Transcript Cyber Crime and Cyber Terrorism

Cyberbad
Where Spam is leading to
Phillip Hallam-Baker
[email protected]
Spam is Criminal Infrastructure
Botnets
Spam
Botnets beget
• Spam
– Adverts for criminal / defective products
– Phishing
– Advance Fee Frauds
• Denial of Service Extortion
• All Things ‘Cyber-bad’
What is Cyber-Terror?
Cyber-Bad
Lowering the barriers
Cyber-Bad for Hire
• Hacking tools (commodity  ø day exploits)
• Stolen credentials
• Crime as Service
– Spam
– Botnets
• Unwitting Accomplices (mules)
– Receiving stolen goods
– Money laundering
Cyber-bad Purposes
Vandalism
Vigilantism
Fraud
Terrorism
Warfare
Criminals extend reach
• Compromise systems during manufacture
– Pin Entry Devices compromised during
manufacture
• Phone home with PIN data to Pakistan
• Criminal insiders
– Blackmailed or bought prior to hire
– US Cert: 41% incidents involve insiders
• Soc Generalé demonstrates €bn potential
Internet Crime Isn’t
The banks are still where the money is
Russian Business Network
Cyber Crime to Cyber Terror?
• RBN ‘customer’ 1488.ru
It’s not a new game…
Internet Terrorism Today
Internet = Outreach
Internet = Praxis
Realistic Future Scenarios
Internet = Research
• Open Sources
– AQ manual claims 80% of information is available
• Criminal Expert Sources
– Who can tell me X for $100?
• Espionage
– Find an honest expert, penetrate their machine
Internet Crime = Funding
Internet Crime = Money Laundry
Internet Sabotage = Force Multiplier
Is a Hollywood Scenario likely?
Past Performance is no guarantee…
Security through obscurity works…
… until it fails
Fixing the Problem
What is the problem?
• Banks
– Cost of Internet crime
• Direct Losses
• Customer Service
• Opportunity Losses
• National Security
– Potential criminal profits
– Potential sabotage damage
Are there solutions?
• Chip and PIN
– Eliminated Card Present Fraud in Europe
• Remaining attacks exploit legacy channels
• Why not in the US?
– Different market structure
– Anti-trust used to block changes
Anti-Crime Solutions
• Email Authentication
– SPF, DKIM, Secure Internet Letterhead
• Web Authentication
– Extended Validation, Secure Internet Letterhead
• Secure Identity
– SAML, WS-*, OpenID, OATH, Identity 3.0
• Data Level Security
– CRM Infrastructure, Open CRM
• Network Security
– Reverse Firewalls, DNSSEC, BGP Security
– Domain Centric Administration, Default Deny Infrastructure
Conclusions
• The threats are real
– They are not necessarily Internet threats
– But the Internet changes the game
• The threats are serious
– They may not be “terrorism” as we know it
– But they are worth caring about
• Criminal infrastructure is an ongoing threat
– Some states are playing the privateer game
– We cannot rely on international cooperation