A perspective for counter strategy against cybercrime and cyber espionage
-
Upload
gohsuke-takama -
Category
Business
-
view
975 -
download
1
description
Transcript of A perspective for counter strategy against cybercrime and cyber espionage
![Page 1: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/1.jpg)
A perspective for counter strategy against cybercrime and cyber espionage
サイバー犯罪・サイバースパイ活動に対する対処戦略パースペクティブ
http://www.slideshare.net/gohsuket
Gohsuke Takama / 高間 剛典, Meta Associates, 2011年9月
![Page 2: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/2.jpg)
about…
✴Gohsuke Takama✴Meta Associates (http://www.meta-associates.com/)
✴founder & president, connector, analyst, planner
✴ local organizer of security conferences: BlackHat Japan, PacSec
✴ liaison of security businesses: Patch Advisor, SecWest
✴organizer of tech entrepreneur / startup support events
✴ independent tech journalist for over 10 years
✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/
✴Privacy International (London, UK http://www.privacyinternational.org/)
✴advisory board member
✴Computer Professionals for Social Responsibility (http://cpsr.org/)
✴Japan chapter founding supporter
![Page 3: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/3.jpg)
"what happened in the last 2 years"
• OperationAurora, ShadyRAT, 三菱重工...
• Stuxnet
• 中東・北アフリカ(MENA) *new
• Wikileaks *new
• Sony PSN
• Anonymous *new
• Indira Gandhi空港
![Page 4: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/4.jpg)
"what happened in the last 2 years"
• OperationAurora, ShadyRAT, 三菱重工... = サイバースパイ活動 = APT (Advanced Persistent Threat)
• Stuxnet = SCADAがターゲット、政治的意図
• 中東・北アフリカ*new=独裁政府が市民と敵対
• Wikileaks *new = 思想的動機: 情報透明主義
• Sony PSN: 実は3段階 = DDoS, 侵入, 攻撃拡大
• Anonymous *new = 思想的動機 + 無組織連帯
• Indira Gandhi空港 = 社会インフラ妨害
![Page 5: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/5.jpg)
"what happened in the last 2 years"infra attack: SCADA
Supervisory Control And Data Acquisition
![Page 6: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/6.jpg)
"whom targeted, why"
• アメリカ政府, アメリカ主要企業
• Sony PSN, Sonyグループ企業
• エジプト, リビヤなど中東・北アフリカの市民
• イランの原子力施設
• インフラ: 空港のコンピューターシステム
![Page 7: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/7.jpg)
"whom targeted, why"
http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/
![Page 8: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/8.jpg)
"spoofing, phishing & targeted attack"1次ターゲット 高次ターゲット改変/偽装されたウェブサイト
サイバー犯罪組織、サイバースパイ
基幹企業
金融機関
政府・軍事機関
攻撃
![Page 9: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/9.jpg)
"cybercrime, cyber espionage,primary target = individual"
サイバー犯罪・サイバースパイ活動の1次ターゲットは個人
![Page 10: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/10.jpg)
"know your enemy: techniques"
• phishing
• targeted phishing
• trojan
• spyware
• keylogger
• rootkit
• botnet DDoS
• website spoofing
• content altering
• XSRF
• XSS
• code injection
• IP hijacking
• rogue WiFi AP
• sniffer
![Page 11: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/11.jpg)
"know your enemy: techniques"
http://www.ipa.go.jp/security/vuln/newattack.html
![Page 12: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/12.jpg)
"know your enemy: not just techniques"
• 技術的側面だけを見ていると対抗できない
• who are they?
• disseminate characters キャラクターを解剖
• disseminate motives 動機を解剖
![Page 13: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/13.jpg)
"disseminate characters"
• 国家
• 独裁国家
• 犯罪ビジネス
• 犯罪ビジネス利用者
• 内部犯行
• 愉快犯的グループ行動
• 単独行動
• 思想的動機に基づく行動
• デジタルネイティブ
![Page 14: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/14.jpg)
"disseminate characters"
![Page 15: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/15.jpg)
"disseminate characters"
https://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
![Page 16: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/16.jpg)
"disseminate characters"how cyber criminals lure talents?
