Post on 18-Jan-2017
Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.
WorldClasszSpecialists
Cybercrime,Inc.
RuiMiguelFeio – TechnicalLead
Agenda• Evolution• Thenext-generationcriminalorganisation• TheCybercrimeInc.organisation• Adapttothenew• Examples• Technologicaltargets• Hackers– Thebreadandbutter• Takingsecurityseriously(ornot)• Whatcanwedo?• Conclusion• Questions
Introduction– TechnicalleadatRSMPartners
– Beenworkingwithmainframesforthepast17years
– StartedasanMVSSystemsProgrammerwithIBM
– Specialisesinmainframesecurity
– Experienceinnon-mainframeplatformsaswell
– Beengivenpresentationsallovertheworld
Evolution
Intheearlyyears…notsolongago…
Picturefromtheshortmovie“KUNGFURY”
Intheearlyyears…notsolongago…
Technology• Phones• PC• BulletinBoardSystems• Internet
The‘curiousbunch’– Phreakers– Crackers– Hackers
Today…
Innowadays…Technology• Phones• PC• Internet• Smartphones• Tablets• DarkWeb• InternetofThings(IoT)• AdventofRobotics
‘Curiousbunch’turnedPro– Phreakers– Crackers– Hackers– Carders– Nation-states– IntelligenceServices– Hacktivists– Insiders– OrganisedCrimeGroups
Internet,thenewfrontier• Techevolution+Internet=NewBusinessOpportunities
– Individualsstartedonlinebusinesses
– Newmajorcompanieshavebeenfounded:• Google,Facebook,Yahoo,etc.
– Existingbusinesssectorsturnedonlinetoincreasetheirearnings:• Retail,financial,insurance,etc.
Societyhasalsoevolved…• Theinternetallowedthecreationofneweconomicmarketsand
opportunities
• Thisneweconomicmarkethasnoborders
• Amarketwithhundredsofmillionsofusers
• Aneconomicmarketworth…TrillionsofDollars,Euros,Pounds…!!
• Manycountriesandcompaniesarenowdependentonthisneweconomicmarket
Wherethereismoney,thereiscrime!
• Criminalgangsandorganisationsmovedintotheneweconomicmarket:
– StartedrecruitingHackers
– Starteddevisingnew“businessideas”
– Developeda“businessplan”
• Organisedcrimebecameprofessionalinthenewinternetworld.
Oldboysinanewage• Traditionalcriminalorganisationshave‘started’cybercrime
divisions:
– CosaNostra(ItalianMafia)– JapaneseYakuza– ChineseTriads– RussianMafia– Nigerianmobs– Mexicancartels– …
Thenext-generationofcriminalorganisation:CYBERCRIMEINC.
CybercrimeInc.• Highlyprofitable(it’salwaysaboutthemoney)
• Lowrisk(anonymityandgeographicallocation)
• Moreefficientduetotechnology
• Globallydispersed,withspecialconcentrationin:• Ukraine • China • Brazil• Russia • Indonesia • USA• Romania • Taiwan • Turkey• Bulgaria • India • Nigeria
CybercrimeInc.• 80%ofHackersworkwithorarepartofanorganisedcrimegroup*
• Highlyorganised
• Deeplysophisticated:– Businessapproach– Towardsthe‘client’
*2014study bytheRandCorporation
CybercrimeInc.Usetypicalcorporatestrategies:
– Creativefinancing– Globallogistics– Supplychainmanagement– ‘Workforce’management– ‘Client’needs– Businessandmarketanalysis
CybercrimeInc.- Businessmodel• Takeadvantageof‘anonymous’servicestoadvertiseandselltheir
‘normal’productsandservicesonline
• Someofthenew‘business’opportunities:• Identitytheft• Intellectualpropertytheft• Tradesecrets• Industrialespionage• Sensitivedatatheft• Onlineextortion• Financialcrime• Datamanipulation
CybercrimeInc.- Tacticsused• SomeofthetacticsandmethodsusedbyCybercrimeInc:
– Phishingandspearphishing– Man-in-the-middle– Vulnerabilities– Trojanhorsesoftware– Spam– Botnets– Scareware– Ransomware– Malware– DoS andDDoS
TheCybercrimeInc.organisation
Atypicalbusinessorganisation
CEO
CFO
Management
SalesPeople
CIO
Management
Researchers Developers Engineers QATesters TechSupport
HRDirector CMO
Management
Distributors Affiliates
TheCybercrimeInc.organisation
CEO(Boss)
CFO(Underboss)
Management(Lieutenant)
MoneyMules(Soldiers&Associates)
CIO(Underboss)
Management(Lieutenant)
Researchers(Soldiers)
Developers(Soldiers)
Engineers(Soldiers)
QATesters(Soldiers)
TechSupport(Soldiers)
HRDirector(Underboss)
CMO(Underboss)
Management(Lieutenant)
Distributors(Soldiers)
Affiliates(Associates)
CybercrimeInc.– ‘Business’roles(1)
• ChiefExecutiveOfficer(CEO)– Boss– Responsiblefordecisionmakingandoverseeingoperations
• ChiefFinancialOfficer(CFO)– Underboss– Dealswitheveryfinancialaspectofthecybercrimeorg.
