Cybercrime Inc. v2.2

Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.

WorldClasszSpecialists

Cybercrime,Inc.

RuiMiguelFeio – TechnicalLead

Agenda• Evolution• Thenext-generationcriminalorganisation• TheCybercrimeInc.organisation• Adapttothenew• Examples• Technologicaltargets• Hackers– Thebreadandbutter• Takingsecurityseriously(ornot)• Whatcanwedo?• Conclusion• Questions

Introduction– TechnicalleadatRSMPartners

– Beenworkingwithmainframesforthepast17years

– StartedasanMVSSystemsProgrammerwithIBM

– Specialisesinmainframesecurity

– Experienceinnon-mainframeplatformsaswell

– Beengivenpresentationsallovertheworld

Evolution

Intheearlyyears…notsolongago…

Picturefromtheshortmovie“KUNGFURY”

Intheearlyyears…notsolongago…

Technology• Phones• PC• BulletinBoardSystems• Internet

The‘curiousbunch’– Phreakers– Crackers– Hackers

Today…

Innowadays…Technology• Phones• PC• Internet• Smartphones• Tablets• DarkWeb• InternetofThings(IoT)• AdventofRobotics

‘Curiousbunch’turnedPro– Phreakers– Crackers– Hackers– Carders– Nation-states– IntelligenceServices– Hacktivists– Insiders– OrganisedCrimeGroups

Internet,thenewfrontier• Techevolution+Internet=NewBusinessOpportunities

– Individualsstartedonlinebusinesses

– Newmajorcompanieshavebeenfounded:• Google,Facebook,Yahoo,etc.

– Existingbusinesssectorsturnedonlinetoincreasetheirearnings:• Retail,financial,insurance,etc.

Societyhasalsoevolved…• Theinternetallowedthecreationofneweconomicmarketsand

opportunities

• Thisneweconomicmarkethasnoborders

• Amarketwithhundredsofmillionsofusers

• Aneconomicmarketworth…TrillionsofDollars,Euros,Pounds…!!

• Manycountriesandcompaniesarenowdependentonthisneweconomicmarket

Wherethereismoney,thereiscrime!

• Criminalgangsandorganisationsmovedintotheneweconomicmarket:

– StartedrecruitingHackers

– Starteddevisingnew“businessideas”

– Developeda“businessplan”

• Organisedcrimebecameprofessionalinthenewinternetworld.

Oldboysinanewage• Traditionalcriminalorganisationshave‘started’cybercrime

divisions:

– CosaNostra(ItalianMafia)– JapaneseYakuza– ChineseTriads– RussianMafia– Nigerianmobs– Mexicancartels– …

Thenext-generationofcriminalorganisation:CYBERCRIMEINC.

CybercrimeInc.• Highlyprofitable(it’salwaysaboutthemoney)

• Lowrisk(anonymityandgeographicallocation)

• Moreefficientduetotechnology

• Globallydispersed,withspecialconcentrationin:• Ukraine • China • Brazil• Russia • Indonesia • USA• Romania • Taiwan • Turkey• Bulgaria • India • Nigeria

CybercrimeInc.• 80%ofHackersworkwithorarepartofanorganisedcrimegroup*

• Highlyorganised

• Deeplysophisticated:– Businessapproach– Towardsthe‘client’

*2014study bytheRandCorporation

CybercrimeInc.Usetypicalcorporatestrategies:

– Creativefinancing– Globallogistics– Supplychainmanagement– ‘Workforce’management– ‘Client’needs– Businessandmarketanalysis

CybercrimeInc.- Businessmodel• Takeadvantageof‘anonymous’servicestoadvertiseandselltheir

‘normal’productsandservicesonline

• Someofthenew‘business’opportunities:• Identitytheft• Intellectualpropertytheft• Tradesecrets• Industrialespionage• Sensitivedatatheft• Onlineextortion• Financialcrime• Datamanipulation

CybercrimeInc.- Tacticsused• SomeofthetacticsandmethodsusedbyCybercrimeInc:

– Phishingandspearphishing– Man-in-the-middle– Vulnerabilities– Trojanhorsesoftware– Spam– Botnets– Scareware– Ransomware– Malware– DoS andDDoS

TheCybercrimeInc.organisation

Atypicalbusinessorganisation

CEO

CFO

Management

SalesPeople

CIO

Management

Researchers Developers Engineers QATesters TechSupport

HRDirector CMO

Management

Distributors Affiliates

TheCybercrimeInc.organisation

CEO(Boss)

CFO(Underboss)

Management(Lieutenant)

MoneyMules(Soldiers&Associates)

CIO(Underboss)


Researchers(Soldiers)

Developers(Soldiers)

Engineers(Soldiers)

QATesters(Soldiers)

TechSupport(Soldiers)

HRDirector(Underboss)

CMO(Underboss)


Distributors(Soldiers)

Affiliates(Associates)

CybercrimeInc.– ‘Business’roles(1)

• ChiefExecutiveOfficer(CEO)– Boss– Responsiblefordecisionmakingandoverseeingoperations

• ChiefFinancialOfficer(CFO)– Underboss– Dealswitheveryfinancialaspectofthecybercrimeorg.

