Presented By: Brian Nienhaus What is cybercrime? Running a cybercrime syndicate Cybercrime attacks Countermeasures Organization profiles Who, Where, When, Why “The degree of overlap between [organized crime and cybercrime] is likely to increase considerably in the next few years. This is something that needs to be recognized by business and government as an emerging and very serious threat to cyber-security.” Cybercrime is…? “offenses ranging from criminal activity against data to content and copyright infringement” (Council of Europe’s CC Treaty) United Nations refers to acts of fraud, forgery and unauthorized access “…unlawful acts wherein the computer is either a tool or a target or both.”. The Internet encourages anonymity and is distributed in nature Many countries have very few laws addressing cybercrime Love Bug Virus VB script that spread via email and corrupted many different file types FBI traced the virus to the Philippines The increasing growth of e-commerce 22.3% increase in # from 2008 211% increase in financial loss Median dollar loss: $575 Crimes with no documented loss or harm are not included Top 5 categories: Non-delivered merchandise: 19.9% Identity Theft: 14.1% Credit Card Fraud: 10.4% Auction Fraud: 10.3% Computer Fraud: 7.9% UNORGANIZED Usually the work of an individual Decentralized Smaller resource base Hit and run mentality/opportunistic ORGANIZED Centralized group of criminals Many based in “hostile” nation Extensive access to resources/business connections Extended operations Hackers discover vulnerabilities and sell to the highest bidder Crimeware suites created and sold to less technically inclined users Crimeware-as-a-service mentality Data supplier model Pricing profiles introduced Credits cards = cheap Healthcare info/single logins for organizations = expensive Cybercrime economy mirrors actual economy Organized crime closely mimics the actual economy Regionally-specific & enterprise-specific campaign Each attack campaign gathered centrally to sell Campaigns managed remotely from these central servers Data and asset management is just as essential as in traditional business (1) Boss deploys malicious code package (2) Campaign managers retrieve package and customized as needed (3) Malicious network used to inject package into legitimate sites. Commissionbased (4) Injected code served to users (5) Toolkit affects individual users (6) Infection data sent back to central location (7) PII flows back to boss Example of crimeware toolkit that originates from Eastern Europe, primarily Russia and the Ukraine Utilizes three major components and powerful encryption: ZueS trojan ZueS config file Specifcation of dropsite Config file defines subset of targets ZueS collects session variables during sessions Bypasses auth. Mechanisms and piggybacks session Criminals are able to move money to third parties in real-time ZueS Builder provides binary files for constructing a botnet How simple is it? Number of new ZeuS binaries in the past month: 18,985 Number of new ZeuS binaries seen in the past week: 4,582 Number of new ZeuS binaries seen in one day: 977 Trend Report ZeuS Video Consider: Hardware and software keeps getting cheaper Combine the Internet and a global scope, the the potential for attacks is limitless Security will always be breached Even when laws are passed to increase technological safeguards, new technology will always outstrip legislation I3C Accepts complaints, investigates, and/or redirects to appropriate law enforcement Joint operations with other agencies Publishes cyber-security information IT Act(2000) Attempt to define various electronic specifications: Digital Signatures Use/Retention of electronic records Security Certification Authorities Offenses http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://www.ic3.gov/media/annualreport/2009_IC3Report.p df http://us.trendmicro.com/imperia/md/content/us/trendwat ch/researchandanalysis/zeusapersistentcriminalenterprise. pdf http://www.legalserviceindia.com/cyber/itact.html http://www.symantec.com/norton/cybercrime/definition.js p http://www.securityworld.com/ia-420-love-bug-virus.aspx http://www.finjan.com/Content.aspx?id=827