cote fp aversion 3

7/29/2019 Cote Fp Aversion 3

1/33

www.secureworks.com Page 1

The Information Security Experts

Copyright 2009 SecureWorks, Inc. All rights reserved.

Cyber Threats

Mike Cote

Chairman and CEO


2/33

How many hits

does a search

for the term

'Hacker' in

Google replywith?

183,000,000


3/33


The Information Security ExpertsCopyright 2009 SecureWorks, Inc. All rights reserved.

Black Hat

Welcome to DEFCON, the Largest

Underground Hacking Convention in ...

Information about the largest annual

hacker convention in the US, including

past speeches, video, archives, and

updates on the next upcoming show as

well as ...

www.defcon.org/ -

2600 The Hacker Quarterly Conferences -
http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/http://www.defcon.org/


4/33



Hackers - First Generation Lone Wolf

Chen Ing-Hau, 24, Taiwan

Arrested September 15, 2000

CIH (Chernobyl) Virus

Jeffrey Lee Parson, 18, USA

Arrested August 29, 2003

Blaster Worm ('B' variants only), DDoS

Sven Jaschan, 18, Germany

Arrested May 7, 2004

NetSky (Sasser) Worm

Kevin Mitnick

January 21, 1995Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, .


5/33



Cyber Criminals - Proof of Concept for making $

Jeanson James Ancheta, 24, USAArrested November 3, 2005

Rxbot zombie networks for hire (spam and DDoS)

Farid Essebar, 18, Morocco

Arrested August 25, 2005Mytob and Zotob (Bozori) Worms

Atilla Ekici, 21, Turkey

Arrested August 25, 2005

Operating Mytob and Zotob botnets


6/33


7/33www.secureworks.com Page 7


Cyber Crime Goes Big Time

Yaron Bolondi, 32, Israel

Arrested March 16, 2005

London branch of Japan's Sumitomo

Mitsui Bank Worked with insiders through

Aharon Abu-Hamra, a 35-year-old

Tel Aviv resident

Injected a Trojan to gathercredentials to a transfer system

Attempted to transfer 220 million

into accounts he controlled around

the world

13.9 million to his own businessaccount




Indicted on Aug 17, 2009

Stole 130,000,000 credit card numbers

Worked out of Miami his one flaw

Worked as an international organized cybercrime group 3 in the Ukraine

Including Maksik who earned of $11m between 2004-2006

2 in China

1 from Belarus

1 from Estonia

1 from unknown location that goes by Delperiao

Albert Gonzalez Segvec, Soupnazi, J4guar

8




Identity Theft Market Rates

Item PriceUS-Based Credit Card (with CVV) $1 - $6

Full identity (ssn, dob, bank account, credit card, ) $14 - $18

Online banking account with $9,900 balance $300

Compromised computer $6 - $20

Phishing Web site hosting per site $3 - $5

Verified Paypal account with balance $50 - $500

Skype Account $12World of Warcraft Account $10




$0

$2,000

$4,000

$6,000

$8,000

$10,000

$12,000

$0

$200,000

$400,000

$600,000

$800,000

$1,000,000

$1,200,000

Before 2000 2000 - 2003 2003 - 2005 2005 to Present

Criminal Gains

Victim Loss

Lone Ranger FriendsCriminal

Organizations

CriminalGangs

Cyber Crime Trends




Number of attacks monitored by SecureWorks

11




Criminal to CriminalC2C

Selling malware for "researchonly

Manuals, translation

Support / User forums

Language-specific

Bargains on mutation engines

and packers

Referrals to hosting companies

Generally notillegal

Operate in countries that shieldthem from civil actions

Makes it easy to enter the

cybercrime market

C2C: Malware/Phishing KitArms Suppliers




C2C Distribution & DeliveryForce Suppliers




C2C ExploitIntelligence Dealers




C2C: Bot ManagementTurn Key Weapons Systems

76service, Nuklus Team

Botnet Dashboards


16/33www.secureworks.comPage 16


Driving Factors Behind Cyber Crime

Profitable

Low risk

New services to exploit

Easy (technically)

Easy (morally you never meet the victim)

Picture provided byenergizer hacking group

90 day project take$300,000 - $500,000




www.secureworks.com

Cyberwarfare

Cyberspace is a warfighting domain.- Lt. General Robert Elder, Commander 8th Air Force




www.secureworks.com

In 2007, the FBI reported that there were 108

countries with dedicated cyber-attackorganizations seeking industrial secrets.

http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf

18
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdfhttp://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf




Adversaries that cannot match U.S. conventional military strength

have an incentive to employ asymmetric strategies to exploit our

vulnerabilities

Institute for Security Technology Studies at Dartmouth College

The Chinese want to dominate this information space. So, they want

to develop the capability of attacking our "information advantage"while denying us this capability

Mike McConnell Director of National Intelligence

Leveling the playing field




Most skilled vulnerability researchers in the world

Very capable at command & control networks

Objective is to steal intellectual property

Information warfare

as a tool of war, as a way to achieve victory without war

as a means to enhance stability.

