SlideShare a Scribd company logo

C3 Cyber

Deepak Kumar (D3) , profile picture
Deepak Kumar (D3)

This document provides a comprehensive overview of cybercrime, cyber-war, and cyber-terrorism, addressing key definitions, actor motivations, and the implications of these phenomena. It discusses various types of attacks, profiles of attackers, the underground cyber market, and significant historical cyber-related incidents across different nations. The document emphasizes the growing threat of cyber attacks globally, particularly in India, and outlines the need for enhanced cybersecurity measures.

Education
Related topics:
Cyber CrimeData Breach Insights Cyber-Security Internet of Things
1 of 33
1
2
3
4
5
6
Most read
7
Most read
8
9
10
11
12
13
14
15
16
17
Most read
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
Nation State Digital Attacks
DISCLAIMER The issues addressed in this document may be controversial.This document is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Agenda C3 : Cyber-crime , Cyber-war , Cyber-terrorism SOME CYBER-ATTACKS COUNTRY WISE ABOUT ME SOME FACTS TERMINOLOGIES EMERGING THREATS WHERE TO START INFORMATION OPERATION TERMINOLOGY MOTIVE IN CYBER ERA RESOURCES UNDERGROUND CYBER MARKET CYBER-CRIME MARKET PRICES CRITICAL INFORMATION INFRASTRUCTURE CYBERWAR CYBER CRIME CYBER- CRIME : GOAL, PROFILE & TARGETS SOME BIGGEST DATA BREACHES CYBER ESPIONAGE CYBER-TERRORISM
The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Cyber-Crime • Any violations of criminal law that involve knowledge of Computer technology for their perpetration, investigation, or prosecution. – US DOJ • Criminal activities carried out by means of computers or the Information technology. • Cyber space is virtual, borderless and anonymous due to which it becomes difficult to actually trace the origin of a cyber attack. There are very few cyber-crime cells or police stations in India ; ordinary police stations are not well equipped and capable to deal with digital-crimes. • Cybercrimes had cost India about 24,630 crores in 2013 alone. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Cyber-Crime : GOAL, PROFILE & TARGETS Goals of Cyber - Attacks Attacker Profiles • State-Sponsored • Non-State  Insiders  Hactivists  Organized Gangs  Criminals • Hobbyists, Learners and Enthusiasts • Money • Power • Control • Publicity • Revenge • Crackers • Learning • Strategic Objectives • Embed sleepers • Espionage / Sabotage Target and Motives • Corporate  Defacement, Takeover / control  Financial , Extortion, Revenge  Information / Data Theft  Reputation Damage • Individual/Personal  Yours and Family – entire life  Ransomware  Stalking, Blackmail, Scams • Governmental / Military  Secrets, Weapon Control • Political, Religious, National unrest • Secret to combat cyber-crime is capacity building. • Anonymity browsing is illegal in some countries but not in India till now. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Underground Cyber Market • The Internet is where everyone has access to and where it’s easy to find things because they’re indexed by search engines. • The Deep Web is the part of the Internet that isn’t necessarily malicious, but is just too obscure to be indexed due to the sheer size of the web. Approx. 96 % of the internet is beyond search engines such as Google and Bing • The Dark Web is the part of the non-indexed part of the Internet (the Deep Web) that is used by those who don’t want to be found for whatever reason. This could be for seedy, illegal purposes or it could be a matter of privacy. C3 : Cyber-crime , Cyber-war , Cyber-terrorism • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services
Cyber-Crime Tools Used • The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • Tor network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • Tor is designed to conceal the true IP addresses of the computers in the network • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Cyber-Crime Market Prices Src : Trend Micro C3 : Cyber-crime , Cyber-war , Cyber-terrorism • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels.
Crooks are smarter – and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
C3 : Cyber-crime , Cyber-war , Cyber-terrorism
CRITICAL INFORMATION INFRASTRUCTURES (CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others C3 : Cyber-crime , Cyber-war , Cyber-terrorism
A Lot of Folks Have Substantial Misconceptions About This "Cyber War" Thing • -- Cyber war is NOT about “inadvertent” nuclear war -- Cyber war is NOT about cyber intrusions -- Cyber war is NOT about defacing web sites -- Cyber war is NOT about DDoS attacks -- Cyber war is NOT about malware -- Cyber war is NOT about cyber-enabling regular terrorism -- Cyber war is NOT about “high tech” war that isn't computer or network focused, nor is it about “non-technical" military information operations • That’s all “bad stuff,” and it might be “cyber espionage,” or “cyber terrorism,” or “high tech war" or "nuclear war" or "regular war" but it’s not cyber war. However since a lot of the impressions we have about cyber war are formed around those misconceptions, we need to start by looking at those areas. Src : uoregon.edu C3 : Cyber-crime , Cyber-war , Cyber-terrorism
CyberWar • Although there is no clear doctrinal definition of “CyberWar” It involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks (ICT) through, for example, computer malwares or denial-of-service attacks. ( as WiKi) • It is internet-based conflict involving politically motivated attacks on critical infrastructure Industrial control systems and information systems. • Cyberspace: "the fifth domain of warfare” The other domains of warfare are land, air, sea, and space. • A Computer may be more dangerous than a Gun. • Cyber warfare is a great alternative to conventional weapons. • 2007 Estonia , Pentagon • 2009 Operation Aurora , Ghostnet • 2010 Stuxnet , WikiLeaks , Shamoon • 2011 Duqu, Stars Virus , Mahdi • 2012 Flame , Red October • 2013 Edward Snowden , Operation Ababil , Spamhaus • 2014 PLA Unit 61398, Sony • 2015 Anthem, OPM, Pentagon C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Cyber-Terrorism • It’s a controversial term and there is no any proper consensus definition. • It's an acts of terrorism "premeditated, politically motivated attack against information, computer systems, programs and data which results in violence against non-combatant targets by sub-national groups or clandestine agents, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Hactivists Terror Group State Sponsored • Geographic/Strategic • Political / Financial / Ideological • Ideological • Highly Coordinated attacks that can cause mass-disruptions • Can conduct sophisticated attack against targeted systems or spread rumors • Can conduct basic hacks against individual systems using tools MOTIVATIONS CAPABITLITIESTYPES • Cyber-attacks are a Nuisance, Not Terrorism. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Cyber-Terrorism DEFENDERS ATTACKERS • Trained to defend against • Well-known threats • Need abundant resources • Reactive Mindset • Hampered by ‘terrain, • Constantly innovating • Changing their attacks • Need less resources • Proactive Mindset • Government support • Government advantage • Spear phishing is the attack method used in some 91 % of cyber-attacks. • You can't defend. You can't prevent. The only thing you can do is detect and respond. C3 : Cyber-crime , Cyber-war , Cyber-terrorism Src: kukis.org
