SlideShare a Scribd company logo

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

Mikko Hypponen
Mikko Hypponen

This document discusses online attacks and espionage by nation-states. It notes that certain groups like supporters of Tibet or Uighur minorities are often targeted. It provides examples of malware used in these attacks like Poison Ivy and Gh0st Rat. The document lists domains and IP addresses that have been seen connecting to targeted machines. It advises patching systems, removing Adobe Reader, adding firewall traps, and hopes of not being directly targeted.

TechnologyNews & Politics
1 of 58
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
Fake News? Hacked News site?
6es7-417
Duqu
Connects to 206.183.111.97 aka canoyragomez.rapidns.com
Protecting the irreplaceable | f-secure.com
Protecting the irreplaceable | f-secure.com
21
Document Exploit Code EXE DOC Filling
28
29
Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
Data from Messagelabs / Symantec study
Case Agent.BTZ
• 48
• 49
Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
Poison ivy, gh0st rat, zwshell
20 October, 2011
How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com

Recommended

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentPositive Hack Days
 

Recommended

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentPositive Hack Days
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
Antonio Sanz Alcober
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
COIICV
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Badgujar
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
Simon Wilson
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
acinfotec
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
Priyanka Aash
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 bSelectedPresentations
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
Sudhanshu Maurya
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
Tenable Network Security
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
Shiva Bissessar
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 

More Related Content

What's hot

Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
Antonio Sanz Alcober
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
COIICV
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Badgujar
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
Simon Wilson
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
acinfotec
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
Priyanka Aash
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
Sudhanshu Maurya
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
Tenable Network Security
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
Shiva Bissessar
 

What's hot (20)

Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
 
Hacking final
Hacking finalHacking final
Hacking final
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
 

Similar to SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
Adam W. Warner
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith Jones, PhD
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentationdelmount
 
I´m not a number, I´m a free man
I´m not a number, I´m a free manI´m not a number, I´m a free man
I´m not a number, I´m a free man
vicenteDiaz_KL
 
Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!
InnoTech
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
Jesse Ratcliffe, OSCP
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
Alejandro Correa Bahnsen, PhD
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
Sais Abdelkrim
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
Highway T
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
Shakacon
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
reconvillage
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
Murray Security Services
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slidesWallarm
 
Splunk at Oscar Health
Splunk at Oscar HealthSplunk at Oscar Health
Splunk at Oscar Health
Splunk
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
Zoltan Balazs
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
 
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
grecsl
 

Similar to SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states (20)

Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
 
I´m not a number, I´m a free man
I´m not a number, I´m a free manI´m not a number, I´m a free man
I´m not a number, I´m a free man
 
Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Splunk at Oscar Health
Splunk at Oscar HealthSplunk at Oscar Health
Splunk at Oscar Health
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
 
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
 

More from Mikko Hypponen

State of the Net
State of the NetState of the Net
State of the Net
Mikko Hypponen
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
Mikko Hypponen
 
Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013
Mikko Hypponen
 
SXSW - Mikko Hypponen
SXSW - Mikko HypponenSXSW - Mikko Hypponen
SXSW - Mikko Hypponen
Mikko Hypponen
 
Google Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko HypponenGoogle Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko Hypponen
Mikko Hypponen
 
TEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko HypponenTEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko Hypponen
Mikko Hypponen
 
TEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko HypponenTEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko Hypponen
Mikko Hypponen
 

More from Mikko Hypponen (7)

State of the Net
State of the NetState of the Net
State of the Net
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013
 
SXSW - Mikko Hypponen
SXSW - Mikko HypponenSXSW - Mikko Hypponen
SXSW - Mikko Hypponen
 
Google Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko HypponenGoogle Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko Hypponen
 
TEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko HypponenTEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko Hypponen
 
TEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko HypponenTEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko Hypponen
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

  • 1. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
  • 2. Fake News? Hacked News site?
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 12.
  • 13. Duqu
  • 14. Connects to 206.183.111.97 aka canoyragomez.rapidns.com
  • 15.
  • 16.
  • 19.
  • 20.
  • 21. 21
  • 22.
  • 23.
  • 24. Document Exploit Code EXE DOC Filling
  • 25.
  • 26.
  • 27.
  • 28. 28
  • 29. 29
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
  • 41. Data from Messagelabs / Symantec study
  • 42.
  • 43.
  • 45.
  • 46.
  • 47.
  • 50.
  • 51. Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
  • 52. Poison ivy, gh0st rat, zwshell
  • 54. How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
  • 55. Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
  • 56. From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
  • 57. PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
  • 58. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com