• ChiefInformationOfficer(CIO)- Underboss– ResponsiblefortheITinfrastructureoftheorganization
• ChiefMarketingOfficer(CMO)- Underboss– Designseffectiveadvertisingmethodsforproductsandservices
CybercrimeInc.– ‘Business’roles(2)
• HumanResources(HR)Director- Underboss– Recruitsthecriminalworkforcefortheorganization
• Management- Lieutenant– Responsibleformanagingthe‘criminal’workforce
• Researchers- Soldiers– Lookfornewexploitsand‘business’opportunities
• Developers&Engineers- Soldiers– Thetechies,akathebrains!
CybercrimeInc.– ‘Business’roles(3)
• QualityAssurance(QA)Testers- Soldiers– Testallcrimeware toensureitbypassesanysecuritymeasures
ofpotentialtargets
• TechnicalSupport- Soldiers– Techsupporttoclients,affiliatesandmembersofthe
organization
• Affiliates- Associates– DrivepotentialclientstoCybercrimeInc.
CybercrimeInc.– ‘Business’roles(4)
• Distributors– Soldiers– Helpdistributemalware
• Money‘Mule’– Soldiers&Associates– Helpswiththemoneylaundering
Adapttothenew
CybercrimeInc.– AdaptstotheNew
• Constantlylookingtoinnovate
• Overcomeobstacles
• Meetmarketdemands
• Explorenew‘business’opportunities
• Usetoolstohelpmeasurelevelsofsuccess(e.g.Webanalytics)
Hackingasaservice
Someexamples
CybercrimeInc.– InnovativeInc.• InnovativeMarketingInc.(akaIMI)
– FoundedbySamJainandDanielSundin (HQinUkraine)– Developedscarewareroguesecurityprograms:
• WinFixer• WinAntiVirus
– Officesin4continentswithhundredsofemployees– SupportcentresinOhio,ArgentinaandIndia– Marketedproductsundermorethan1,000differentbrandsandin9
languages– From2002to2008IMIgeneratedhundredsofmillionsofdollarsin
profit.
CybercrimeInc.– InnovativeInc.
Photograph taken in 2003
BJORN DANIEL SUNDINWire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud
DESCRIPTIONAlias: David Sundin
Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden
Hair: Red Eyes: Hazel
Height: 5'10" Weight: 136 pounds
Sex: Male Race: White
Occupation: Internet Entrepreneur Nationality: Swedish
Languages: English, Swedish NCIC: W10511664
REWARDThe FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin.
REMARKSSundin has ties to Sweden and the Ukraine.
CAUTIONBjorn Daniel Sundin, along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrimescheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting inconsumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed onlegitimate companies’ websites, Sundin and his accomplices deceived internet users into believing that their computers were infected with“malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability toremedy the purported defects.
Sundin and his co-conspirators allegedly deceived victims, through browser hijacking, multiple fraudulent scans and false error messages,into purchasing full paid versions of software products o>ered by their company, Innovative Marketing, Inc. The proceeds of these credit cardsales were allegedly deposited into bank accounts controlled by the defendant and others around the world, and were then transferred tobank accounts located in Europe. When customers complained that their purchases were actually fraudulent software, call centerrepresentatives were allegedly instructed to lie or provide refunds in order to prevent fraud reports to law enforcement or credit companies.
On May 26, 2010, Sundin was indicted in Chicago, Illinois, by a federal grand jury for the United States District Court, Northern District ofIllinois. He was indicted for wire fraud, conspiracy to commit computer fraud and computer fraud. That same day, a federal warrant wasissued for Sundin’s arrest.If you have any information concerning this person, please contact your local FBI o7ce or the nearest American Embassy orConsulate.
