Cyberbad Where Spam is leading to Phillip Hallam-Baker
Spam is Criminal Infrastructure SpamBotnets
Botnets beget Spam – Adverts for criminal / defective products – Phishing – Advance Fee Frauds Denial of Service Extortion All Things ‘Cyber-bad’
What is Cyber-Terror? Cyber-Bad
Lowering the barriers
Cyber-Bad for Hire Hacking tools (commodity ø day exploits) Stolen credentials Crime as Service – Spam – Botnets Unwitting Accomplices (mules) – Receiving stolen goods – Money laundering
Cyber-bad Purposes Vandalism Vigilantism Fraud Terrorism Warfare
Criminals extend reach Compromise systems during manufacture – Pin Entry Devices compromised during manufacture Phone home with PIN data to Pakistan Criminal insiders – Blackmailed or bought prior to hire – US Cert: 41% incidents involve insiders Soc Generalé demonstrates €bn potential
Internet Crime Isn’t The banks are still where the money is
Russian Business Network
Cyber Crime to Cyber Terror? RBN ‘customer’ 1488.ru
It’s not a new game…
Internet Terrorism Today
Internet = Outreach
Internet = Praxis
Realistic Future Scenarios
Internet = Research Open Sources – AQ manual claims 80% of information is available Criminal Expert Sources – Who can tell me X for $100? Espionage – Find an honest expert, penetrate their machine
Internet Crime = Funding
Internet Crime = Money Laundry
Internet Sabotage = Force Multiplier
Is a Hollywood Scenario likely?
Past Performance is no guarantee…
Security through obscurity works… … until it fails
Fixing the Problem
What is the problem? Banks – Cost of Internet crime Direct Losses Customer Service Opportunity Losses National Security – Potential criminal profits – Potential sabotage damage
Are there solutions? Chip and PIN – Eliminated Card Present Fraud in Europe Remaining attacks exploit legacy channels Why not in the US? – Different market structure – Anti-trust used to block changes
Anti-Crime Solutions Authentication – SPF, DKIM, Secure Internet Letterhead Web Authentication – Extended Validation, Secure Internet Letterhead Secure Identity – SAML, WS-*, OpenID, OATH, Identity 3.0 Data Level Security – CRM Infrastructure, Open CRM Network Security – Reverse Firewalls, DNSSEC, BGP Security – Domain Centric Administration, Default Deny Infrastructure
Conclusions The threats are real – They are not necessarily Internet threats – But the Internet changes the game The threats are serious – They may not be “terrorism” as we know it – But they are worth caring about Criminal infrastructure is an ongoing threat – Some states are playing the privateer game – We cannot rely on international cooperation