New Canaan Senior Men's Club

advertisement
An Executive Briefing
Cybercrime
A Private Presentation, 9/16/05
1
Cyberspace 2005 : Growing Opportunities for Crime
•
•
•
•
•
•
•
1 billion people on Internet
10 Billion Web pages accessible on Internet
12% of global trade via Internet
7.7% of U.S. consumer spending
1.4+ Billion Internet Auctions
2.2+ Billion Google searches/month
2+ trillion U.S. e-mails/year
A Private Presentation, 9/16/05
2
Who Are the Attackers?
 Hackers
Robot Network Operators; Phishers; Malware Authors; Spam
 Criminals
 Impersonators; Fraud Operatives; Extortion Rackets
 Spies
Insiders; Corporate Spies; Foreign Intelligence Services
 Terrorists
Spooking Defenses; Denial of Service
A Private Presentation, 9/16/05
3
Part - 1
 Hackers
 Criminals
 Spies
 Terrorists
A Private Presentation, 9/16/05
4
Cops and
Robbers
Share
Identical
Information
A Private Presentation, 9/16/05
5
Tools are Readily Available
SOURCE: http://www.hackershomepage.com/
A Private Presentation, 9/16/05
6
Similar Catalogs Offer A Wide Range of Hacking Tools
A Private Presentation, 9/16/05
7
From Hackershomepage.com Advertisement
• 800b MSR206 MAGNETIC STRIPE CARD
READER/WRITER
• THIS IS THE DEVICE EVERYONE HAS
BEEN ASKING FOR.
• This device will allow you to change the
information on magnetic stripe cards,
on ALL 3 tracks.
• It will also allow you to write to new
cards.
A Private Presentation, 9/16/05
8
From Hackershomepage.com Advertisement
• 701 COMPUTER KEYSTROKE GRABBER
• Use this device to capture ALL
keystrokes on a computer including
user name and password.
• Password will be in plain text and not
echoed like "********". This device will
grab email and system passwords.
A Private Presentation, 9/16/05
9
Partial List How to Make Virus and Criminal Software
123Mania
2020Search
404Search
7FaSSt
AccessPlugin
ActualNames
ACXInstall
AdBreak
AdRoar
AdultBox
AdultLinks
Aornum
AproposMedia
ASpam
AutoSearch
AutoStartup
BargainBuddy
BDE
BookedSpace
BroadcastPC
BrowserAid
BrowserToolbar
Bulla
ClearSearch
ClickTheButton
ClientMan
CnsMin
CometCursor
Comload
CommonName
CoolWebSearch
CrackedEarth
CustomToolbar
Cytron
DailyToolbar
DailyWinner
DialerActiveX
DialerMaker
DialerOffline
DialXS
DownloadPlus
DownloadReceiver
DownloadWare
E2Give
EasySearchBar
Enconfidence
eStart
eXactSearch
ezCyberSearch
ezSearching
FastVideoPlayer
FavoriteMan
FlashTrack
FreeScratchAndWin
FreshBar
GAMsys
Gator
GlobalNetcom
GogoTools
GrandStreet
Gratisware
Httper
HuntBar
Hyperlinker
IEAccess
IEDriver
IEMonit
IEPlugin
IETray
IGetNet
ILookup
InetSpeak
InternetOptimizer
InternetWasher
IPInsight
ISTbar
KeenValue
Keywords
LinkReplacer
lop
MagicControl
MarketScore
MasterDialer
MatrixDialer
MediaTickets
MediaUpdate
Meridian
MoneyTree
MoreResults
MyPageFinder
MySearch
Naupoint
NavExcel
nCase
NeoToolbar
NetPal
NetShagg
NetworkEssentials
NewDotNet
NewtonKnows
NowBox
Onflow
OnlineDialer
PerfectNav
PerMedia
PowerStrip
Pugi
PurityScan
RapidBlaster
RelatedLinks
RichFind
Roimoi
SaveNow
SCAgent
SearchAndBrowse
Searchex
Searchfst
SearchRelevancy
SearchSprint
SearchSquire
A Private Presentation, 9/16/05
SearchWWW
ShopAtHomeSelect
ShopNav
Sidesearch
SmartBrowser
SmartestSearch
SpecialOffers
SpyBlast
SRE
StarDialer
StripPlayer
SubSearch
Supaseek
SuperBar
SuperSpider
Surfairy
SVAPlayer
SvcMM
TargetSaver
TinyBar
ToolbarCC
TopConverting
TOPicks
TopText
Transponder
Tubby
TVMedia
UCmore
UCSearch
VistaBar
10
Password Cracking Tool
A Private Presentation, 9/16/05
11
Password Cracker Shopping List
A Private Presentation, 9/16/05
12
Example of Malware Marketplace
A Private Presentation, 9/16/05
13
Part - 2
 Hackers
 Criminals
 Spies
 Terrorists
A Private Presentation, 9/16/05
14
What Is the Problem?
