1 / 50

An Executive Briefing

An Executive Briefing. Cybercrime. Cyberspace 2005 : Growing Opportunities for Crime . 1 billion people on Internet 10 Billion Web pages accessible on Internet 12% of global trade via Internet 7.7% of U.S. consumer spending 1.4+ Billion Internet Auctions

naava
Download Presentation

An Executive Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Executive Briefing Cybercrime A Private Presentation, 9/16/05

  2. Cyberspace 2005 : Growing Opportunities for Crime • 1 billion people on Internet • 10 Billion Web pages accessible on Internet • 12% of global trade via Internet • 7.7% of U.S. consumer spending • 1.4+ Billion Internet Auctions • 2.2+ Billion Google searches/month • 2+ trillion U.S. e-mails/year A Private Presentation, 9/16/05

  3. Who Are the Attackers? • Hackers • Robot Network Operators; Phishers; Malware Authors; Spam • Criminals • Impersonators; Fraud Operatives; Extortion Rackets • Spies • Insiders; Corporate Spies; Foreign Intelligence Services • Terrorists • Spooking Defenses; Denial of Service A Private Presentation, 9/16/05

  4. Part - 1 • Hackers • Criminals • Spies • Terrorists A Private Presentation, 9/16/05

  5. Cops andRobbersShareIdenticalInformation A Private Presentation, 9/16/05

  6. Tools are Readily Available SOURCE: http://www.hackershomepage.com/ A Private Presentation, 9/16/05

  7. Similar Catalogs Offer A Wide Range of Hacking Tools A Private Presentation, 9/16/05

  8. From Hackershomepage.com Advertisement • 800b MSR206 MAGNETIC STRIPE CARD READER/WRITER • THIS IS THE DEVICE EVERYONE HAS BEEN ASKING FOR. • This device will allow you to change the information on magnetic stripe cards, on ALL 3 tracks. • It will also allow you to write to new cards. A Private Presentation, 9/16/05

  9. From Hackershomepage.com Advertisement • 701 COMPUTER KEYSTROKE GRABBER • Use this device to capture ALL keystrokes on a computer including user name and password. • Password will be in plain text and not echoed like "********". This device will grab email and system passwords. A Private Presentation, 9/16/05

  10. Partial List How to Make Virus and Criminal Software A Private Presentation, 9/16/05

  11. Password Cracking Tool A Private Presentation, 9/16/05

  12. Password Cracker Shopping List A Private Presentation, 9/16/05

  13. Example of Malware Marketplace A Private Presentation, 9/16/05

  14. Part - 2 • Hackers • Criminals • Spies • Terrorists A Private Presentation, 9/16/05

  15. What Is the Problem? • 27.3 Million Americans in last five years were victims of identity theft. • 57 Million of US adults who were recipients of attempts to steal their electronic identification. A Private Presentation, 9/16/05

  16. What’s the Corporate Cost of Cybercrime? • $48 Billion total loss to businesses. • $2.6 Billion writeoffs taken by on-line merchants in 2004. Equals 2% of sales. • $5.8 Billion cost for business security. • 75% of the losses caused by insiders. A Private Presentation, 9/16/05

  17. NYTimes, 6/18/05 A Private Presentation, 9/16/05

  18. A Long List of Known Compromises • Loss of tapes by Citigroup, compromising 3.9 million accounts; • Theft of account information by former employees of the Bank of America (108,000 accounts); • Loss of 16,500 employees' details at MCI, stolen from laptop in a garage; • Loss of back-up tapes containing 1.2 million charge card holder details at the Bank of America; • Credit information about 145,000 accounts, stolen from Choicepoint, an information services company. A Private Presentation, 9/16/05

  19. How It Works (Simplified Version) • Bank issues credit card to Customer. • Customer pays Merchant with credit card. • Merchant passes credit card to Payment Processor. • Payment Processor approves Customer and gives OK to Merchant to deliver. • Payment Processor bills Bank. • Bank bills Customer. A Private Presentation, 9/16/05

  20. Points of Vulnerability Customer Applies Bank Issues Credit Card Customer Uses Card 100+ Computers 1,000+ Phone Links 10+ Databases 100M Lines of Code 1,000+ Operators 10,000+ Maintainers Merchant Receives Card Payment Processor Receives Card Payment Processor Bills Bank Customer Pays A Private Presentation, 9/16/05

  21. Impersonation (Identity Theft) Statistics • 700,000 identity theft victims a year. • Most learn about identity theft 12 months after it has occurred. • More than half of victims report their cases have been opened an average of 44 months. • Victims report they've spent an average of 175 hours actively trying to clear their names. SOURCES: FTC Clearinghouse Report, FBI Law Enforcement Bulletin and Security Management Magazine A Private Presentation, 9/16/05

  22. Phishing • Setting up a fake store front that looks like the real one to trick people; usually to steal their personal information. • 20 million+ attacks/month • Named after Brien Phish who set up a credit card scam in the 1980s over the phone by pretending to be from the credit card company. A Private Presentation, 9/16/05

  23. Pharming • A message to a bank is redirected to an address that the user did not intend. • Usually done to extract personal information from the user into the hands of a hacker. A Private Presentation, 9/16/05

