Network Flow 2012: Year in Review Industry @Geowarnagiris Miscellaneous [email protected]

Total Page:16

File Type:pdf, Size:1020Kb

Network Flow 2012: Year in Review Industry @Geowarnagiris Miscellaneous Gwarnagi@Cert.Org Attacks Government Network Flow 2012: Year in Review Industry @GeoWarnagiris Miscellaneous [email protected] 6/7 1/17 2/4 4/1 Last.fm Justin Beiber’s web site 403 NASA Utah Dept. of Heath warns 40M hacked 200 accts 2/26 8/3 usernames and 500K personal records users to 8/9 dumped 2/10 UN (UNEP) Mat passwds posted 4/16 change pass Utah cia.gov DB leaked Honan’s 1/15 2/3 US Gov & LE computerized taken 3/31 digital life zappos.com customer Conf call re: Anon DDoS 6/6 1.5M 7/19 signs hacked 9/21 12/4 12/21 down 2/26 PBS hacked 4/29 destroyed details accessed between FBI and eHarmony $80K in Nike 8/21 USDA Swiss National Council on Wikileaks publishes 4/12 Yahoo and 5/28 9/18 10/25 Scotland Yard leaked passwd merchandise 8/9 Moscow defaced security agency Foreign 1/12 2/8 Stratfor emails 3/30 Another AOL email Flame 8/2 US Bank Israeli National 11/23 hashes stolen via Battle.net Court web warns of large Relations AlienVault releases Westboro Baptist 3/12 GlobalPayments FBI/MI6 breached announced MLB DDoSes network Some 2/2 dumped web site bug hacked site hacked 9/4 secret data leak poisoned details of Sykipot trojan taken down BBC announce call Facebook begin 9/26 disconnects GoDaddy Susan G. Komen for 5/26 Bitfloor 11/8 variant targeting 2/14 Persian breach 50k - leaked - 2 6/5 hijacked by Telvent 10/11 from civilian DNS hijacked 12/3 the Cure hacked U. of 8/16-8/31 Bitcoin 2 EU officials ActivIdentity smart Cryptome attack 10m affected arrests 4/27 6.5M 7/8 7/19 rogue Canada Bank DDoS Dalai Lama 12/19 2/8 Nebraska 8/9 OpFree exchange 9/18 claim laptop cards infected disclosed 13M Hotmail LinkedIn 1300 Israeli Mom hacks employee accuses continue site Al Qaida 1/31 Foxconn 3/27 654K user Gauss Assange hacked Online poker hacked in 11/22 4/3 accts passwd email addrs high school Chinese 10/24 distributing webistes 6.7GB NASA DB hacked Pastebin details est. banking ~$250K player hotel in Symantec 2/14 Sophos breached hashes and to change hacking group South Mac malware DDoSed uploaded to pastebin DDoS $127M 8/2 malware 8/15 hacked and Azerbaijan releases WSJ reports Nortel has hacked 5/16 dumped 6/21 passwds sons of intrusion Carolina 11/28 1/10 EPA details Saudi $100K 10/7 11/5 Narilam 1/29 2/6 been owned for 10 Wikileaks Iran claims posted to grades 9/1 Dept. of First Security USCERT warns of hacked released Aramco stolen WoW mass Guy details 12/17 Pastebin SuperBowl years by Chinese and Pirate 5/24 “massive” Anon Arab Pastebin 9/26 avatar Revenue Insurance Westboro phishing campaign 6/4 7/17 7/26 cyber Fawkes DOS 4th time site creds leaked 3/7 3/27 4/26 Bay DDoS US State cyber website DDoS Sourceforge murder breach 3.6M bank account Baptist Church using USCERT email 4/2 ca.gov Madi Aussie attack 9/18 day many 11/21 in the month Vatican Beiber’s Taliban Dept. attack 7/5 8/7 compromised tax returns robbed targeted addresses 2/5 Al Qaeda 5/12 admin acct Persian ISP (shamoon) Mirage exploits France web Twitter web site defaces Al Alaska road Wikileaks 10/19 OpWBC Syrian Ministry of Pres site DDoS hacked DDoS Bitconica creds 6/13 side info breached 8/30 RAT details claims US 12/1 2/13 defaced Qaeda web DDoS GitHub 1/21 Affairs email server $87k stolen dumped Google and construction stealer 40GB Qatari Nat. released 9/26 11/4 attacked Mexican trade.gov.cn user 4/2 site DDoS 1/6 Several websites leaked 5/5 MS signs hacked