DOCSLIB.ORG

Cybercrime Insights

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cybercrime Insights Cybercrime Insights Notes from the networks beyond 13.05.2014 Cybercrime Insights 1 Introduction - Curesec GmbH ● Technical IT security ● Security Audits ● Tiger Team Audits ● Mobile Phone Audits (Android/iOS) ● Trainings 13.05.2014 Cybercrime Insights 2 Curesec GmbH ● Tools: ● For Security Audits ● hbad – Heartbleed Client check ● Vulnerabilities published for instance: ● WhatsApp ● Android ● Guidelines for instance: ● Banking Security 13.05.2014 Cybercrime Insights 3 Curesec GmbH ● Office in Berlin ● 7 specialists in different fields ● International projects 13.05.2014 Cybercrime Insights 4 Agenda ● Introduction ● Noteworthy security bugs and scenarios ● APT and Cyberespionage ● Conclusion 13.05.2014 Cybercrime Insights 5 Heartbleed ● Who has not heard of Heartbleed? ● 7th of April ● Major security flaw in the spine of the internet ● Affected versions 1.0.1[abcdef] ● Patched version 1.0.1g or old 0.9.8 ● Sleepless nights for admins, security officers and hackers 13.05.2014 Cybercrime Insights 6 What happened? ● Heartbeat -> Extension ● Keeping a session alive ● Process memory data can be dumped from client or server ● Top Ten Internet Sites also affected ● Google, Facebook, Yahoo ... 13.05.2014 Cybercrime Insights 7 Who is affected? Everyone using the vulnerable software version plus the extension is enabled. 13.05.2014 Cybercrime Insights 8 What is affected? ● Serverside ● Webserver ● Databaseserver ● Emailserver ● VoIP-Systems ● VPN ● Custom software 13.05.2014 Cybercrime Insights 9 Webserver Example 13.05.2014 Cybercrime Insights 10 What is affected? ● Clientside software: ● Browser ● Email clients ● VoIP clients ● VPN clients ● Chat clients ● Custom software linked with openssl vuln version 13.05.2014 Cybercrime Insights 11 w3m Example 13.05.2014 Cybercrime Insights 12 Interesting Data? ● Private keys (Certificates) ● Usernames and passwords ● Sessionkeys and SessionIDs (e.g. Cookies) ● Video- und Voice communication ● VPN keys ● Emails ● Forms of the sites, e.g. banking forms, creditcard forms 13.05.2014 Cybercrime Insights 13 Heartbleed Story 0x01 ● Vulnerability is known, admin patches relevant systems. ● During a security check some days later it is found that core systems to the internet are still vulnerable. ● What happened? 13.05.2014 Cybercrime Insights 14 Heartbleed Story 0x01 (Admin) ● The systems were brought to a recent patchlevel. But the patch for the appliance was from April 4th while the vulnerability was from the 7th and there wasn't a newer version until April 11th. ● As a result the vulnerability was brought into the systems as the older/unpatched version were still running with 0.9.8. 13.05.2014 Cybercrime Insights 15 Heartbleed Story 0x01 (Admin) ● 4 Days open attack surface until recognized ● Affected: VPN gateway 13.05.2014 Cybercrime Insights 16 Heartbleed Story 0x02 (Scam) ● Some criminals offering an exploit for HB in version 1.0.1g ● From the style and setup it could be the same guys offering a fake openssh memory leak ● <pastebin> ● Interesting: Scammer is really sending a hb dump back, however, its gained from a different site. 13.05.2014 Cybercrime Insights 17 Heartbleed Story 0x03 (invisible) ● Shortly after the vuln was published, it was rumoured and partly spreaded even through the news that this bug is also that powerful because its invisible. ● Of course this is not true. ● Most probably those statements were made as the bug was not understood completely. 13.05.2014 Cybercrime Insights 18 Heartbleed Story 0x03 (invisble) ● As a result from this wrong assumption and probably some others a 19-year-old canadian student was arrested. ● He successfully hacked the tax office and stole / manipulated 900 entries. 