CYBER ESPIONAGE METHODS OF SPREADING CYBERESPIONAGE MALWARE • Exploitation of vulnerabilities commonly software products, such as: Java ,Adobe Reader, Microsoft Office, Internet Explorer, Adobe Flash and more • Social engineering techniques – including spear-phishing campaigns • Drive-by downloads , Droppers • … The act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers • You don’t control all of your critical business systems. Understand your vulnerabilities in the distributed, outsourced world. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Some Biggest Data Breaches TARGETiCloud HACKING TEAM ANTHEM UBISOFTGAANAOPMASHLEY MADISON JP MORGANEBAYOLAADOBE SONY • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties • MyDoom is considered to be the most expensive virus in the world, approx. $38.5 billion! C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Information Operation's Terminology Cybercriminals are keen to learn new techniques that can make their own attacks more effective. They will devote significant effort to reverse engineering the most sophisticated attacks – even those developed by nation states. SIGINT : Signals Intelligence COMINT : Communication Intelligence ELINT : Electronic Intelligence OSINT : Open Source Intelligence PSYOPS : Psychological Operations FISINT : Foreign Instrumentation Signals Intelligence IMINT : Imagery Intelligence MASINT : Measurement Intelligence HUMINT : Human Intelligence GEOSPATIAL INT : Analysis & Presentation Security-Relevant Activities • Nations or organizations don’t need that much money to invest in cyber warfare. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
MOTIVE IN CYBER ERA • Cyber Attacks on India are Increasing with Rapid Growth of 200%+ /Year. • Hack Your Life ultimately ~ Hack your nation CYBERCRIME When a Cyber-attack is use to Steal Money HACTIVISM When one uses Cyber-attack to promote Political Agendas CYBER ESPIONAGE When Cyber-attack is used to steal Specific Information CYBER WARFARE When Cyber-attack is used to form terrorism against Gov. ,Nation Src : Nxtgen C3 : Cyber-crime , Cyber-war , Cyber-terrorism
INDIA YEAR ATTACK OUTCOME 2010 Shadow Network is a China based computer espionage operation (Shadow in the Cloud) Attackers stole Indian national security information, 1,500+ e-mails from the Indian government, the office of the Dalai Lama 2009 China launched the Ghostnet against India to espionage that country’s confidential data The operation is likely associated with an APT. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India were compromised 2008 Use of unsecured Wi-Fi networks, to send terror E-mails by Indian Mujahideen operatives and other groups after blasts in Delhi, Ahmedabad, Jaipur, Varanasi etc. • State police and other Law Enforcement Agencies to deal with cybercrimes, Computer Emergency Team to deal with cyber security incidents, National Critical Information Infrastructure Protection Centre for the protection of CII, Cyber Security Coordinator, National Security Council Secretariat, Intelligence Bureau and various Intelligence Agencies, Ministry of Home Affairs and Department of Electronics and Information Technology are involved in cyber security functions etc. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
UNITED STATES YEAR ATTACK OUTCOME 2001–2015 NSA’s reach appears to be limitless, according to documents leaked by Edward Snowden, which describe a vast hacking operation aimed at subverting the Internet’s infrastructure. Global paranoia and a reduction in security for all. 2007 The US launched the Stuxnet worm against Iran to sabotage that country’s nuclear program. Stuxnet succeeded in briefly setting back the Iranian nuclear program. The attack set a precedent for Cyberwarfare, wherein countries launch digital assaults to resolve political disputes. • The NSA, CIA and United States Cyber Command are the three main organizations that work towards this cause. • The force, which will be distributed across 133 teams, is on track to be fully functional by 2016. It will focus on three areas: providing support to combatant commanders across the globe, defense of the DoD information network, and protection of the nation's critical infrastructure and key resources C3 : Cyber-crime , Cyber-war , Cyber-terrorism
CHINA YEAR ATTACK OUTCOME 2009–2012 China allegedly hacked Google, RSA Security, and other companies to obtain source code and other sensitive data The hackers who breached RSA Security obtained core data used in the company’s two-factor authentication scheme favored by governments and corporations 2014 China breached several databases belonging to the US Office of Personnel Management (OPM) The hackers stole sensitive data, including Social Security numbers, relating to more than 21 million people interviewed for government background checks • The group of elite hackers in the China’s People’s Liberation Army is known as “cyber blue team” that will be engaged in both defensive and offensive campaigns, their mission is the protection of the country from cyber-attacks. • The PLA Unit 61398 (also known as “Advanced Persistent Threat 1” (“APT1”) and “Byzantine Candor”), is a sort of legend in the hacking world, it is the Military Unit Cover Designator (MUCD) • The country also hires groups like the Hidden Lynx - among the world's leading hacker groups - who can create customized Trojans and advanced watering holes to infiltrate targets. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Israel YEAR ATTACK OUTCOME 2014 Israel allegedly hacked Russian security firm Kaspersky Lab to obtain intel on its research about nation-state attacks. It also struck venues in Europe where the UN Security Council met to negotiate Iran’s nuclear program The attackers may have obtained intel about Kaspersky’s research. 2012 Suspected of launching the Wiper attack against the Iranian oil ministry and the National Iranian Oil Company The malware wiped 30,000+ workstations hard-drive data, then erased system files, causing the machines to crash and preventing them from rebooting. Iran insisted it had data backups. • Israel has been dubbed "The Startup Nation“ & cyber-security capital of the world . • Mossad is the national intelligence agency of Israel and is responsible for intelligence collection, covert operations, and counterterrorism. • Unit 8200 is an Israeli Intelligence Corps unit responsible for collecting signal intelligence (SIGINT) and code decryption. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
NORTH KOREA YEAR ATTACK OUTCOME 2014 Sony Pictures Entertainment was paralyzed by an attack. The US attributed the action to North Korea and applied additional economic sanctions against the country and specific officials. The attackers nabbed gigabytes of internal data and communications, which they later posted online. 2013 Computers in South Korea were struck by a logic bomb that caused data deletion and prevented rebooting. South Korea blamed North Korea for the attack but has never produced solid evidence. Two broadcast media companies and at least three banks were affected. • Bureau 121 is a North Korean Cyberwarfare agency, which is part of the General Bureau of Reconnaissance of North Korea's military and most talented computer experts.; the bureau specializes in sophisticated distributed denial of service (DDoS), encryption obfuscation, spear phishing, watering holes, and zero day attacks. • Unit 124 was a North Korean Special Operation Forces unit, part of the Reconnaissance Agency, formed to conduct intelligence gathering, espionage, terrorism and abduction operations in South Korea. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
