
● The information contained in this presentation does not break any
intellectual property, nor does it provide detailed information that
may be in conflict with recent controversial French laws.
● Registered brands belong to their legitimate owners.
● The opinion here represented are my personal ones and do not
necessary reflect the United Nations nor UNICRI or ENISA and
ENISA’s
ENISA’ PSG views.
i
3. Agenda
# whois
Introduction and Key Concepts
Yesterday’s h ki
Y t d ’ hacking VS today’s crime
t d ’ i
Hacking eras and Hacker’s generations
Cybercrime
Hackers…
Profiling the enemy: the Hackers Profiling Project (HPP)
Hacking, today: Underground Economy
What’s next? The Dark Links
Cybercrime: the responses
Conclusions
6. Raoul “Nobody” Chiesa
• Old-school Hacker from 1986 to 1995
• Infosec Professional since 1997 @ Mediaservice.net
• OSSTMM Key Contributor; HPP Project Manager; ISECOM
y ; j g ;
International Trainer
• Co-founder of CLUSIT, Italian Computer Security Association
(CLUSI* : Belgium, France, Luxembourg, Switzerland)
• Member of TSTF.net – Telecom Security Task Force, APWG,
ICANN, etc
• I work worldwide (so I don’t get bored ;)
• My areas of interest: Pentesting, SCADA/DCS/PLC National
Pentesting SCADA/DCS/PLC,
Critical Infrastructures, Security R&D+Exploiting weird stuff, ,
Security People, X.25, PSTN/ISDN, Hackers Profiling,
Cybercrime, Information Warfare, Security methodologies,
vertical Trainings.
• Basically, I do not work in this field just to get my salary
every month and pay the home/car/whatever loan: I really
love it ☺
7. UNICRI
What is UNICRI?
United Nations Interregional Crime & Justice Research Institute
A United Nations entity established in 1968 to support countries
worldwide in crime prevention and criminal justice
UNICRI carries out applied research, training, technical
cooperation and documentation / information activities
UNICRI disseminates information and maintains contacts with
professionals and experts worldwide
Emerging Crimes Unit (ECU): cyber crimes, counterfeiting,
environmental crimes, trafficking in stolen works of art…
Fake Bvlgari &Rolex, but also Guess how they update each others?
Water systems with “sensors”…
Viagra & Cialis (aka SPAM) Email, chat&IM, Skype…
13. UNICRI & Cybercrime
Overview on UNICRI projects
against cybercrime
Hackers Profiling Project (HPP)
SCADA & NCI s security
NCI’s
Digital Forensics and digital investigation
SCADA Security
techniques
Cybersecurity Trainings at the UN Campus
15. Strategic relationships and Information-sharing
Networks, in order to fight cybercrime
g y
Along the years we have been able to build a network of special relationships and direct
contacts with the following organizations, working towards specific areas of interest and
shared research topics:
(this li t i
(thi list is may not complete due to NDAs)
t l t d t NDA )
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
17. Crime->Yesterday
“Every new technology, opens the door to new criminal approaches”.
• The relationship between technologies and criminality has always been –
since the very beginning – characterized by a kind of “competition” between
the good and the bad guys, just like cats and mice.
• As an example, at the beginning of 1900, when cars appeared, the “bad
guys” started stealing them (!)
• ….the police, in order to contrast the phenomenon, defined the mandatory
use of car plates…
• ….and the thieves began stealing the car plates from the cars (and/or
falsifying them).
18. Crime->Today:Cybercrime
• Cars have been substituted by information
You got the information, you got the power..
(at least, in politics, in the business world, in our personal relationships…)
• Simply p , this happens because the “information” can be transformed at once
p y put, pp
into “something else”:
Competitive advantage (reputation)
Sensible/critical information (blackmailing)
( g)
Money
• … that’s why all of us we want to “be secure”.
be secure
• It’s not by chance that it’s named “IS”: Information Security ☺
20. Things changed…
First generation (70’s) was inspired by the need for
knowledge
Second generation (1980-1984) was driven by curiosity plus
the knowledge starving: the only way to learn OSs was to hack
them; later (1985-1990) hacking becomes a trend.