13.05.2014 Cybercrime Insights 19 Industrial Devices aka SCADA ● What happens if our light, water and power supply is disabled? ● We have reached a level of networking devices at which the question rises whether we should go on with networking them. ● This is not anti-technology, this is pro-surviving. 13.05.2014 Cybercrime Insights 20 Industrial Devices aka SCADA ● What is the attack surface? ● Energysector (nuclear, coal, wind, water, sun …) ● Water and sanitation ● Industrial lines and factories 13.05.2014 Cybercrime Insights 21 Medical Devices ● While working in the industry... ● Medical devices are stillstill dangerous to attach to the network. ● If you run a hospital or something similar: ● Seperate networks ● Dont let patients enter the net ● Dont use weak wireless crypto 13.05.2014 Cybercrime Insights 22 Agenda ● Introduction ● Noteworthy security bugs and scenarios ● APT and Cyberespionage ● Finish 13.05.2014 Cybercrime Insights 23 APT and Cyberespionage ● Who does remember Stuxnet? ● Ok. ● But do you know: ● Flame (US) ● Uroburos (RU) ● Careto - The Mask (ES) 13.05.2014 Cybercrime Insights 24 Story behind Stuxnet ● Remember my note about scada security? Well... ● Stuxnet vs. Iranian Nuclear Energy/bomb program ● Fine grained bug which quietly destroyed devices for uranium enrichment ● It not only changed the speed of the devices it also showed the control terminal that everything is normal – sabotage was the goal. 13.05.2014 Cybercrime Insights 25 What is an APT? ● Targeted attack ● Goals: ● Retrieving information (e.g. economic, military) ● Espionage ● Sabotage ● Information isis used for further action 13.05.2014 Cybercrime Insights 26 What is it not? ● It is not internet noise. ● Like SSH brute force ● It is not random hacking ● It is not conducted by cybercriminals – backed by .gov 13.05.2014 Cybercrime Insights 27 APT ● So – an APT (Advanced Persistent Threat) is: ● Executed by someone with an agenda ● Usually (well) funded ● Not compareable with an anonymous or active hacker group ● Attackers: ● Goverments ● Freelancers working for goverments 13.05.2014 Cybercrime Insights 28 How do you know it happened?! ● From time to time it is uncovered. ● Flame for instance ranges back to 2004 ● More recent APTs: ● „Uroburos“ - 2011 ● „Careto“ - 2007 13.05.2014 Cybercrime Insights 29 How do you know it was country xyz? ● Of course no country confirms official involvement ● Samples/information in the code ● Artifacts in the code ● Traces on infected systems ● Analysis of the attack's origin 13.05.2014 Cybercrime Insights 30 How do you know it was country xyz? ● What countries are infected most? ● Actions conducted by the software: ● Analysing what it is doing, you find common points in the agenda of countries. ● For instance the Iranian nuclear program's most opposing global players are Israel and the US 13.05.2014 Cybercrime Insights 31 How do you know it was country xyz? ● RedFlag operations ● Yeah...no. There is no gain in not being able to blame someone. ● So traces to goverments exist but it cannot be proven easily. 13.05.2014 Cybercrime Insights 32 Uroburos ● Coming from Russia ● Suspected to be related to Agent.BTZ used to attack US Goverment ● Agent.BTZ was used to infect the Department of Defense (DoD) back in 2008 ● US said they strongly believe it was conducted by Russia ● We are sure it is a government driven software 13.05.2014 Cybercrime Insights 33 Uroburos ● System infection vector is still unknown ● But, like Agent.BTZ we have several possible ways ● Leave an interesting device(USB Stick, Tablet …) ● Social Engineer someone – Put one of your hot female agents on the target. ● Well it is a spy game, pay someone internally to do it ● Classic