Strategy

100 Grains of Sand infiltrate as many networked systems aspossible and lie in wait for sensitive data and/or command and

control access.

China

20




Whitehouse email compromised Nov, 2008

21




www.secureworks.com

The federal government reported 18,050

cybersecurity breaches in fiscal year 2008

Source: Department of Homeland Security

22


23/33



Compromise reported April

2009, started as early as 2007

$300 Billion project costliest

in US DOD history

Several Terabytes of datastolen about electronic

systems

Most sensitive secrets not

compromised

Source of attacks appear to

be China

Joint Strike Fighter

23

United States is under cyber-attack

virtually all the time, every day- Robert Gates Secretary of Defense
http://www.ft.com/cms/s/0/2931c542-ac35-11dd-bf71-000077b07658.html?nclick_check=1


24/33



Russian has been relatively silent on its

Strategy for Cyberwar

Cyber-Activism

Estonia

Lithuania

Ukraine

Cyber-War

Chechen Rebels during NordOstHostage Crisis

Georgia Conflict

Krgyzstan

Russia

24


25/33



300 Lithuanian Web sites defaced with SovietSymbols by Russians after Lithuanian law banned

use of Soviet symbols

Ukrainian Presidents website hacked after

expressing interest in joining NATO

Estonia knocked offline

for moving a Soviet EraWWII war memorial

Cyber-Activism Proof of Concept

25


26/33



CyberWarfare Russian Georgia Conflict - IWar

Physical and cyber warfare

operations coincided with the final

"All Clear" for Russian Air Forcebetween 0600 and 0700 on August

9,2008

Physical and cyber warfare shared

targets, media outlets and local

government communication

systems in the city of Gori

Further cyber warfare operations

against new targets in Gori

coincided with traditional physical

warfare target


27/33



Russia's Cyber MilitiaDistribution of Bots


28/33



StopGeorgia.ru

28

Hosted by SoftlayerinPlano Texas.

h f l S k


29/33



July 4 July 9, 2009 DDOS Attacks

Approximately 20,000 attacking

hosts (at $0 cost to the attacker)

Most attacking hosts were in

South Korea

Popular Peer to Peer filesharing

network in South Korea hacked to

spread malware and enlist

machines to attack

Many government critical

infrastructure sites down for

several days

www.dhs.gov

www.dot.gov

www.faa.gov

www.ftc.gov

www.nasdaq.com

www.nsa.gov

www.nyse.com

www.state.gov

www.usps.gov

www.ustreas.gov

www.voa.gov

www.whitehouse.gov

www.defenselink.mil

Fourth of July DDoS attacks

finance.yahoo.com

travel.state.gov

www.amazon.com

www.usbank.com

www.yahoo.gov

www.marketwatch.com

www.washingtonpost.com

www.usauctionslive.gov

www.umarketwatch.com

j


30/33



Destruction of a $1M power

generator by compromising

the control network for thegenerator

DHS Project Aurora

http://www.youtube.com/watch?v=fJyWngDco3g

Project Aurora

30

S f C b A k d h bl


31/33




There are no international boundaries on the Internet

There are safe havens for criminals where they may operate withoutconsequence. Some havens provided in return for services or technology

Governments enlisting the services of traditional cybercrime criminals to advance

their information warfare capabilities.

Governments funding training programs for information warfare

Cost of CyberAttacks is decreasing, effectiveness is increasing.

Cyberspace is part of the battlefield of the 21st Century

State of Cyber Attacks and the problems

31

B l f Mili Mi h ?


32/33




Release of Dams

Disruption of air traffic flow

Destruction of power substations

Disruption of First Responders and Emergency services during a

terrorist attack

Integrity in the financial system leading to lack of consumer

confidence

Disruption of law enforcement and tainting of evidence

Corruption, tainting of food supply

Balance of Military Might?

32

cote fp aversion 3

Documents