The Third one (90’s) was simply pushed by the anger for
hacking, meaning a mix of addiction, curiosity, learning new
stuff, hacking IT systems and networks, exchanging info
with the underground community Here we saw new concepts
community.
coming, such as hacker’s e-zines (Phrack, 2600 Magazine)
along with BBS
Fourth generation (2000-today) is driven by angerness and
(2000 today)
money: often we can see subjects with a very low know-how,
thinking that it’s “cool & bragging” being hackers, while they are
not interested in hacking & phreaking history, culture and
ethics. Here hacking meets with politics (cyber-hacktivism) or €,
€ $
with the criminal world (cybercrime).
21. Cybercrime: why?
• QUESTION:
– May we state that cybercrime – along with its many, many aspects and
views – can be ranked as #1 in rising trend and global diffusion ?
• ANSWER(S):
• Given that all of you are attendees and speakers here today, I would say
that
th t we already are on the right track i order t analyze the problem ☺
l d th i ht t k in d to l th bl
• Nevertheless, some factors exist for which the spreading of
“e-crime-based” attacks relays.
• Let’s take a look at them.
22. Reasons/1
• 1. There are new users, more and more
every day: this means the total amount of
y y Thanks to broadband...
broadband
potential victims and/or attack vectors is
increasing.
• 2. Making money, “somehow and straight WW Economical
away”.
y crisis…
• 3. Technical know-how public availability & 0-days, Internet
distribution system /
ready-to-go, even when talking about
Black Markets
average-high skills: that’s what I name
“hacking p et à po te
ac g pret-à-porter”
24. Reasons/2
• 4. It s
4 It’s extremely easy to recruit “idiots” and set up groups molding those adepts
idiots groups,
upon the bad guy’s needs (think about e-mules) Newbies, Script Kiddies
• 5. “They will never bust me” Psycology, Criminology
• 6.
6 Lack of violent actions Psycology and Sociology
25. What the heck is changed then??
What’s really changed is the attacker’s
typology
From “bored teens”, doing it for “hobby
and curiosity” (obviously: during night,
pizza hut s
pizza-hut’s box on the floor and cans of
Red Bull)….
...to teenagers and adults not
g
mandatory “ICT” or “hackers”: they just
do it for the money.
What’s changed is the attacker’s
profile, along with its justifications,
motivations and reasons.
Let’s have a quick test!
25
28. There’s a difference: why?
• Why were the guys in the first slide hackers,
and the others professionals ?
• Because of the PCs ?
• Because of their “look” ?
• Due to the environments surrounding them ?
• Because of the “expression on their faces” ?
29. Surprise!
Everything has changed
• Erroneus media information pushed
“normal people” minds to run this
p p
approach
• Today, sometimes the professionals are
the real criminals, and hackers “the
good guys … (Telecom Italia Scandal,
guys”…
Vodafone Greece Affair, etc…)
30. Some more examples…
Sells pens and Sys Admin
toner on e-bay erasing log files
that he steals at after
work. downloading
movies all night.
Forwards
emails from
boss to her
reporter friend
ever since she
didn t
didn't get that
bonus.
Laughing with
a friend over
corporate
photos she Changing the
found on your timestamps on
unprotected tax records to
wi-fi network.
wi fi network prepare for an
audit.
