Scribd Logo
Carica

Benvenuto in Scribd!

  • Cyber Bad

    Caricato da

    Eki Dyaindra
    14 visualizzazioni28 pagine
    Cyberbad Where Spam is leading to

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Cyberbad Where Spam is leading to

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    14 visualizzazioni28 pagine

    Cyber Bad

    Caricato da

    Eki Dyaindra
    Cyberbad Where Spam is leading to

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 28

    Cyberbad

    Where Spam is leading to


    Phillip Hallam-Baker
    hallam@dotcrimemanifesto.c
    om
    Spam is Criminal
    Infrastructure
    Botnets beget
    Spam
    Adverts for criminal / defective products
    Phishing
    Advance Fee Frauds
    Denial of Service Extortion

    All Things Cyber-bad


    What is Cyber-Terror?

    Cyber-Bad
    Lowering the barriers
    Cyber-Bad for Hire
    Hacking tools (commodity day
    exploits)
    Stolen credentials
    Crime as Service
    Spam
    Botnets
    Unwitting Accomplices (mules)
    Receiving stolen goods
    Money laundering
    Cyber-bad Purposes
    Vandalism
    Vigilantism
    Fraud
    Terrorism
    Warfare
    Criminals extend reach
    Compromise systems during manufacture
    Pin Entry Devices compromised during
    manufacture
    Phone home with PIN data to Pakistan
    Criminal insiders
    Blackmailed or bought prior to hire
    US Cert: 41% incidents involve insiders

    Soc General demonstrates bn potential


    Internet Crime Isnt
    The banks are still where the money is
    Russian Business Network
    Cyber Crime to Cyber
    Terror?
    RBN customer 1488.ru
    Its not a new game
    Internet Terrorism Today
    Internet = Outreach
    Internet = Praxis
    Realistic Future Scenarios
    Internet = Research
    Open Sources
    AQ manual claims 80% of information is
    available

    Criminal Expert Sources


    Who can tell me X for $100?

    Espionage
    Find an honest expert, penetrate their machine
    Internet Crime = Funding
    Internet Crime = Money
    Laundry
    Internet Sabotage = Force
    Multiplier
    Is a Hollywood Scenario
    likely?
    Past Performance is no
    guarantee
    Security through obscurity
    works
    until it fails
    Fixing the Problem
    What is the problem?
    Banks
    Cost of Internet crime
    Direct Losses
    Customer Service
    Opportunity Losses
    National Security
    Potential criminal profits
    Potential sabotage damage
    Are there solutions?
    Chip and PIN
    Eliminated Card Present Fraud in Europe
    Remaining attacks exploit legacy channels

    Why not in the US?


    Different market structure
    Anti-trust used to block changes
    Anti-Crime Solutions
    Email Authentication
    SPF, DKIM, Secure Internet Letterhead
    Web Authentication
    Extended Validation, Secure Internet Letterhead
    Secure Identity
    SAML, WS-*, OpenID, OATH, Identity 3.0
    Data Level Security
    CRM Infrastructure, Open CRM
    Network Security
    Reverse Firewalls, DNSSEC, BGP Security
    Domain Centric Administration, Default Deny Infrastructure
    Conclusions
    The threats are real
    They are not necessarily Internet threats
    But the Internet changes the game

    The threats are serious


    They may not be terrorism as we know it
    But they are worth caring about

    Criminal infrastructure is an ongoing threat


    Some states are playing the privateer game
    We cannot rely on international cooperation

    Potrebbero piacerti anche