Cyber Threats
Mike Cote
Chairman and CEO
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 1
How many hits
does a search
for the term
'Hacker' in
Google reply
with?
183,000,000
2600 – The Hacker Quarterly
Conferences -
•
Black Hat
•
Welcome to DEFCON®, the Largest
Underground Hacking Convention in ...
Information about the largest annual
hacker convention in the US, including
past speeches, video, archives, and
updates on the next upcoming show as
well as ...
www.defcon.org/ -
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 3
Hackers - First Generation – Lone Wolf
Kevin Mitnick
January 21, 1995
Compromised, DEC, IBM, HP, Motorola, PacBell, NEC, ….
Chen Ing-Hau, 24, Taiwan
Arrested September 15, 2000
CIH (Chernobyl) Virus
Jeffrey Lee Parson, 18, USA
Arrested August 29, 2003
Blaster Worm ('B' variants only), DDoS
Sven Jaschan, 18, Germany
Arrested May 7, 2004
NetSky (Sasser) Worm
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 4
Cyber Criminals - “Proof of Concept” for making $
Farid Essebar, 18, Morocco
Arrested August 25, 2005
Mytob and Zotob (Bozori) Worms
Atilla Ekici, 21, Turkey
Arrested August 25, 2005
Operating Mytob and Zotob botnets
Jeanson James Ancheta, 24, USA
Arrested November 3, 2005
Rxbot zombie networks for hire (spam and DDoS)
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 5
Cyber Gangs – Online Extortion
• DDoS attacks bookmakers in October
2003
• Extortion ($3 million gross)
• Nine arrested on July 20 and 21, 2004
• In October 2006, three were sent to
prison
• The two gang leaders and masterminds
are still at large
• On the Wanted List of the Federal
Security Service (FSB) of the Russian
Federation
Maria Zarubina and Timur
Arutchev
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 6
Cyber Crime Goes Big Time
• London branch of Japan's Sumitomo
Mitsui Bank
• Worked with insiders through
Aharon Abu-Hamra, a 35-year-old
Tel Aviv resident
• Injected a Trojan to gather
credentials to a transfer system
• Attempted to transfer £220 million
into accounts he controlled around
the world
• £13.9 million to his own business
account
Yaron Bolondi, 32, Israel
Arrested March 16, 2005
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 7
Albert Gonzalez – Segvec, Soupnazi, J4guar
• Indicted on Aug 17, 2009
• Stole 130,000,000 credit card numbers
• Worked out of Miami – his one flaw
• Worked as an international organized cybercrime group
– 3 in the Ukraine
• Including Maksik who earned of $11m between 2004-2006
– 2 in China
– 1 from Belarus
– 1 from Estonia
– 1 from unknown location that goes by “Delperiao”
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
8
Page 8
Identity Theft Market Rates
Item
US-Based Credit Card (with CVV)
Full identity (ssn, dob, bank account, credit card, …)
Price
$1 - $6
$14 - $18
Online banking account with $9,900 balance
Compromised computer
Phishing Web site hosting – per site
$300
$6 - $20
$3 - $5
Verified Paypal account with balance
Skype Account
World of Warcraft Account
$50 - $500
$12
$10
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 9
Cyber Crime Trends
$1,200,000
Lone Ranger
Friends
Criminal
Gangs
Criminal
Organizations
$1,000,000
$12,000
$10,000
$800,000
$8,000
$600,000
$6,000
$400,000
$4,000
$200,000
Criminal Gains
Victim Loss
$0
$2,000
$0
Before 2000
2000 - 2003
2003 - 2005
2005 to Present
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 10
Number of attacks monitored by SecureWorks
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
11
Page 11
C2C: Malware/Phishing Kit – “Arms Suppliers”
• Criminal to Criminal – C2C
• Selling malware for "research
only“
• Manuals, translation
• Support / User forums
• Language-specific
• Bargains on mutation engines
and packers
• Referrals to hosting companies
• Generally not illegal
• Operate in countries that shield
them from civil actions
• Makes it easy to enter the
cybercrime market
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 12
C2C – Distribution & Delivery – “Force Suppliers”
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 13
C2C – Exploit – “Intelligence Dealers”
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 14
C2C: Bot Management– “Turn Key Weapons Systems”
• 76service, Nuklus Team
• Botnet Dashboards
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 15
Driving Factors Behind Cyber Crime
•
•
•
•
•
Profitable
Low risk
New services to exploit
Easy (technically)
Easy (morally – you never meet the victim)
Picture provided by
“energizer” hacking group
90 day project take
$300,000 - $500,000
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 16
Cyberwarfare
“Cyberspace is a warfighting domain.”