30
31. Understanding Hackers
• It’ extremely important th t we understand the so-called
It’s t l i t t that d t d th ll d
“hacker’s behaviours”
– Don’t limit yourself to analyse attacks and intrusion techniques: let’s analyze
Don t let s
their social behaviours
• Try to identify those not-written rules of hacker’s subculture
• Explore hacker’s social organization
• Let’s zoom on those existing links between hacking and
organized crime
33. The Hackers Profiling Project (HPP)
Hackers
The term hacker has been heavily misused since the 80’s;
since the 90’ the mainstream h
i h 90’s, h i have used i to j if every
d it justify
kind of “IT crime”, from lame attacks to massive DDoS
Lamers, script-kiddies, industrial spies, hobby
hackers….for the mass, they are all the same
From a business point of view, companies don’t clearly
know who they should be afraid of To them they’re all
of. they re
just “hackers”
34. The Hackers Profiling Project (HPP)
Hackers: a blurred image
Yesterday: hacking was an emerging
y g g g
phenomenon – unknown to people &
ignored by researchers
Today: research carried out in “mono”: →
mono :
one type of hacker: ugly (thin, myopic),
bad (malicious, destructive, criminal
purposes) and “dirty” (asocial, without
ethics,
ethics anarchic)
Tomorrow (HPP is the future): inter-
disciplinary studies that merge
criminology and information security →
different typologies of hackers
35. The Hackers Profiling Project (HPP)
HPP purposes
Analyse the hacking phenomenon in its several
aspects (technological, social, economic)
through technical and criminological approaches
Understand the different motivations and
identify the actors involved
Observe those true criminal actions “in the
field”
Apply the profiling methodology to collected
data (4W: who, where, when, why)
Acquire and disseminate knowledge
36. The Hackers Profiling Project (HPP)
Project phases – starting: September 2004
j p g p
1 – Theoretical collection: 5 – Gap analysis:
p y
of data from: questionnaire, honey-
Questionnaire
net, existing literature
2 – Observation: 6 – HPP “live” assessment
live
Participation in IT underground security of profiles and correlation of modus
events operandi through data from phase 4
3 - Filing: 7 – Final profiling:
Database for elaboration/classification Redefinition/fine-tuning of hackers
of data (phase 1) profiles used as “de-facto” standard
4 - Live collection: 8 – Diffusion of the model:
Highly customised, new generation elaboration of results, publication of
Honey-net systems the methodology, raising awareness
37. The Hackers Profiling Project (HPP)
Project phases - detail
PHASE CARRIED OUT DURATION NOTES
1 – Theoretical Distribution on
YES ON-GOING 16 months
collection more levels
From different
2 – Observation YES ON-GOING
ON GOING 24 months
points of view
The hardest
3 – Filing ON-GOING 21 months
phase
The funniest
4 – “Live” collection TO BE COMMENCED 21 months
phase ☺
5 – Gap & YET TO COME 18 months The Next Thing
g
Correlation Analysis
6 – “Live” The biggest part
PENDING 16 months
Assessment of the Project
7 – Final Profiling PENDING 12 months “Satisfaction”
Satisfaction
8 – Diffusion of the Methodology’s
PENDING GNU/FDL ;)
model public release
39. The Hackers Profiling Project (HPP)
Evaluation and correlation standards
Modus Operandi (MO) Hacking career
Lone hacker or as a
member of a group Principles of the hacker's ethics
p
Motivations Crashed or damaged systems
Perception of the illegality of
Selected targets
their own activity
Relationship between Effect of laws convictions and
laws,
motivations and targets technical difficulties as a deterrent
40. The Hackers Profiling Project (HPP)
Detailed analysis and correlation of
profiles – table #1
42. The Hackers Profiling Project (HPP)
Detailed analysis and correlation of profiles – table #2
OFFENDER ID LONE / GROUP HACKER TARGET MOTIVATIONS /
PURPOSES
Wanna Be Lamer 9-16 years GROUP End-User For fashion, It’s “cool” => to
“I would like to be a boast and brag
hacker, but I can’t”
Script Kiddie 10-18 years GROUP: but they act alone SME / Specific security To give vent of their anger /
The script boy flaws attract mass-media
attention
Cracker 17-30 years LONE Business company To demonstrate their powe
The destructor, burned / attract mass-media
