Cyberbad Where Spam is leading to

Phillip Hallam-Baker hallam@dotcrimemanifesto.com

Spam is Criminal Infrastructure

Botnets

Spam

Botnets beget
Spam
Adverts for criminal / defective products Phishing Advance Fee Frauds

Denial of Service Extortion

All Things Cyber-bad

What is Cyber-Terror?
Cyber-Bad

Lowering the barriers

Cyber-Bad for Hire

Hacking tools (commodity day exploits) Stolen credentials Crime as Service
Spam Botnets

Unwitting Accomplices (mules)

Receiving stolen goods Money laundering

Cyber-bad Purposes
Vandalism Vigilantism Fraud Terrorism Warfare

Criminals extend reach

Compromise systems during manufacture
Pin Entry Devices compromised during manufacture
Phone home with PIN data to Pakistan

Criminal insiders
Blackmailed or bought prior to hire US Cert: 41% incidents involve insiders

Soc General demonstrates bn potential

Internet Crime Isnt

The banks are still where the money is

Russian Business Network

Cyber Crime to Cyber Terror?

RBN customer 1488.ru

Its not a new game

Internet Terrorism Today

Internet = Outreach

Internet = Praxis

Realistic Future Scenarios

Internet = Research
Open Sources
AQ manual claims 80% of information is available

Criminal Expert Sources

Who can tell me X for $100?

Espionage
Find an honest expert, penetrate their machine

Internet Crime = Funding

Internet Crime = Money Laundry

Internet Sabotage = Force Multiplier

Is a Hollywood Scenario likely?

Past Performance is no guarantee

Security through obscurity works until it fails

Fixing the Problem

What is the problem?

Banks
Cost of Internet crime
Direct Losses Customer Service Opportunity Losses

National Security
Potential criminal profits Potential sabotage damage

Are there solutions?

Chip and PIN
Eliminated Card Present Fraud in Europe
Remaining attacks exploit legacy channels

Why not in the US?

Different market structure Anti-trust used to block changes

Anti-Crime Solutions
Email Authentication
SPF, DKIM, Secure Internet Letterhead

Web Authentication
Extended Validation, Secure Internet Letterhead

Secure Identity
SAML, WS-*, OpenID, OATH, Identity 3.0

Data Level Security

CRM Infrastructure, Open CRM

Network Security
Reverse Firewalls, DNSSEC, BGP Security Domain Centric Administration, Default Deny Infrastructure

Conclusions
The threats are real
They are not necessarily Internet threats But the Internet changes the game

The threats are serious

They may not be terrorism as we know it But they are worth caring about

Criminal infrastructure is an ongoing threat

Some states are playing the privateer game We cannot rely on international cooperation