Cyber Threats Mike Cote Chairman and CEO

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 1

How many hits does a search for the term 'Hacker' in Google reply with?
183,000,000

2600 The Hacker Quarterly

Conferences -

Black Hat
Welcome to DEFCON, the Largest Underground Hacking Convention in ... Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as ... www.defcon.org/ -

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 3

Hackers - First Generation Lone Wolf

Kevin Mitnick January 21, 1995 Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, .

Chen Ing-Hau, 24, Taiwan Arrested September 15, 2000 CIH (Chernobyl) Virus Jeffrey Lee Parson, 18, USA Arrested August 29, 2003 Blaster Worm ('B' variants only), DDoS

Sven Jaschan, 18, Germany Arrested May 7, 2004 NetSky (Sasser) Worm
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 4

Cyber Criminals - Proof of Concept for making $

Farid Essebar, 18, Morocco Arrested August 25, 2005 Mytob and Zotob (Bozori) Worms

Atilla Ekici, 21, Turkey Arrested August 25, 2005 Operating Mytob and Zotob botnets

Jeanson James Ancheta, 24, USA Arrested November 3, 2005 Rxbot zombie networks for hire (spam and DDoS)

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 5

Cyber Gangs Online Extortion DDoS attacks bookmakers in October 2003 Extortion ($3 million gross) Nine arrested on July 20 and 21, 2004 In October 2006, three were sent to prison The two gang leaders and masterminds are still at large On the Wanted List of the Federal Security Service (FSB) of the Russian Federation

Maria Zarubina and Timur Arutchev

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 6

Cyber Crime Goes Big Time London branch of Japan's Sumitomo Mitsui Bank Worked with insiders through Aharon Abu-Hamra, a 35-year-old Tel Aviv resident Injected a Trojan to gather credentials to a transfer system Attempted to transfer 220 million into accounts he controlled around the world 13.9 million to his own business account

Yaron Bolondi, 32, Israel Arrested March 16, 2005

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 7

Albert Gonzalez Segvec, Soupnazi, J4guar

Indicted on Aug 17, 2009 Stole 130,000,000 credit card numbers Worked out of Miami his one flaw

Worked as an international organized cybercrime group

3 in the Ukraine Including Maksik who earned of $11m between 2004-2006 2 in China 1 from Belarus 1 from Estonia 1 from unknown location that goes by Delperiao

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 8

Identity Theft Market Rates

Item US-Based Credit Card (with CVV) Full identity (ssn, dob, bank account, credit card, ) Online banking account with $9,900 balance Compromised computer Phishing Web site hosting per site Verified Paypal account with balance Skype Account World of Warcraft Account

Price $1 - $6 $14 - $18 $300 $6 - $20 $3 - $5 $50 - $500 $12 $10

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 9

Cyber Crime Trends

$1,200,000 $1,000,000 $800,000 $600,000 $400,000 $200,000 $0

Lone Ranger

Friends

Criminal Gangs

Criminal Organizations

$12,000 $10,000 $8,000 $6,000 $4,000 $2,000 $0

Criminal Gains Victim Loss

Before 2000

2000 - 2003

2003 - 2005

2005 to Present
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 10

Number of attacks monitored by SecureWorks

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

11

Page 11

C2C: Malware/Phishing Kit Arms Suppliers

Criminal to Criminal C2C Selling malware for "research only Manuals, translation Support / User forums Language-specific Bargains on mutation engines and packers Referrals to hosting companies Generally not illegal Operate in countries that shield them from civil actions Makes it easy to enter the cybercrime market
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 12

C2C Distribution & Delivery Force Suppliers

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 13

C2C Exploit Intelligence Dealers

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 14

C2C: Bot Management Turn Key Weapons Systems

76service, Nuklus Team Botnet Dashboards

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 15

Driving Factors Behind Cyber Crime

Profitable Low risk New services to exploit Easy (technically) Easy (morally you never meet the victim)

Picture provided by energizer hacking group 90 day project take $300,000 - $500,000

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 16

Cyberwarfare
Cyberspace is a warfighting domain.
- Lt. General Robert Elder, Commander 8th Air Force

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 17

In 2007, the FBI reported that there were 108 countries with dedicated cyber-attack organizations seeking industrial secrets.
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

18

Page 18

Leveling the playing field

Adversaries that cannot match U.S. conventional military strength have an incentive to employ asymmetric strategies to exploit our vulnerabilities
Institute for Security Technology Studies at Dartmouth College

The Chinese want to dominate this information space. So, they want to develop the capability of attacking our "information advantage" while denying us this capability
Mike McConnell Director of National Intelligence

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 19

China
Most skilled vulnerability researchers in the world Very capable at command & control networks Objective is to steal intellectual property Information warfare
as a tool of war, as a way to achieve victory without war as a means to enhance stability.