IRAN YEAR ATTACK OUTCOME 2012 Iran allegedly launched a virus called Shamoon against oil conglomerate Saudi Aramco’s computers. US officials blame Iran for the attack but have never produced evidence. Shamoon wiped data from some 30,000+ machines and destroyed system files, preventing reboots. 2011-2012 Iran launched a series of Denial-of-Service attacks on US banks. Though Izz ad-Din al-Qassam Cyber Fighters took responsibility, US officials claimed Iran was retaliating for Stuxnet and UN sanctions. The attacks consumed resources, but no long-term damage was reported. • Iran was the victim of a cyber attack cyber-worm ‘Stuxnet’, a combined effort by the United States and Israel, Stuxnet destroyed perhaps over 1000 nuclear centrifuges. • In 2013, a Revolutionary Guards general stated that Iran has “the 4th biggest cyber power among the world’s cyber armies. • Distributed denial-of-service (DDoS), spear phishing, viruses, and brute force attacks are the most common weapons in an Iranian hacker's toolkit. • Since 2010, Iran's funding for cyber-security has been increased from $3.4 million to 19.8 million C3 : Cyber-crime , Cyber-war , Cyber-terrorism
RUSSIA YEAR ATTACK OUTCOME 2014 Russia allegedly hacked the US State Department and the White House. The attackers had access to unclassified emails for President Obama as well as nonpublic details about his schedule. 2015 Russia reportedly hacked TV5Monde, a French-language broadcaster. A group calling itself the CyberCaliphate took credit, but French officials have pointed the finger at Russia. The hackers blacked out broadcasting for several hours and posted messages expressing support for ISIS to the TV channel’s social media accounts. • Cyberwarfare in Russia includes allegations of denial of service attacks, hacker attacks, dissemination of disinformation over the internet, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, and persecution of cyber-dissidents. • APT28 cyberespionage group is active since 2007 and it has targeted governments, militaries, and security organizations. The group focused its hacking campaign on targets that would be of interest to Russia, such as the Caucasus region with a focus on Georgia. • Russian hackers group "Turla" Spy Gang Has Clever, Less-Detectable Hacking Technique, using highly sophisticated malware for both Windows and Linux platforms, as well as multistage proxies for bypassing network segmentation and isolation mechanisms. It has been found to have been hijacking legitimate satellite internet connections to mask the location of its command-and-control (C&C) servers & active since for more than 8 years. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Some Facts • Cyber-attacks cost business $400 Billion a year • 25 % of cyber cases unresolved • Only 17% of companies are fully prepared for an incident • Social media – a hackers’ favorite target, Hacking an Plane, Car… IoT Smart-Devices • 37% of Microsoft servers on ships are vulnerable to hacking • 48 % of mobile phone users don't have a passcode or other access authentication method • Approx. 600,000 no of hackers that log into Facebook everyday trying to breach user's personal Security • 91% of all attacks on the enterprise network are the result of successful spear-phishing • 53% Of breaches stem from malware & hacks • Largest DDoS attack reached 400Gbps (Avg 14 Gbps) • …… • Every smart-phone is a computer. • Majority are not tech-savvy, or security conscious. So From Authentic source • There are more than 900 million mobile users and 200 million Internet subscribers in India. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
EMERGING THREATS • Social-Media • Internet-Of-Things threats , Fileless Threat , Memory Scrapping Malware • BIGDATA • Unsecure CLOUD • 3D- printers Bio-Printing • Crypto-currency threats • Drone : Imagine such a device delivering RDX to a critical building or structure • Leveraging Technology for Building National cyber intelligence • Lack of Qualified Skills, providing end –user training awareness • Crimeware-as-a-Service, Prosecution remains a challenge • Can there be true anonymity on the internet ? To some extent, the answer to the title is "YES“ • ----- • World’s internet is powered by the complex network of internet submarine cables hidden inside the mighty oceans of Earth. These cables are not much thicker than 8 cm and they transmit about 99 percent of all international data. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
WHERE TO START • Establish proper clear ownership of risk at the highest level • Assume you are compromised , randomly perform assessments to detect APTs • Hands-on experts who skilled in the functional areas of Cyber-Security- Identify, Protect, Detect, Respond and Recover • Build world class R&D & policing. Set-up Cyberdome to tackle Cyber-crime • Computer forensics & Leverage Threat Intelligence is not enough, Identity management must be world-class • Governments, organizations and citizens should prepare themselves against these inevitable threats • Isolate critical infrastructure & Two-factor authentication, minimum for sensitive areas. • Positive collaboration between the security industry, academia, law enforcement, and governments to take down cybercriminal operations • Secure the Mechanisms of the Internet. Essential to the security of the Internet infrastructure is ensuring the reliability and secure use of three key protocols: 1 : The Internet Protocol (IP) 2 : The Domain Name System (DNS) 3 : The Border Gateway Protocol (BGP) • You need tools, skilled people, and a plan for detection and incident response. Such team must be well aware of techno legal aspects of cyber law, cyber security, cyber forensics, etc. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Terminologies • Upstream collection is a term used by the National Security Agency (NSA) of the United States for intercepting telephone and internet traffic from major internet cables and switches, both domestic and foreign. Besides the Upstream collection, NSA also gathers information from internet communications through arrangements with internet companies under the program codenamed PRISM • Fire Sale attack is an all-out Cyberwarfare attack that performs a three-stage systematic attack on a nation's computer infrastructure. Hackers called it Fire Sale because "Everything must go“ • Stage 1: Shutting down all transportation systems; such as traffic lights, railroad lines, subway system and airport systems. • Stage 2: Disable the financial systems; including Wall Street, banks and financial records. • Stage 3: Turning off public utility systems, such as electricity, gas lines, telecommucations and satellite systems. • Red Team-Blue Team exercises take their name from their military antecedents. The idea is simple: One group of security pros--a red team--attacks something, and an opposing group--the blue team--defends it. Originally, the exercises were used by the military to test force-readiness. • Tallinn Manual on the International Law Applicable to Cyber Warfare is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. The Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012. • Cyberwarriors are agents or quasi-agents of nation-states who develop capabilities and undertake cyberattack in support of a country’s strategic objectives. Cyberactivists are individuals who perform cyberattack for pleasure, philosophical, political, or other nonmonetary reasons. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
About me (shame self-promotion) Email : Deepakniit14@gmail.com Google : D3pak Kumar Twitter : @D3pak Web : www.D3pak.branded.me C3 : Cyber-crime , Cyber-war , Cyber-terrorism
Resources • Wiki , ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. C3 : Cyber-crime , Cyber-war , Cyber-terrorism