revealed exfiled gas Spain’s NBC.com Sarkozy w/a president 12/12 Symantec 2006 name/pass leaked China’s Bank defaced protesting 3/24 US natural announce 7/3 7/3 8/1-8/20 company 9/18 National defaced Flame variant cyber source leaked 2/12 CEIEC 6/1 7/23 10/16 DDoSes cont MegaUpload takedown 3/2 Canadian 4/23 gas 5/22 0-day being Several Several Anon infected IEEE data Police 9/28 10/24 11/11 protests 1/2 Several Greek Govt sensitive US Toronto “AC/DC 7/31 S. Env. or SOPA/PIPA $71K in bitcoins New Iran oil pipeline 1.7GB from used to Chinese web Chinese web #OpAustralia (shamoon) breach DDoS Adobe 63 B&N FreeBSD.org 11/26 12/3 South African Postbank sites downed documents Police Worm” Dropbox Law stolen from Democrat industry industry US DOJ exploit sites hacked sites hacked certificate keypads unauth Nationwide 8K Tumblr robbed for $6.7m leaked Dept. reported in breached Center linode.com Party DDoS attacked attacked released Gmail and acct info and acct info compromise hacked access owned blogs attacked Iran hacked dumped dumped spammed 1/3 4/14 12/7 10/8 12/31 PGH w0rmer of 5/8 Napatec achieves 1/18 6/11 6/26 House Intel SecurityOnion makes the 3/22 CabinCr3w R.Weaver 5/24 100Gbps on Dell SOPA IPv6 support Cosmo and Mir 8/27 Committee 12.04 released WashPo 2/27 MITRE arrested successfully Mayor of W. 8/13 9/27 commodity hw blackout in Qosmos of UGNazi Sourcefire 9/10 warns on risk of 10/30 “In” list HP Security publishes defends PhD New York Argus 12/12 protests Network Intel releases Israel arrest 3 DARPA holds Lancope Intelligence “Social Radar” thesis arrested for arrested 3.0.7.1 using Huawei CERT announces 1/19 Suite FireAMP suspected “Plan X” launches the and Risk research 4/16 attacking released gear Common Sense 12/13 MegaUpload hackers workshop StealthWatch Management Austria's critical site 8/29 Guide to ITU treaty Seized Federal Labs Intelligence platform LulzSec 9/11 Center Mitigating Insider rejected in Criminal member Pirate Bay Threats Dubai Police Office 12/18 3/2 arrested and founder conference arrest 15 year NASA announces Cray launches accused of arrested for old for hacking launch of newest 12/19 new big data an extensive hacking into 259 Attacks Tracking and Data PGH named appliance breach of the FloCon 2012 companies Relay Satellite (TDRS) one of the most 3/7 Sony Pictures Dates: January 9 - 12, 2012 across the Government 9/12 for Internet entertaining 5 members of Europe. Location: Sheraton at the Capitol, Austin, Texas span of three Gartner connectivity to cities in the US Anon/Lulzsec Theme: The progression of analytics from ideas, to months 8/29 projects 8.4% Antarctica by CNN.com arrested Industry prototypes, to tools Bro 2.1 increase in IT 9/30 Keynote: Martin Roesch released security White House Miscellaneous discloses July Training: Argus, iSiLK, Network Profiling spending FloCon 2013 intrusion by Topics: $55B 2011 Dates: January 7-10, 2012 actors related to · Visualization $60B 2012 Location: Hyatt Regency, Albuquerque, NM the Chinese Govt · Data sources $86B 2016. Theme: Flow in the era of big data: logistics, · Analysis characteristics, statistics · Augmentation Keynote: Steven Bellovin · Monitoring above the enterprise Training: Argus, SiLK, Security Onion Chairpersons: Ed Stoner, Rhiannon Weaver Topics: · Visualization · Data sources · Analysis · Augmentation · Signature vs. anomaly detection · Real time vs. near real time Chairpersons: Rhiannon Weaver, George Jones, Donovan Truitt Network Flow 2012: Year in Review @GeoWarnagiris [email protected] Credit to: http://hackmageddon.com @paulsparrows.