hack conducted through 0day vulnerabilities 13.05.2014 Cybercrime Insights 34 Uroburos ● List of supported files: ● Powerpoint ● Excel ● Word ● Pictures ● */* 13.05.2014 Cybercrime Insights 35 Features ● Encrypted Filesystem (vfat / ntfs) ● Hiding activities ● Post-Exploitation Tools ● Tools for network surveilance ● Exfiltrating data via ● HTTP (Browser emulation, with proxy support) ● ICMP (Ping payload) ● SMTP (Email emulation) ● Peer to Peer Communication – wait what?! 13.05.2014 Cybercrime Insights 36 Peer to Peer ● Peer to Peer Communication ● Between clients in the internal network ● Named Pipes are used (RPC) ● Gain access to the outerworld 13.05.2014 Cybercrime Insights 37 Uroburos Exfiltrate data from not internet connected devices 13.05.2014 Cybercrime Insights 38 Careto ● Coming from probably Spain ● Spanish slang for „Ugly Face“ or „Mask“ ● Yay, another player joined the field. 13.05.2014 Cybercrime Insights 39 Careto Targets ● Government institutions ● Diplomatics / embassies ● Energy, oil and gas ● Private companies ● Research institutions ● Private equity firms ● Activists 13.05.2014 Cybercrime Insights 40 Careto ● 380 victims ● 31 countries 13.05.2014 Cybercrime Insights 41 Careto ● Spear fishing is the basic infection vector ● Several domains involved ● Trying to look legit ● Infect user by a vulnerable browser ● Public known vuln or zero-day 13.05.2014 Cybercrime Insights 42 Careto Spear fishing attack 13.05.2014 Cybercrime Insights 43 Protection? Protection is hard to accomplish 13.05.2014 Cybercrime Insights 44 Agenda ● Introduction ● Noteworthy security bugs and scenarios ● APT and Cyberespionage ● Finish 13.05.2014 Cybercrime Insights 45 The End „Hope you liked our little journey through the dark side of the networked world.“ 13.05.2014 Cybercrime Insights 46 Contact 13.05.2014 Cybercrime Insights 47.
Load more

Recommended publications
  • A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics
    UNIVERSIDAD POLITECNICA´ DE MADRID ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics PH.D THESIS Platon Pantelis Kotzias Copyright c 2019 by Platon Pantelis Kotzias iv DEPARTAMENTAMENTO DE LENGUAJES Y SISTEMAS INFORMATICOS´ E INGENIERIA DE SOFTWARE ESCUELA TECNICA´ SUPERIOR DE INGENIEROS INFORMATICOS´ A Systematic Empirical Analysis of Unwanted Software Abuse, Prevalence, Distribution, and Economics SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF: Doctor of Philosophy in Software, Systems and Computing Author: Platon Pantelis Kotzias Advisor: Dr. Juan Caballero April 2019 Chair/Presidente: Marc Dasier, Professor and Department Head, EURECOM, France Secretary/Secretario: Dario Fiore, Assistant Research Professor, IMDEA Software Institute, Spain Member/Vocal: Narseo Vallina-Rodriguez, Assistant Research Professor, IMDEA Networks Institute, Spain Member/Vocal: Juan Tapiador, Associate Professor, Universidad Carlos III, Spain Member/Vocal: Igor Santos, Associate Research Professor, Universidad de Deusto, Spain Abstract of the Dissertation Potentially unwanted programs (PUP) are a category of undesirable software that, while not outright malicious, can pose significant risks to users’ security and privacy. There exist indications that PUP prominence has quickly increased over the last years, but the prevalence of PUP on both consumer and enterprise hosts remains unknown. Moreover, many important aspects of PUP such as distribution vectors, code signing abuse, and economics also remain unknown. In this thesis, we empirically and sys- tematically analyze in both breadth and depth PUP abuse, prevalence, distribution, and economics. We make the following four contributions. First, we perform a systematic study on the abuse of Windows Authenticode code signing by PUP and malware.
