Cyber CrimePrepare for the next wave:          Business Process HackingRichard Stiennon – Chief Research Analyst, IT-Harvest
The Rise of Cybercrime                        INHIBITORS                         Better securityInternational cooperation ...
Historical Criminal SocietiesIT-Harvest 2011
The first wave: the adware economy       E-commerce Sites                                           Affiliate Web Sites   ...
The Adware economy   E-commerce Sites                                          Affiliate Web Sites                      Hi...
IP theft as a service in IsraelIT-Harvest 2011
Physical presence targets “wherethe money is” - Willie Sutton• Sumitomo Mitsui Bank BranchIT-Harvest 2011
Cyber Defense :-)Sumitomo Best PracticeIT-Harvest 2011
Stop&ShopIT-Harvest 2011
Stop&Shop cyber defenseIT-Harvest 2011
TJX: targeting data repositoriesTJ MAXX, Marshall’s45 Million Credit cards@ $80/card=$3.6 Billion in costs!    Pringle’s c...
Business Process Hacking• Step one: identify the business process• Step two: identify key vulnerabilities and trust  relat...
An insider’s perspective• Major railroad in US• Major computer manufacturer in USIT-Harvest 2011                   13
Pump and dump•    Break in to online trading account•    Sell off owner’s portfolio•    Purchase penny stocks•    Dump att...
E-ticketing fraud• Indian railway reservations. Scalpers use software to  corner the market for tickets and resell them at...
Carbon credits• 2010 Phishing attack against dozens of companies• Seven out of 2,000 German companies fall for it• Carbon ...
Vulnerable business processes•    Treasury functions•    Logistics•    Payroll•    Trading platforms for energy, natural r...
Beyond theft• Commerce relies on trust. Break  that trust and commerce fails.IT-Harvest 2011         18
richard@it-harvest.comthreatchaos.comtwitter.com/stiennon
Upcoming SlideShare
Loading in …5
×

Cybercrime and Business Process Hacking

1,659 views

Published on

A presentation on the rise of cyber crime and the trend towards Business Process hacking

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,659
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • The purpose of this presentation is to depict a scenario. It is only through imagining the worst that we can prepare for it and hopefully curtail the chances of a particular scenario playing out in real life. \n\nThe cyber crime scenario is fueled by the lack of balance between the fundemental drivers and the countervailing inhibitors. \nDRIVERS\nCriminals historically prey on their immediate neighbors. The Internet changes all that\nThe monthly barrage of vulnerability announcements, particularly from MSFT give cyber criminals the opportunities they need. Total impact of Vista will be…ZERO\nOnline trading sites for identities create a market for thieves to sell to more sophisticated criminals.\nSuccess (profits) breeds more success. Just as eBay created a new generation of garage sale entrepreneurs, Cyber crime is sucking in more and more players. \nLarge botnets, in particular a million member army being prepped for the holiday season indicate growing power. \nOrganized crime is turning to bribery and infiltration to steal identities. \n
  • The Wild West, Chicago in the 20’s, the Caribbean previous centuries and Columbia as well as aspects of Russia and Italy today are all examples of where unchecked crime can lead. This is the scenario that we must avoid. \n
  • \n
  • \n
  • Since May 30, Memorial Day weekend, Israel’s business community has been in an uproar. Here is a snapshot of the outbreak of a major industrial espionage incident. Spyware plays a crucial role in this fiasco. \n\nThis slide depicts the targets, the perpetrators, and the Private Investigators that carried off these invasions. The story started when an Israeli author noticed that his unpublished works were being posted to the Internet. Suspecting his step-daughters ex-husband he called in the Israeli police. The police discovered the HotWar Trojan on his home computer. Files, emails, and everything the author typed were being sent to FTP servers in Germany, the UK and the US. When those servers were seized by local authorities in each country they were found to contain internal documents from dozens of companies in Israel including the state owned telephone company, Bezeq, a cell phone company, a car dealer, satellite TV company(Hot!), a cell phone company (Patner), a water company (Gal-Al), a defense contractor and more. \n\nIt turns out that at least a dozen companies in Israel had hired Private Investigators to gather competitive intelligence on their counterparts. The PI’s had purchased software from Michael Hephrati in the UK and sent it to the targets disguised as a legitimate email proposal. While 22 people are under arrest, one was indicted this week (June 20), and the investigation continues.:\n-The CEO of one of the PI firms through himself down a stairwell at the police station and is in critical condition with multiple head and spine injuries. \n-The private firms that were in the process of purchasing Bezeq have asked for a new sale to take place. \n-The water company that was hacked lost documents that detailed heavy water extraction techniques. Heavy water is critical to the manufacture of H bombs. \n-Israeli authorities themselves have been using spyware to gather information from PC of the wife of the Syrian President. \nStay tuned. \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Cybercrime and Business Process Hacking