ground attention
Ethical Hacker 15-50
15 50 years LONE / Vendor / Technology For curiosity (to learn) and
The “ethical” hacker’s GROUP (only for fun) altruistic purposes
world
Quiet, Paranoid, Skilled 16-40 years LONE On necessity For curiosity (to learn) =>
Hacker The very specialized and egoistic purposes
paranoid attacker
Cyber-Warrior 18-50 years LONE “Symbol” business For profit
The soldier, hacking for company / End-User
money
Industrial Spy 22-45 years LONE Business company / For profit
Industrial espionage Corporation
Government Agent 25-45 years LONE / GROUP Government / Suspected Espionage/
CIA, Mossad, FBI, etc. Terrorist/ Counter-espionage
Strategic company/ Vulnerability test
Individual Activity-monitoring
Military Hacker 25-45 years LONE / GROUP Government / Strategic Monitoring /
company controlling /
crashing systems
44. Hacking, today
Numbers
285 million records compromised in 2008 (source: Verizon 2009 Data Breach
Investigations Report)
2 Billion of US dollars: that’s RBN’s 2008 turnover
+80 MLN of US$: IMU’s 2010 Turn Over
IMU s
3 Billion of Euros: worldwide Cybercrime turnover in 2010 (?)
+148% increasing in ATM frauds: more than 500 000 000 € business each
500.000.000
year, just in Europe (source: ENISA “ATM Crime Report 2009”)
.......bla bla bla
Uh ?!? RBN ? WTH??
45. RBN
Russian Business Network
It’s not that easy to explain what it is...
First of all, cybercrime IRL means:
Phishing & co
Malware (rogue AVs, driven-by attacks, fake mobile games, + standard
stuff)
Frauds & Scams
DDoS Attacks
DD S Att k
Digital Paedophilia (minors rather than <10 children pornography )
Generic Porn (who would bother for 10 bucks lost??)
On-line games (those fake web sites)
51. UE
Underground Economy is the concept thanks to which we will not experience
anymore – in the next future – “bank robbings”
Nowadays the ways in order to fraud and steal money are SO MANY. And, the
world is just full of unexperienced, not-educated users.
What is needed is to “clean” the money: money laundering. They need the
y y g y
mules.
52. UE: the approach
1.
1 Basics: Malware and Botnets
Create the malware, build the botnet
2. Identity theft
Stealing personal and financial credentials (e-banking)
3. Running the e-crime
g
i.e.: e-Banking attacks and e-commerce frauds (Ebay docet)
4. Money laundering
Setup money laundering’s networks
55. Surprise....
This was happening last time one year ago
ago.
Now there’s IMU (Innovative Marketing Ukraine) and other “spare” organized
crime gangs.
So, they’ve changed their business model (!)
56.
57.
58.
59. Who’s beyond ?
Next slides will contain images from real
Law Enforcement operations, as well as
undercover operations.
Please, stop video recording, no pictures
and….DO
and DO NOT DO THIS AT HOME ! ;)
Thanks.
Thanks
60. Carding 101
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
61. Who lays behind
this ?
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
62. Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
68. Early
Arrests
Markus Kellerer aka
Matrix001 Renu Subramaniam aka
JiLsi
& Five Others, May 2007-Oct.
2007 July 2007
y
Germany United Kingdom
Co-Founder Founder
69. Max Butler, aka Iceman
September 2007
San Francisco/Richmond
Founder of CardersMarket
$86 Million in actual Fraud Loss
70.
71.
72. Who’s beyond?
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
73. Who’s beyond?
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
74. Chi c’è dietro ?
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
80. Some more bad guys…
g y
NOTE: the following slides will NOT be published
NOTE: PLEASE DO NOT SHOOT ANY PICTURES
81. Global Trail of an Online Crime Ring
“Agents connected the ICQ user name to
Agents connected the ICQ user name to
an e‐mail address at a Russian‐based
Internet provider…
Internet provider ”
“Open sources can provide up to 90% of the information
needed to meet most U.S. intelligence needs” -- Deputy
Director of National Intelligence, Thomas Fingar
g , g
Image: NY Times
81
82. Cybercriminals
We must investigate the Disease, not just the Symptoms
Malware is extensively reverse engineered --
Slide or text not supplied with the Public Release of this
talk: you should have attended HES 2011 to see this!
