1 / 18

Pacific Northwest Digital Government Summit

Pacific Northwest Digital Government Summit . Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz. National Priorities. Counterterrorism Counterintelligence Cyber Crime. Cyber Crime Components. Computer Intrusions BOTNETS DDOS Attacks Intellectual Property Theft

kasia
Télécharger la présentation

Pacific Northwest Digital Government Summit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz

  2. National Priorities • Counterterrorism • Counterintelligence • Cyber Crime

  3. Cyber Crime Components • Computer Intrusions • BOTNETS • DDOS Attacks • Intellectual Property Theft • Theft of Trade Secrets • Virus/Worm Activity • Child Pornography • Internet Fraud

  4. Professional Cyber Criminals • Organized Crime (Foreign and Domestic) • Money • Information THREAT How Severe is the Threat?

  5. Growing Trend • BOTNETS • Distributed Denial Of Service Attacks (DDoS) • Extortion • Malicious Attacks • Pay for Click (Adware installations) • Network Traffic • Identity Theft (keylogging, phishing) • SPAM

  6. Components of BOTNET • Internet Relay Chat (IRC) Server • Usually a compromised Linux box • Zombies- Compromised computers • Home, Military, Government, Education, and Business infected by a worm, trojan, or virus • Botherder – Person controlling BOTNET

  7. Attack Network Attack Control Computer

  8. Recent BOTNET Case • ZOTOB • Released ~8/2005 • Spreads through email and MS05-039(PnP) • Sets up Backdoor via trojan • Controlled by Internet Relay Chat (IRC) • Zotob A, B, C derived from MyTob • Zotob D, E, F derived from Rxbot

  9. ZOTOB- victims IRC SERVER Diabl0.turkcoders.net

  10. ZOTOB - Subjects • Code Analysis • 43 41 4e 00 00 00 00 5b 78 5d 20 42 6f 74 7a 6f 72 B-O-T-Z-O-R.SCAN....[x] Botzor • 32 30 30 35 20 42 79 20 44 69 61 62 6c 4f 00 00 2005 By DiablO................

  11. ZOTOB - Subjects • Diabl0 • FBI Headquarters Cyber • FBI Seattle Cyber Squad • Identify hotmail account for Diabl0 through DNS Whois for blackcarder.net • Worm analysis “greetz to my good friend coder”

  12. ZOTOB - Subjects FBI flies to Morocco/Turkey

  13. ZOTOB Conclusion • Two subjects located and arrested in less than two weeks from infection

  14. Cyber Prevention • Current, patched Operating System • Enable automatic updates • Current virus protection • Update as often as service allows • Software and Hardware based firewall • Anti-Spyware Protection • Now a necessity • Identify points of vulnerability • Remote access • Laptops

  15. Resources • www.consumer.gov/idtheft/ • www.ic3.gov/ • www.annualcreditreport.com (877-322-8228)

  16. Contact • Special Agent Kenneth A. Schmutz • (206) 262-2114 • Kenneth.Schmutz@ic.fbi.gov

More Related