    [Show full text]
  • What You Should Know About Kaspersky
    What you should know Proven. Transparent. about Kaspersky Lab Independent. Fighting for your digital freedom Your data and privacy are under attack by cybercriminals and spy agencies, so you need a partner who is not afraid of standing beside you to protect what matters to you most. For over 20 years, Kaspersky Lab has been catching all kinds of cyberthreats. No matter whether they come from script kiddies, cybercriminals or governments, or from the north, south, east or west. We believe the online world should be free from attack and state-sponsored espionage, and will continue fighting for a truly free and safe digital world. Proven Transparent Independent Kaspersky Lab routinely scores the highest We are totally transparent and are making As a private company, we are independent marks in independent ratings and surveys. it even easier to understand what we do: from short term business considerations and institutional influence. • Measured alongside more than 100 other • Independent review of the company’s well-known vendors in the industry source code, software updates and We share our expertise, knowledge • 72 first places in 86 tests in 2017 threat detection rules and technical findings with the world’s • Top 3 ranking* in 91% of all product tests • Independent review of internal security community, IT security vendors, • In 2017, Kaspersky Lab received processes international organizations, and law Platinum Status for Gartner’s Peer • Three transparency centers by 2020 enforcement agencies. Insight** Customer Choice Award 2017, • Increased bug bounty rewards with up in the Endpoint Protection Platforms to $100K per discovered vulnerability Our research team is spread across the market world and includes some of the most renowned security experts in the world.
    [Show full text]
  • Bilan Cert-IST 2013
    Cert-IST annual review for 2014 regarding flaws and attacks 1) Introduction ..................................................................................................................................... 1 2) Most significant events of 2014 ...................................................................................................... 2 2.1 More sophisticated attacks that modify the risk level .............................................................. 2 2.2 Many attacks targeting cryptography ...................................................................................... 4 2.3 Cyber-spying: governments at the cutting edge of cyber attacks ........................................... 6 2.4 Flourishing frauds .................................................................................................................... 7 3) Vulnerabilities and attacks seen in 2014 ........................................................................................ 9 3.1 Figures about Cert-IST 2014 production ................................................................................. 9 3.2 Alerts and Potential Dangers released by the Cert-IST ........................................................ 11 3.3 Zoom on some flaws and attacks .......................................................................................... 12 4) Conclusions .................................................................................................................................. 15 1) Introduction Each year, the Cert-IST makes
    [Show full text]
  • Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’S College London, UK Published Online: 23 Dec 2014
    This article was downloaded by: [Columbia University] On: 08 June 2015, At: 08:43 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Strategic Studies Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/fjss20 Attributing Cyber Attacks Thomas Rida & Ben Buchanana a Department of War Studies, King’s College London, UK Published online: 23 Dec 2014. Click for updates To cite this article: Thomas Rid & Ben Buchanan (2015) Attributing Cyber Attacks, Journal of Strategic Studies, 38:1-2, 4-37, DOI: 10.1080/01402390.2014.977382 To link to this article: http://dx.doi.org/10.1080/01402390.2014.977382 PLEASE SCROLL DOWN FOR ARTICLE Taylor & Francis makes every effort to ensure the accuracy of all the information (the “Content”) contained in the publications on our platform. However, Taylor & Francis, our agents, and our licensors make no representations or warranties whatsoever as to the accuracy, completeness, or suitability for any purpose of the Content. Any opinions and views expressed in this publication are the opinions and views of the authors, and are not the views of or endorsed by Taylor & Francis. The accuracy of the Content should not be relied upon and should be independently verified with primary sources of information. Taylor and Francis shall not be liable for any losses, actions, claims, proceedings, demands, costs, expenses, damages, and other liabilities whatsoever or howsoever caused arising directly or indirectly in connection with, in relation to or arising out of the use of the Content.
