1 / 28

Cyberbad Where Spam is leading to

Cyberbad Where Spam is leading to. Phillip Hallam-Baker hallam@dotcrimemanifesto.com. Spam is Criminal Infrastructure. Botnets beget. Spam Adverts for criminal / defective products Phishing Advance Fee Frauds Denial of Service Extortion All Things ‘Cyber-bad’. What is Cyber-Terror?.

keiran
Download Presentation

Cyberbad Where Spam is leading to

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. CyberbadWhere Spam is leading to Phillip Hallam-Baker hallam@dotcrimemanifesto.com

  2. Spam is Criminal Infrastructure

  3. Botnets beget • Spam • Adverts for criminal / defective products • Phishing • Advance Fee Frauds • Denial of Service Extortion • All Things ‘Cyber-bad’

  4. What is Cyber-Terror? Cyber-Bad

  5. Lowering the barriers

  6. Cyber-Bad for Hire • Hacking tools (commodity  ø day exploits) • Stolen credentials • Crime as Service • Spam • Botnets • Unwitting Accomplices (mules) • Receiving stolen goods • Money laundering

  7. Cyber-bad Purposes Vandalism Vigilantism Fraud Terrorism Warfare

  8. Criminals extend reach • Compromise systems during manufacture • Pin Entry Devices compromised during manufacture • Phone home with PIN data to Pakistan • Criminal insiders • Blackmailed or bought prior to hire • US Cert: 41% incidents involve insiders • Soc Generalé demonstrates €bn potential

  9. Internet Crime Isn’t The banks are still where the money is

  10. Russian Business Network

  11. RBN ‘customer’ 1488.ru Cyber Crime to Cyber Terror?

  12. It’s not a new game…

  13. Internet Terrorism Today

  14. Internet = Outreach

  15. Internet = Praxis

  16. Realistic Future Scenarios

  17. Internet = Research • Open Sources • AQ manual claims 80% of information is available • Criminal Expert Sources • Who can tell me X for $100? • Espionage • Find an honest expert, penetrate their machine

  18. Internet Crime = Funding

  19. Internet Crime = Money Laundry

  20. Internet Sabotage = Force Multiplier

  21. Is a Hollywood Scenario likely?

  22. Past Performance is no guarantee…

  23. Security through obscurity works… … until it fails

  24. Fixing the Problem

  25. What is the problem? • Banks • Cost of Internet crime • Direct Losses • Customer Service • Opportunity Losses • National Security • Potential criminal profits • Potential sabotage damage

  26. Are there solutions? • Chip and PIN • Eliminated Card Present Fraud in Europe • Remaining attacks exploit legacy channels • Why not in the US? • Different market structure • Anti-trust used to block changes

  27. Anti-Crime Solutions • Email Authentication • SPF, DKIM, Secure Internet Letterhead • Web Authentication • Extended Validation, Secure Internet Letterhead • Secure Identity • SAML, WS-*, OpenID, OATH, Identity 3.0 • Data Level Security • CRM Infrastructure, Open CRM • Network Security • Reverse Firewalls, DNSSEC, BGP Security • Domain Centric Administration, Default Deny Infrastructure

  28. Conclusions • The threats are real • They are not necessarily Internet threats • But the Internet changes the game • The threats are serious • They may not be “terrorism” as we know it • But they are worth caring about • Criminal infrastructure is an ongoing threat • Some states are playing the privateer game • We cannot rely on international cooperation

More Related