• ChiefInformationOfficer(CIO)- Underboss– ResponsiblefortheITinfrastructureoftheorganization

• ChiefMarketingOfficer(CMO)- Underboss– Designseffectiveadvertisingmethodsforproductsandservices


• HumanResources(HR)Director- Underboss– Recruitsthecriminalworkforcefortheorganization

• Management- Lieutenant– Responsibleformanagingthe‘criminal’workforce

• Researchers- Soldiers– Lookfornewexploitsand‘business’opportunities

• Developers&Engineers- Soldiers– Thetechies,akathebrains!


• QualityAssurance(QA)Testers- Soldiers– Testallcrimeware toensureitbypassesanysecuritymeasures

ofpotentialtargets

• TechnicalSupport- Soldiers– Techsupporttoclients,affiliatesandmembersofthe

organization

• Affiliates- Associates– DrivepotentialclientstoCybercrimeInc.


• Distributors– Soldiers– Helpdistributemalware

• Money‘Mule’– Soldiers&Associates– Helpswiththemoneylaundering

Adapttothenew

CybercrimeInc.– AdaptstotheNew

• Constantlylookingtoinnovate

• Overcomeobstacles

• Meetmarketdemands

• Explorenew‘business’opportunities

• Usetoolstohelpmeasurelevelsofsuccess(e.g.Webanalytics)

Hackingasaservice

Someexamples

CybercrimeInc.– InnovativeInc.• InnovativeMarketingInc.(akaIMI)

– FoundedbySamJainandDanielSundin (HQinUkraine)– Developedscarewareroguesecurityprograms:

• WinFixer• WinAntiVirus

– Officesin4continentswithhundredsofemployees– SupportcentresinOhio,ArgentinaandIndia– Marketedproductsundermorethan1,000differentbrandsandin9

languages– From2002to2008IMIgeneratedhundredsofmillionsofdollarsin

profit.

CybercrimeInc.– InnovativeInc.

Photograph taken in 2003

BJORN DANIEL SUNDINWire Fraud; Conspiracy to Commit Computer Fraud; Computer Fraud

DESCRIPTIONAlias: David Sundin

Date(s) of Birth Used: August 7, 1978 Place of Birth: Sweden

Hair: Red Eyes: Hazel

Height: 5'10" Weight: 136 pounds

Sex: Male Race: White

Occupation: Internet Entrepreneur Nationality: Swedish

Languages: English, Swedish NCIC: W10511664

REWARDThe FBI is o6ering a reward of up to $20,000 for information leading to the arrest and conviction of Bjorn Daniel Sundin.

REMARKSSundin has ties to Sweden and the Ukraine.

CAUTIONBjorn Daniel Sundin, along with his co-conspirator, Shaileshkumar P. Jain, is wanted for his alleged involvement in an international cybercrimescheme that caused internet users in more than 60 countries to purchase more than one million bogus software products, resulting inconsumer loss of more than $100 million. It is alleged that from December 2006 to October 2008, through fake advertisements placed onlegitimate companies’ websites, Sundin and his accomplices deceived internet users into believing that their computers were infected with“malware” or had other critical errors in order to encourage them to purchase “scareware” software products that had limited or no ability toremedy the purported defects.

Sundin and his co-conspirators allegedly deceived victims, through browser hijacking, multiple fraudulent scans and false error messages,into purchasing full paid versions of software products o>ered by their company, Innovative Marketing, Inc. The proceeds of these credit cardsales were allegedly deposited into bank accounts controlled by the defendant and others around the world, and were then transferred tobank accounts located in Europe. When customers complained that their purchases were actually fraudulent software, call centerrepresentatives were allegedly instructed to lie or provide refunds in order to prevent fraud reports to law enforcement or credit companies.

On May 26, 2010, Sundin was indicted in Chicago, Illinois, by a federal grand jury for the United States District Court, Northern District ofIllinois. He was indicted for wire fraud, conspiracy to commit computer fraud and computer fraud. That same day, a federal warrant wasissued for Sundin’s arrest.If you have any information concerning this person, please contact your local FBI o7ce or the nearest American Embassy orConsulate.

CybercrimeInc.– RBN• RussianBusinessNetwork(akaRBN)

– Registeredasaninternetsitein2006– BasedinSt.Petersburg,Russia– Allegedlyfoundedbythenewphew ofapowerfulRussianpolitician– Specialisesin:

• Personalidentitytheftforresale• Provideswebhostingandinternetaccesstoillegitimateactivities• DoS attacks• Deliveryofexploitsviafakeanti-spywareandanti-malware• Botnet

CybercrimeInc.– Carbanak Group• TheCarbanak Group

– Discoveredinearly2015byKasperskyLab– UsedanAPT-stylecampaigntargetingfinancialinstitutions– Aimtostealmoneyfrombanks– Estimated$1Billiondollarshavebeenstoleninanattackagainst100

banksandprivatecustomers– TargetedprimarilyRussia,UnitedStates,Germany,ChinaandUkraine

