Download presentation
Presentation is loading. Please wait.
Published byEve Dreyer Modified over 9 years ago
1
Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013
2
Crime DOES Pay – OWASP ConferencePage 2 Traditional Forensics
3
Crime DOES Pay – OWASP ConferencePage 3 Digital Forensics He’s tough, but we’ll make him talk.
4
Crime DOES Pay – OWASP ConferencePage 4 Example – Bredolab Russia Netherlands France
5
Crime DOES Pay – OWASP ConferencePage 5 Agenda ►Computer Crime Definition ►Crime Detection ►Dealing with an Incident ►Jurisdiction ►Punishment ►Case Studies ►Summary and Recommendations
6
Crime DOES Pay – OWASP ConferencePage 6 Computer Crime Definition ►What name would best describe this type of offense? ►Is it a new form of crime? Computer as a weapon Computer as a target
7
Crime DOES Pay – OWASP ConferencePage 7 Rising Above the Noise Level Vectors that may lead to detection: Security systems Proportions Subject of attack
8
Crime DOES Pay – OWASP ConferencePage 8 Relevant Parties for Detection End Users Security Vendors HoneyNets ISPs Local Police SOCs And more … Auditing Processes Governmental Agencies
9
Crime DOES Pay – OWASP ConferencePage 9 How to Report a Computer Crime USA ►The Internet Crime Complaint Center (IC 3 ) www.ic3.gov www.ic3.gov
10
Crime DOES Pay – OWASP ConferencePage 10 How to Report a Computer Crime UK ►Police Central e-crime https://online.met.police.uk/https://online.met.police.uk/ ►Action Fraud http://www.actionfraud.police.uk/home http://www.actionfraud.police.uk/home
11
Crime DOES Pay – OWASP ConferencePage 11 How to Report Computer Crime Meanwhile in Israel … Return
12
Crime DOES Pay – OWASP ConferencePage 12 Top 10 Detected Incidents ►Verizon 2012 Data Breach Investigations Report CategoryAttackOverall Rank Rank @ Large Org. HackingUse of stolen login credentials31 MalwareBackdoor62 HackingExploitation of backdoor C&C channel73 PhysicalTampering94 MalwareKeylogger/Form-grabber/Spyware15 SocialPretexting (classic social engineering)116 HackingBrute force and dictionary attacks57 HackingSQL injection158 SocialPhishing (or any type of *ishing)209 MalwareC&C (listens for and executes commands)2210
13
Crime DOES Pay – OWASP ConferencePage 13 Duration Until the Incident is Discovered Early detection heavily depends on the organization’s security maturity level. Average time until detection( Days)
14
Crime DOES Pay – OWASP ConferencePage 14 Dealing with an Incident Common ways of dealing with an incident: Internal Care Law Enforcement Entity Regulations Incident Severity
15
Crime DOES Pay – OWASP ConferencePage 15 Collaboration Interpol, Europol, FBI, local police, social media & email security teams, and more … Return
16
Crime DOES Pay – OWASP ConferencePage 16 Jurisdiction
17
Crime DOES Pay – OWASP ConferencePage 17 Punishment The penalty usually depends on the following factors: Financial damage Current & potential damage Offender intentions & personal gain
18
Crime DOES Pay – OWASP ConferencePage 18 Case Studies
19
Crime DOES Pay – OWASP ConferencePage 19 Case Study 1 ►Attacker: Pablo Escobar (James Jeffery) ►Victim: Abortions website
20
Crime DOES Pay – OWASP ConferencePage 20 Case Study 2 ►Attacker: Gary McKinnon ►Victim : USA military computers (“The biggest military computer hack of all time”) ►The US authorities tried to get an extradition ►Requested penalty: Up to 60 years in prison
21
Crime DOES Pay – OWASP ConferencePage 21 Case Study 3
22
Crime DOES Pay – OWASP ConferencePage 22 Take 1 ► Age – 19 ► Arrested for hacking to computers at NASA, the Pentagon, and more. ► Didn’t try to get a hold of secrets, rather to prove that the systems were flawed. Take 2 ► Age – 28 ► Accused with charges of conspiracy and fraud. ► Increased or deleted cards limit, then sold the stolen credit card numbers in the black market. Case Study 3 1.5 years in prison 3 years probation + $503,000 fine
23
Crime DOES Pay – OWASP ConferencePage 23 Summary ►The chances of getting caught are slim. ►Even if an offender does get caught, there is a long way to go before he may stand trial. ►Since so “MANY” stand trial, penalty is disproportionate.
24
Crime DOES Pay – OWASP ConferencePage 24 And the Conclusion Is … Crime Does Pay …
25
Crime DOES Pay – OWASP ConferencePage 25 Recommendations Save logs Poor Continuous log monitoring Moderate Build incident response capabilities Good
26
How good is your detection mechanism…?
27
Thank you. Renana Friedlich, Incident response & forensic team leader Renana.Friedlich@il.ey.comRenana.Friedlich@il.ey.com, 054- 2661260
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.