Data theft and breaches from cybercrime may have cost businesses as much as $1 trillion globally in lost intellectual property and expenditures for repairing damage. The current economic climate combined with new technologies such as Web 2.0 and Cloud Computing have undoubtedly created more opportunities for hackers, criminals, and industrial espionage firms who are targeting critical infrastructures and systems to steal sensitive information. This presentation from the Profile of the World's Top Hackers with Byron Acohido of USA Today, Mafiaboy, and Paul Henry provides critical insight into the inner workings of the cybercrime underground and outlines what businesses can do to protect their vital systems and information.
2. Agenda
• The New Threat Landscape
• Insider’s View of Cybercrime
• Evolution of Hacker Techniques
• Changing Motives and Targets
• Impact on Businesses and Governments
• Steps to Reducing the Threat of Attack
2
3. Panelists
Paul Henry Michael Calce Byron Acohido
Security and Forensics a.k.a. Mafiaboy Investigative Reporter and
Analyst, Lumension Author of Zero Day Threat
3
5. Pogo Plug – Backdoor in a Box
• Allows anything connected via USB to be easily shared across the
Internet
» Hard drive
» Ethernet adapter
» Wireless adapter
5
6. Pogo Plug – Backdoor in a Box
• Yes there are a few good uses but…. Pogo Plug demonstrates the need
to re-evaluate access to 80/443 outbound
6
7. Business Is Good For The Bad Guys
• Companies in the US, UK, Germany, Japan, Brazil, India and Dubai lost
$4.6 billion in intellectual property last year
» And spent $600M on repairing the damage
• Global damage from data loss will exceed $1Trillion
» This is more then the cost to fix the global recession
• 98% of those polled in a recent survey reported a tangible loss due to
cybercrime
7
8. Annual Reported Vulnerabilities
• It is common knowledge that you can eliminate 90% of your risk by
applying patches in a timely manner
Annual Reported Vulnerabilities
7,000 6704
6,000 5633
4894
5,000
4,000
3,000
2372
1963
2,000 1672
1289
1015
790
1,000
251 243
24 75
0
1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008
Source: National Vulnerability Database
8
16. Mafiaboy’s Distributed Denial-of-Service (DDoS)
‘Mafiaboy’ hacker jailed – September 13, 2001
Author: Michael Calce, 15
» St. Raphael Country Club
Botnet used in denial-of-service
attack
» Yale, Harvard servers botted
» CNN, Yahoo, Amazon, Dell, Excite, E-
trade attacked
Estimated $1.7 billion in damages
16
17. How it All Started
Excerpt from “How I Cracked the Internet and Why It’s Still Broken”
“…Someone knocked me offline by hitting me with so much data that my connection was
severed. These punters seemed to have a huge amount of power over others on AOL. I
was intrigued that an individual was able to “attack” someone else, regardless of the
distance between them, using the internet. It seemed like harmless fun, almost a practical
joke. The people punted off could simply sign on again and rejoin the chat room. Nobody
got hurt. I wanted to punt someone. Badly.
… That’s when my real hunt for AOL hacking tools started. Once I found that first
application, I stumbled across more and more. They were each brilliant in their own
subversive way. I came across one site that had a huge list of applications. I decided to
download all of them and browse their various functions. With these tools in hand, I began
to feel like I was in control of the internet, rather than the other way around. The sense of
power and possibility was intoxicating.”
17
18. Why the Internet Was Broken
Internet was relatively new and global
security knowledge was lacking
» Many available tools that enabled attacks to
be delivered with relative ease
» The internet was never intended to be a tool
of Commerce
» The fundamental protocols the internet was
built on are still flawed
» The lack of regulation between governments
and companies
» Security was never incorporated into the
architecture of ARPANET
» The lack of fundamental knowledge of the
users who try to utilize the internet
18
19. Hacking Technique – Denial of Service
• What is a DoS?
» Causes loss of service to
users, typically the loss of
network connectivity and
services
» Not designed to gain
access to systems
• Three types of attack
» Consumption of computer resources such as bandwidth, disk space or
CPU time
» Disruption of configuration information, such as routing information
» Disruption of physical network components
19
20. Attack Types – DoS and DDoS
• The attack on Yahoo was an ICMP flood
» ICMP traffic is the simplest kind of computer conversation - a ping, or a single
bit of data sent to see if another computer is responding
» ICMP flood is when an attacking ping is sent to a target computer with a faked
return address, which sends the attacked computer on an endless quest for a
place to return the ping
• Attack on CNN was a Syn Flood
» Starts with a falsified synchronization packet which is sent by a computer
when it wants to actually connect with another computer
» It sent so-called synchronization packets, or attempts to connect, to random
ports, ranging from 2 to 400
» Each packet had to be approved by the ACL - normally, synchronization
packets are followed by legitimate traffic which simply flows through the router
» Quickly, the router’s memory was consumed and stopped functioning
20
21. Why the Internet is Still Broken Today
Social Engineering
» Hackers rely on manipulation of naïve end-
users
» Doesn’t have to be remote – they can dress
up in uniform and literally walk into a
company
Internal IT hackers are more of a threat than
remote exploits or DoS attacks
» Employees don’t necessarily care about the
company, just about the paycheck
» Sabotage / retribution for loss of job or
internal dispute
21
22. Why the Internet is Still Broken Today
Web 2.0 and Cloud Computing
» Ease of data access
» Inevitably less secure technology
» Further enables social engineering
Time to Market Valued Over Security
» New technology developed before
predecessors are secured
» Zero-day exploits - people are unaware of
them and patches don’t exist yet
22
23. Evolving Hacker Techniques
Low-level attacks – script-kiddie
attacks, viruses
Medium level attacks – more
technical, leveraging recent
vulnerabilities
High level attacks – stealthy, zero-
day, polymorphic, designed NOT to
be caught
23
24. Evolution of Hacker Motives
• Intoxicating power over others
• Intellectual challenge
• Vengeance
• Exploration of technology
• Self-expression and peer recognition
• Mischief or Curiosity
• Terrorism
• Financial Gain
» Data is worth a lot on the black market
» Easier and less traceable than robbing a
bank
24
25. Why Organizations are At Risk - Hacker’s Perspective
• The lack of concern for security
• Easy exploitable loopholes that aren’t
patched
• Not having properly trained IT employees
• Default’s left untouched
• Flaws in the software or operating
systems they use
• Networks aren’t properly monitored
• Lack of funding to the IT department
• No outside pen testing
• Unprotected valuable data
25
39. What Needs To Be Done
•Macro View
» Select and empower an effective cyber czar
» Set forth effective mix of incentives and regulations
» Foster private/public partnerships
» Engender global cooperation
•Micro View
» Think of data as a valuable asset
» Make data privacy and security a core competency
» Keep antivirus/antispyware updated
» Install ALL updates
» Realize social media applications are festering with malware
39
41. Q&A via Chat or…
Twitter - send us your questions using hashtag: #TOPHCKR1
Follow on Twitter:
Lumension @_Lumension
Byron Acohido @lastwatchdog
Paul Henry @phenrycissp
42. Global Headquarters
15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260
1.888.725.7828
info@lumension.com