Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA...

18
Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz

Transcript of Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA...

Page 1: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Pacific Northwest Digital Government SummitSecurity – How Much is Enough?June 20, 2006 SA Kenneth A. Schmutz

Page 2: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

National Priorities

Counterterrorism Counterintelligence Cyber Crime

Page 3: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Cyber Crime Components

Computer Intrusions BOTNETS DDOS Attacks Intellectual Property Theft Theft of Trade Secrets Virus/Worm Activity

Child Pornography Internet Fraud

Page 4: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

How Severe is the Threat?

THREAT

•Professional Cyber Criminals

•Organized Crime (Foreign and Domestic)

•Money

•Information

Page 5: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Growing Trend

BOTNETS Distributed Denial Of Service Attacks

(DDoS) Extortion Malicious Attacks

Pay for Click (Adware installations) Network Traffic

Identity Theft (keylogging, phishing) SPAM

Page 6: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Components of BOTNET

Internet Relay Chat (IRC) Server Usually a compromised Linux box

Zombies- Compromised computers Home, Military, Government, Education,

and Business infected by a worm, trojan, or virus

Botherder – Person controlling BOTNET

Page 7: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
Page 8: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.
Page 9: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Attack Network

Attack Control Computer

Page 10: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Recent BOTNET Case

ZOTOB Released ~8/2005 Spreads through email and MS05-

039(PnP) Sets up Backdoor via trojan Controlled by Internet Relay Chat (IRC) Zotob A, B, C derived from MyTob Zotob D, E, F derived from Rxbot

Page 11: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

ZOTOB- victims

IRC SERVERDiabl0.turkcoders.net

Page 12: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

ZOTOB - Subjects

Code Analysis

43 41 4e 00 00 00 00 5b 78 5d 20 42 6f 74 7a 6f 72 B-O-T-Z-O-R.SCAN....[x] Botzor

32 30 30 35 20 42 79 20 44 69 61 62 6c 4f 00 00 2005 By DiablO................

Page 13: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

ZOTOB - Subjects

Diabl0FBI Headquarters CyberFBI Seattle Cyber Squad Identify hotmail account for Diabl0

through DNS Whois for blackcarder.net

Worm analysis “greetz to my good friend coder”

Page 14: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

ZOTOB - Subjects

FBI flies to Morocco/Turkey

Page 15: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

ZOTOB Conclusion

Two subjects located and arrested in less than two weeks from infection

Page 16: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Cyber Prevention Current, patched Operating System

Enable automatic updates Current virus protection

Update as often as service allows Software and Hardware based firewall Anti-Spyware Protection

Now a necessity Identify points of vulnerability

Remote access Laptops

Page 17: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Resources

www.consumer.gov/idtheft/ www.ic3.gov/ www.annualcreditreport.com (877-322-

8228)

Page 18: Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz.

Contact

Special Agent Kenneth A. Schmutz (206) 262-2114 [email protected]