Recommended publications
  • Hacking the Web
    Hacking the Web (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa 1 Table of Contents } General Introduction } Authentication Attacks } Client-Side Attacks } Injection Attacks } Recent Attacks } Privacy Tools 2 (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa Why secure the Web? } The Web has evolved into an ubiquitous entity providing a rich and common platform for connecting people and doing business. } BUT, the Web also offers a cheap, effective, convenient and anonymous platform for crime. } To get an idea, the Web has been used for the following types of criminal activities (source: The Web Hacking Incidents Database (WHID) http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database) } Chaos (Attack on Russian nuclear power websites amid accident rumors (5Jan09) } Deceit (SAMY XSS Worm – Nov 2005) } Extortion (David Aireys domain hijacked due to a CSRF (cross site request forgery) flaw in Gmail – 30Dec2007) } Identity Theft (XSS on Yahoo! Hot jobs – Oct 2008) } Information Warfare (Israeli Gaza War - Jan 2009 / Balkan Wars – Apr 2008 ) } Monetary Loss (eBay fraud using XSS) } Physical Pain (Hackers post on epilepsy forum causes migraines and seizures – May 2008) } Political Defacements (Hacker changes news release on Sheriffs website – Jul 2008) (Obama, Oreilly and Britneys Twitter accounts hacked and malicious comments posted – Jan 09) } Chinese Gaming sites hacked (Dec. 2011) 3 Copyright(C) 2009 (c) -20092020- 2019Arun Arun Viswanathan Viswanathan Ellis HorowitzEllis Horowitz Marco Marco Papa Papa
    [Show full text]
  • Sample Iis Publication Page
    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
    [Show full text]
  • Securing Information in a Mobile World
    Securing Information in a Mobile World Thu, Jan 21 | 2:00 p.m. – 3:30 p.m. PRESENTED BY: Charlie LeBlanc, William Figures, and Blad Slavens Schedulers & Dispatchers Conference | Tampa, FL | January 19 – 22, 2016 A Brief History of Computing and Software for Schedulers and Dispatchers Systems in the 80’s and early 90’s were computer- centric and pretty secure…. Why ????? And then came the Internet !!!! Highly technical description of the Internet “The Internet is a data network that connects “everything” together” (kind of like the phone system !) - William Figures 2007 The ‘Net(work) as a computing platform- Using WEB Services WEB SERVICES=FARS Is it safe to use public Wi-Fi? 6 Security challenges when using public Wi-Fi Some things to know about public Wi-Fi hotspots • Unlike your home Wi-Fi access point, most public Wi-Fi hotspots at hotels, restaurants, coffee shops, airports, etc. do not use encrypted communication. • This means that all your data may be sent in clear-text across the wireless network. Anyone with a “sniffer” could then snoop on your connection. • In order to secure their Wi-Fi properly, a business owner would have to issue a password to connect to the hotspot. To be truly secure, this password would be unique to a single person. • Since this isn’t feasible, you need to take other precautions to secure your data when using a public hotspot. Sources: http://www.networkworld.com/article/2904439/wi-fi/is-it-safe-to-use-public-wi-fi-networks.html 7 Case Study: Firesheep browser extension Coder exposed risk to Facebook users at public hotspots • To call attention to glaring security vulnerabilities with both Facebook – and other sites – and public Wi-Fi, a “white hat” hacker developed a Firefox extension that allowed a user to hijack the Facebook account of anyone logged into the same Wi-Fi hotspot.