CybercrimeInc.– RBN• RussianBusinessNetwork(akaRBN)
– Registeredasaninternetsitein2006– BasedinSt.Petersburg,Russia– Allegedlyfoundedbythenewphew ofapowerfulRussianpolitician– Specialisesin:
• Personalidentitytheftforresale• Provideswebhostingandinternetaccesstoillegitimateactivities• DoS attacks• Deliveryofexploitsviafakeanti-spywareandanti-malware• Botnet
CybercrimeInc.– Carbanak Group• TheCarbanak Group
– Discoveredinearly2015byKasperskyLab– UsedanAPT-stylecampaigntargetingfinancialinstitutions– Aimtostealmoneyfrombanks– Estimated$1Billiondollarshavebeenstoleninanattackagainst100
banksandprivatecustomers– TargetedprimarilyRussia,UnitedStates,Germany,ChinaandUkraine
CybercrimeInc.– MexicanCartels• Mexicancartels:
– TargetedforeigncompaniesinvestinginorwithpresenceinMexico– Usedinternettoidentifyhigh-valuedemployees– CheckedtravelarrangementstoMexico– Replacedpersonatairportwaitingfor’high-valuedtarget’– Kidnapped’high-valuedtarget’– Demandedransom
CybercrimeInc.– MexicanCartels
TechnologicalTargets
Targeting- Mobility• CybercrimeInc.isfocusingonmobiledevices:
– Usedbyindividualsonaday-to-daybasis:• Onlinebanking• Onlineshopping• Socialising• Emails• Storepersonaldata• GPS
– Canbeeasytocompromiseandhack(e.g.install“rootkit”togaincontroltoallfeaturesofthemobiledevice)
Targeting– TheCloud• CybercrimeInc.isfocusingonTheCloud:
– Networkofcomputingresourcesavailableonline
– TheCloudcanbeusedtostore,manageandprocessinformation
– CompaniesareoutsourcingprimarybusinessfunctionsusingCloudservices
– CriticalandconfidentialdataisnowcentralisedintheCloud
– Insteadoftargetingseveralindividualserverslet’sfocusontheonesinthecloudshallwe?
Targeting- Data• CybercrimeInc.isfocusingonData:
– Personaldata– Businessdata– Governmentdata– Militarydata– Datamanipulationanddisinformation:
• Financialmarkets• Whatisdisplayedinourscreens
Targeting- Internetofthings(IoT)• CybercrimeInc.isfocusingonIoT
devices:
– 2013therewere13billiononlinedevices– CiscoSystemsestimates50billiononline
devicesby2020– IoT isestimatedtodriveanadditional
$6.2trilliontotheglobaleconomyby2025accordingtoMcKinseyGlobalInstitute
– IoT devicesaredevelopedwithouthavingsecurityinmind
ButCybercrimeInc.canalsotarget…
• SCADAdevices– SupervisoryControlAndDataAcquisition(SCADA)– Specialised andoftenoldcomputersystems– Beingconnectedtothebroaderinternet– Thesesystemswerenotdesignedwithsecurityinmind– 2014studyrevealedthat70%hadsufferedatleastonesecurity
breach• GPSSystems• TrackingSystems• Implantedmedicaldevices(IMDs)• Andsomanymore!!...
Hackers– Thebreadandbutter
LookingforaHacker• Hackersarenotbornhackers,theyaretrained
• Enormousamountoffreeeducationalmaterialintheinternetandintheunderworld(darkweb)
• PCgames:– Uplink– HackerExperience– TornCity– Hacknet– Hackers(foriOSandAndroid)
WhowantstobeaHacker?• Anyonewhofeelsattractedorenjoys:
– Technology– Challenge– Thethrill– Adventure– Danger– Money– Respect– Fame
Takingsecurityseriously(ornot)
OnaniceSundaymorning…
OnitsTVscreenfacingthestreet
Onabusinesstraintrip…
Onabusinesstraintrip…
Onasite,somewhereinEurope…
Onasite,somewhereinEurope…
Whatcanwedo?
Whatcanwedo?• Securitymustbetakenseriouslybyeveryone!
– Governments,companies,andindividualsneedtobesecurityconsciousandsecurityoriented
• Usualsecurityrecommendationsapply:– Keepsecuritysystemsupdatedandup-to-date– Questiontheoriginofeverything– Bemindfulof:
• Theinformationyoushareandmake’publicly’available• FreeWifi hotspots(freecanbebecomeveryexpensive)
Whatcanwedo?• Consider(asindoing!)regular:
– Securityaudits– Penetrationtests– Vulnerabilityanalysis
• Seekhelpforexpertsinthefieldtohelptoimprovesecurity
• Keepinformed(training,conferences,articles,books,…)
• Don’tfacilitate(weakpasswords,useofsamepassword,…)
Whatcanwedo?• Theremustbenoathomeandattheofficeattitude.Security
awarenessmustalwaysbepresent.
• Readbeforeyou‘click’.
• Search,ask.
• Ultimately,ifthisistoomuch.Justswitchoffeveryelectronicaldeviceandgobacktopenandpaper.Butwillthisbeenough?
Conclusion
Conclusion• Asalwaysthebadguysareaheadofthegame:
– Theyhavethemoney– Theyhavetheresources– Theyarewellorganised– Andaboveall,theyhavetime!
• Themostimportantthingisforeveryoneofus(the‘good’guys)tobesecurityawareandsecurityfocused
Conclusion• Ultimatelyweneedtotrust:
– Thecompanieswhosellusdevices,andsoftware– Theserviceproviders– Oursocialnetwork– Thegovernment
Conclusion– MostImportant!• Bemindful • Beaware
Questions
RuiMiguelFeio,RSMPartnersruif@rsmpartners.commobile:+44(0)7570911459linkedin: www.linkedin.com/in/rfeiowww.rsmpartners.com
Contact