the dark side of the internet

The Dark Side of the InternetAnd Why You Shouldn’t Care

CEO of BH Consulting – Independent Information Security Firm

Founder & Head of IRISSCERT – Ireland’s first Computer Emergency Response Team

Special Advisor on Internet Security Europol's CyberCrime Centre (EC3)

Expert Advisor to European Network & Information Security Agency (ENISA)

Adjunct Lecturer at University College Dublin

Regularly comments on media stories – BBC, Forbes, Bloomberg, FT, Guardian, Sunday Times

Who Am I?

“Because that's where the money is.”

Willie Sutton

So Why Should I Care?

So Really Why Should I Care?

$1-$6 US Credit card number

$2-$12 UK Credit card number

$5-$50 Medical ID card 

$6-$18 Basic identity information

$7 PayPal account with credentials 

$50-$500 PayPal verified with balance

$20 DDoS attack from bot army (per hour)

$30 Passwords to consumer credit reports

$50 to $60 Health/medical record

$140 10 million email addresses

$200 Malicious Software Toolkit

$500 20 million SPAMs sent from bot army

$100-$2000 Malware as a Service (MaaS)

$1000-$5000 Online banking accounts with a balance

$10000 0-Day Exploit

Why Should I Care?

CyberCrimeIn

Ireland

63% believe their organisation is only partially equipped.

49% rate their overall readiness as fair or poor.

33% believe detection capabilities are inadequate.

30% believe evolving technical threats are biggest challenges.

Irish Computer Society

33% of organisations experienced a cyber breach in the past 2 years with 44% of organisations selling online have experienced a cyber breach

84% of directors say their organisation will increase spending on cyber security measures over the next 3 years

69% of directors claim their organisation is prepared or very prepared for a cyber breach

Institute of Directors in Ireland

Website Hacked

Data Protection Breach

Email Accounts Hacked

Loss Theft/Mobile Device

Computer Virus

0% 10% 20% 30% 40% 50% 60% 70%

19%

25%

28%

46%

64%

Top Five Breaches

Institute of Directors in Ireland

2014 - Incidents

6534

2015 - Incidents

26,137

2015 - IncidentsPhishing Hosted

7%

Malware45%

Denial of Service11%

Botnet C&C Servers11%

DDOS Outbound26%

2015 - Incidents

Org Crime, 74%

Other, 26%

Poor PasswordsMissing PatchesVulnerabilities

Web ApplicationsWeb PlatformsOut of date software (Windows XP)

Out of Date Anti-Virus SoftwareLack of Monitoring

Root Causes

DDoS Extortion Ransomware CEO Fraud SQL Injection

Current Issues/Concerns

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:

https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.

So, it’s your turn!

Your sites are going under attack unless you pay 100 Bitcoin.

Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.

We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.

Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.So, it’s your turn!

Your sites are going under attack unless you pay 100 Bitcoin.

Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.

We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.

Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:

https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.

So, it’s your turn!Your sites are going under attack unless you pay 100 Bitcoin.

Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.

We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.

Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:

https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.

So, it’s your turn!

Your sites are going under attack unless you pay 100 Bitcoin = (€22000)Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.

We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.

Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:

https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.

So, it’s your turn!

Your sites are going under attack unless you pay 100 Bitcoin.

Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but

you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

To introduce ourselves first:

https://blogs.akamai.com/2014/12/dd4bc-anatomy-of-a-bitcoin-extortion-campaign.html

http://bitcoinbountyhunter.com/bitalo.html

http://cointelegraph.com/news/113499/notorious-hacker-group-involved-in-excoin-theft-owner-accuses-ccedk-of-withholding-info

Recently we were DDoS-ing Neteller:

https://twitter.com/neteller/status/583363894665715712

Yes, our attacks are powerful.

So, it’s your turn!

Your sites are going under attack unless you pay 100 Bitcoin.

Pay to 1XXXXXXXXXXXXXXXXXXXXX

Please note that it will not be easy to mitigate our attack, because our current UDP flood power is 400-500 Gbps, so don't even bother. At least, don't expect cheap services like CloudFlare or Incapsula to help...but you can try. :)

Right now we are running small demonstrative attack.Don't worry, it will not be that hard (it shouldn't crash your site) and it will stop in 1 hour. It's just to prove that we are serious.

We are aware that you probably don't have 100 BTC at the moment, so we are giving you 24 hours.

Find the best exchanger for you onhttps://localbitcoins.com orhttp://howtobuybitcoins.infoYou can pay directly through exchanger to our BTC address, you don't even need to have BTC wallet.

Current price of 1 BTC is about 230 USD, so we are cheap, at the moment. But if you ignore us, price will increase.

IMPORTANT: You don’t even have to reply. Just pay 100 BTC to 1XXXXXXXXXXXXXXXXXXXXX – we will know it’s you and you will never hear from us again.We say it because for big companies it's usually the problem as they don't want that there is proof that they cooperated. If you need to contact us, feel free to use some free email service. Or contact us via Bitmessage: BM-XXXXXXXXXXXXXXXXXX

But if you ignore us, and don't pay us within a given time, long term attack will start, price to stop will go to 200 BTC and will keep increasing for every hour of attack.

IMPORTANT: It’s a one-time payment. Pay and you will not hear from us ever again!

We do bad things, but we keep our word.

Ransomware

CEO Fraud

CEO Fraud

Criminals Target Company

Get Details on Company LinkedIn About Us Pages Press Releases News Stories

Understand Hierarchy

CEO Fraud Spoof CEO Email

Address Compromise CEO Email

Account OWA/Web Based

Email Password Guessing Password reuse by

CEO from other breach

Infect CEO’s PC to gather Passwords

CEO Fraud Send Urgent Email to

CFO as CEO Requesting Payment to new

vendor Change in existing

vendor payments BCC to email account

under Criminal’s control

Criminal acting as CEO

Criminal’s own email account

CEO Fraud Criminal’s fake account

looks similar to real account;

ceo@Companyabc.comceo@Connpanyabc.com

Criminal now in control of conversation

If still in control of CEO mailbox, delete emails of ongoing conversation

CEO Fraud Can even take part in

conversation with supplier

Monitor emails to Genuine supplier account

Set up fake supplier email accountperson@supplier.comperson@suppIier.com(note L in 2nd supplier address is uppercase i)

CEO Fraud Payment is made to Bank account under criminals’

control

How To Defend

Security Is An Enabler

Identify & Value Key Assets

Establish Policies

Security Awareness

Training

Monitor & Respond

Information Sharing

Secure Coding

Other Mechanisms Mobile Device Management (MDM)

Enforce Policies across devices Network Access Control Data Leakage Prevention Digital Rights Management Monitor Log Files for Access Check Corporate Credit Card Statements Encrypted & Secure USB Devices End Point Management Mobile Malware Protection

@BrianHonanBrian.honan@bhconsulting.ie

www.bhconsulting.ie