Transcript Slide 1
Cyber Threats Mike Cote Chairman and CEO
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 1
How many hits does a search for the term
'Hacker
' in Google reply with?
183,000,000
2600 – The Hacker Quarterly Conferences • Black Hat •
Welcome to DEFCON®, the Largest Underground Hacking Convention in ...
Information about the largest annual hacker convention in the US, including past speeches, video, archives, and updates on the next upcoming show as well as ...
www.defcon.org/ -
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 3
Hackers - First Generation – Lone Wolf
Kevin Mitnick January 21, 1995 Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, ….
Chen Ing-Hau, 24, Taiwan Arrested September 15, 2000 CIH (Chernobyl) Virus Jeffrey Lee Parson, 18, USA Arrested August 29, 2003 Blaster Worm ('B' variants only), DDoS Sven Jaschan, 18, Germany Arrested May 7, 2004 NetSky (Sasser) Worm The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 4 www.secureworks.com
Cyber Criminals - “Proof of Concept” for making $ Farid Essebar, 18, Morocco Arrested August 25, 2005 Mytob and Zotob (Bozori) Worms Atilla Ekici, 21, Turkey Arrested August 25, 2005 Operating Mytob and Zotob botnets www.secureworks.com
Jeanson James Ancheta, 24, USA Arrested November 3, 2005 Rxbot zombie networks for hire (spam and DDoS) The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 5
Cyber Gangs – Online Extortion • • • • • • DDoS attacks bookmakers in October 2003 Extortion ($3 million gross) Nine arrested on July 20 and 21, 2004 In October 2006, three were sent to prison The two gang leaders and masterminds are still at large On the Wanted List of the Federal Security Service (FSB) of the Russian Federation Maria Zarubina and Timur Arutchev www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 6
Cyber Crime Goes Big Time • • • • • London branch of Japan's Sumitomo Mitsui Bank Worked with insiders through Aharon Abu-Hamra, a 35-year-old Tel Aviv resident Injected a Trojan to gather credentials to a transfer system Attempted to transfer £220 million into accounts he controlled around the world £13.9 million to his own business account Yaron Bolondi, 32, Israel Arrested March 16, 2005 www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 7
Albert Gonzalez – Segvec, Soupnazi, J4guar
• Indicted on Aug 17, 2009 • Stole 130,000,000 credit card numbers • Worked out of Miami – his one flaw • Worked as an international organized cybercrime group – 3 in the Ukraine • Including Maksik who earned of $11m between 2004-2006 – 2 in China – 1 from Belarus – – 1 from Estonia 1 from unknown location that goes by “Delperiao” The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
8 Page 8 www.secureworks.com
Identity Theft Market Rates
Item
US-Based Credit Card (with CVV) Full identity (ssn, dob, bank account, credit card, …) Online banking account with $9,900 balance Compromised computer Phishing Web site hosting – per site Verified Paypal account with balance Skype Account World of Warcraft Account
Price
$1 - $6 $14 - $18 $300 $6 - $20 $3 - $5 $50 - $500 $12 $10 The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 9 www.secureworks.com
Cyber Crime Trends
$1 200 000 $1 000 000 $800 000 $600 000 $400 000 $200 000 $0 Lone Ranger Before 2000 Friends 2000 - 2003
www.secureworks.com
Criminal Gangs Criminal Organizations $12 000 $10 000 $8 000 $6 000 $4 000 2003 - 2005 Criminal Gains Victim Loss $2 000 $0 2005 to Present
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 10
Number of attacks monitored by SecureWorks
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
11 Page 11
C2C: Malware/Phishing Kit – “Arms Suppliers”
•
Criminal to Criminal – C2C
• • • • • • • • • Selling malware for "research only“ Manuals, translation Support / User forums Language-specific Bargains on mutation engines and packers Referrals to hosting companies Generally not illegal Operate in countries that shield them from civil actions Makes it easy to enter the cybercrime market The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 12 www.secureworks.com
C2C – Distribution & Delivery – “Force Suppliers”
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 13
C2C – Exploit – “Intelligence Dealers”
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 14
C2C: Bot Management– “Turn Key Weapons Systems”
• • 76service, Nuklus Team Botnet Dashboards The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 15 www.secureworks.com
Driving Factors Behind Cyber Crime
• • • • • Profitable Low risk New services to exploit Easy (technically) Easy (morally – you never meet the victim)
Picture provided by “energizer” hacking group 90 day project take $300,000 - $500,000
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 16
Cyber
warfare
“Cyberspace is a warfighting domain.” - Lt. General Robert Elder, Commander 8 th Air Force The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 17
In 2007, the FBI reported that there were 108 countries with dedicated cyber-attack organizations seeking industrial secrets.