More Related Content

PDF
Digital forensic principles and procedure
newbie2019
 
PPTX
Internet of Things Using Arduino
Pantech ProLabs India Pvt Ltd
 
PPT
Cyber crime in a Smart Phone & Social Media Obsessed World
John Palfreyman
 
PPTX
Digital forensics ahmed emam
ahmad abdelhafeez
 
PPTX
Iot forensics
Abeis Ab
 
PDF
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
PPTX
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Dr Raghu Khimani
 
PDF
Autopsy 3.0 - Open Source Digital Forensics Conference
Basis Technology
 
Digital forensic principles and procedure
newbie2019
 
Internet of Things Using Arduino
Pantech ProLabs India Pvt Ltd
 
Cyber crime in a Smart Phone & Social Media Obsessed World
John Palfreyman
 
Digital forensics ahmed emam
ahmad abdelhafeez
 
Iot forensics
Abeis Ab
 
Cyber Forensics & Challenges
Deepak Kumar (D3)
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Dr Raghu Khimani
 
Autopsy 3.0 - Open Source Digital Forensics Conference
Basis Technology
 

What's hot (20)

PPTX
Difference between Cyber and digital Forensic.pptx
Applied Forensic Research Sciences
 
PPT
Intro To Hardware And Software
Cerise Anderson
 
PDF
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
PPTX
Internet of things - challenges scopes and solutions
Shivam Kumar
 
PDF
Security in the Internet of Things
ForgeRock
 
PPTX
Computer security
Ayesha Arshad
 
PDF
Digital Evidence in Computer Forensic Investigations
Filip Maertens
 
PPT
Introduction to computer forensic
Online
 
PPTX
Iot(security)
Shreya Pohekar
 
PPTX
IoT Security Risks and Challenges
OWASP Delhi
 
PPTX
Introduction to computer hardware
Elike Ikechukwu
 
PDF
IOT Forensic Challenges
AnukaJinadasa
 
PPTX
Computer forensic ppt
Priya Manik
 
PPTX
Internet of Things Forensics
Aakashjit Bhattacharya
 
PPTX
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
PDF
Computer forensic
Singgih Prasetya
 
PPTX
IoT ppt
Muthulakshmi97
 
PPTX
IOT
Gaurav Dwivedi
 
PPTX
NTFS vs FAT
Tanveer Ahmed
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
Difference between Cyber and digital Forensic.pptx
Applied Forensic Research Sciences
 
Intro To Hardware And Software
Cerise Anderson
 
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Internet of things - challenges scopes and solutions
Shivam Kumar
 