![Page 17: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/17.jpg)
"disseminate characters"
http://www.youtube.com/watch?v=kZNDV4hGUGw http://www.youtube.com/watch?v=2Tm7UKo4IBc
![Page 18: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/18.jpg)
"disseminate characters"
• 国家 = サイバースペースを領土と認識
• 独裁国家 = ネットは国民監視・管理のツール
• 犯罪ビジネス = 技術的高度化、低年齢勧誘
• 犯罪ビジネス利用者 = ボットネットユーザー
• 内部犯行: 不満を持つ従業員→CEO犯行 26%
• 愉快犯的グループ行動 = Lulzsec, TeaMp0isoN
• 単独行動 = Th3J35t3r, On3iroi
• 思想的動機に基づく行動 = Anonymous
• デジタルネイティブvs旧世代の世代間闘争
![Page 19: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/19.jpg)
"disseminate motives"
• 独裁的政府, 官僚優越主義
• 金銭的搾取
• hacktivism, 特異な思想信条
• 独善的ハッキング行為、悪意のある技術開発
![Page 20: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/20.jpg)
"disseminate motives"Law, Market, Norm, Architecture
法、市場、規範、アーキテクチャー
![Page 21: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/21.jpg)
"disseminate motives" Law, Market, Norm, Architecture
![Page 22: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/22.jpg)
"disseminate motives" Law, Market, Norm, Architecture
![Page 23: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/23.jpg)
"disseminate motives" Law, Market, Norm, Architecture
- 個人情報保護法- J-SOX - 刑法の一部改正 - 不正指令電磁気的記録(作成 提供 供用 取得 保管) - 記録命令付き差押え - 接続サーバ保管の自己作成データ等の差押え - 保全要請- 消費者庁: 集団的消費者被害救済制度- 暴力団排除条例
![Page 24: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/24.jpg)
"disseminate motives"
• 独裁的政府, 官僚優越主義 = 権力と支配 Power
• 金銭的搾取 = Money
• hacktivism, 特異な思想信条 = 特異な社会規範 Ideology
• 独善的ハッキング行為、悪意のある技術開発 = 技術的興味、技術的支配 Control
![Page 25: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/25.jpg)
"disseminate motives" Power, Money, Ideology, Control
$Money
Power
Control
Ideology
- 設計された動作- 設計外の動作- 正当な利用- 犯罪的利用
![Page 26: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/26.jpg)
$Money
Power
Control
Ideology
テクノロジー: - 設計された動作- 設計外の動作- 正当な利用- 犯罪的利用
OrganizedCrime
HackerCracker
AutocraticGovernment
ExtremistHacktivist
"disseminate motives" Autocracy, Crime, Extremism, Hacker
![Page 27: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/27.jpg)
$Money
Power
Control
Ideology
テクノロジー: - 設計された動作- 設計外の動作- 正当な利用- 犯罪的利用
OrganizedCrime
HackerCracker
AutocraticGovernment
ExtremistHacktivist
"disseminate motives" Autocracy, Crime, Extremism, Hacker
APT
HacktivismTheftFraud
InfraDisruption
Lulz
![Page 28: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/28.jpg)
ソーシャルメディアの台頭
![Page 29: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/29.jpg)
"social change on Internet"2000年までのインターネット
• メール
• ウェブ
• ホームページ
• 検索
• 掲示板
• オンライン販売
![Page 30: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/30.jpg)
"social change on Internet"2001年からのインターネット
• インスタントメッセージ
• 音声通信
• メール
• ウェブ
• 検索
• 掲示板
• オンライン販売
• ポータル/ダッシュボード
• ホームページ
• ブログ
• ソーシャルネットワーク
• 興味共有ブックマーク
• 画像共有
• ビデオ共有
• マイクロブログ
• 共同編集環境 (Wikiなど)
• ソーシャルゲーム
• 3Dバーチャルワールド
• ビデオストリーミング
![Page 31: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/31.jpg)
"real world vs. social data world"現実世界とソーシャルデータ世界
現実世界 ソーシャルデータ世界
![Page 32: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/32.jpg)
"real world vs. social data world"現実世界とソーシャルデータ世界
ソーシャルメディアへの参加を禁止するのは不可能で無意味:その上でどのように防御するか
![Page 33: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/33.jpg)
"emerging attack techniques"
• malware: ミューテートするマルウェア, 多機能ボットネット
• VM下に潜るルートキット, biosルートキット
• 遠隔操作マルウェア: VNC, Spycam,
• spyware 監視マルウェア : keylogger, GPS logger
• sabotage ware運用妨害マルウェア: Stuxnet
• マルウェア感染ルート= 添付ファイル、偽装ウェブ、USBデバイス
• DDoS: 組織犯罪ボットネットレンタル($8/h~), JavaScriptツール (LOIC)
![Page 34: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/34.jpg)
"layer approach"
•examle: OSI model
![Page 35: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/35.jpg)
4 Content
3 OS/Application
2 Hardware
1 Physical
5 Operation
6 Custom (Habit)
7 Psychological
Tangibles
Intangibles
Human Factor
認知, 心理行動, 習慣運用規則データソフトウェア
"a security layer model "
ハードウェア物理環境
![Page 36: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/36.jpg)
"attacks vs. counter measures "
Psychological APT, espionage, phishing, social engineering ?