    [Show full text]
  • Bank & Lender Liability
    Westlaw Journal BANK & LENDER LIABILITY Litigation News and Analysis • Legislation • Regulation • Expert Commentary VOLUME 17, ISSUE 6 / AUGUST 1, 2011 Expert Analysis Once More Into the Breach: Are We Learning Anything? By Cynthia Larose, Esq. Mintz Levin Cohn Ferris Glovsky & Popeo I’m a guy who doesn’t see anything good having come from the Internet. … [The Internet] created this notion that anyone can have whatever they want at any given time. It’s as if the stores on Madison Avenue were open 24 hours a day. They feel entitled. They say, “Give it to me now,” and if you don’t give it to them for free, they’ll steal it. –Sony Pictures Entertainment CEO Michael Lynton, May 14, 20091 How ironic. This comment two years ago by Lynton created a minor firestorm and drove him to post a lengthy rebuttal on The Huffington Post,2 but at the time, Lynton was referring to content piracy, not data breaches. Given the events since Sony’s massive data breaches in April3 (and subsequent breaches in May and June), he might as well as have been referring to user informa- tion held by Sony and its various properties. As a matter of fact, the Sony Pictures hackers said, “Sony stored over 1 million passwords of its customers in plain text, which means it’s just a matter of taking it.”4 Since the April PlayStation Network breach that exposed more than 100 million user accounts, Sony has been hacked more than 10 times. Sony Europe,5 Sony BMG Greece,6 Sony Thailand,7 Sony Music Japan8 and Sony Ericsson Canada9 all suffered some intrusion and compromise of user information.
    [Show full text]
  • الجريمة اإللكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them
    مسابقة جائزة اﻷمير نايف بن عبدالعزيز للبحوث اﻷمنية لعام )2015م( الجريمة اﻹلكرتونية يف املجتمع الخليجي وكيفية مواجهتها Cybercrimes in the Gulf Society and How to Tackle Them إعـــــداد رامـــــــــــــي وحـــــــــــــيـد مـنـصــــــــــور باحـــــــث إســـتراتيجي في الشــــــئون اﻷمـــنـــية واﻻقتصـــــــــاد الســــــــياسـي -1- أ ت جملس التعاون لدول اخلليج العربية. اﻷمانة العامة 10 ج إ الجريمة اﻹلكترونية في المجتمع الخليجي وكيفية مواجهتها= cybercrimes in the Gulf:Society and how to tackle them إعداد رامي وحيد منصور ، البحرين . ـ الرياض : جملس التعاون لدول اخلليج العربية ، اﻷمانة العامة؛ 2016م. 286 ص ؛ 24 سم الرقم املوحد ملطبوعات اجمللس : 0531 / 091 / ح / ك/ 2016م. اجلرائم اﻹلكرتونية / / جرائم املعلومات / / شبكات احلواسيب / / القوانني واللوائح / / اجملتمع / مكافحة اجلرائم / / اجلرائم احلاسوبية / / دول جملس التعاون لدول اخلليج العربية. -2- قائمة املحتويات قائمة احملتويات .......................................................................................................... 3 قائمــة اﻷشــكال ........................................................................................................10 مقدمــة الباحــث ........................................................................................................15 مقدمة الدراســة .........................................................................................................21 الفصل التمهيدي )اﻹطار النظري للدراسة( موضوع الدراســة ...................................................................................................... 29 إشــكاليات الدراســة ................................................................................................
    [Show full text]
  • Anatomy of Data Breaches and Its Impact on Security
    International Journal of Science and Research (IJSR) ISSN (Online): 2319-7064 Index Copernicus Value (2013): 6.14 | Impact Factor (2013): 4.438 Anatomy of Data Breaches and Its Impact on Security Anshu1, Monika Sharma2 1M.Tech Scholar, Computer Science Department, TIT & S, Bhiwani, India 2Assistant Professor, Information Technology Department, TIT & S, Bhiwani, India Abstract: In cloud computing, the word cloud is used as a metaphor for "the Internet," so the phrase cloud computing means "a type of Internet-based computing," where different services - such as servers, storage and applications -- are delivered to an organization's computers and devices through the Internet [14]. Every user access cloud services through internet without knowing the security aspects. Today security threats are increasing rapidly and data breach is top of them. Breach in the security of any component in the cloud can be both disaster for the organization and the provider. In this research paper we focus on main security issue in cloud like data breach, different forms of data breaches and how it occurs in cloud. It also explore where major breaches occur in cloud in past years. Keywords: cloud, data breaches, security 1. Data Breaches two categories i.e. accidental breach or intentional breach The term data breach means when an unauthorized user or a) Accidental breach: also called as employee error when hacker or an attacker attacks an authorized data, access or an employee by mistake sends data to wrong receipts, retrieves it by an individual or service without the and by not understanding security protocols and permission. A data breach results in loss of sensitive, procedures.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Forces Shaping the Cyber Threat Landscape for Financial Institutions