Strategy
100 Grains of Sand infiltrate as many networked systems as possible and lie in wait for sensitive data and/or command and control access.

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

20

Page 20

Whitehouse email compromised Nov, 2008

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

21

Page 21

The federal government reported 18,050 cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

22

Page 22

Joint Strike Fighter

Compromise reported April 2009, started as early as 2007

$300 Billion project costliest in US DOD history

Several Terabytes of data stolen about electronic systems
Most sensitive secrets not compromised
United States is under cyber-attack virtually all the time, every day
- Robert Gates Secretary of Defense

Source of attacks appear to be China

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

23

Page 23

Russia
Russian has been relatively silent on its Strategy for Cyberwar

Cyber-Activism
Estonia Lithuania Ukraine

Cyber-War
Chechen Rebels during NordOst Hostage Crisis Georgia Conflict Krgyzstan
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

24

Page 24

Cyber-Activism Proof of Concept Estonia knocked offline for moving a Soviet Era WWII war memorial 300 Lithuanian Web sites defaced with Soviet Symbols by Russians after Lithuanian law banned use of Soviet symbols

Ukrainian Presidents website hacked after expressing interest in joining NATO

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

25

Page 25

CyberWarfare Russian Georgia Conflict - IWar

Physical and cyber warfare operations coincided with the final "All Clear" for Russian Air Force between 0600 and 0700 on August 9,2008 Physical and cyber warfare shared targets, media outlets and local government communication systems in the city of Gori Further cyber warfare operations against new targets in Gori coincided with traditional physical warfare target
The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 26

Russia's Cyber Militia Distribution of Bots

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 27

StopGeorgia.ru
Hosted by Softlayer in Plano Texas.

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

28

Page 28

Fourth of July DDoS attacks

July 4 July 9, 2009 DDOS Attacks www.dhs.gov
finance.yahoo.com www.dot.gov travel.state.gov www.faa.gov www.amazon.com Approximately 20,000 attacking hosts (at $0 cost to the attacker) www.ftc.gov www.usbank.com www.nasdaq.com www.yahoo.gov www.nsa.gov www.marketwatch.com Most attacking hosts were in www.nyse.com www.washingtonpost.com South Korea www.state.gov www.usauctionslive.gov www.usps.gov www.umarketwatch.com Popular Peer to Peer filesharing network in South Korea hacked to www.ustreas.gov www.voa.gov spread malware and enlist www.whitehouse.gov machines to attack www.defenselink.mil

Many government critical infrastructure sites down for several days

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

Page 29

Project Aurora
Destruction of a $1M power generator by compromising the control network for the generator DHS Project Aurora
http://www.youtube.com/watch?v=fJyWngDco3g

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

30

Page 30

State of Cyber Attacks and the problems

There are no international boundaries on the Internet There are safe havens for criminals where they may operate without consequence. Some havens provided in return for services or technology Governments enlisting the services of traditional cybercrime criminals to advance their information warfare capabilities.

Governments funding training programs for information warfare

Cost of CyberAttacks is decreasing, effectiveness is increasing.

Cyberspace is part of the battlefield of the 21st Century

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

31

Page 31

Balance of Military Might?

Release of Dams Disruption of air traffic flow Destruction of power substations Disruption of First Responders and Emergency services during a terrorist attack Integrity in the financial system leading to lack of consumer confidence Disruption of law enforcement and tainting of evidence Corruption, tainting of food supply

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

32

Page 32

Questions?

The Information Security Experts Copyright 2009 SecureWorks, Inc. All rights reserved.

www.secureworks.com

33

Page 33