Security in the Internet of Things
ForgeRock
 
Computer security
Ayesha Arshad
 
Digital Evidence in Computer Forensic Investigations
Filip Maertens
 
Introduction to computer forensic
Online
 
Iot(security)
Shreya Pohekar
 
IoT Security Risks and Challenges
OWASP Delhi
 
Introduction to computer hardware
Elike Ikechukwu
 
IOT Forensic Challenges
AnukaJinadasa
 
Computer forensic ppt
Priya Manik
 
Internet of Things Forensics
Aakashjit Bhattacharya
 
Computer Forensics ppt
OECLIB Odisha Electronics Control Library
 
Computer forensic
Singgih Prasetya
 
IoT ppt
Muthulakshmi97
 
IOT
Gaurav Dwivedi
 
NTFS vs FAT
Tanveer Ahmed
 
Computer forensics powerpoint presentation
Somya Johri
 
Ad

Viewers also liked (11)

PDF
Phishing
Deepak Kumar (D3)
 
PDF
IT Certification's top Ten Benefits
Deepak Kumar (D3)
 
PDF
Facebook Security Tips
Deepak Kumar (D3)
 
PDF
How to social/official network
Deepak Kumar (D3)
 
PDF
DDOS
Deepak Kumar (D3)
 
PDF
Sexting
Deepak Kumar (D3)
 
PDF
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
PDF
Edward Snowden Data-Breach
Deepak Kumar (D3)
 
PDF
Equiinet discussion of cyber threat landscape final 2016
Equiinet
 
PDF
Smartphone Forensic Acquisition guide
Deepak Kumar (D3)
 
PPTX
Presentation Design Trends 2014
SketchBubble
 
Phishing
Deepak Kumar (D3)
 
IT Certification's top Ten Benefits
Deepak Kumar (D3)
 
Facebook Security Tips
Deepak Kumar (D3)
 
How to social/official network
Deepak Kumar (D3)
 
DDOS
Deepak Kumar (D3)
 
Sexting
Deepak Kumar (D3)
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Recorded Future
 
Edward Snowden Data-Breach
Deepak Kumar (D3)
 
Equiinet discussion of cyber threat landscape final 2016
Equiinet
 
Smartphone Forensic Acquisition guide
Deepak Kumar (D3)
 
Presentation Design Trends 2014
SketchBubble
 
Ad

Similar to C3 Cyber (20)

PDF
Module 1 Introduction to cryptography...
22ss02it069
 
PPTX
Introduction to computer forensic in IT World
norhasiahakhir1
 
PPTX
cs computer notes of studies in education
srinivasgosula
 
PPT
History and future cybercrime
Online
 
PPTX
Cyber Criminals,Classifications of Cybercrimes aat.pptx
Ashwini831102
 
PPTX
Cyber security talks 2019 by theko moima
Theko Moima
 
PPTX
Cyber Terrorism
Sai praveen Seva
 
PPTX
Introduction to cyber security presentation
krishkiran2408
 
PPTX
Introduction to cyber security presentation
krishkiran2408
 
PPTX
Introduction to Cyber security presentation
krishkiran2408
 
PPTX
Introduction to cyber security presentation
krishkiran2408
 
PPTX
Cyber security presentation
sweetpeace1
 
PPTX
International-Dimensions-of-Cybercrime (1).pptx
chrixymae
 
PPTX
Cyber Crime
shubham ghimire
 
PDF
Practical approach to combating cyber crimes
Chinatu Uzuegbu
 
PPTX
Cyber Security in Society
Rubal Sagwal
 
PPTX
Cybercrime
SERCOD
 
PPTX
Cyber security by Gaurav Singh
Gaurav Singh
 
PPTX
Cyber Security PPT and how to be aware from hackers
3aitestdata
 
PPTX
Cyber Wars.pptx
ArjunKumar684595
 
Module 1 Introduction to cryptography...
22ss02it069
 
Introduction to computer forensic in IT World
norhasiahakhir1
 
cs computer notes of studies in education
srinivasgosula
 
History and future cybercrime
Online
 
Cyber Criminals,Classifications of Cybercrimes aat.pptx
Ashwini831102
 
Cyber security talks 2019 by theko moima
Theko Moima
 
Cyber Terrorism
Sai praveen Seva
 
Introduction to cyber security presentation
krishkiran2408
 
Introduction to cyber security presentation
krishkiran2408
 
Introduction to Cyber security presentation
krishkiran2408
 
Introduction to cyber security presentation
krishkiran2408
 
Cyber security presentation
sweetpeace1
 
International-Dimensions-of-Cybercrime (1).pptx
chrixymae
 
Cyber Crime
shubham ghimire
 
Practical approach to combating cyber crimes
Chinatu Uzuegbu
 
Cyber Security in Society
Rubal Sagwal
 
Cybercrime
SERCOD
 
Cyber security by Gaurav Singh
Gaurav Singh
 
Cyber Security PPT and how to be aware from hackers
3aitestdata
 
Cyber Wars.pptx
ArjunKumar684595
 

More from Deepak Kumar (D3) (20)

PDF
Dark Web Forensics
Deepak Kumar (D3)
 
PDF
Cyber Threat Intel : Overview
Deepak Kumar (D3)
 
PDF
Cyber of things 2.0
Deepak Kumar (D3)
 
PDF
Cyber Forensics
Deepak Kumar (D3)
 
PDF
Threat Intelligence
Deepak Kumar (D3)
 
PDF
THINK
Deepak Kumar (D3)
 
PDF
Cyber Security Tips
Deepak Kumar (D3)
 
PDF
CISSP INFORGRAPH MINDMAP
Deepak Kumar (D3)
 
PDF
Cyber Crime Types & Tips
Deepak Kumar (D3)
 
PDF
Cyber Security India & Cyber Crime
Deepak Kumar (D3)
 
PDF
21st Century Cyber Forensics
Deepak Kumar (D3)
 
PDF
IoT
Deepak Kumar (D3)
 
