Nullcon 2012

International Security Conference

What is the talk about?

•Only reported incidents •Mostly pertaining to government and corporate establishments.

What is the Talk not about?

•Unreported activities of intelligence agencies •Data gathered Intelligence agencies 

Who am I?

Hacked IndustriesHealthcare Automotive Credit Card Issuer

Education Finance Government

Hospitality Internet Service Provider

Music Sports

Search Engines NewspaperUnited States University

Web 2.0

Recruitment

Travel

Entertainment

Internet Service Provider

News

Social Networking

Hacked Industries

Statistics

Improper IO Handling

25%

Insufficient Anti-Automation

26%Inefficient AAA

7%

Misc (IPV,ITLP,PRL

etc)41%

Application Weakness in the Year 2011-12

Defacement16%

Downtime30%

Leakage of In-formation

27%

Planting of Malware

7%

Monetary Loss7%

Miscellaneous13%

Outcome in the Year 2011-12

Source : projects.webappsec.org

Statistics

Government24%

Education3%

Entertainment9%

Finance8%Technology

20%

Misc (Retail,36%

Attacked Entity Field in Year 2011-12

North America44%

South America13%

Africa3%

Asia19%

Europe17%

Australia4%

Attack Entity Geography Year 2011-12

Source : projects.webappsec.org

Reasons why cybercrimes occur?

Monetary

Monetary (Computer hacker tries to steal $1.8 million from Arlington's bank account

Hackers steal $6.7M in cyber bank robbery all this over new year break1st April 2012

Jan 18th 2012

Reasons why cybercrimes occur?

Recognition 

Hactivism:

DOS/DDOS AttacksApril 2012, February 2012, June 2011 CIA website Downed by Anonymous on three occasions

Reasons why cybercrimes occur?

Political

North Korea, South Korea 

Reasons why cybercrimes occur?

Geopolitical rivalry manifesting in corporate cybercrime  3rd January 2012 Saudi Hackers Post Israeli Credit Card Numbers Online

Intelligence:FBI Partner website hacked

FBI Partner Organization Website

Dayton FBI partner website hacked 

Political

Reasons why cybercrimes occur?

Defacement

Taliban Website Hacked As Afghan Cyberwar Heats

27th April 2012

Reasons why cybercrimes occur?

Fun

15-year-old arrested for hacking 259 companies

January 2012 to March 2012

black hat/ white hat/GreyHat?? 

Google kills Iranian blog with 3 million hacked bank accounts

Anonymous

anonymous message

to the world and CIA

who are they? “First, who is this group called Anonymous? Put simply, it is an international cabal of criminal hackers dating back to 2003, who have shut down the websites of the U.S. Department of Justice and the F.B.I. They have hacked into the phone lines of Scotland Yard. They are responsible for attacks against MasterCard, Visa, Sony and the Governments of the U.S., U.K., Turkey, Australia, Egypt, Algeria, Libya, Iran, Chile, Colombia and New Zealand. ”

—Canadian MP Marc Garneau, 2012

video :

Hacktivist Group

AnonymousGovt site taken down in censorship protest - Jun 10, 2012

Hacks in 2012

CSLEA hackOccupy Nigeria

Operation Megaupload

Anti-ACTA activism in EuropeOperation RussiaBoston Police Department attacks

Syrian Government E-mail HackAntiSec Leak and CIA Attack

Interpol AttackAIPAC Attack

Vatican website DDoS AttacksBureau of Justice leak

Taking down Monsanto's Hungarian website

Symantec source code leak

April 2012 Chinese attackOperation Bahrain and Formula One attacksOccupy PhilippinesOperation India

Operation Quebec

Operation Japan

Operation Anaheim

AAPT attack

Operation Myanmar

Case 1 Tunisian Government Date : 18 December 2010 – 14 January 2011

who: Tunisian Revolution

• 8 websites affected (including, the president, prime minister, ministry of industry, ministry of foreign affairs, and the stock exchange.)• Ben Ali's administration has tightly restricted the flow of information out of Tunisia• Reports of civil disobedience and police action filtered out on Twitter.• Anonymous claimed responsibility for the cyber attack (called it #OpTunisia)• Part of #OpPayback, initially aligned with wikileaks (Zimbabwe) then the people of Tunisia.• felt government had unilaterally declared war on free speech, democracy, and even [its] own people".• "Cyber attacks will persist until the Tunisian government respects all Tunisian citizens' right to free speech and information and ceases the censoring of the internet".

