180 likes | 279 Vues
Pacific Northwest Digital Government Summit . Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz. National Priorities. Counterterrorism Counterintelligence Cyber Crime. Cyber Crime Components. Computer Intrusions BOTNETS DDOS Attacks Intellectual Property Theft
E N D
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz
National Priorities • Counterterrorism • Counterintelligence • Cyber Crime
Cyber Crime Components • Computer Intrusions • BOTNETS • DDOS Attacks • Intellectual Property Theft • Theft of Trade Secrets • Virus/Worm Activity • Child Pornography • Internet Fraud
Professional Cyber Criminals • Organized Crime (Foreign and Domestic) • Money • Information THREAT How Severe is the Threat?
Growing Trend • BOTNETS • Distributed Denial Of Service Attacks (DDoS) • Extortion • Malicious Attacks • Pay for Click (Adware installations) • Network Traffic • Identity Theft (keylogging, phishing) • SPAM
Components of BOTNET • Internet Relay Chat (IRC) Server • Usually a compromised Linux box • Zombies- Compromised computers • Home, Military, Government, Education, and Business infected by a worm, trojan, or virus • Botherder – Person controlling BOTNET
Attack Network Attack Control Computer
Recent BOTNET Case • ZOTOB • Released ~8/2005 • Spreads through email and MS05-039(PnP) • Sets up Backdoor via trojan • Controlled by Internet Relay Chat (IRC) • Zotob A, B, C derived from MyTob • Zotob D, E, F derived from Rxbot
ZOTOB- victims IRC SERVER Diabl0.turkcoders.net
ZOTOB - Subjects • Code Analysis • 43 41 4e 00 00 00 00 5b 78 5d 20 42 6f 74 7a 6f 72 B-O-T-Z-O-R.SCAN....[x] Botzor • 32 30 30 35 20 42 79 20 44 69 61 62 6c 4f 00 00 2005 By DiablO................
ZOTOB - Subjects • Diabl0 • FBI Headquarters Cyber • FBI Seattle Cyber Squad • Identify hotmail account for Diabl0 through DNS Whois for blackcarder.net • Worm analysis “greetz to my good friend coder”
ZOTOB - Subjects FBI flies to Morocco/Turkey
ZOTOB Conclusion • Two subjects located and arrested in less than two weeks from infection
Cyber Prevention • Current, patched Operating System • Enable automatic updates • Current virus protection • Update as often as service allows • Software and Hardware based firewall • Anti-Spyware Protection • Now a necessity • Identify points of vulnerability • Remote access • Laptops
Resources • www.consumer.gov/idtheft/ • www.ic3.gov/ • www.annualcreditreport.com (877-322-8228)
Contact • Special Agent Kenneth A. Schmutz • (206) 262-2114 • Kenneth.Schmutz@ic.fbi.gov