Customspoofing, pharming,
phishing spam, XSS, XSRF, spyware, ID spoof/theft
accustomed best practice, awareness, CIRT, PKI,
digital ID, SSL certificate
Operation DoS, spam, ransom-ware, sabotage-ware
routing, filtering, policy, audit, CIRT
Content sniffing, spyware, spam, alteration
encryption, filtering, content-scan, host IDS
OS/ Application
DoS, vuln exploit, 0day, rootkit, botnet
Firewall, network IDS, IPS, anti-virus, OS/app patch
Hardware direct access, tampering, alteration
perimeter guard, anti- tampering, hard seal
Physical lock pick, break in, vandalism
surveillance, perimeter alarm, armed guard
攻撃 対抗策
![Page 37: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/37.jpg)
"state of security methodology"
✴ 境界線型セキュリティの終焉
• (ターゲットが個人になった + モバイル環境)
✴ チェックリスト セキュリティポリシーの終焉
• = 柔軟性が無い (攻撃者はクリエイティブ)
✴ PKIの信頼性は微妙に = DigiNotar事件✴ 今迄のセキュリティモデル = 時間を買うこと
• (対応が来るまで持ちこたえる前提)
✴ 別なセキュリティモデル = 対象・動機を逸らすこと
![Page 38: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/38.jpg)
"perspective for counter strategy"set basic security measures:
✴予防 発見 対応 prevention, detection, response
✴セキュリティ監査の実施✴セキュリティ技術と事件発生の知識共有✴出口防御対策: 侵入を100%防ぐのは不可能✴クラウドの利用: 中小企業の自社サーバー対策
✴プライバシーデータの防御(APTは個人を攻撃)
✴ PET (Privacy Enhancing Technology プライバシー強化技術) の導入
✴ PIA (Privacy Impact Assessment プライバシー影響評価)の導入
![Page 39: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/39.jpg)
"perspective for counter strategy"be creative:
✴攻撃技術手法を学習することで防衛力強化✴ soft power「ソフトパワー」の理解
• リスクコミュニケーション
• 敵意を逸らすPR手法 deflective PR
✴ social intelligence ソーシャルインテリジェンスの利用 (ソーシャルメディアモニター)
✴ counter social engineeringの開発
• 組織内ソーシャルネットワークの展開• 組織内隠語利用の注意
![Page 40: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/40.jpg)
"perspective for counter strategy"be creative: Learn Attack Technique
• 最新のシステム攻撃技術手法を学習することで防衛力強化
• 攻撃技術を知らなければ効果的な防衛策を計画することは難しい
• 攻撃・防御の実践学習 = CTF (Capture The Flag)
• 自チームのサーバーを守りながら、他チームのサーバーに攻撃を仕掛けて点数を競う競技
• アメリカ・韓国など各国でCTF開催、アメリカのDEFCON CTFが有名、
• 日本からもチームが出場
![Page 41: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/41.jpg)
"perspective for counter strategy"be creative: Soft Power
• 「Soft Power」= 1990年にJoseph Nyeにより提唱される
• 軍事力「Hard Power」に対する反対語
• 主に文化的影響や芸術などにより、相手から好意的反応を引き出し優位に立つ能力
• http://en.wikipedia.org/wiki/Soft_power
• マスメディア、ソーシャルメディアを有効に利用して好意的反応を引き出す/敵意を逸らす
• ノルウェーの爆破・乱射テロへの政府発言
• マドリッド列車爆破テロへの市民の反応
![Page 42: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/42.jpg)
"perspective for counter strategy"be creative: Soft Power
![Page 43: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/43.jpg)
"perspective for counter strategy"be creative: Social Intelligence
• ソーシャルインテリジェンスの利用
• ソーシャルメディア・モニター• 最近のhacktivism行動はソーシャルメディア上で行動計画が立てられている
• ソーシャルメディア上での動きを見張ることで、行動動機や使われる戦術をある程度把握できる
• Twitter, Facebook, IRC, Weibo, RenRenなど
![Page 44: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/44.jpg)
"perspective for counter strategy"be creative: Counter Social Engineering
• 人間の認知による攻撃発見の手法開発が必要• ソーシャルエンジニアリング攻撃手法の学習• 組織内ソーシャルネットワークの展開
• 人間の認知ネットワークによる攻撃の発見• 内部コミュニケーションと外部との分離
• 組織内隠語利用の注意• (組織内隠語を使えると大規模組織に侵入しやすい)
![Page 45: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/45.jpg)
