SlideShare ist ein Scribd-Unternehmen logo

A perspective for counter strategy against cybercrime and cyber espionage

Gohsuke Takama
Gohsuke Takama
BusinessTechnologie
1 von 50
Downloaden Sie, um offline zu lesen
Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
"what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
"whom targeted, why" • , • Sony PSN, Sony • , • • :
"whom targeted, why" http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/
"spoofing, phishing & targeted attack" / 1
"cybercrime, cyber espionage, primary target = individual"
"know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
"know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
"know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
"disseminate characters" • • • • • • • • •
"disseminate characters"
"disseminate characters" https://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
"disseminate characters" how cyber criminals lure talents?
"disseminate characters" http://www.youtube.com/watch?v=2Tm7UKo4IBc http://www.youtube.com/watch?v=kZNDV4hGUGw
"disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
"disseminate motives" • , • • hacktivism, •
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
"disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
"disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
"social change on Internet" 2000 • • • • • •
"social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
"real world vs. social data world"
"real world vs. social data world" :
"emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
"layer approach" •examle: OSI model
"a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
"attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
"state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
"perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
"perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
"perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
"perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
"perspective for counter strategy" be creative: Soft Power
"perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
"perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
"perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27
A perspective for counter strategy against cybercrime and cyber espionage

Empfohlen

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation Data
Phannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
Klaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
hackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
Onwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Hacking
HackingHacking
Hacking
Dianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
Nerium International
 

Empfohlen

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation Data
Phannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniques
Klaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hacking
hackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economy
n|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
Onwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
arohan6
 
Hacking
HackingHacking
Hacking
Dianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
Nerium International
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
Gohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
Gohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
Gohsuke Takama
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
Mike Nowakowski
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
Winston & Strawn LLP
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
arx-deidentifier
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
arx-deidentifier
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
Muay31
 
Hacking
HackingHacking
Hacking
Purohit Rock
 
hacking
hackinghacking
hacking
mayank1293
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
danish3
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
EC-Council
 

Weitere ähnliche Inhalte

Andere mochten auch

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
Gohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Gohsuke Takama
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
arx-deidentifier
 

Andere mochten auch (17)

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 

Ähnlich wie A perspective for counter strategy against cybercrime and cyber espionage

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
Muay31
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
EC-Council
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
PECB
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
Being Uniq Sonu
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
Oracle BH
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
Hackito Ergo Sum
 

Ähnlich wie A perspective for counter strategy against cybercrime and cyber espionage (20)

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
HACKING
HACKINGHACKING
HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Kürzlich hochgeladen

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Damini Dixit
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
lizamodels9
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Damini Dixit
 

Kürzlich hochgeladen (20)

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 

A perspective for counter strategy against cybercrime and cyber espionage

  • 1. Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
  • 2. about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
  • 3. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
  • 4. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
  • 5. "what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
  • 6. "whom targeted, why" • , • Sony PSN, Sony • , • • :
  • 8. "spoofing, phishing & targeted attack" / 1
  • 9. "cybercrime, cyber espionage, primary target = individual"
  • 10. "know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
  • 11. "know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
  • 12. "know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
  • 16. "disseminate characters" how cyber criminals lure talents?
  • 18. "disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
  • 19. "disseminate motives" • , • • hacktivism, •
  • 23. "disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
  • 24. "disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
  • 25. "disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
  • 26. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
  • 27. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
  • 28.
  • 29. "social change on Internet" 2000 • • • • • •
  • 30. "social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
  • 31. "real world vs. social data world"
  • 32. "real world vs. social data world" :
  • 33. "emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
  • 34. "layer approach" •examle: OSI model
  • 35. "a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
  • 36. "attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
  • 37. "state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
  • 38. "perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
  • 39. "perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
  • 40. "perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
  • 41. "perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
  • 42. "perspective for counter strategy" be creative: Soft Power
  • 43. "perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
  • 44. "perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
  • 45. "perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
  • 46. references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
  • 47. references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
  • 48. references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
  • 49. references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27