Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1
Dr Stephen [email protected]
Cyber Crime & OSINTWill your business be victorious
or a victim?
We believe that data is the phenomenon of ourtime. It is the world’s new natural resource. It is thenew basis of competitive advantage, and it istransforming every profession and industry.
If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to everyprofession, every industry, every company in theworld.
Ginni Rometty
IBM Corp.’s Chairman, President & CEO
2
Who Would Attack You & Why?
▪ Cyber Criminal – attack organisations and steal information such as creditcards and bank details for financial gain
▪ Hackers – attack IT systems and online services for financial gain or tobreak the security on a website (‘hacktivists’ for example)
▪ Insiders – disgruntled or dishonest staff who steal or destroy to causeembarrassment, disruption or financial gain by selling data for personalprofit
▪ State Sponsored – attacks on business or government organisations togain information on bids or planned acquisitions for commercialadvantage or financial/political gain…
Cyber Dependent Crime
Cyber Enabled Crime
What is Cybercrime?
Home Office and National Cyber Crime Unit
3
Cyber dependent crimes are offences that can only be committed
using a computer, computer networks or other form of information
communication technology
These acts include:
▪ Malware/spyware
▪ Hacking
▪ Viruses
▪ Distributed Denial of Service attacks (DDoS)
Cyber dependent crimes are primarily acts directed against
computers or network resources…
Cyber Dependent Crime
Denial of Service attacks
Cyber Dependent Crime
4
Cyber enabled crimes are traditional crimes that are increased in scale
or reach by the use of computers, computer networks or other
information communication technology
Cyber enabled crimes include :
▪ Grooming
▪ Theft
▪ Fraud
▪ Hate crime
Cyber enabled crimes can be committed both on and offline…
Cyber Enabled Crime
CEO/Mandate Fraud
Cyber Enabled Crime
5
Title of presentation10
https://www.fireeye.com/cyber-map/threat-
map.html
6
End user didn’t think before clicking
Weak password/default password in use
Insecure configuration
Use of legacy or un-patched hardware or software
Lack of basic network security protection/segmentation…
1
2
3
4
5
5 Reasons Why Attacks Are Possible
Tools & Techniques for Cyber Attack
Techniques
Social Media Exploitation
Phishing
DDOS Attack, Hacking
Insider Threats
Malicious Software
Source: ICAEW
7
Ransomware
▪ Ransomware stops you from using your PC
▪ There are different types of ransomware
▪ It effectively holds your PC or files for "ransom“ typically until a payment is made
▪ Ransomware can:
▪ Prevent you from accessing your operating system
▪ Encrypt files so you can't use them
▪ Stop certain apps from running (like your web browser)…
Ransomware Attacks
8
Ransomware
▪ No guarantee that paying the fine or doing what the ransomware tells you willgive access to your PC or files again!
▪ So - Protect yourself from ransomware
▪ Use reputable antivirus software and a firewall
▪ Exercise caution
▪ Back up often
▪ Enable your popup blocker
▪ Disconnect from the Internet (if under attack)
▪ Report it to the police…
Phishing Attacks
9
The Web Explained
10
Dark Net
Website (surface)
▪ From the address we can derive:
▪ The domain name (and associated registration details)
▪ The IP address (and thus the physical location andregistered owner)
Darknet hosted website
▪ From the address we can derive nothing:
▪ No physical location
▪ No owner details
NB: A darknet allows the hosting of content or services in a waythat makes it difficult to identify who is running a server and whereit is thus making it a challenge to take any lawful action against…
Surface vs Dark
11
Darknet Markets
A darknet market or
cryptomarket is a
commercial website
on the dark web that
operates via darknets
such as Tor or I2P
Dark Market – price guide
12
Security experts say health
data is showing up in the
black market more and more
While prices vary, this data is
more expensive than stolen
credit card numbers
13
The Hidden Wiki
The hidden wiki
is a Wikipedia for
the Darknet
14
The Hidden Wiki
The Hidden Wiki
15
Website Examples
16
17
Dark Market Search Engine
18
Hidden Services
19
Surface Web
Open Source Intelligence (OSINT)
Intelligence from publicly available sources –open refers to ‘overt’
Open-Source Intelligence (OSINT) refers to
“a broad array of information and sources that aregenerally available, including information obtained fromthe media (newspapers, radio, television, etc.),professional and academic records (papers, conferences,professional associations, etc.), and public data(government reports, demographics, hearings, speeches,etc.)”