    [Show full text]
  • Cyber Threat Data Model and Use Cases Final Report
    CAN UNCLASSIFIED TA-35—Cyber Threat Data Model and Use Cases Final Report Dr. Antoine Lemay International Safety Research (ISR) Prepared by: ISR 38 Colonnade Road North Ottawa, Ontario Canada K2E 7J6 Contractor's document number: ISR Report 6099-01-03 Version 2.0 PSPC Contract Number: W7714-156105-T35 Technical Authority: Melanie Bernier, Defence Scientist Contractor's date of publication: September 2017 Defence Research and Development Canada Contract Report DRDC-RDDC-2017-C290 November 2017 CAN UNCLASSIFIED CAN UNCLASSIFIED IMPORTANT INFORMATIVE STATEMENTS The information contained herein is proprietary to Her Majesty and is provided to the recipient on the understanding that it will be used for information and evaluation purposes only. Any commercial use including use for manufacture is prohibited. Disclaimer: This document is not published by the Editorial Office of Defence Research and Development Canada, an agency of the Department of National Defence of Canada, but is to be catalogued in the Canadian Defence Information System (CANDIS), the national repository for Defence S&T documents. Her Majesty the Queen in Right of Canada (Department of National Defence) makes no representations or warranties, expressed or implied, of any kind whatsoever, and assumes no liability for the accuracy, reliability, completeness, currency or usefulness of any information, product, process or material included in this document. Nothing in this document should be interpreted as an endorsement for the specific use of any tool, technique or process examined in it. Any reliance on, or use of, any information, product, process or material included in this document is at the sole risk of the person so using it or relying on it.
    [Show full text]
  • Use Style: Paper Title
    Volume 8, No. 5, May-June 2017 ISSN No. 0976-5697 International Journal of Advanced Research in Computer Science RESEARCH PAPER Available Online at www.ijarcs.info A Review of International Legal Framework to Combat Cybercrime Sandeep Mittal, IPS Prof. Priyanka Sharma Director Professor & Head LNJN National Institute of Criminology & Forensic Science Information Technology & Telecommunication, Ministry of Home Affairs, New Delhi, India Raksha Shakti University, Ahmedabad, India Abstract: Cyberspace is under perceived and real threat from various state and non-state actors. This scenario is further complicated by distinct characteristic of cyberspace, manifested in its anonymity in space and time, geographical indeterminacy and non-attribution of acts to a tangible source. The transnational dimension of cybercrime brings forth the issue of sovereignty, jurisdiction, trans-national investigation and extra territorial evidence necessitates international cooperation. This requires and international convention on cybercrime which is missing till date. Council of Europe Convention of Cybercrime is the lone instrument available. Though it is a regional instrument, non-members state like US, Australia, Canada, Israel, Japan etc. have also signed and ratified and remains the most important and acceptable international instruments in global fight to combat cybercrime. In this paper, authors have argued that Council of Europe Convention on Cybercrime should be the baseline for framing an International Convention on Cybercrime. Keywords: Cybercrime, International Convention on Cybercrime, Cyber Law, Cyber Criminology, International Cooperation on Cybercrime, Internet Governance, Transnational Crimes. cybercrime requires increased, rapid and well-functioning I. INTRODUCTION international cooperation in criminal matters’ [14]. As on December 2016, 52 States have ratified the Convention and Information Societies have high dependency on the 4 States have signed but not ratified.
    [Show full text]
  • The Concept of Infamy in Roman
    The International Journal ENTREPRENEURSHIP AND SUSTAINABILITY ISSUES ISSN 2345-0282 (online) http://jssidoi.org/jesi/ 2017 Volume 4 Number 4 (June) http://doi.org/10.9770/jesi.2017.4.4(12) Publisher CYBER SECURITY MANAGEMENT MODEL FOR CRITICAL INFRASTRUCTURE Tadas Limba¹, Tomas Plėta², Konstantin Agafonov3, Martynas Damkus4 1,3,4 Mykolas Romeris University, Ateities g. 20, 08303 Vilnius, Lithuania 2NATO Energy security center of excellence, Šilo g. 5a, 10322 Vilnius, Lithuania E-mails:[email protected]; [email protected]; [email protected]; [email protected] Received 18 February 2017; accepted 20 April 2017 . Abstract. Cyber security is the most critical aspect nowadays of our technologically based lives. Government institutions, banking sectors, public and private services, nuclear power plants, power grid operators, water suppliers or waste water treatment companies use information technologies in their day-to-day operations. Everything that uses technologies are based on communication and information systems and that means that it depends on cyber security. The public and private sector each year spend millions of dollars on technologies, security software and hardware devices that will increase the cyber security inside their companies, but they are still vulnerable. The main problem of this situation is that cyber security is still usually treated as a technical aspect or technology which can be easily implemented inside the organization and this implementation will guarantee cyber security. This attitude must change, because cyber security nowadays is something more than just the technology. This article presents the taxonomy of the critical infrastructure attacks, analyzes attack vectors and attack methods used to damage critical infrastructure as well as the most common cyber security mistakes which organizations make in the cyber security field when trying to make themselves safer from vulnerabilities.
