Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA...
-
Upload
judith-janis-mcdaniel -
Category
Documents
-
view
214 -
download
0
Transcript of Pacific Northwest Digital Government Summit Security – How Much is Enough? June 20, 2006 SA...
Pacific Northwest Digital Government SummitSecurity – How Much is Enough?June 20, 2006 SA Kenneth A. Schmutz
National Priorities
Counterterrorism Counterintelligence Cyber Crime
Cyber Crime Components
Computer Intrusions BOTNETS DDOS Attacks Intellectual Property Theft Theft of Trade Secrets Virus/Worm Activity
Child Pornography Internet Fraud
How Severe is the Threat?
THREAT
•Professional Cyber Criminals
•Organized Crime (Foreign and Domestic)
•Money
•Information
Growing Trend
BOTNETS Distributed Denial Of Service Attacks
(DDoS) Extortion Malicious Attacks
Pay for Click (Adware installations) Network Traffic
Identity Theft (keylogging, phishing) SPAM
Components of BOTNET
Internet Relay Chat (IRC) Server Usually a compromised Linux box
Zombies- Compromised computers Home, Military, Government, Education,
and Business infected by a worm, trojan, or virus
Botherder – Person controlling BOTNET
Attack Network
Attack Control Computer
Recent BOTNET Case
ZOTOB Released ~8/2005 Spreads through email and MS05-
039(PnP) Sets up Backdoor via trojan Controlled by Internet Relay Chat (IRC) Zotob A, B, C derived from MyTob Zotob D, E, F derived from Rxbot
ZOTOB- victims
IRC SERVERDiabl0.turkcoders.net
ZOTOB - Subjects
Code Analysis
43 41 4e 00 00 00 00 5b 78 5d 20 42 6f 74 7a 6f 72 B-O-T-Z-O-R.SCAN....[x] Botzor
32 30 30 35 20 42 79 20 44 69 61 62 6c 4f 00 00 2005 By DiablO................
ZOTOB - Subjects
Diabl0FBI Headquarters CyberFBI Seattle Cyber Squad Identify hotmail account for Diabl0
through DNS Whois for blackcarder.net
Worm analysis “greetz to my good friend coder”
ZOTOB - Subjects
FBI flies to Morocco/Turkey
ZOTOB Conclusion
Two subjects located and arrested in less than two weeks from infection
Cyber Prevention Current, patched Operating System
Enable automatic updates Current virus protection
Update as often as service allows Software and Hardware based firewall Anti-Spyware Protection
Now a necessity Identify points of vulnerability
Remote access Laptops
Resources
www.consumer.gov/idtheft/ www.ic3.gov/ www.annualcreditreport.com (877-322-
8228)
Contact
Special Agent Kenneth A. Schmutz (206) 262-2114 [email protected]