• 27.3 Million Americans in last five years were
victims of identity theft.
• 57 Million of US adults who were recipients of
attempts to steal their electronic identification.
A Private Presentation, 9/16/05
15
What’s the Corporate Cost of Cybercrime?
• $48 Billion total loss to businesses.
• $2.6 Billion writeoffs taken by on-line
merchants in 2004. Equals 2% of sales.
• $5.8 Billion cost for business security.
• 75% of the losses caused by insiders.
A Private Presentation, 9/16/05
16
NYTimes,
6/18/05
A Private Presentation, 9/16/05
17
A Long List of Known Compromises
• Loss of tapes by Citigroup, compromising 3.9 million
accounts;
• Theft of account information by former employees of
the Bank of America (108,000 accounts);
• Loss of 16,500 employees' details at MCI, stolen from
laptop in a garage;
• Loss of back-up tapes containing 1.2 million charge
card holder details at the Bank of America;
• Credit information about 145,000 accounts, stolen
from Choicepoint, an information services company.
A Private Presentation, 9/16/05
18
How It Works (Simplified Version)
1. Bank issues credit card to Customer.
2. Customer pays Merchant with credit card.
3. Merchant passes credit card to Payment
Processor.
4. Payment Processor approves Customer
and gives OK to Merchant to deliver.
5. Payment Processor bills Bank.
6. Bank bills Customer.
A Private Presentation, 9/16/05
19
Points of Vulnerability
Customer Applies
Bank Issues Credit Card
Customer Uses Card
Merchant Receives Card
Payment Processor Receives Card
100+ Computers
1,000+ Phone Links
10+ Databases
100M Lines of Code
1,000+ Operators
10,000+ Maintainers
Payment Processor Bills Bank
A Private Presentation,
Customer
Pays 9/16/05
20
Impersonation (Identity Theft) Statistics
• 700,000 identity theft victims a year.
• Most learn about identity theft 12
months after it has occurred.
• More than half of victims report their
cases have been opened an average of
44 months.
• Victims report they've spent an average
of 175 hours actively trying to clear
their names.
SOURCES: FTC Clearinghouse Report, FBI Law Enforcement Bulletin and Security Management Magazine
A Private Presentation, 9/16/05
21
Phishing
• Setting up a fake store front that looks
like the real one to trick people; usually
to steal their personal information.
• 20 million+ attacks/month
• Named after Brien Phish who set up a
credit card scam in the 1980s over the
phone by pretending to be from the
credit card company.
A Private Presentation, 9/16/05
22
Pharming
• A message to a bank is redirected to an
address that the user did not intend.
• Usually done to extract personal
information from the user into the
hands of a hacker.
A Private Presentation, 9/16/05
23
Spear Phishing
From: NAVY.MIL E-MAIL SERVER
HTTP:/WWW.NAVY.MIL
COMNAVSURFLANT
1. MAIN MAILING SERVER WILL BE UNAVAIBLE
FOR NEXT TWO DAYS.
2. TO CONTINUE RECEIVING MAIL YOU HAVE TO
CONFIGURE AUTO-FORWARDING SERVICE.
3. FILL ATTACHED FORM MIL-005698/135.2
A Private Presentation, 9/16/05
24
Fake Security Message
A Private Presentation, 9/16/05
25
A Fake Security Checkup
A Private Presentation, 9/16/05
26
Invitation to Commit a Criminal Act
A Private Presentation, 9/16/05
27
Organization to Exploit Identify Theft (The ShadowCrew Case)
Enforcers (2-6)
Moderators (12-24)
Reviewers (100+)
Make sure payments are made
Administer Discussion “Forums”
offer “Tutorials”. Organize.
Examine offerings, Evaluate
$ gains, Post Reviews
Sellers (100 - 200)
Acquire identity sources,
Advertise and deliver
“merchandise”,
Money Launderers (few)
Conversion to and from
Electronic credits to cash.
A Private Presentation, 9/16/05
28
Sale of Credit Cards
• Forum.carderplanet.net offered credit cards.
