Upload
iftach-ian-amit
View
1.742
Download
1
Embed Size (px)
DESCRIPTION
Mapping connections between CyberCrime and CyberTerrorism groups.Reviewing mitigation factors on the nation-state level and international treaties and strategies that will thwart terrorism and state sponsored cyber offense.
Citation preview
Iftach Ian Amit | November 2010
www.security-art.com
All rights reserved to Security Art ltd. 2002-2010
Cyber[Crime|Terror]Links between crime and terror on the cyber front: analysis and mitigation strategies
Iftach Ian AmitVP Business Development, Security ArtBoard Member - CSA IsraelIL-CERT Dreamer
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
So, I heard that crime has something to do
with state?You heard right...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 3
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 4
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 5
Hungry yet?That was just the appetizer...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
6
CyberWar
“Cyberwarfare, is the use of computers and the Internet in conducting warfare in cyberspace.”
Wikipedia
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
7
It did not happen yetBeing an exceptionEstoniaGeorgiaTitan RainIndiaGoogleAdobe
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 8
Many faces of how CyberWar is perceived...
From McAfee’s “Virtual Criminology Report 2009”Image caption:
“countries developing advanced offensive cyber capabilities”
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 9
CyberWar - AttackHighly selective targeting of military (and critical) resourcesIn conjunction with
a kinetic attackOR
Massive DDOS in order to “black-out” a region,
disrupt services, and/or push political
agenda (propaganda)
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
10
CyberWar - Defense
•Never just military
• Targets will be civilian
• Physical and logical protections = last survival act
•Availability and Integrity of services
•Can manifest in the cost of making services unavailable for most civilians
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
1
CyberCrime
11
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
2
You want money, you gotta play like the big boys do...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
3
CyberCrime - Ammunition
=≈ APT
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
4
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
15
CyberCrime - Defense•Anti [ Virus | Malware | Spyware | Rootkit |
Trojan ]
•Seriously?
•Firewalls / IDS / IPS
•Seriously?
•Brought to you by the numbers 80, 443, 53...
•SSL...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
6
How do these connect?
Claim: CyberCrime is being used to conduct
CyberWar/Terror
Proof: Let’s start with some history...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
7
History - Revisited...
Israel
September 6th, 2007Source:
http://en.wikipedia.org/wiki/Operation_Orchard
Source: Der Spiegel
Operation Orchard
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
8
All attacks on targets
are Attributed to
Hacktivists
Israeli
Arabic
18
Cast-Led, 2nd Lebanon war
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 1
9
Mid-east crime-war links
ARHack
Hacker/Political forum by day
Cybercrime operations by night
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
0
Political post
Buying/Selling cards for 1/2 their balanceSelling
1600 visa cards
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
1
History - Revisited...
Iran
2009 Twitter DNS hack attributed to Iranian activity.Political connections are too obvious to ignore (elections)
UN Council Decisions
Protests by leadership
opposition in Tehran
Timing was right on:
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
2
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
23
Iran-Twitter connecting dots•Twitter taken down December 18th
2009
•Attack attributed eventually to a group named “Iranian Cyber Army”
•Until December 2009 there was no group known as “Iranian Cyber Army”...
•BUT - “Ashiyane” (Shiite group) is from the same place as the “Iranian Cyber Army”
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
4
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
25
Iran-Twitter - Ashiyane
•Ashiyane was using the same pro-Hezbolla messages that were used on the Twitter attack with their own attacks for some time...
•AND the “Iranian Cyber Army” is an active group on the Ashiyane forums www.ashiyane.com/forum
Let’s take a look at how Ashiyane operates...
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
6
On [Crime|Terror] trainingAshiyane forums
WarGames
26
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
2727
Wargames targets includes:
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
8
Back to [Crime|Terror] Links:
What else happened on the 18th?
Additional targets - Baidu taken down
with the same MO (credentials)
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 2
9
Mapping Iran’s [Crime|Terror]
More recently:Iranian Cyber Army expanding
into the “Crime” business
Along with the cybercrime“honeypot” tactics…
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 3
0
Ashiyane
Iranian Cyber Army
DDoS
Botnet Herding
Site Defaceme
ntCredit Card Theft
Strategic Attacks
Mapping Iran’s [Crime|Terror]Iran Iraq
US
$$ UK
US CN
Crime
War
Iftach Ian Amit | November 2010
All rights reserved to Security Art ltd. 2002-2010 3
1
The Future (Ilustrated)
CLOUDS
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
32
Deterrence
Think: Article 5 for the Cyber Commons!
An attack agains one or more states, shall be considered an attack against all member states, who agree, to exercise their right to assist the attacked party, including the right to use armed forces.
NATO Article 5 - abridged
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
33
Attribution?•Technical - not feasible
•Political - should be obvious
•Defending state?
•Should have the responsibility to “clean up” its portion of the Cyber Commons in order to enable a sustainable economic and civil environment.
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
34
SummaryGood Bad
Formal training on cybersecurity by nations
Commercial development of
malware still reignsUglyGood meet Bad: money changes
hands, less tracks to cover, criminal ops already creating the weapons
and are linked to terrorist organizations...
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
35
SummaryThe Future
Lack of legislation and cooperation on multi-national level is creating de-facto “safe haven” for cybercrime. <- FIx this! (see article 5 suggestions)
Treaties and anti-crime activities may prove to be beneficial. <- nukes? (i.e. treaties...)
All rights reserved to Security Art ltd. 2002-2010
Iftach Ian Amit | November 2010
36
Thanks!
www.security-art.com
twitter.com/iiamit
blog.security-art.com