Case 2 Government Date :

09/12/11

who: Congress Website hacked (congress.org.in & aicc.org.in)

what (Defacement)Sonia Gandhi profile changed with one paragraph of obscene Language.(Photo of Sonia Gandhi)

why: Kapil Sibal asked social media networks, including Facebook, Twitter and Google, to remove offensive material from their websites.

Interesting Fact :

Case 3 Government Date : Dec 2010- Jun 2011

who: 117 Govt. of India Websites (NIC, Army, CBI)

Group responsible:

Indian offshoot of Anonymous, PCA(well….at least reportedly, also hacked 270 other sites)

why: Retaliation for ICA's Attack on 26/11/10Interesting Fact : Indian government departments and agencies do not follow the procedures set for regular audits of the sites

Case 1 Corporate

Date :

15/01/12

who: Zappos (Aquired by Amazon since 2008)

what:24m Records Breached Information including names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.

how: zero day vulnerability

Interesting Fact :

Case 2 Corporate

Date : Till Nov 27, 2011

who: Bug in the application

how: A subscriber uses the Report/Block link that appears in the bottom right when you roll over a picture to report another subscriber's photo as pornographic. The blocking tool then asks for your help in identifying other photos that should be blocked as part of that account - which is where the bug comes in. Not only were the public photos of that account presented, but private photos as well.

Output: Mark Zuckeberg's private photos started to show up across the web

Zuckerberg's Facebook Account Hacked

Case 3 Corporate Date :

06/06/12

who: Linkedin

how: Vulnerable Front end SQL Injection (could have been sqlmap or Havij)

Outcome: According to Per Thorsheim, security analyst,  A list of 6.5 million passwords appeared on a russian forum. 

• All hashed using the SHA-1 algorithm. No Salting 

• No Username or Data, but Could be a plan to crowd source hacking effort, because some unique passwords also found.

• Many Password "1234LinkedIn" with SHA-1 Hash is  “abf26a4849e5d97882fcdce5757ae6028281192a.”

Case 4 Corporate Date : 19/04/2012 (realised 7 days later.)who: Sony Playstation, Playstation portable, & Qriocity(Music Streaming)

what: • Supposed hacker chat-logs reveal PSN security lapses

• 77m stolen names, addresses, birthdates, PSN passwords and credit card numbers.• 55m (PSN, PS3 + playstation Mobile ) and 22m (Qriocity)• all details stolen indicate they were in unencrypted form (against common Industry practice.)

Other Hacks

Attack mode:

What:

Who:

When:May 22nd

SQL injection, automated

Hacked

Greece

Other Hacks

Article mentions that when this whole attack on Sony is over it might come to be one of the most secure web presence on the www.

What:

By:

Who:

When:

May 24th 2012

Sony music Japan

Lulzsec 

Hacked

Other Hacks

By:

Who:

When:June 5th 2011

Sony Music Brazil

Lulzsec

Other Hacks

June 6th 2012

SQL injection

Stole 120 usernames, passwords, email addresses through

Lebanese Hacker (Idahc)

Sony Europe

Attack mode:

What:

By:

Who:

When:

Other Hacks

July 5 2011

Sony Music Ireland website

HackersBy:

Who:

When:

Other Hacks

January 6th 2012

Sony picture website and FB

What:

By:

Who:

When:

page hacked

Other Hacks

SQL Injection Vaccination?

What:

By:

Who:

When:

August 2012

Sony

hacked again

Types of Attacks in 2011When Who By & How Outcome

March 17, 2011 Hacked by an Advanced Persistent Threat (APT)

Used SecurId codes they stole from the RSA break-in to hack Lockheed Martin

June 2, 2011 Through Spear phishing used by Chinese Hackers

Gmail accounts of select members of the U.S. Government had been compromised

May, 2011 200,000 Customer A/c were compromised by a cyber-attack. Hackers accessed account holders' names, email addresses, and account numbers

Citi ordered new credit cards for 100,000 customers absorbing the $2 million cost

June 11, 2011 Hackers used a "spear phishing" technique

Degree of the compromise was not specified

Types of Attacks in 2012

When Who By & How Outcome

August, 2012 Hactivist Group Anonymous

Site was unavailable Demanding freedom for Wikileaks founder Julian Assange

July 12, 2012 Group of Hackers used Union based SQL injection

SQL injection retrieved 453,000 user names and passwords stored in plaintext

September 25, 2012

Muslim hackers launched a distributed a denial-of-service attack against it

Bank was forced to shut down the website

Interpol British Police SOCA

• Incidents will continue to happen

• Regulatory Authority required to Penalize for no compliance

Thank You