PDF
Bitcoin
Deepak Kumar (D3)
 
PDF
Ransomware
Deepak Kumar (D3)
 
PDF
Success Mantra
Deepak Kumar (D3)
 
PDF
Registry Registrar Registrant
Deepak Kumar (D3)
 
PDF
Whatsapp
Deepak Kumar (D3)
 
PDF
Phishing Scam
Deepak Kumar (D3)
 
PDF
Cybe Crime & Its Type
Deepak Kumar (D3)
 
PPT
Information Security : A look
Deepak Kumar (D3)
 
Dark Web Forensics
Deepak Kumar (D3)
 
Cyber Threat Intel : Overview
Deepak Kumar (D3)
 
Cyber of things 2.0
Deepak Kumar (D3)
 
Cyber Forensics
Deepak Kumar (D3)
 
Threat Intelligence
Deepak Kumar (D3)
 
THINK
Deepak Kumar (D3)
 
Cyber Security Tips
Deepak Kumar (D3)
 
CISSP INFORGRAPH MINDMAP
Deepak Kumar (D3)
 
Cyber Crime Types & Tips
Deepak Kumar (D3)
 
Cyber Security India & Cyber Crime
Deepak Kumar (D3)
 
21st Century Cyber Forensics
Deepak Kumar (D3)
 
IoT
Deepak Kumar (D3)
 
Bitcoin
Deepak Kumar (D3)
 
Ransomware
Deepak Kumar (D3)
 
Success Mantra
Deepak Kumar (D3)
 
Registry Registrar Registrant
Deepak Kumar (D3)
 
Whatsapp
Deepak Kumar (D3)
 
Phishing Scam
Deepak Kumar (D3)
 
Cybe Crime & Its Type
Deepak Kumar (D3)
 
Information Security : A look
Deepak Kumar (D3)
 

Recently uploaded (20)

PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
Pre independence Education in Inndia.pdf
goofy5603
 
RMMM.pdf make it easy to upload and study
sajedul2
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 