CybercrimeInc.– MexicanCartels• Mexicancartels:

– TargetedforeigncompaniesinvestinginorwithpresenceinMexico– Usedinternettoidentifyhigh-valuedemployees– CheckedtravelarrangementstoMexico– Replacedpersonatairportwaitingfor’high-valuedtarget’– Kidnapped’high-valuedtarget’– Demandedransom

CybercrimeInc.– MexicanCartels

TechnologicalTargets

Targeting- Mobility• CybercrimeInc.isfocusingonmobiledevices:

– Usedbyindividualsonaday-to-daybasis:• Onlinebanking• Onlineshopping• Socialising• Emails• Storepersonaldata• GPS

– Canbeeasytocompromiseandhack(e.g.install“rootkit”togaincontroltoallfeaturesofthemobiledevice)

Targeting– TheCloud• CybercrimeInc.isfocusingonTheCloud:

– Networkofcomputingresourcesavailableonline

– TheCloudcanbeusedtostore,manageandprocessinformation

– CompaniesareoutsourcingprimarybusinessfunctionsusingCloudservices

– CriticalandconfidentialdataisnowcentralisedintheCloud

– Insteadoftargetingseveralindividualserverslet’sfocusontheonesinthecloudshallwe?

Targeting- Data• CybercrimeInc.isfocusingonData:

– Personaldata– Businessdata– Governmentdata– Militarydata– Datamanipulationanddisinformation:

• Financialmarkets• Whatisdisplayedinourscreens

Targeting- Internetofthings(IoT)• CybercrimeInc.isfocusingonIoT

devices:

– 2013therewere13billiononlinedevices– CiscoSystemsestimates50billiononline

devicesby2020– IoT isestimatedtodriveanadditional

$6.2trilliontotheglobaleconomyby2025accordingtoMcKinseyGlobalInstitute

– IoT devicesaredevelopedwithouthavingsecurityinmind

ButCybercrimeInc.canalsotarget…

• SCADAdevices– SupervisoryControlAndDataAcquisition(SCADA)– Specialised andoftenoldcomputersystems– Beingconnectedtothebroaderinternet– Thesesystemswerenotdesignedwithsecurityinmind– 2014studyrevealedthat70%hadsufferedatleastonesecurity

breach• GPSSystems• TrackingSystems• Implantedmedicaldevices(IMDs)• Andsomanymore!!...

Hackers– Thebreadandbutter

LookingforaHacker• Hackersarenotbornhackers,theyaretrained

• Enormousamountoffreeeducationalmaterialintheinternetandintheunderworld(darkweb)

• PCgames:– Uplink– HackerExperience– TornCity– Hacknet– Hackers(foriOSandAndroid)

WhowantstobeaHacker?• Anyonewhofeelsattractedorenjoys:

– Technology– Challenge– Thethrill– Adventure– Danger– Money– Respect– Fame

Takingsecurityseriously(ornot)

OnaniceSundaymorning…

OnitsTVscreenfacingthestreet

Onabusinesstraintrip…

Onasite,somewhereinEurope…

Whatcanwedo?

Whatcanwedo?• Securitymustbetakenseriouslybyeveryone!

– Governments,companies,andindividualsneedtobesecurityconsciousandsecurityoriented

• Usualsecurityrecommendationsapply:– Keepsecuritysystemsupdatedandup-to-date– Questiontheoriginofeverything– Bemindfulof:

• Theinformationyoushareandmake’publicly’available• FreeWifi hotspots(freecanbebecomeveryexpensive)

Whatcanwedo?• Consider(asindoing!)regular:

– Securityaudits– Penetrationtests– Vulnerabilityanalysis

• Seekhelpforexpertsinthefieldtohelptoimprovesecurity

• Keepinformed(training,conferences,articles,books,…)

• Don’tfacilitate(weakpasswords,useofsamepassword,…)

Whatcanwedo?• Theremustbenoathomeandattheofficeattitude.Security

awarenessmustalwaysbepresent.

• Readbeforeyou‘click’.

• Search,ask.

• Ultimately,ifthisistoomuch.Justswitchoffeveryelectronicaldeviceandgobacktopenandpaper.Butwillthisbeenough?

Conclusion

Conclusion• Asalwaysthebadguysareaheadofthegame:

– Theyhavethemoney– Theyhavetheresources– Theyarewellorganised– Andaboveall,theyhavetime!

• Themostimportantthingisforeveryoneofus(the‘good’guys)tobesecurityawareandsecurityfocused

Conclusion• Ultimatelyweneedtotrust:

– Thecompanieswhosellusdevices,andsoftware– Theserviceproviders– Oursocialnetwork– Thegovernment

Conclusion– MostImportant!• Bemindful • Beaware

Questions

RuiMiguelFeio,[email protected]:+44(0)7570911459linkedin: www.linkedin.com/in/rfeiowww.rsmpartners.com

Contact

Cybercrime Inc. v2.2

Internet

Transcript of Cybercrime Inc. v2.2