  24. Spear Phishing From: NAVY.MIL E-MAIL SERVER HTTP:/WWW.NAVY.MIL COMNAVSURFLANT MAIN MAILING SERVER WILL BE UNAVAIBLE FOR NEXT TWO DAYS. 2. TO CONTINUE RECEIVING MAIL YOU HAVE TO CONFIGURE AUTO-FORWARDING SERVICE. 3. FILL ATTACHED FORM MIL-005698/135.2 A Private Presentation, 9/16/05

  25. Fake Security Message A Private Presentation, 9/16/05

  26. A Fake Security Checkup A Private Presentation, 9/16/05

  27. Invitation to Commit a Criminal Act A Private Presentation, 9/16/05

  28. Organization to Exploit Identify Theft (The ShadowCrew Case) Enforcers (2-6) Make sure payments are made Moderators (12-24) Administer Discussion “Forums” offer “Tutorials”. Organize. Examine offerings, Evaluate $ gains, Post Reviews Reviewers (100+) Sellers (100 - 200) Acquire identity sources, Advertise and deliver “merchandise”, Money Launderers (few) Conversion to and from Electronic credits to cash. A Private Presentation, 9/16/05

  29. Sale of Credit Cards • Forum.carderplanet.net offered credit cards. • USD $200.00 - 300 USA credit cards without cvv2 code: credit card number, exp. day. cardholder billing address,zip,state). • USD $200.00 - 50 USA credit cards with cvv2 code: credit card number, exp. day. cardholder billing address & CVV code from the back side of the card). • Also cards with SSN+DOB at $40 each. • Minimal deal $200 A Private Presentation, 9/16/05

  30. Part - 3 • Hackers • Criminals • Spies • Terrorists A Private Presentation, 9/16/05

  31. Parasitic Software Spyware: Software that leaks information to a third party. Adware: Software that shows advertising materials to its user. Browser Hijackers: Software that changes browser settings to point users elsewhere. Backdoors: Software that can cause other untrusted software to be installed. Cookies: A record about browser searches. A Private Presentation, 9/16/05

  32. Worms • A computer Worm is a self-replicating computer program. • A Worm is self-contained and and can self-reproduce itself to other computers. • A common payload is to install a Backdoor into the infected computer to convert them to Zombies. A Private Presentation, 9/16/05

  33. Zombie Computer • A zombie computer performs malicious tasks under the direction of the hacker. • Owners are unaware. • Over 50% of all spam worldwide is now sent by zombies. A Private Presentation, 9/16/05

  34. Spyware Spyware Worms have the ability to self-replicate without a host program and send information from a computer to a third party without the user's permission or knowledge. A Private Presentation, 9/16/05

  35. Flaws in Cyber-Crime Protection • Banks pass risks to merchants; • Credit cards easy to get; • Privacy laws inhibit fraud detection; • Audits only of financial assets, not data integrity, • Software firms have no liability; • Legal protection of cyber-crime insufficient; • FBI has totally insufficient resources; • Apprehension and then prosecution very hard. A Private Presentation, 9/16/05

  36. Prosecution is Not a Deterrent Nigeria Woman in $242M E-mail Fraud Case LAGOS (Reuters)—A Nigerian court has sentenced a woman to two and half years in jail …and a $15,000 fine. A Private Presentation, 9/16/05

  37. Do Not Expect Help A Private Presentation, 9/16/05

  38. Part - 4 • Hackers • Criminals • Spies • Terrorists A Private Presentation, 9/16/05

  39. What is Cyber-Terror? • Terrorism is violence to intimidate or coerce the target. • Objectives are primarily political and social or economic in case of extortion. • Cyber-terror is the exploitation of computing for acts of terrorism. A Private Presentation, 9/16/05

  40. Asia Global Viewof InternetConnectivity Europe A Private Presentation, 9/16/05 USA

  41. US Internet Backbone Concentrated in a Few Switches A Private Presentation, 9/16/05

  42. Current Prospects • Rising U.S. dominance in world trade. • U.S. information superiority. • Rapidly escalating anti-U.S. hostility. • Military actions combined with cyberterrorism acts. • Damage U.S. economic power and functioning of the U.S. civil society through cyberterrorism. A Private Presentation, 9/16/05

  43. A Cyber-Terror List • Stop trading on Stock Exchanges • Interrupt VISA processing • Corrupt Medicare/Medicaid Database • Prevent payments of Social Security • Disable Motor Vehicle registration data • Damage Internet Routing Tables • Deny Internet access to the Military A Private Presentation, 9/16/05

  44. Data on Detected Attacks on the Department of Defense A Private Presentation, 9/16/05

  45. Advice Learn How to Operate in Cyberspace A Private Presentation, 9/16/05

  46. Deploy a Spam and Malware Catchers A Private Presentation, 9/16/05

  47. 1,333 Intruders Caught in one Week A Private Presentation, 9/16/05

  48. Allow only Approved Senders to Pass Through A Private Presentation, 9/16/05

  49. Use Rapidly Changing Passwords A Private Presentation, 9/16/05

  50. Keep 495 Members of InfraGard in Connecticut Informed https://secure.infragard-ct.org/ A Private Presentation, 9/16/05

More Related