- Lt. General Robert Elder, Commander 8th Air Force
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 17
In 2007, the FBI reported that there were 108
countries with dedicated cyber-attack
organizations seeking industrial secrets.
http://csis.org/files/media/csis/pubs/081028_threats_working_group.pdf
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
18
Page 18
Leveling the playing field
• Adversaries that cannot match U.S. conventional military strength
have an incentive to employ asymmetric strategies to exploit our
vulnerabilities
– Institute for Security Technology Studies at Dartmouth College
• The Chinese want to dominate this information space. So, they want
to develop the capability of attacking our "information advantage"
while denying us this capability
– Mike McConnell – Director of National Intelligence
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 19
China
• Most skilled vulnerability researchers in the world
• Very capable at command & control networks
• Objective is to steal intellectual property
• Information warfare
– as a tool of war,
– as a way to achieve victory without war
– as a means to enhance stability.
• Strategy
– “100 Grains of Sand” – infiltrate as many networked systems as
possible and lie in wait for sensitive data and/or command and
control access.
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
20
Page 20
Whitehouse email compromised – Nov, 2008
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
21
Page 21
The federal government reported 18,050
cybersecurity breaches in fiscal year 2008
Source: Department of Homeland Security
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
22
Page 22
Joint Strike Fighter
• Compromise reported April
2009, started as early as 2007
• $300 Billion project – costliest
in US DOD history
• Several Terabytes of data
stolen about electronic
systems
– Most sensitive secrets not
compromised
“United States is under cyber-attack
virtually all the time, every day”
- Robert Gates Secretary of Defense
• Source of attacks appear to
be China
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
23
Page 23
Russia
• Russian has been relatively silent on its
Strategy for Cyberwar
• Cyber-Activism
– Estonia
– Lithuania
– Ukraine
• Cyber-War
– Chechen Rebels during NordOst
Hostage Crisis
– Georgia Conflict
– Krgyzstan
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
24
Page 24
Cyber-Activism – Proof of Concept
• Estonia knocked offline
for moving a Soviet Era
WWII war memorial
• 300 Lithuanian Web sites defaced with Soviet
Symbols by Russians after Lithuanian law banned
use of Soviet symbols
• Ukrainian President’s website hacked after
expressing interest in joining NATO
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
25
Page 25
CyberWarfare – Russian Georgia Conflict - IWar
• Physical and cyber warfare
operations coincided with the final
"All Clear" for Russian Air Force
between 0600 and 0700 on August
9,2008
• Physical and cyber warfare shared
targets, media outlets and local
government communication
systems in the city of Gori
• Further cyber warfare operations
against new targets in Gori
coincided with traditional physical
warfare target
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 26
Russia's Cyber Militia – Distribution of “Bots”
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 27
StopGeorgia.ru
Hosted by Softlayer in
Plano Texas.
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
28
Page 28
Fourth of July DDoS attacks
• July 4 – July 9, 2009 DDOS Attacks www.dhs.gov
•
•
•
finance.yahoo.com
www.dot.gov
travel.state.gov
www.faa.gov
www.amazon.com
Approximately 20,000 attacking
hosts (at $0 cost to the attacker) www.ftc.gov
www.usbank.com
www.nasdaq.com www.yahoo.gov
www.nsa.gov
www.marketwatch.com
Most attacking hosts were in
www.nyse.com
www.washingtonpost.com
South Korea
www.state.gov
www.usauctionslive.gov
www.usps.gov
www.umarketwatch.com
Popular Peer to Peer filesharing
network in South Korea hacked to www.ustreas.gov
www.voa.gov
spread malware and enlist
www.whitehouse.gov
machines to attack
www.defenselink.mil
• Many government critical
infrastructure sites down for
several days
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
Page 29
Project Aurora
• Destruction of a $1M power
generator by compromising
the control network for the
generator
• DHS Project Aurora
•
http://www.youtube.com/watch?v=fJyWngDco3g
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
30
Page 30
State of Cyber Attacks and the problems
• There are no international boundaries on the Internet
• There are safe havens for criminals where they may operate without
consequence. Some havens provided in return for services or technology
• Governments enlisting the services of traditional cybercrime criminals to advance
their information warfare capabilities.
• Governments funding training programs for information warfare
• Cost of CyberAttacks is decreasing, effectiveness is increasing.
• Cyberspace is part of the battlefield of the 21st Century
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
31
Page 31
Balance of Military Might?
•
•
•
•
Release of Dams
Disruption of air traffic flow
Destruction of power substations
Disruption of First Responders and Emergency services during a
terrorist attack
• Integrity in the financial system leading to lack of consumer
confidence
• Disruption of law enforcement and tainting of evidence
• Corruption, tainting of food supply
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
32
Page 32
Questions?
The Information Security Experts
Copyright © 2009 SecureWorks, Inc. All rights reserved.
www.secureworks.com
33
Page 33