Yet the organizations that release it are often ignored
ignored…
82
83. This is the end,my friends
Final toughts
The hacking world has not always been linked to those true criminal actions.
Those researches carried out until now, have not properly snapshot the
hacking world and its “tunings”.
tunings
At the same time, nowaday’s hacking is moving (transforming?) towards crime.
And, different elements began working together (see next slides).
Cybercrime and Underground Economy problem is not “a tech-people issue”:
rather, it is an issue for ALL of us, representing an impact on the countries’
ecosystem that could reveal itself as devastating.
Also, forget fighting cybercrime on your own: you just can’t.
That s
That’s why my last slides are on cybercrime’s answers and VTFs (Virtual Task
cybercrime s
Forces).
86. Human Organs trafficking
September 2010, Asti (North-West of Italy)
Police was eavesdropping on phone calls from and to the “Capo dei Capi” of a
Nigerian gang, specialized in cloned credit cards and elite cars theft.
In one of this calls, a guy said to the Boss: “the Kidneys are ready”.
So,
So what we have here? Organized Crime “buying” Human Organs from Nigeria –
buying
using the money gathered from cybercrime – then selling into EU (!).
87. Coke for cards?
March/May 2010, Turin (North-West of Italy)
Turin has got the biggest Romania s community of Italy
Romania’s Italy.
We also have a very big Nigeria’s community.
Historically, Romenian gangs drive the business of ATM skimmers…
y, g g
…and Nigerian the Cocaine business.
After a joined FBI/US Secret Service/Interpol/Italian Postal Police operation, the
j p p
Romanians decided to “sell” the business to Nigerians.
Cloned cards were paid with Cocaine.
This happens because the Romenians also run the prostitutes business…
…and, prostitute’s customers want coke as well.
Compared to these guys, S
C d h Scarface was nearly a kid
f l
88. Cybercrime: the answers
• Cybercrime is typically a transnational crime, borderless, that includes so
many actors and different roles.
• That’s why you just can’t think about a single answer.
• Instead, it is necessary to think and act in a distributed approach, creating
Virtual Task Forces (VTFs).
• It is essential the collaboration among Law Enforcement, Internet
community, Finance sector, ISPs and carriers (voice & data), vertical groups, in
order to identify a specific group, malware or facilitator.
• From the investigative point of view, challenges are the following:
Analyze the malware
Map the infrastructure
p
Eavesdrop/Intercept/Sniff the communication and/or the links
Explore the executed attacks
Identify the developers and its crime-rings
crime-rings.
89. Vertical Groups & VTFs
• That’s why, along these years, Vertical Groups have been raised,
among which we can list the following:
Team Cymru
APWG –Anti Phishing Working Group
IEEE-SA
Shadow Server Foundation
UNICRI – Emerging Crimes Unit
Host Exploit
Cyberdefcon
………..
