Beruflich Dokumente
Kultur Dokumente
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 1
How many hits does a search for the term 'Hacker' in Google reply with?
183,000,000
Conferences -
Black Hat
Welcome to DEFCON, the Largest Underground Hacking Convention in ... Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as ... www.defcon.org/ -
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 3
Chen Ing-Hau, 24, Taiwan Arrested September 15, 2000 CIH (Chernobyl) Virus Jeffrey Lee Parson, 18, USA Arrested August 29, 2003 Blaster Worm ('B' variants only), DDoS
Sven Jaschan, 18, Germany Arrested May 7, 2004 NetSky (Sasser) Worm
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 4
Atilla Ekici, 21, Turkey Arrested August 25, 2005 Operating Mytob and Zotob botnets
Jeanson James Ancheta, 24, USA Arrested November 3, 2005 Rxbot zombie networks for hire (spam and DDoS)
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 5
Cyber Gangs Online Extortion DDoS attacks bookmakers in October 2003 Extortion ($3 million gross) Nine arrested on July 20 and 21, 2004 In October 2006, three were sent to prison The two gang leaders and masterminds are still at large On the Wanted List of the Federal Security Service (FSB) of the Russian Federation
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 6
Cyber Crime Goes Big Time London branch of Japan's Sumitomo Mitsui Bank Worked with insiders through Aharon Abu-Hamra, a 35-year-old Tel Aviv resident Injected a Trojan to gather credentials to a transfer system Attempted to transfer 220 million into accounts he controlled around the world 13.9 million to his own business account
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 7
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 8
Item US-Based Credit Card (with CVV) Full identity (ssn, dob, bank account, credit card, ) Online banking account with $9,900 balance Compromised computer Phishing Web site hosting per site Verified Paypal account with balance Skype Account World of Warcraft Account
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 9
Lone Ranger
Friends
Criminal Gangs
Criminal Organizations
Before 2000
2000 - 2003
2003 - 2005
2005 to Present
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 10
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
11
Page 11
www.secureworks.com
Page 12
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 13
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 14
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 15
Picture provided by energizer hacking group 90 day project take $300,000 - $500,000
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 16
Cyberwarfare
Cyberspace is a warfighting domain.
- Lt. General Robert Elder, Commander 8th Air Force
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 17
In 2007, the FBI reported that there were 108 countries with dedicated cyber-attack organizations seeking industrial secrets.
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
18
Page 18
The Chinese want to dominate this information space. So, they want to develop the capability of attacking our "information advantage" while denying us this capability
Mike McConnell Director of National Intelligence
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 19
China
Most skilled vulnerability researchers in the world Very capable at command & control networks Objective is to steal intellectual property Information warfare
as a tool of war, as a way to achieve victory without war as a means to enhance stability.
Strategy
100 Grains of Sand infiltrate as many networked systems as possible and lie in wait for sensitive data and/or command and control access.
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
20
Page 20
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
21
Page 21
The federal government reported 18,050 cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
22
Page 22
www.secureworks.com
23
Page 23
Russia
Russian has been relatively silent on its Strategy for Cyberwar
Cyber-Activism
Estonia Lithuania Ukraine
Cyber-War
Chechen Rebels during NordOst Hostage Crisis Georgia Conflict Krgyzstan
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
24
Page 24
Cyber-Activism Proof of Concept Estonia knocked offline for moving a Soviet Era WWII war memorial 300 Lithuanian Web sites defaced with Soviet Symbols by Russians after Lithuanian law banned use of Soviet symbols
www.secureworks.com
25
Page 25
www.secureworks.com
Page 26
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 27
StopGeorgia.ru
Hosted by Softlayer in Plano Texas.
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
28
Page 28
www.secureworks.com
Page 29
Project Aurora
Destruction of a $1M power generator by compromising the control network for the generator DHS Project Aurora
http://www.youtube.com/watch?v=fJyWngDco3g
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
30
Page 30
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
31
Page 31
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
32
Page 32
Questions?
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
33
Page 33