Presented By: Brian Nienhaus
 What
is cybercrime?
 Running a cybercrime syndicate
 Cybercrime attacks
 Countermeasures
 Organization profiles
Who, Where, When, Why
 “The
degree of overlap between
[organized crime and cybercrime] is
likely to increase considerably in the
next few years. This is something that
needs to be recognized by business and
government as an emerging and very
serious threat to cyber-security.”
Cybercrime is…?
 “offenses ranging from criminal activity against
data to content and copyright infringement”
(Council of Europe’s CC Treaty)
 United Nations refers to acts of fraud, forgery
and unauthorized access
“…unlawful acts wherein the computer is
either a tool or a target or both.”.
The Internet encourages anonymity and
is distributed in nature
Many countries have very few laws
addressing cybercrime
 Love Bug Virus
 VB script that spread via email and corrupted
many different file types
 FBI traced the virus to the Philippines
The increasing growth of e-commerce
 22.3% increase in # from 2008
211% increase in financial loss
 Median dollar loss: $575
 Crimes with no documented loss
or harm are not included
Top 5 categories:
Non-delivered merchandise: 19.9%
Identity Theft: 14.1%
Credit Card Fraud: 10.4%
Auction Fraud: 10.3%
Computer Fraud: 7.9%
Usually the work of an
Smaller resource base
Hit and run
Centralized group of
Many based in “hostile”
Extensive access to
Extended operations
Hackers discover vulnerabilities and sell to
the highest bidder
Crimeware suites created and sold to less
technically inclined users
Crimeware-as-a-service mentality
Data supplier model
Pricing profiles introduced
 Credits cards = cheap
 Healthcare info/single logins for organizations = expensive
Cybercrime economy mirrors actual economy
Organized crime closely mimics the
actual economy
 Regionally-specific & enterprise-specific
 Each attack campaign gathered centrally to sell
 Campaigns managed remotely from these
central servers
Data and asset management is just as
essential as in traditional business
(1) Boss deploys malicious code package
(2) Campaign managers retrieve package
and customized as needed
(3) Malicious network used to inject
package into legitimate sites. Commissionbased
(4) Injected code served to users
(5) Toolkit affects individual users
(6) Infection data sent back to central
(7) PII flows back to boss
Example of crimeware toolkit that
originates from Eastern Europe,
primarily Russia and the Ukraine
Utilizes three major components and
powerful encryption:
 ZueS trojan
 ZueS config file
 Specifcation of dropsite
Config file defines subset of targets
ZueS collects session variables during
 Bypasses auth. Mechanisms and piggybacks
 Criminals are able to move money to third
parties in real-time
ZueS Builder provides binary files for
constructing a botnet
How simple is it?
 Number of new ZeuS binaries in the past month:
 Number of new ZeuS binaries seen in the past
week: 4,582
 Number of new ZeuS binaries seen in one day:
Trend Report
ZeuS Video
 Hardware and software keeps getting cheaper
 Combine the Internet and a global scope, the the
potential for attacks is limitless
 Security will always be breached
 Even when laws are passed to increase
technological safeguards, new technology will
always outstrip legislation
 Accepts complaints, investigates, and/or redirects to
appropriate law enforcement
 Joint operations with other agencies
 Publishes cyber-security information
IT Act(2000)
 Attempt to define various electronic specifications:
 Digital Signatures
 Use/Retention of electronic records
 Security
 Certification Authorities
 Offenses