• USD $200.00 - 300 USA credit cards without cvv2
code: credit card number, exp. day. cardholder billing
address,zip,state).
• USD $200.00 - 50 USA credit cards with cvv2 code:
credit card number, exp. day. cardholder billing
address & CVV code from the back side of the card).
• Also cards with SSN+DOB at $40 each.
• Minimal deal $200
A Private Presentation, 9/16/05
29
Part - 3
 Hackers
 Criminals

Spies
 Terrorists
A Private Presentation, 9/16/05
30
Parasitic Software
Spyware: Software that leaks information to a
third party.
Adware: Software that shows advertising
materials to its user.
Browser Hijackers: Software that changes
browser settings to point users elsewhere.
Backdoors: Software that can cause other
untrusted software to be installed.
Cookies: A record about browser searches.
A Private Presentation, 9/16/05
31
Worms
• A computer Worm is a self-replicating
computer program.
• A Worm is self-contained and and can selfreproduce itself to other computers.
• A common payload is to install a Backdoor
into the infected computer to convert them to
Zombies.
A Private Presentation, 9/16/05
32
Zombie Computer
• A zombie computer performs malicious tasks
under the direction of the hacker.
• Owners are unaware.
• Over 50% of all spam worldwide is now sent
by zombies.
A Private Presentation, 9/16/05
33
Spyware
Spyware Worms have the ability to selfreplicate without a host program and send
information from a computer to a third party
without the user's permission or knowledge.
A Private Presentation, 9/16/05
34
Flaws in Cyber-Crime Protection
•
•
•
•
•
•
•
•
Banks pass risks to merchants;
Credit cards easy to get;
Privacy laws inhibit fraud detection;
Audits only of financial assets, not data integrity,
Software firms have no liability;
Legal protection of cyber-crime insufficient;
FBI has totally insufficient resources;
Apprehension and then prosecution very hard.
A Private Presentation, 9/16/05
35
Prosecution is Not a Deterrent
Nigeria Woman in $242M E-mail Fraud Case
LAGOS (Reuters)—A Nigerian court has
sentenced a woman to two and half years in jail
…and a $15,000 fine.
A Private Presentation, 9/16/05
36
Do Not Expect Help
A Private Presentation, 9/16/05
37
Part - 4
 Hackers
 Criminals
 Spies

Terrorists
A Private Presentation, 9/16/05
38
What is Cyber-Terror?
• Terrorism is violence to intimidate or coerce
the target.
• Objectives are primarily political and social or
economic in case of extortion.
• Cyber-terror is the exploitation of computing
for acts of terrorism.
A Private Presentation, 9/16/05
39
Global View
of Internet
Connectivity
A Private Presentation, 9/16/05
USA
40
US Internet Backbone Concentrated in a Few Switches
A Private Presentation, 9/16/05
41
Current Prospects
•
•
•
•
Rising U.S. dominance in world trade.
U.S. information superiority.
Rapidly escalating anti-U.S. hostility.
Military actions combined with cyberterrorism
acts.
• Damage U.S. economic power and
functioning of the U.S. civil society through
cyberterrorism.
A Private Presentation, 9/16/05
42
A Cyber-Terror List
•
•
•
•
•
•
•
Stop trading on Stock Exchanges
Interrupt VISA processing
Corrupt Medicare/Medicaid Database
Prevent payments of Social Security
Disable Motor Vehicle registration data
Damage Internet Routing Tables
Deny Internet access to the Military
A Private Presentation, 9/16/05
43
Data on Detected Attacks on the Department of Defense
Number of Cyber-attacks on DoD
80,000
70,000
60,000
50,000
40,000
30,000
20,000
10,000
0
1997 1998 1999 2000 2001 2002 2003 2004
A Private Presentation, 9/16/05
44
Advice
Learn How to Operate in Cyberspace
A Private Presentation, 9/16/05
45
Deploy a Spam and Malware Catchers
A Private Presentation, 9/16/05
46
1,333 Intruders Caught in one Week
A Private Presentation, 9/16/05
47
Allow only Approved Senders to Pass Through
A Private Presentation, 9/16/05
48
Use Rapidly Changing Passwords
A Private Presentation, 9/16/05
49
Keep 495 Members of InfraGard in Connecticut Informed
QuickTime™ and a
TIFF (U ncompressed) decompressor
are needed to see t his picture.
https://secure.infragard-ct.org/
A Private Presentation, 9/16/05
50
Download