    SWIFT INSTITUTE SWIFT INSTITUTE WORKING PAPER NO. 2016-004 FORCES SHAPING THE CYBER THREAT LANDSCAPE FOR FINANCIAL INSTITUTIONS WILLIAM A. CARTER PUBLICATION DATE: OCTOBER 2, 2017 The views and opinions expressed in this paper are those of the authors. SWIFT and the SWIFT Institute have not made any editorial review of this paper, therefore the views and opinions do not necessarily reflect those of either SWIFT or the SWIFT Institute. 1 Contents I. Executive Summary II. Introduction III. Consumer fraud: New defenses and mobile banking are transforming the landscape a) New defenses are transforming consumer fraud and carding b) As consumer bank fraud becomes harder, business customers are being targeted c) Mobile malware is the new frontier of consumer bank fraud d) ICT4C: Financial inclusion is creating new threats in the developing world IV. Targeted Attacks on Bank Networks: What is changing? a) Attackers are becoming more sophisticated, persistent b) Law enforcement still struggling to keep up c) Banks in Asia are top targets d) Vectors of compromise – new twists on old themes. e) Attacks are changing V. Conclusion: More Threats, More Complexity, More Sophistication 2 I. Executive Summary Financial institutions have long been the leading targets for cybercrime, but the tools and tactics used are changing. New technologies are increasingly incorporated into financial networks and the broader internet, transforming the attack surface that adversaries can exploit. The incentives for attackers are also shifting, forcing banks to face more numerous and sophisticated adversaries. And as cyber awareness grows in the financial sector and firms continue to invest billions in new defenses, attackers are changing their approaches to stay one step ahead.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]
  • Darpa Starts Sleuthing out Disloyal Troops
    UNCLASSIFIED (U) FBI Tampa Division CI Strategic Partnership Newsletter JANUARY 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 JAN 2012 (U) The FBI Tampa Division Counterintelligence Strategic Partnership Newsletter provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the JANUARY 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: American Jihadist Terrorism: Combating a Complex Threat p. 2 Authorities Uncover Increasing Number of United States-Based Terror Plots p. 3 Chinese Counterfeit COTS Create Chaos For The DoD p. 4 DHS Releases Cyber Strategy Framework p. 6 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Homes In on China Spying p. 6 Opinion: China‟s Spies Are Catching Up p. 8 Canadian Politician‟s Chinese Crush Likely „Sexpionage,‟ Former Spies Say p.
    [Show full text]
  • Understanding and Analyzing Malicious Domain Take-Downs
    Cracking the Wall of Confinement: Understanding and Analyzing Malicious Domain Take-downs Eihal Alowaisheq1,2, Peng Wang1, Sumayah Alrwais2, Xiaojing Liao1, XiaoFeng Wang1, Tasneem Alowaisheq1,2, Xianghang Mi1, Siyuan Tang1, and Baojun Liu3 1Indiana University, Bloomington. fealowais, pw7, xliao, xw7, talowais, xm, [email protected] 2King Saud University, Riyadh, Saudi Arabia. [email protected] 3Tsinghua University, [email protected] Abstract—Take-down operations aim to disrupt cybercrime “clean”, i.e., no longer involved in any malicious activities. involving malicious domains. In the past decade, many successful Challenges in understanding domain take-downs. Although take-down operations have been reported, including those against the Conficker worm, and most recently, against VPNFilter. domain seizures are addressed in ICANN guidelines [55] Although it plays an important role in fighting cybercrime, the and in other public articles [14, 31, 38], there is a lack of domain take-down procedure is still surprisingly opaque. There prominent and comprehensive understanding of the process. seems to be no in-depth understanding about how the take-down In-depth exploration is of critical importance for combating operation works and whether there is due diligence to ensure its cybercrime but is by no means trivial. The domain take-down security and reliability. process is rather opaque and quite complicated. In particular, In this paper, we report the first systematic study on domain it involves several steps (complaint submission, take-down takedown. Our study was made possible via a large collection execution, and release, see SectionII). It also involves multiple of data, including various sinkhole feeds and blacklists, passive parties (authorities, registries, and registrars), and multiple DNS data spanning six years, and historical WHOIS informa- domain management elements (DNS, WHOIS, and registry tion.
    [Show full text]
  • NAVIGATING the CYBERSECURITY STORM
    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
    [Show full text]