20
https://www.google.com.au
Google – Index Search
https://www.google.co.nz
Google – Index Search
21
Google – Index Search (Regional)
https://www.google.co.uk
‘Bubbling & Tracking’
22
Google – Time Filter
Google – Time Filter
23
Google – Cache
Google – Cache
http://webcache.googleusercontent.com/search?q=cache:efj0Wj8fzxUJ:dfk.com/+
&cd=1&hl=en&ct=clnk&gl=au
24
Google Image Search
Google Image Search
25
Google Image Search
Google Image Search – Face Filter
26
Google Image Search
Google Image Search
27
Bing
https://www.bing.com
28
https://startpage.com
StartPage
29
31
DuckDuckGo Bangs
https://duckduckgo.com/bang
34
35
36
Classifieds - A Criminal Hotspot?
37
38
Paste Sites – What Could You Find?
▪ Paste sites are websites allowing users to upload text for public viewing.
▪ Originally designed for software developers who needed a place to storelarge amounts of text
▪ Links would be created to the text and the user could share the link withother programmers to review the code.
▪ Many hacking groups use this area of the Internet to store compromiseddata.
▪ Most popular site – ‘Pastebin’
Searching Paste Sites
39
Searching Paste Sites
http://pastebin.com/dJ8BZS9T
Finding Archived Web Pages
https://archive.org/web
40
Internet Archive
http://archive.org/web
41
Tools for Social Media Intelligence
42
People Search
https://pipl.com
43
https://app.echosec.net
Geo-Location Search
44
45
Hiding Your Identity Online
Disguising your ID
▪ Every time you surf the Internet, your IP addressis publicly visible to everyone on target networkresources
▪ It is important therefore not to leave a digitalfootprint...
46
Disguising Your Online ID
Proxy and VPN services re-route your internet traffic and change your IP
A Proxy is like a web filter
▪ Proxy will only secure traffic via the internet browser using the proxyserver settings
A VPN encrypts all of your traffic
▪ VPN’s replace your ISP and route all traffic through the VPN server,including all programs and applications...
TOR
https://www.torproject.org
47
TOR
“Tor protects you by bouncing your communications around adistributed network of relays run by volunteers all around theworld:
It prevents somebody watching your Internet connection fromlearning what sites you visit, and it prevents the sites you visitfrom learning your physical location.
Tor works with many of your existing applications, including webbrowsers, instant messaging clients, remote login, and otherapplications based on the TCP protocol”.
So – to wrap up on security
▪ Install firewalls onto your IT systems to prevent outsideparties from gaining access to information
▪ Keep anti-virus and anti-spyware software up-to-date anddownload the latest security updates
▪ Use encryption to protect information contained in emails orstored on laptops or other portable devices such as memorysticks or PDAs
▪ Destroy old computers, backup tapes memory sticks etc usinga specialist 'shredding' application or seek the services of areputable third party contractor
▪ Clear out temporary Internet files, cache and history files (alsomonitor third party cookies)...
48
How Transparent are You?
https://panopticlick.eff.org
Email Exposed?
https://breachalarm.com
49
LastPass
Guidance
https://www.getsafeonline.org
Get Safe
Online
50
“Half of all UK adults now access the Internet on their mobile phone”
Source: OFCOM
51
Computer Security Rules!
1st Rule of Computer Security
Don’t buy a computer!
2nd Rule of Computer Security
If you do don’t turn it on!
Dark Avenger – legendary virus writer
Dr Stephen [email protected]
Cyber Crime & OSINTWill your business be victorious
or a victim?