cyber crime - the new world order (v1.0 - 2016)
TRANSCRIPT
Deliveringthebestinzservices,software,hardwareandtraining.Deliveringthebestinzservices,software,hardwareandtraining.
WorldClasszSpecialists
CyberCrime– TheNewWorldOrder
RuiMiguelFeio– SeniorTechnicalLead
Agenda
ConclusionSummary of what was discussed and key points to remember
QuestionsAsk away any questions that you may have!
The value of dataWhy is data being targeted in the cyber world? The relevance and importance of ’knowing’
The Dark WebHow the Dark Web has been helping the cyber criminals to
take control of the cyber world
Cyber CrimeHow criminal
organisations are taking advantage of the cyber
world
Society &TechnologyEvolution of society and technology and the ever
more dependency on the online world
WhoAmI?
RUI MIGUEL FEIO
• WorkingwithRSMsince2010• Working withmainframesforthepast17years• StartedwithIBMasanMVSSysProgrammer• Specialises inmainframesecurity• Experienceinotherplatforms
Bio:
SENIOR TECHNICAL LEAD
SocietyandTechnology
Evolutionofman
Evolutionoftechnology
“Technology made large populations possible; largepopulations now make technology indispensable.”
JosephWoodKrutch
Evolutionofbusiness
Valueofonlinebusiness
*https://www.emarketer.com/Article/Worldwide-Retail-Ecommerce-Sales-Will-Reach-1915-Trillion-This-Year/1014369
Evolutionofcrime
Evolutionofcrime
CyberCrime
CyberCrime• 80%ofHackersworkwithorarepartofanorganisedcrimegroup*
• Cybercrimeorganisations:
– Arehighlyorganised– Adoptabusinessapproach(CybercrimeInc.)– Usetypicalcorporatestrategies– Useanonymitymethods:
• Cryptocurrencies• DarkWeb
*2014study bytheRandCorporation
CybercrimeInc.- Businessmodel• Takeadvantageof‘anonymous’servicestoadvertiseandselltheir
‘normal’productsandservicesonline
• Someofthenew‘business’opportunities:• Identitytheft• Intellectualpropertytheft• Tradesecrets• Industrialespionage• Sensitivedatatheft• Onlineextortion• Financialcrime• Datamanipulation
CybercrimeInc.- Tacticsused• SomeofthetacticsandmethodsusedbyCybercrimeInc:
– Phishingandspearphishing– Man-in-the-middle– Vulnerabilities– Trojanhorsesoftware– Spam– Botnets– Scareware– Ransomware– Malware– DoS andDDoS
CyberCrime Inc.- Example
*http://www.zdnet.com/article/carbanak-hacking-group-steal-1-billion-from-banks-worldwide/
CybercrimeInc.– Example
http://www.itv.com/news/2016-11-09/tesco-bank-pays-out-2-5m-to-9-000-customers-after-hacking-attack/
NewWorldOrder- Hackers
http://coed.com/2016/10/21/new-world-hackers-dyns-ddos-attack-denial-of-service-information-updates-facts/
CostofCyberCrime(UK)
https://www.getsafeonline.org/news/fraud-cybercrime-cost-uk-nearly-11bn-in-past-year/
TheDarkWeb
TheDarkWeb• Isasetofanonymouslyhostedwebsites
• Thatrequiresaspecialbrowsertoviewthem
• ThemostpopularbrowserisTOR(www.torproject.org)
• TORisallaboutonlineprivacy
• Typicallyassociatedwithbadandillegalactivities(cybercrime)
Cryptocurrencieshelpcybercrime
Hacking-as-a-Service
http://5eme2auqilcux2wq.onion/
Hacking-as-a-Service
http://hacker4hhjvre2qj.onion/
HackerforHire– Prices
http://hacker4hhjvre2qj.onion/
TheValueofData
Letmeaskyousomething…• Howmuchdoyouvalueyourprivacy?
• Howaboutyourfriendsandfamily’sprivacy?
• Whatdoyouthinkcouldhappenifyourdatawasmisused?
• Haveyoueversearchedorvisitedanonlinewebsitethatyouwouldratherliketokeepita‘secret’?
• IknowIhaveJ
Whowouldwantyourdata?• Everyone!Everysinglecompanywantsit!
• Why?– Becausenowtheyhaveawayofprofilingyou– Theyknowwhoyouare,whatyoulike,whatyoudon’tlike,
whatyoudo,whomyoudoitwith,whoareyourfriends,whatyourhabitsare…
– Aninsurancecompanyknowsyourhabits,andcannowdecideifyouare‘worthytobeinsured’
– Afinancialbankcandecideifitwilllendyoumoneyornot– Theyknowyoufromyour‘online’profile!
Whatdotheyhaveincommon?
Interestingfacts• OnadailybasisGoogleprocessesaround24Petabytesofdata
• Thisdataisthenstoredandsoldforadvertisement
• TheuseofCookies:– Fingerprintsthatallowyoutobetracedandcatalogued
• Whatyouseeonlineiscustomisedforyoubasedonyour‘onlineprofile’
ValueofaCompany• WhydoyouthinkFacebookorGoogleareworthbillionsofdollars?
• AstudypublishedbytheWallStreetJournalonFacebook:
– Eachlong-termuserisworth$80.95– Eachfriendshipisworth$0.62– Yourprofilepageisworth$1,800– Abusinesspageandassociatedadrevenuesareworth$3.1
million
Interestingfacts• DatabrokercompanyAcxiomCorporation:
– Hasmorethan23,000servers– Theseserverscollect,collateandanalysemorethan50trillion
uniquedatatransactionsperyear– 96%ofAmericanhouseholdsareinitsDBs– Hasmorethan700millionuserprofilesfromaroundtheworld– Eachprofilehasmorethan1,500specifictraits
• Onequotestated‘Thisistheageofthestalkereconomy’…
Databreaches
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Conclusion
Everyoneisatarget
Targets• Organisations ofallsizes(companies,governments)• Individuals• Mobiledevices• IoT devices• SCADAdevices• GPSSystems• TrackingSystems• Implantedmedicaldevices(IMDs)• Andsomanymore!!...
Shodan
https://www.shodan.io
Shodan
Haveyoubeenpwned?
https://haveibeenpwned.com
Questions?
RuiMiguelFeio,[email protected]
mobile:+44(0)7570911459
linkedin: www.linkedin.com/in/rfeio
www.rsmpartners.com
Contact