• …working along with :
INTERPOL
EUROPOL
“Hi-Tech Crimes” groups into each National LEAs
92. Must-read books / 1
During the different phases of bibliography research, the Authors have made reference (also) to the following publications and on-line
resources:
● H.P.P. Questionnaires 2005-2011
Kingpin: How One Hacker Took over The Billion Dollar Cyber Crime Underground, Kevin Poulsen, Crown Publishers, 2011
●
● Fatal System Error: the Hunt for the new Crime Lords who are bringing down the Internet, Joseph Menn, Public Affairs, 2010
y g g , p , ,
● Stealing the Network: How to 0wn a Continent, (an Identity), (a Shadow) (V.A.), Syngress Publishing, 2004, 2006, 2007
● Stealing the Network: How to 0wn the Box, (V.A.), Syngress Publishing, 2003
●Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, Suelette Dreyfus, Random House
g g, , y ,
Australia, 1997
● The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Clifford Stoll, DoubleDay (1989), Pocket (2000)
● Masters of Deception: the Gang that Ruled Cyberspace, Michelle Stalalla & Joshua Quinttner, Harpercollins, 1995
● Kevin Poulsen, Serial Hacker, Jonathan Littman, Little & Brown, 1997
● Takedown, John Markoff and Tsutomu Shimomura, Sperling & Kupfler, (Hyperion Books), 1996
● The Fugitive Game: online with Kevin Mitnick, Jonathan Littman, Little & Brown, 1997
● The Art of Deception, Kevin D. Mitnick & William L. Simon, Wiley, 2002
● The Art of Intrusion, Kevin D. Mitnick & William L. Simon, Wiley, 2004
● @ Large: the Strange Case of the World’s Biggest Internet Invasion, Charles Mann & David Freedman, Touchstone, 1998
93. Must-read books / 2
The Estonia attack: Battling Botnets and online Mobs, Gadi Evron, 2008 (white paper)
●
Who is “n3td3v”?, by Hacker Factor Solutions, 2006 (white paper)
● y ( p p )
Mafiaboy: How I cracked the Internet and Why it’s still broken, Michael Calce with Craig Silverman, 2008
●
The Hacker Diaries: Confessions of Teenage Hackers, Dan Verton, McGraw-Hill Osborne Media, 2002
●
Cyberpunk: Outlaws and Hackers on the Computer Frontier, Katie Hafner, Simon & Schuster, 1995
●
Cyber Adversary Characterization: auditing the hacker mind, Tom Parker, Syngress, 2004
●
Inside the SPAM Cartel: trade secrets from the Dark Side, by Spammer X, Syngress, 2004
●
Hacker Cracker, Ejovu Nuwere with David Chanoff, Harper Collins, 2002
●
Compendio di criminologia, P ti G., Raffaello C ti
C
● di i i l i Ponti G R ff ll Cortina, 1991
●Criminalità da computer, Tiedemann K., in Trattato di criminologia, medicina criminologica e psichiatria forense, vol.X, Il
cambiamento delle forme di criminalità e devianza, Ferracuti F. (a cura di), Giuffrè, 1988
●United Nations Manual on the Prevention and Control of Computer-related Crime, in International Review of
Criminal Policy – Nos 43 and 44
Nos.
●Criminal Profiling: dall’analisi della scena del delitto al profilo psicologico del criminale, Massimo Picozzi, Angelo
Zappalà, McGraw Hill, 2001
● Deductive Criminal Profiling: Comparing Applied Methodologies Between Inductive and Deductive Criminal
Profiling Techniques, Turvey B., Knowledge Solutions Library, January, 1998
g q , y , g y, y,
●Malicious Hackers: a framework for Analysis and Case Study, Laura J. Kleen, Captain, USAF, US Air Force Institute of
Technology
●Criminal Profiling Research Site. Scientific Offender Profiling Resource in Switzerland. Criminology, Law,
Psychology, Täterpro
94. Must-read books / 3
● Profiling Hackers: the Science of Criminal Profiling as applied to the World of Hacking
● ISBN: 978-1-4200-8693-5-90000
95. And...a gift for you all here! ☺
● Get your own, FREE copy of “F3” (Freedom from
●Fear, the United Nations magazine) issue #7,
totally focused on Cybercrimes!
DOWNLOAD:
DOWNLOAD
●
● www.FreedomFromFearMagazine.org
● Or, email me and I will send you the full PDF (10MB)
96. Q
Questions?
Contacts, Q&A
Raoul Chiesa
E-mail: chiesa@UNICRI.it
Thanks folks!
UNICRI Cybercrime Home Page:
y g http://www.unicri.it
http://www.unicri.it/emerging_crimes/cybercrime/