cyber crime - the new world order (v1.0 - 2016)

Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.

WorldClasszSpecialists

CyberCrime– TheNewWorldOrder

RuiMiguelFeio– SeniorTechnicalLead

Agenda

ConclusionSummary of what was discussed and key points to remember

QuestionsAsk away any questions that you may have!

The value of dataWhy is data being targeted in the cyber world? The relevance and importance of ’knowing’

The Dark WebHow the Dark Web has been helping the cyber criminals to

take control of the cyber world

Cyber CrimeHow criminal

organisations are taking advantage of the cyber

world

Society &TechnologyEvolution of society and technology and the ever

more dependency on the online world

WhoAmI?

RUI MIGUEL FEIO

• WorkingwithRSMsince2010• Working withmainframesforthepast17years• StartedwithIBMasanMVSSysProgrammer• Specialises inmainframesecurity• Experienceinotherplatforms

Bio:

SENIOR TECHNICAL LEAD

SocietyandTechnology

Evolutionofman

Evolutionoftechnology

“Technology made large populations possible; largepopulations now make technology indispensable.”

JosephWoodKrutch

Evolutionofbusiness

Valueofonlinebusiness

*https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369

Evolutionofcrime

Evolutionofcrime

CyberCrime

CyberCrime• 80%ofHackersworkwithorarepartofanorganisedcrimegroup*

• Cybercrimeorganisations:

– Arehighlyorganised– Adoptabusinessapproach(CybercrimeInc.)– Usetypicalcorporatestrategies– Useanonymitymethods:

• Cryptocurrencies• DarkWeb

*2014study bytheRandCorporation

CybercrimeInc.- Businessmodel• Takeadvantageof‘anonymous’servicestoadvertiseandselltheir

‘normal’productsandservicesonline

• Someofthenew‘business’opportunities:• Identitytheft• Intellectualpropertytheft• Tradesecrets• Industrialespionage• Sensitivedatatheft• Onlineextortion• Financialcrime• Datamanipulation

CybercrimeInc.- Tacticsused• SomeofthetacticsandmethodsusedbyCybercrimeInc:

– Phishingandspearphishing– Man-in-the-middle– Vulnerabilities– Trojanhorsesoftware– Spam– Botnets– Scareware– Ransomware– Malware– DoS andDDoS

CyberCrime Inc.- Example

*http://www.zdnet.com/article/carbanak-hacking-group-steal-1-billion-from-banks-worldwide/

CybercrimeInc.– Example

http://www.itv.com/news/2016-11-09/tesco-bank-pays-out-2-5m-to-9-000-customers-after-hacking-attack/

NewWorldOrder- Hackers

http://coed.com/2016/10/21/new-world-hackers-dyns-ddos-attack-denial-of-service-information-updates-facts/

CostofCyberCrime(UK)

https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/

TheDarkWeb

TheDarkWeb• Isasetofanonymouslyhostedwebsites

• Thatrequiresaspecialbrowsertoviewthem

• ThemostpopularbrowserisTOR(www.torproject.org)

• TORisallaboutonlineprivacy

• Typicallyassociatedwithbadandillegalactivities(cybercrime)

Cryptocurrencieshelpcybercrime

Hacking-as-a-Service

http://5eme2auqilcux2wq.onion/

Hacking-as-a-Service

http://hacker4hhjvre2qj.onion/

HackerforHire– Prices

http://hacker4hhjvre2qj.onion/

TheValueofData

Letmeaskyousomething…• Howmuchdoyouvalueyourprivacy?

• Howaboutyourfriendsandfamily’sprivacy?

• Whatdoyouthinkcouldhappenifyourdatawasmisused?

• Haveyoueversearchedorvisitedanonlinewebsitethatyouwouldratherliketokeepita‘secret’?

• IknowIhaveJ

Whowouldwantyourdata?• Everyone!Everysinglecompanywantsit!

• Why?– Becausenowtheyhaveawayofprofilingyou– Theyknowwhoyouare,whatyoulike,whatyoudon’tlike,

whatyoudo,whomyoudoitwith,whoareyourfriends,whatyourhabitsare…

– Aninsurancecompanyknowsyourhabits,andcannowdecideifyouare‘worthytobeinsured’

– Afinancialbankcandecideifitwilllendyoumoneyornot– Theyknowyoufromyour‘online’profile!

Whatdotheyhaveincommon?

Interestingfacts• OnadailybasisGoogleprocessesaround24Petabytesofdata

• Thisdataisthenstoredandsoldforadvertisement

• TheuseofCookies:– Fingerprintsthatallowyoutobetracedandcatalogued

• Whatyouseeonlineiscustomisedforyoubasedonyour‘onlineprofile’

ValueofaCompany• WhydoyouthinkFacebookorGoogleareworthbillionsofdollars?

• AstudypublishedbytheWallStreetJournalonFacebook:

– Eachlong-termuserisworth$80.95– Eachfriendshipisworth$0.62– Yourprofilepageisworth$1,800– Abusinesspageandassociatedadrevenuesareworth$3.1

million

Interestingfacts• DatabrokercompanyAcxiomCorporation:

– Hasmorethan23,000servers– Theseserverscollect,collateandanalysemorethan50trillion

uniquedatatransactionsperyear– 96%ofAmericanhouseholdsareinitsDBs– Hasmorethan700millionuserprofilesfromaroundtheworld– Eachprofilehasmorethan1,500specifictraits

• Onequotestated‘Thisistheageofthestalkereconomy’…

Databreaches

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Conclusion

Everyoneisatarget

Targets• Organisations ofallsizes(companies,governments)• Individuals• Mobiledevices• IoT devices• SCADAdevices• GPSSystems• TrackingSystems• Implantedmedicaldevices(IMDs)• Andsomanymore!!...

Shodan

https://www.shodan.io

Shodan

Haveyoubeenpwned?

https://haveibeenpwned.com

Questions?

RuiMiguelFeio,RSMPartnersruif@rsmpartners.com

mobile:+44(0)7570911459

linkedin: www.linkedin.com/in/rfeio

www.rsmpartners.com

Contact