標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
- 1. Gohsuke Takama / , Meta Associates, 2012 2
http://www.slideshare.net/gohsuket
- 2. about…
✴ Gohsuke Takama / , Meta Associates http://www.meta-associates.com/
✴ , IT ,
✴ , ,
✴ : Black Hat Japan, PacSec
✴ ( , , )
✴ ( )
✴ : DHS, NIST, NERC, EPRI, Stanford Research, Sandia , Bell , ISAC Council, John
Arquilla(NPS ), Richard Clarke, John Tritak, Paul Kurtz (Good Harbor Consulting)
✴ :
, ,
✴ : Patch Advisor( ), SecWest (PacSec )
✴ IT , ( )
✴ : CodeGate2008 ( ), (2002, 2010),
✴ : http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/
✴ Privacy International, London, UK http://www.privacyinternational.org/
✴ ,
Gohsuke Takama
- 6. 11
x
10
=
9
8
7 R
6
5
4
3
2
1
A B C D E F G H I J K
Gohsuke Takama
- 7. A
Attacks
Gohsuke Takama
- 8. ?
"Spear Phishing"
"Advanced Persistent Threat" APT
"Targeted Cyber Espionage"
"Adaptive Persistent Attack" APA
"Top APT Research of 2011 (That You Probably Haven’t Heard About)"
Gohsuke Takama
http://blog.trendmicro.com/top-apt-research-of-2011-that-you-probably-havent-heard-about/
- 9. ?
http://paulsparrows.wordpress.com/2011-cyber-attacks-timeline-master-index/
Gohsuke Takama
http://paulsparrows.wordpress.com/2012-cyber-attacks-timeline-master-index/
- 10. ?
• , IHI... (2011)
• , ... (2011, ID, ?)
• JAXA (2011, NASA ?)
• ShadyRAT (2011, 14
OperationAurora (2010, Google
70 ),
34 ),
Night Dragon (2010,
), GhostNet (2009, 103
)
• RSA / Lockheed Martin (2011, SecurID
, Lockheed )
• DigiNotar (2011, Google SSL )
Gohsuke Takama
• Stuxnet (2010, )
- 11. ?
RSA
SecurID
Gohsuke Takama
- 12. ?
Diginotar 2011 9 19
20
Gohsuke Takama
- 13. ?
= (Cyber Espionage)
"Targeted Cyber Espionage"
"Advanced Persistent Threat" APT
"Adaptive Persistent Attack" APA
Gohsuke Takama
- 14. ?
/ 1
,
Gohsuke Takama
- 15. ?
✴ APT,
• =
•
• : , ,
• → → →
✴ ( )
• =
•
Gohsuke Takama • →
- 16. ?
EU
$1 Trillion/ = 80 (McAfee
2009 )
EU
$3.4 Billion = 2720 (2011,VISA
CyberSource )
¥57.4 ¥19
(2011)
https://www.europol.europa.eu/sites/default/files/publications/iocta.pdf
Gohsuke Takama
http://www.net-security.org/secworld.php?id=12273
- 17. ?
• : OSI
Gohsuke Takama
- 18. ?
7 Psychological ,
Human Factor 6 Custom (Habit) ,
5 Operation
4 Content
Intangibles
3 OS/Application
2 Hardware
Tangibles
1 Physical
Gohsuke Takama
- 19. ?
, APT,
Psychological
, Phishing ?
, ID / , , ,
Custom
XSS, XSRF, CSIRT, PKI, ID, SSL
DoS, Spam, , CSIRT , ,
Operation
, ,
, , , ,
Content
Spam, , IDS
OS/ DoS, , , IDS,
Application 0day, rootkit, IPS, , OS/
, ,
Hardware , ,
,
, , , ,
Physical
,
Gohsuke Takama
- 20. ?
✴ (Firewall)
•( + )
✴
•= ( )
✴ 100% >
• ( ?)
✴ PKI = DigiNotar
✴ =
Gohsuke Takama •( )
- 21. S
Social Engineering
Gohsuke Takama
- 22. :
:
syoutenn_aguri@aol.jp
:
( )
: Photo.zip
:
: 3 , 7
( 1 ( ), 10
Gohsuke Takama
- 29. : A28
90%
3:20
: .xls
Gohsuke Takama
- 30. : A28
10%
3:20
: .xls
Gohsuke Takama
- 37. ( : Turing test)
1950 Computing Machinery and Intelligence
[1]
http://ja.wikipedia.org/wiki/
Gohsuke Takama
- 38. W
Who, Why, What
Gohsuke Takama
- 39. ? ?
Law, Market, Norms, Architecture
Gohsuke Takama
- 42. ? ?
Political Power
Money Ideology
-
-
-
-
Gohsuke Takama
Technical Control
- 43. ? ?
Political Power
Money Ideology
:
-
-
-
-
Gohsuke Takama
Technical Control
- 44. ? ?
Political Power
APT
Money Ideology
Lulz
:
-
-
-
-
Gohsuke Takama
Technical Control
- 46. HUMINT, COMINT→CYBINT?
HUMINT: Human Intelligence
COMINT: Communications Intelligence
(Signals Intelligence)
CYBINT*: Cyber Intelligence
(Network Intelligence)
http://en.wikipedia.org/wiki/Network_intelligence
Gohsuke Takama
- 47. HUMINT, COMINT→CYBINT?
, , , , ,
• • • • •
• • • • •
• • • • •
• • • • •
• • • • •
• • • • •
• • • • •
• • • • •
• • • , • •
• • • • •
• • • •
• • •
• • •
Gohsuke Takama
- 48. HUMINT, COMINT→CYBINT?
, , , , ,
• NW • NW
• •Spam ( ) • • •
•IP • • •
• • • •
• , F/W •
•Fax, • USB
• • •
• • CD-ROM
• •
• • • •
• • • • •
• • • • •
• • LAN • •
• •Fax • • •
• • • •
• • • •
• • • • •
• •
• • • •
• • •
•
• • • , •
• • • Gohsuke Takama
- 49. "Stuxnet"
HUMINT, CYBINT
"Nuclear scientist killed in Tehran was Iran's top Stuxnet expert"
Gohsuke Takama
http://www.debka.com/article/20406/
- 51. A x S xW
= what to do?
Gohsuke Takama
- 52. ?
, , , , ,
• /
•
•
•
• • VPN, •
• -
• •
• / / • • •
• • • •
• • •
•MAC • PR
• / •
Gohsuke Takama
- 53. ✴ ,
✴
✴ /
✴
•
• -DMZ
• -
Gohsuke Takama
- 54. •
•
•
•
• Twitter, Facebook, IRC, Weibo, RenRen
• : https://www.recordedfuture.com/
"RQ-170" Jul 30 2006--Mar 14 2012 https://www.recordedfuture.com/rf/s/2z0Cm4
Gohsuke Takama
- 55. ✴
• =
•
• =
•
•
• =
•
Gohsuke Takama •
- 56. ✴ )
(
✴
•
•
•
• /
Gohsuke Takama
- 57. ✴
• SSL / TLS
✴ (PGP )
✴ (Chat, IM, SMS, )
✴
• Chat, IM, SMS ,VoIP
Gohsuke Takama
•
- 60. / MAC
✴ LAN
• LAN
• LAN
• F/W
Gohsuke Takama
- 61. ✴ PR
•
• /
• Soft Power = 1990
(
Joseph Nye
Hard Power )
• http://ja.wikipedia.org/wiki/
•
Gohsuke Takama