    [Show full text]
  • The Role of Malware in Reported Cyber Espionage: a Review of the Impact and Mechanism
    Information 2015, 6, 183-211; doi:10.3390/info6020183 OPEN ACCESS information ISSN 2078-2489 www.mdpi.com/journal/information Review The Role of Malware in Reported Cyber Espionage: A Review of the Impact and Mechanism Gaute Wangen Norwegian Information Security Laboratory, Center for Cyber and Information Security, Gjøvik University College, Teknologivn. 22, 2815 Gjøvik, Norway; E-Mail: [email protected]; Tel.: +47-907-08-338 Academic Editors: Qiong Huang and Guomin Yang Received: 9 April 2015 / Accepted: 7 May 2015 / Published: 18 May 2015 Abstract: The recent emergence of the targeted use of malware in cyber espionage versus industry requires a systematic review for better understanding of its impact and mechanism. This paper proposes a basic taxonomy to document major cyber espionage incidents, describing and comparing their impacts (geographic or political targets, origins and motivations) and their mechanisms (dropper, propagation, types of operating systems and infection rates). This taxonomy provides information on recent cyber espionage attacks that can aid in defense against cyber espionage by providing both scholars and experts a solid foundation of knowledge about the topic. The classification also provides a systematic way to document known and future attacks to facilitate research activities. Geopolitical and international relations researchers can focus on the impacts, and malware and security experts can focus on the mechanisms. We identify several dominant patterns (e.g., the prevalent use of remote access Trojan and social engineering). This article concludes that the research and professional community should collaborate to build an open dataset to facilitate the geopolitical and/or technical analysis and synthesis of the role of malware in cyber espionage.
    [Show full text]
  • Cyber Security Assessment Netherlands Security Assessment Cyber
    CSAN-4 Cyber Security Assessment Netherlands Cyber Cyber Security Assessment Netherlands CSAN-4 Cyber Security Assessment Netherlands 4CSAN-4 1 2 National Cyber Security Centre The National Cyber Security Centre (NCSC), in collaboration with the business community, government bodies and scientists, is working to increase the ability of Dutch society to defend itself in the digital domain. The NCSC supports the central government and organisations in fulfilling an essential function for society by providing expertise and advice, response to threats and enhancing crisis management. In addition, the NCSC provides information and advice to citizens, the government and the business community relating to awareness and prevention. This means that the NCSC constitutes the central reporting and information point for IT threats and security incidents. The NCSC is part of the Cyber Security Department of the National Coordinator for Security and Counterterrorism [Nationaal Coördinator Terrorismebestrijding en Veiligheid] (NCTV). Collaboration and sources In drawing up this report the NCSC gratefully made use of information provided by the following parties: » The various ministries » MIVD (Military Intelligence and Security Service) » DefCERT (Defence Computer Emergency Response Team) » AIVD (General Intelligence and Security Service) » Team High Tech Crime, Dutch National Police » Public Prosecution Service » Tax and Customs Administration » Members from ISAC (Information Sharing and Analysis Center) » NCTV (National Coordinator for Security and Counterterrorism) » Scientific institutions » Universities » Experts in the field of cyber security Their contributions, the substantive reviews as well as publicly accessible sources, a survey, information from the vital sectors and analyses from the NCSC together, have made valuable contributions to the substantive quality of this assessment.