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
18 Page 18
Leveling the playing field
• Adversaries that cannot match U.S. conventional military strength have an incentive to employ asymmetric strategies to exploit our vulnerabilities – Institute for Security Technology Studies at Dartmouth College • The Chinese want to dominate this information space. So, they want to develop the capability of attacking our "information advantage" while denying us this capability – Mike McConnell – Director of National Intelligence The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 19 www.secureworks.com
China
• • • Most skilled vulnerability researchers in the world Very capable at command & control networks Objective is to steal intellectual property • • Information warfare – as a tool of war, – – as a way to achieve victory without war as a means to enhance stability. Strategy –
“100 Grains of Sand” – infiltrate as many networked systems as possible and lie in wait for sensitive data and/or command and control access.
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
20 Page 20 www.secureworks.com
Whitehouse email compromised – Nov, 2008
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
21 Page 21
The federal government reported 18,050 cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
22 Page 22
Joint Strike Fighter
• Compromise reported April 2009, started as early as 2007 • $300 Billion project – costliest in US DOD history “United States is under cyber-attack virtually all the time, every day” - Robert Gates Secretary of Defense www.secureworks.com
• Several Terabytes of data stolen about electronic systems – Most sensitive secrets not compromised • Source of attacks appear to be China The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
23 Page 23
Russia
• Russian has been relatively silent on its Strategy for Cyberwar • Cyber-Activism – – Estonia Lithuania – Ukraine •
Cyber-War
–
Chechen Rebels during NordOst Hostage Crisis
–
Georgia Conflict
–
Krgyzstan
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
24 Page 24
Cyber-Activism – Proof of Concept
• Estonia knocked offline for moving a Soviet Era WWII war memorial • 300 Lithuanian Web sites defaced with Soviet Symbols by Russians after Lithuanian law banned use of Soviet symbols • Ukrainian President’s website hacked after expressing interest in joining NATO The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
25 Page 25 www.secureworks.com
CyberWarfare – Russian Georgia Conflict - IWar • Physical and cyber warfare operations coincided with the final "All Clear" for Russian Air Force between 0600 and 0700 on August 9,2008 • Physical and cyber warfare shared targets, media outlets and local government communication systems in the city of Gori • Further cyber warfare operations against new targets in Gori coincided with traditional physical warfare target www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 26
Russia's Cyber Militia – Distribution of “Bots”
www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 27
StopGeorgia.ru
Hosted by
Softlayer
in Plano Texas.
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
28 Page 28 www.secureworks.com
Fourth of July DDoS attacks
• • • • • July 4 – July 9, 2009 DDOS Attacks www.
dhs
.gov
finance.yahoo
.com
www.
dot
.gov
travel.
state
.gov
Approximately 20,000 attacking hosts (at $0 cost to the attacker) www.
faa
.gov
www.
ftc
.gov
www.
amazon
.com
www.
usbank
.com
www.
nasdaq
.com
www.
yahoo
.gov
Most attacking hosts were in South Korea www.
nsa
.gov
www.
nyse
.com
www.
marketwatch
.com
www.
washingtonpost
.com
www.
state
.gov
www.
usauctionslive
.gov
Popular Peer to Peer filesharing network in South Korea hacked to spread malware and enlist machines to attack www.
usps
.gov
www.
ustreas
.gov
www.
voa
.gov
www.
umarketwatch
.com
www.
whitehouse
.gov
www.
defenselink
.mil
Many government critical infrastructure sites down for several days www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
Page 29
Project Aurora
• Destruction of a $1M power generator by compromising the control network for the generator • DHS Project Aurora • http://www.youtube.com/watch?v=fJyWngDco3g www.secureworks.com
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
30 Page 30
State of Cyber Attacks and the problems
• There are no international boundaries on the Internet • There are safe havens for criminals where they may operate without consequence. Some havens provided in return for services or technology • Governments enlisting the services of traditional cybercrime criminals to advance their information warfare capabilities. • Governments funding training programs for information warfare •
Cost of CyberAttacks is decreasing, effectiveness is increasing.
•
Cyberspace is part of the battlefield of the 21 st Century
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
31 Page 31 www.secureworks.com
Balance of Military Might?
• • • • • • • Release of Dams Disruption of air traffic flow Destruction of power substations Disruption of First Responders and Emergency services during a terrorist attack Integrity in the financial system leading to lack of consumer confidence Disruption of law enforcement and tainting of evidence Corruption, tainting of food supply The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
32 Page 32 www.secureworks.com
Questions?
The Information Security Experts Copyright © 2009 SecureWorks, Inc. All rights reserved.
33 Page 33