1 / 26

The Growth of eCrime John Walker FBCS CITP CISM MFsoc ITPC Certified

The Growth of eCrime John Walker FBCS CITP CISM MFsoc ITPC Certified Director – ISSA Global Board. What are e Related issues?.

miron
Télécharger la présentation

The Growth of eCrime John Walker FBCS CITP CISM MFsoc ITPC Certified

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Growth of eCrime John Walker FBCS CITP CISM MFsoc ITPC Certified Director – ISSA Global Board

  2. What are eRelated issues? • The erelated issues are - if you examine some Global links and associations, it may not be common knowledge, but in some areas it can be an inter-connected labyrinth between some, or all of the following: • - eCrime • - eFraud • - eTerror • - Money Laundering • - Pornography • - Paedophilia • - Serious and Organised Crime (SOC) • - Industrial Espionage • - Military Espionage and Spying • And other big earners . . . and when you are in, it may not be easy to leave!

  3. What is CTF – and how is it linked? • Countering Terrorist Funding (CTF) is an important part of the Security Mission • but again what is not that well know is that a number of Terrorist Organisations • can be behind, or benefit from some Internet Scams and Frauds - what an ideal • way to raise cash in its pure electronic profile, and then to distribute through • varying electronic channels. • However this is a massive subject and could support an entire presentation • alone. • There are of course many powers that may be leveraged to counter the threat • and some are: • Anti Money Laundering (AML) • Asia Pacific Group on Money Laundering (APG) • Asset Recovery Agency (ARA) • Serious and Organised Crime Agency (SOCA) • Bank Secrecy Act – USA (BSA) • Caribbean Financial Action Task Force (CFATF) • Federal Bureau of Investigation - TFOS (FBI) • Its all about the radar and just how low you fly

  4. Does Cyber Terror (eTerror) Exist - 1? 1) Early 2007 (and not for the first time) successful attacks were mounted against the Pentagon (reported FT 4th Sep 07) from a Chinese source identified as the Peoples Liberation Army (PLA). This was reported to have occurred in the month of June. 2) On 5th Sep 07 the Guardian ran an article reporting that Whitehall had also suffered some incursions from the same source under the banner of Titan Rain. 3) This year, and others Internet Root Servers were impacted – consider the ramifications on Business, and Individuals who Compute from the Cloud. It has been identified by some Nations that the Internet is a good way of delivering Payload, and in this case such Payload could be aimed at a Nations economy, or maybe even to target a particular Brand or Country – carried out by trained Cyber-Warriors – This is a REAL Threat!

  5. Does Cyber Terror (eTerror) Exist - 2? Week Commencing 10th Sep 07: Web pages of the US Consulate General in Russia were attacked and compromised by hackers. This attack was part of a much larger attack in which approximately 400 vulnerable web servers were targeted, seeking out any inherent security exposures and vulnerabilities. And this is but the thin edge of the problem – Companies don’t report, and most end users don’t know – so what is the true picture? – DISCUSS.

  6. Economic Impact Consider, Internet Services, On-Line Banking, Multi Million £/$ industry, VoIP, IPTV, Communications, in fact EoIP: Everything over Internet Protocol & the Future – the Cloud

  7. Is it Taken Seriously? Cheyenne Mountain NORAD UK ?

  8. What does eCrime, eFraud look like? Rootkits: Now very common, and deployed to high numbers of systems. Phishing: Very active, on the rise, and now more imagination with Rock and Flux Servers keeping sites alive and trading for longer periods. Malware: Its everywhere, and now a very common threat, and a good tool for The Cyber Criminals, andeTerrorist to use. SpyWare: See above, same issue – different vector of attack. CrookWare, Kits, and DoS by Design: CrookWare like Trojanised AV, and Malware Scanners, Kits to create an application, or maybe just a creation of a targeted DoS attack – they are all available for a price, from a few dollars to $2500 - if you have the money – they can be yours! Social Engineering: Old favourite, but still very much a part of the attackers kit bag – just got a little more sophisticated. Theft: When a company, or an individual looses an asset like a computer, or a USB Key, what is the risk – not the hardware, but what’s on it – INFORMATION!

  9. CrookWare of a Helping Hand? 16:30hrs on 26th September 2007 - booking a flight on-line under Firefox, when presented with the information below – no such issues existed, - no errors, but this tool suggested otherwise – scare tactics can work – the sender was just being helpful – downloads can install a Rootkit or a Trojan and would then purport to do a scan. Lots of this stuff exists on the net.