C3 Cyber

  • 2. DISCLAIMER The issues addressed in this document may be controversial.This document is for educational and research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 3. Agenda C3 : Cyber-crime , Cyber-war , Cyber-terrorism SOME CYBER-ATTACKS COUNTRY WISE ABOUT ME SOME FACTS TERMINOLOGIES EMERGING THREATS WHERE TO START INFORMATION OPERATION TERMINOLOGY MOTIVE IN CYBER ERA RESOURCES UNDERGROUND CYBER MARKET CYBER-CRIME MARKET PRICES CRITICAL INFORMATION INFRASTRUCTURE CYBERWAR CYBER CRIME CYBER- CRIME : GOAL, PROFILE & TARGETS SOME BIGGEST DATA BREACHES CYBER ESPIONAGE CYBER-TERRORISM
  • 4. The Technology World Always has the Sharpest Brains... There are equally sharp minds, working against you… Src : Securus First C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 5. Cyber-Crime • Any violations of criminal law that involve knowledge of Computer technology for their perpetration, investigation, or prosecution. – US DOJ • Criminal activities carried out by means of computers or the Information technology. • Cyber space is virtual, borderless and anonymous due to which it becomes difficult to actually trace the origin of a cyber attack. There are very few cyber-crime cells or police stations in India ; ordinary police stations are not well equipped and capable to deal with digital-crimes. • Cybercrimes had cost India about 24,630 crores in 2013 alone. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 6. Cyber-Crime : GOAL, PROFILE & TARGETS Goals of Cyber - Attacks Attacker Profiles • State-Sponsored • Non-State  Insiders  Hactivists  Organized Gangs  Criminals • Hobbyists, Learners and Enthusiasts • Money • Power • Control • Publicity • Revenge • Crackers • Learning • Strategic Objectives • Embed sleepers • Espionage / Sabotage Target and Motives • Corporate  Defacement, Takeover / control  Financial , Extortion, Revenge  Information / Data Theft  Reputation Damage • Individual/Personal  Yours and Family – entire life  Ransomware  Stalking, Blackmail, Scams • Governmental / Military  Secrets, Weapon Control • Political, Religious, National unrest • Secret to combat cyber-crime is capacity building. • Anonymity browsing is illegal in some countries but not in India till now. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 7. Underground Cyber Market • The Internet is where everyone has access to and where it’s easy to find things because they’re indexed by search engines. • The Deep Web is the part of the Internet that isn’t necessarily malicious, but is just too obscure to be indexed due to the sheer size of the web. Approx. 96 % of the internet is beyond search engines such as Google and Bing • The Dark Web is the part of the non-indexed part of the Internet (the Deep Web) that is used by those who don’t want to be found for whatever reason. This could be for seedy, illegal purposes or it could be a matter of privacy. C3 : Cyber-crime , Cyber-war , Cyber-terrorism • Silk Road provided a platform for drug dealers around the world to sell narcotics through the Internet • 950,000+ registered user • Taken down Sep 2013 • Darkmarket facilitated the buying & selling of stolen financial information • Had 2500+ members • Taken down in 2010 Sites like Silk Road and DarkMarket operate in the Deep Web / Dark Web offering illegal services
  • 8. Cyber-Crime Tools Used • The operators in the Deep Web and Dark Web use tools which ensure the anonymity of their identity, location, transactions, and payments • Tor network provides anonymous browsing and access to the Deep Web sites that are identified as *.onion • Use of Bitcoins helps keep transactions anonymous as this system does not identify the buyer / seller or payer/payee except as a hash value. In addition bitcoins can be converted to cash in currencies across the world and thus provide an unidentifiable means of stashing and transferring money. • Tor is a special network of computers on the Internet, distributed around the world. • Tor is designed to conceal the true IP addresses of the computers in the network • Bitcoins are an anonymous, decentralized form of electronic currency • like "cash" in cyberspace - anonymous. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 9. Cyber-Crime Market Prices Src : Trend Micro C3 : Cyber-crime , Cyber-war , Cyber-terrorism • Is the Black market illegal? • A black market or underground economy is the market in which goods or services are traded illegally. The key distinction of a black market trade is that the transaction itself is illegal. The goods or services may or may not themselves be illegal to own, or to trade through other, legal channels.
  • 10. Crooks are smarter – and now it’s cheaper than ever! They can buy malware, attack kits, and even ‘Crimeware-as-a-Service’! It's as cheap as… Drive-by Download tool kit rental $100/WEEK Credit card details $ 0.50/CARDS DDoS attacks $10/DAY Stolen gaming accounts $10 EACH Verified Spam Email Blasts $70/MILLION • India and Union Cabinet has already approved the ‘Smart Cities Mission’, with an outlay of 48,000 crores, under which 100 new ‘Smart Cities’ would be developed. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 11. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 12. CRITICAL INFORMATION INFRASTRUCTURES (CII) EDUCATION WATER DEFENCE TELECOMMUNICATION FINANCIAL GOVERNMENT HOSPITAL INDUSTRY ENERGY TRANSPORTATION Critical infrastructure is a term used by governments to describe assets that are essential for the functioning of a society and economy. Most commonly associated with the term are facilities for: • Amateurs hack systems, professionals hack people. — Bruce Schneier • Don’t assume that you’re not a target. Draw up battle plans. Learn from the mistakes of others C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 13. A Lot of Folks Have Substantial Misconceptions About This "Cyber War" Thing • -- Cyber war is NOT about “inadvertent” nuclear war -- Cyber war is NOT about cyber intrusions -- Cyber war is NOT about defacing web sites -- Cyber war is NOT about DDoS attacks -- Cyber war is NOT about malware -- Cyber war is NOT about cyber-enabling regular terrorism -- Cyber war is NOT about “high tech” war that isn't computer or network focused, nor is it about “non-technical" military information operations • That’s all “bad stuff,” and it might be “cyber espionage,” or “cyber terrorism,” or “high tech war" or "nuclear war" or "regular war" but it’s not cyber war. However since a lot of the impressions we have about cyber war are formed around those misconceptions, we need to start by looking at those areas. Src : uoregon.edu C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 14. CyberWar • Although there is no clear doctrinal definition of “CyberWar” It involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks (ICT) through, for example, computer malwares or denial-of-service attacks. ( as WiKi) • It is internet-based conflict involving politically motivated attacks on critical infrastructure Industrial control systems and information systems. • Cyberspace: "the fifth domain of warfare” The other domains of warfare are land, air, sea, and space. • A Computer may be more dangerous than a Gun. • Cyber warfare is a great alternative to conventional weapons. • 2007 Estonia , Pentagon • 2009 Operation Aurora , Ghostnet • 2010 Stuxnet , WikiLeaks , Shamoon • 2011 Duqu, Stars Virus , Mahdi • 2012 Flame , Red October • 2013 Edward Snowden , Operation Ababil , Spamhaus • 2014 PLA Unit 61398, Sony • 2015 Anthem, OPM, Pentagon C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 15. Cyber-Terrorism • It’s a controversial term and there is no any proper consensus definition. • It's an acts of terrorism "premeditated, politically motivated attack against information, computer systems, programs and data which results in violence against non-combatant targets by sub-national groups or clandestine agents, with the intention to cause harm or further social, ideological, religious, political or similar objectives. Hactivists Terror Group State Sponsored • Geographic/Strategic • Political / Financial / Ideological • Ideological • Highly Coordinated attacks that can cause mass-disruptions • Can conduct sophisticated attack against targeted systems or spread rumors • Can conduct basic hacks against individual systems using tools MOTIVATIONS CAPABITLITIESTYPES • Cyber-attacks are a Nuisance, Not Terrorism. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 16. Cyber-Terrorism DEFENDERS ATTACKERS • Trained to defend against • Well-known threats • Need abundant resources • Reactive Mindset • Hampered by ‘terrain, • Constantly innovating • Changing their attacks • Need less resources • Proactive Mindset • Government support • Government advantage • Spear phishing is the attack method used in some 91 % of cyber-attacks. • You can't defend. You can't prevent. The only thing you can do is detect and respond. C3 : Cyber-crime , Cyber-war , Cyber-terrorism Src: kukis.org