    1. 1. Cyber CrimePrepare for the next wave: Business Process HackingRichard Stiennon – Chief Research Analyst, IT-Harvest
    2. 2. The Rise of Cybercrime INHIBITORS Better securityInternational cooperation (or not)‫‏‬ BPH! Organization Insider recruitment 30 million bots Success (profits)‫‏‬ Market for identities New vulnerabilities Ubiquitous Internet DRIVERS IT-Harvest 2011
    3. 3. Historical Criminal SocietiesIT-Harvest 2011
    4. 4. The first wave: the adware economy E-commerce Sites Affiliate Web Sites Software parasites Hit Stats Worms Fake “Top Ten” Viruses Brokers Spam Webrings Infected Desktops ADwareIT-Harvest 2011
    5. 5. The Adware economy E-commerce Sites Affiliate Web Sites Hit Stats Software parasites Popularity- Stats Worms Brokers Viruses Webrings Spam Infected Desktops ADwareIT-Harvest 2011
    6. 6. IP theft as a service in IsraelIT-Harvest 2011
    7. 7. Physical presence targets “wherethe money is” - Willie Sutton• Sumitomo Mitsui Bank BranchIT-Harvest 2011
    8. 8. Cyber Defense :-)Sumitomo Best PracticeIT-Harvest 2011
    9. 9. Stop&ShopIT-Harvest 2011
    10. 10. Stop&Shop cyber defenseIT-Harvest 2011
    11. 11. TJX: targeting data repositoriesTJ MAXX, Marshall’s45 Million Credit cards@ $80/card=$3.6 Billion in costs! Pringle’s can or…?IT-Harvest 2011
    12. 12. Business Process Hacking• Step one: identify the business process• Step two: identify key vulnerabilities and trust relationships  Insiders  Customers  Partners• Step three: steal something• Step four: monitizationIT-Harvest 2011 12
    13. 13. An insider’s perspective• Major railroad in US• Major computer manufacturer in USIT-Harvest 2011 13
    14. 14. Pump and dump• Break in to online trading account• Sell off owner’s portfolio• Purchase penny stocks• Dump attacker’s holdings when stock price jumps• Leave account holder with worthless portfolio• Canadian attacks thwarted $11 million frozen in Lithuanian bank.IT-Harvest 2011 14
    15. 15. E-ticketing fraud• Indian railway reservations. Scalpers use software to corner the market for tickets and resell them at a mark up.• Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000)• Even better: scammers buy seats and block others from getting seats.IT-Harvest 2011 15
    16. 16. Carbon credits• 2010 Phishing attack against dozens of companies• Seven out of 2,000 German companies fall for it• Carbon credits transferred to two accounts owned by attackers• $4 million stolen• 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million.IT-Harvest 2011 16
    17. 17. Vulnerable business processes• Treasury functions• Logistics• Payroll• Trading platforms for energy, natural resources, commodities, securities• Voting platforms• Gaming sites• Foreign Exchange• “Deal rooms”• Central banks•IT-Harvest 2011 17
    18. 18. Beyond theft• Commerce relies on trust. Break that trust and commerce fails.IT-Harvest 2011 18
    19. 19. richard@it-harvest.comthreatchaos.comtwitter.com/stiennon

    ×