“Menschenkenntnis”
and Cyber Security
Thomas George
International Business Manager - cyscon GmbH

Who are Cyscon?
• Founded 2001 by Thorsten Kraft
• Cyber Security Consulting
• Founding Member of Botfrei and ACDC Project.
• Official Partner of BSI - German Federal Office for Information Security
• 2010 - Conficker Takedown
• 2013 - Check & Secure - Private User Initiative

Working Relationships
cyscon works with a variety of partners in the IT Security world.
These include:
• Internet Service Providers, including Vodafone and 1&1
Telecom
• Banks, such as Deutsche Bank and Postbank
• Law enforcement, including FBI and Europol
• NGOs, including Stop.Think.Connect - Funded by the
Department of Homeland Security

Knowing your Enemy
How cyscon gets its data.

Sinkholing
• 80 Million Events per day
• 42 Different Types of Malware recognised

Honeypots and Spam Traps
• 3.5 Million Spam Emails Per Day
• Honeypots installed on real systems by our
customers
• 40,000 New Malicious URLs Each Day

Web Crawling
• Systems Continually Crawling the Web
• 16 Different Settings - Chilled to Paranoia
• Analysing Behaviour and AV Detection

The Data Toilet
• Gathering Data since 2006
• Enriching Data with Meta Data
• More than 20,000 Sensors
• More than 50 Partners
• WHOIS, SSH HOSTKEY, DNS details, etc.

What goes in?

Where Does it All Go?
• Data is sent to ISPs
• AND / OR
• Anonymised and Sent to Law Enforcement,
Research or Industry

Internet Service Providers
Sensor
Sensor
Concentrator
Concentrator
Sensor
Sensor
Sensor
Sensor
Sensor
Sensor
Anonymisation
Law Enforcement
Agencies
Research
Industry
Detection Supporting

Flushing the Toilet
• Okay…we have the data.
• Let’s Make Some Money!

Menschenkenntnis in
Business
Wer keine Menschenkenntnis hat, hat als Kaufmann bereits verloren

Flexibility
• Knowing what customers want
• Using trust and Existing Relationships
• Knowing when to work for free

Banks
Its All About the Money

What is Hurting?
• Losing Money
• Losing More Money
• Losing Even More Money
• Losing Reputation

How do Banks (and their
customers) lose money?
• Redirection of Payment
• Identity Theft through Trojan Infection
• Direct Phishing Scams

Technical Overview -
Banking Services
Threat Detection, Mitigation, Prevention

Malware Detection
• Identification of infected customers
• More than 40 Trojan Families - 4000 events per
second.
• JSON Format - Easy to implement and process
• Can be combined with sales of Malware
Deletion Product.

Malicious Traffic Mitigation
• Access to C-SIRT Database and Cyber Threat
Detection Cloud
• Database fed by Worldwide sensors of Malicious
Traffic
• Eliminates Cyber Attacks against banking
platforms.

Brand Protection
• Fully automated takedown service
• Detection, Blocking, Blacklisting
• Normal process time, 2 hours
• Excellent contacts to ISPs for quick takedowns

Menschenkenntnis in
the Community
“Love thy Neighbour”

Two Sides of the Story
• How much can experts do without end users?
• GameOver Zeus Takedown - Pointless?
• “Slipping through the net”

The Cyber Vaccination
• Appears as analysis system from AV industry.
• Protection against MITB attacks and identity theft.
• Works on 10 different browsers.
• Free to use - One time installation.
• Attack interception - Malicious code cannot be
executed.
• “Panic Switch” when intruder is detected.

HitmanPro: A Second
Opinion Scanner
• Behavioural analysis - not signature based.
• 10MB file, can boot from USB.
• Complement to existing AV programs
• 30 Day free trial for emergency cases.

Case Study:
Cyber Alliance of
Switzerland
Cyber Alliance of
Switzerland
How can the “Check & Secure” Technology be
Implemented by Banks?

Concept and Goals
• Making Switzerland into the “Cleanest Internet
Country in the World
• Identification and Help for Infected End Users
• Support for the deletion of malware and securing of
end user systems with Check & Secure and End
User Products.

Realisation
• Banking Partners: Credit Suisse, Raffeisen,
Postfinance and UBS.
• Internet Service Partners: Swisscom, Sunrise, UPC
• Creation of a shared Malware database.
• Planned Launch 1.8.2014.

Thank you for Listening
• tgeorge@cyscon.de
• +491733853804