"perspective for counter strategy"be prepared: Simulation Exercise
✴ 状況シミュレーション演習の活用
• TableTop Exercise = 会話形式シミュレーション
• コア・マネジメントが参加• Functional Exercise = ロールプレイ演習
• マネジメントクラスが参加• 通常の組織運営の配置で実施
• FullScale Exercise = 現実的シミュレーション
• 組織の全員が参加• 通常の組織運営の配置で実施
![Page 46: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/46.jpg)
references
• CEOs - the new corporate fraudstersds http://www.iol.co.za/sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649
• PwC Survey Says: Telecoms Are Overconfident About Security http://www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php
• Cyber attack led to IGI shutdown http://www.indianexpress.com/news/cyber-attack-led-to-igi-shutdown/851365/
• Anonymous announces global plans http://www.digitaltrends.com/computing/video-anonymous-announces-global-plans/
• ANONYMOUS - OPERATION PAYBACK - Sony Press Release http://www.youtube.com/watch?v=2Tm7UKo4IBc
• Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch?v=kZNDV4hGUGw
• Anonymous: Message to Scientology http://www.youtube.com/watch?v=JCbKv9yiLiQ
• 番外編 本当のAnonymousが知りたいの http://www.atmarkit.co.jp/fsecurity/special/161dknight/dknight01.html
![Page 47: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/47.jpg)
references
• 28 Nation States With Cyber Warfare Capabilities http://jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html
• 中国ハッカーが発表した「自律ルール」日本語訳(全文)(Far East Research) http://scan.netsecurity.ne.jp/archives/52017036.html
• CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y
• MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/204792193/MYBIOS_Is_BIOS_infection_a_reality
• McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
• ミッコの「Google Zeitgeist」プレゼンテーション http://blog.f-secure.jp/archives/50630539.html
• "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
![Page 48: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/48.jpg)
references
• ハッキングコンテストで世界に挑む日本人チーム -- DEFCON CTF 現地速報 http://scan.netsecurity.ne.jp/archives/52002536.html
• PET「電子政府・電子自治体におけるセキュリティーの構築とプライバシー保護」総務省 http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s3.pdf
• PIA「電子政府・電子自治体のためのプライバシー影響評価」総務省 http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf
• 経産省、ソニーに個人情報の安全管理と再発防止を指導 http://jp.reuters.com/article/topNews/idJPJAPAN-21406320110527
• セキュリティは楽しいかね? GIEシンポジウムについてのメモ http://d.hatena.ne.jp/ukky3/20110829/1314685819
• 「Diginotar」がBlack.Spookとイランのハッカーによりハッキング http://blog.f-secure.jp/archives/50626009.html
![Page 49: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/49.jpg)
references
• Computer virus hits US Predator and Reaper drone fleet http://arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits-drone-fleet.ars
• F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html
• State-sponsored spies collaborate with crimeware gang | The Unholy APT-botnet union http://www.theregister.co.uk/2011/09/13/apt_botnet_symbiosis/
• NISC情報セキュリティ政策会議10月7日 http://www.nisc.go.jp/conference/seisaku/index.html#seisaku27
![Page 50: A perspective for counter strategy against cybercrime and cyber espionage](https://reader033.fdocuments.us/reader033/viewer/2022051412/54956831ac7959182e8b4df3/html5/thumbnails/50.jpg)