    [Show full text]
  • Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State
    Anti-War and the Cyber Triangle Strategic Implications of Cyber Operations and Cyber Security for the State Sven Herpig ACKNOWLEDGEMENT I would like to thank my loving wife – source of inspiration, firmest believer and harshest critic. For without her, this research would have never progressed beyond the first few paragraphs. I am deeply grateful for having an amazing family. Their tireless encouragement and support allowed me to pursue my dreams. During the years of research, I was not able to spend as much time with them as I would have wanted, and only a tiny fraction of what they would have deserved. I would also like to acknowledge Doctor David Lonsdale, brilliant academic and amazing supervisor, without whom this work would have remained a body without soul. Last but not least, I want to give a shout-out to all the infosec people, cyber libertarians, strategists, hackers, academics and practitioners who helped me with their immense knowledge and vast networks over the last couple of years. Sven Herpig, January 2016 ____________________________ PhD Thesis, University of Hull Research: May 2011–March 2015 Approval: August 2015 Editing: January 2016 1 TABLE OF CONTENTS LIST OF ABBREVIATIONS .....................................................................................7 LIST OF FIGURES ................................................................................................... 10 LIST OF TABLES ..................................................................................................... 11 INTRODUCTION ....................................................................................................
    [Show full text]
  • Learn How to Protect It Before It Is Too Late Your Critical Infrastructure Is
    0100110001101111011100100110010101101101001000000110100101110 0000111001101110101011011010010000001100100011011110110110001 1011110111001000100000011100110110100101110100001000000110000 1011011010110010101110100001011000010000001100011011011110110 1110011100110110010101100011011101000110010101110100011101010 1110010001000000110000101100100010100110001101111011100100110 0101011011010010000001101001011100000111001101110101011011010 0100000011001000110111101101100011011110111001000100000011100 1101101001011101000010000001100001011011010110010101110100001 0110000100000011000110110111101101110011100110110010101100011 0111010001100101011101000111010101110010001000000110000101100 10001 0100110001101111011100100110010101101101001000000110100 1011100000111001101110101011011010010000001100100011011110110 1100011011110111001000100000011100110110100101110100001000000 1100001011011010110010101110100001011000010000001100011011011 1101101110011100110110010101100011011101000110010101110100011 1010101110010001000000110000101100100010100110001101111011100 1001100101011011010010000001101001011100000111001101110101011 0110100100000011001000110111101101100011011110111001000100000 0111001101101001011101000010000001100001011011010110010101110 1000010110000100000011000110110111101101110011100110110010101 1000110111010001100101011101000111010101110010001000000110000 1011001000101001100011011110111001001100101011011010010000001 1010010111000001110011011101010110110100100000011001000110111 1011011000110111101110010001000000111001101101001011101000010Your Critical
    [Show full text]
  • A Scary “Mask”: Tag, You’Re It! by Sharon D
    A Scary “Mask”: Tag, You’re It! by Sharon D. Nelson, Esq. and John W. Simek © 2014 Sensei Enterprises, Inc. Remember the childhood game of chasing all of your friends in an attempt to merely lay a finger on them so they could assume the role of the “it” person? It doesn’t feel much different these days when dealing with technology. There are a ton of “bad guys” trying to compromise your technology for a variety of reasons. Once your computer is infected it may be a long time before you are even aware of the compromise. Advanced Persistent Threat (APT) There are so many definitions of APT that it can make your head spin. It can refer to an advanced attack on a network. But today, an advanced persistent threat is more often defined as a body (e.g. a government) that has the ability and intent to target a specific entity with sophisticated intrusion techniques. Further, we describe an APT as dealing with a cyberthreat. Malware is installed on a computer or network device to gather intelligence and information about the selected target. Probably one of the more famous APTs is the Stuxnet worm, which targeted the computers for Iran’s nuclear program. Usage of APTs has grown tremendously over the last several years and we anticipate an even steeper growth given the recent revelations of spying activity by the NSA, Australian Signals Directorate and the British Government Communications Headquarters. Mask This is not the kind of mask that you wear on Halloween (or perhaps every night in New Orleans), but a recently discovered APT that has been around infecting computers for at least the last seven years.
    [Show full text]