  10. Burning Issues – who helps the Criminals? Believe it or not, both those in the Private and Public Sector HELP the Criminals by simply being complacent – consider: 1) Sensitive Financial Data left INSECURE on Laptops (Tale of EFS). 2) Lost or Stolen Data NOT Reported – very common (SB1386 - CA). 3) Data disposed of in an INSECURE manner – Guardian 13th September (NHS). 4) TJX – LACK of Controls, LACK of Secure Configuration, and LACK of Awareness (and maybe even Change Control – as with the NHS above). 5) TD Ameritrade admitted 6.3 Million account details had been lost /compromised.

  11. Real Life Case Studies 1) Dailey DoS attack at a Corporate Gateway – why? 2) On-Going DoS/DDoS attacks - widespread at multiple organisation – why? 3) The case of the Rootkit Script – practical and devious 4) Widespread infiltration of millions of computers, installed with some form of logic – this is GridSuper Computing in the hands of Criminals 5) Secret System access – or at least visibility – the access was low, but the PR impact was massive 6) That Famous Laptop – Gulf War related

  12. Design Flawing Design Flawing is a new term (in fact it was born on this slide). This is where an intentional programmed error is put into the logic of Software, Firmware, or other components – it could be as part of a designed Trojan to invoke when a condition has been met, say a power threshold, or after some notable date has arrived. Case 1> In its most basic form this has been used in one Firmware Implementation I am aware of - to encourage its owner to call for a service engineer – as it had past its service date, and yes, it went wrong – the fix – a new ROM (with the same logic installed – advanced to 1 year + 2 days). Case 2> It was known that a nation had stolen detailed technology from one Country (where it was illegal to obtain & use under the End User Licence). The response was to build into the Firmware-Logic an overrun fault – result was the complete destruction of the asset when it overran to maximum revolutions, and could not be shut down – until it BLEW

  13. Terrorism & Stegography 2005/2006 – identified use of Stegography to hide exploitation images Alert Agencies and Services to Political Ramifications and use Was not considered a practical or real life threat Q4 2008 – Security Services identify terrorists application of Stegography Response – we need to understand this threat!

  14. Stegogo - GIF At HEX level All files have their own format and header types – here GIF.

  15. Stego – JPEG & BMP At HEX level All files have their own format and header types – here JPEG & BMP.

  16. Information & HEX 1. Type of device. 2. Type of file. 3. Some give away Signs.

  17. Clean to Dirty - Blowfish Before After

  18. Statistics After Before After After

  19. Anti Virus – What’s the Future? As we view a number of threats today, AV is considered a Silver Bullet but it is NOT – some history and examples: 1) Trojans of yesteryear. 2) Update Time. 3) One man for all seasons. 4) The real truth about protection and the Zero Day issue. 5) The Boot Sector Virus issue is back – in a different form. IS AV Dead – As it stands today, it must change (and in some cases it is) or die!

  20. Patch & Fix – What’s the Future? Microsoft release their new O/S and Application updates on a day known as Patch Tuesday – this applies corrections to known vulnerabilities, and removes the security exposures with that corrective patch/fix. Hacker Response – create what is known as ‘Zero-Day Wednesday’ – which waits until the Patches & Fixes have been released, and then the circle of Insecurity starts again.

  21. Statistics - 1 1996 – 3.4 Million UK Residents online. 2006 – 29 million UK Residents online. 2008 - ?? 2006 – it is estimated that there were 92,000 cases on online identity fraud. 2006 – It is estimated that there were 207,000 cases of financial fraud(+32% from 2005). Around 40% of ALL frauds are committed on line. 2006 – CNP accounted for £212.6 Million. 2006 – Estimated that there were 1,944,000 cases of online harassment. 90% of online harassment goes unreported – who would you tell? 2006 – 144,500 cases of computer misuse (excluding viruses).

  22. Statistic - 2 2006 238 cases offences meeting Children post Grooming Dangerous Conditions

  23. First Responder It is essential the businesses and organisations are able to: 1. Identify. 2. React. 3. Apply appropriate procedures. 4. Have Policies. 5. Understand the legal ramifications – know what to do. 6. Connect with Law Enforcement Agencies where appropriate. And have First Responder Capabilities (in or Out of House)

  24. Get Hard To survive - Harden up systems and applications: 1. Remove low hanging fruit – C$. 2. Test you own systems – FIRST. 3. Apply workable policies. 4. Have build standards. 5. Define the perimeter of Secure Operations. 6. Use what you own – don’t do ShelfWare. 7. Consider Mobility implications

  25. Conclusion = BIG issue costing Millions, impacting high numbers But It IS NOT Understood, or Considered a threat of magnitude commensurate to its Impact!

  26. Thank You

More Related