  • 17. CYBER ESPIONAGE METHODS OF SPREADING CYBERESPIONAGE MALWARE • Exploitation of vulnerabilities commonly software products, such as: Java ,Adobe Reader, Microsoft Office, Internet Explorer, Adobe Flash and more • Social engineering techniques – including spear-phishing campaigns • Drive-by downloads , Droppers • … The act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers • You don’t control all of your critical business systems. Understand your vulnerabilities in the distributed, outsourced world. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 18. Some Biggest Data Breaches TARGETiCloud HACKING TEAM ANTHEM UBISOFTGAANAOPMASHLEY MADISON JP MORGANEBAYOLAADOBE SONY • Personally Identiable Information (PII) and intellectual property (IP) are the top targets • 205 Avg. days to discover breach & most breaches are discovered by third parties • MyDoom is considered to be the most expensive virus in the world, approx. $38.5 billion! C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 19. Information Operation's Terminology Cybercriminals are keen to learn new techniques that can make their own attacks more effective. They will devote significant effort to reverse engineering the most sophisticated attacks – even those developed by nation states. SIGINT : Signals Intelligence COMINT : Communication Intelligence ELINT : Electronic Intelligence OSINT : Open Source Intelligence PSYOPS : Psychological Operations FISINT : Foreign Instrumentation Signals Intelligence IMINT : Imagery Intelligence MASINT : Measurement Intelligence HUMINT : Human Intelligence GEOSPATIAL INT : Analysis & Presentation Security-Relevant Activities • Nations or organizations don’t need that much money to invest in cyber warfare. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 20. MOTIVE IN CYBER ERA • Cyber Attacks on India are Increasing with Rapid Growth of 200%+ /Year. • Hack Your Life ultimately ~ Hack your nation CYBERCRIME When a Cyber-attack is use to Steal Money HACTIVISM When one uses Cyber-attack to promote Political Agendas CYBER ESPIONAGE When Cyber-attack is used to steal Specific Information CYBER WARFARE When Cyber-attack is used to form terrorism against Gov. ,Nation Src : Nxtgen C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 21. INDIA YEAR ATTACK OUTCOME 2010 Shadow Network is a China based computer espionage operation (Shadow in the Cloud) Attackers stole Indian national security information, 1,500+ e-mails from the Indian government, the office of the Dalai Lama 2009 China launched the Ghostnet against India to espionage that country’s confidential data The operation is likely associated with an APT. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India were compromised 2008 Use of unsecured Wi-Fi networks, to send terror E-mails by Indian Mujahideen operatives and other groups after blasts in Delhi, Ahmedabad, Jaipur, Varanasi etc. • State police and other Law Enforcement Agencies to deal with cybercrimes, Computer Emergency Team to deal with cyber security incidents, National Critical Information Infrastructure Protection Centre for the protection of CII, Cyber Security Coordinator, National Security Council Secretariat, Intelligence Bureau and various Intelligence Agencies, Ministry of Home Affairs and Department of Electronics and Information Technology are involved in cyber security functions etc. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 22. UNITED STATES YEAR ATTACK OUTCOME 2001–2015 NSA’s reach appears to be limitless, according to documents leaked by Edward Snowden, which describe a vast hacking operation aimed at subverting the Internet’s infrastructure. Global paranoia and a reduction in security for all. 2007 The US launched the Stuxnet worm against Iran to sabotage that country’s nuclear program. Stuxnet succeeded in briefly setting back the Iranian nuclear program. The attack set a precedent for Cyberwarfare, wherein countries launch digital assaults to resolve political disputes. • The NSA, CIA and United States Cyber Command are the three main organizations that work towards this cause. • The force, which will be distributed across 133 teams, is on track to be fully functional by 2016. It will focus on three areas: providing support to combatant commanders across the globe, defense of the DoD information network, and protection of the nation's critical infrastructure and key resources C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 23. CHINA YEAR ATTACK OUTCOME 2009–2012 China allegedly hacked Google, RSA Security, and other companies to obtain source code and other sensitive data The hackers who breached RSA Security obtained core data used in the company’s two-factor authentication scheme favored by governments and corporations 2014 China breached several databases belonging to the US Office of Personnel Management (OPM) The hackers stole sensitive data, including Social Security numbers, relating to more than 21 million people interviewed for government background checks • The group of elite hackers in the China’s People’s Liberation Army is known as “cyber blue team” that will be engaged in both defensive and offensive campaigns, their mission is the protection of the country from cyber-attacks. • The PLA Unit 61398 (also known as “Advanced Persistent Threat 1” (“APT1”) and “Byzantine Candor”), is a sort of legend in the hacking world, it is the Military Unit Cover Designator (MUCD) • The country also hires groups like the Hidden Lynx - among the world's leading hacker groups - who can create customized Trojans and advanced watering holes to infiltrate targets. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 24. Israel YEAR ATTACK OUTCOME 2014 Israel allegedly hacked Russian security firm Kaspersky Lab to obtain intel on its research about nation-state attacks. It also struck venues in Europe where the UN Security Council met to negotiate Iran’s nuclear program The attackers may have obtained intel about Kaspersky’s research. 2012 Suspected of launching the Wiper attack against the Iranian oil ministry and the National Iranian Oil Company The malware wiped 30,000+ workstations hard-drive data, then erased system files, causing the machines to crash and preventing them from rebooting. Iran insisted it had data backups. • Israel has been dubbed "The Startup Nation“ & cyber-security capital of the world . • Mossad is the national intelligence agency of Israel and is responsible for intelligence collection, covert operations, and counterterrorism. • Unit 8200 is an Israeli Intelligence Corps unit responsible for collecting signal intelligence (SIGINT) and code decryption. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 25. NORTH KOREA YEAR ATTACK OUTCOME 2014 Sony Pictures Entertainment was paralyzed by an attack. The US attributed the action to North Korea and applied additional economic sanctions against the country and specific officials. The attackers nabbed gigabytes of internal data and communications, which they later posted online. 2013 Computers in South Korea were struck by a logic bomb that caused data deletion and prevented rebooting. South Korea blamed North Korea for the attack but has never produced solid evidence. Two broadcast media companies and at least three banks were affected. • Bureau 121 is a North Korean Cyberwarfare agency, which is part of the General Bureau of Reconnaissance of North Korea's military and most talented computer experts.; the bureau specializes in sophisticated distributed denial of service (DDoS), encryption obfuscation, spear phishing, watering holes, and zero day attacks. • Unit 124 was a North Korean Special Operation Forces unit, part of the Reconnaissance Agency, formed to conduct intelligence gathering, espionage, terrorism and abduction operations in South Korea. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 26. IRAN YEAR ATTACK OUTCOME 2012 Iran allegedly launched a virus called Shamoon against oil conglomerate Saudi Aramco’s computers. US officials blame Iran for the attack but have never produced evidence. Shamoon wiped data from some 30,000+ machines and destroyed system files, preventing reboots. 2011-2012 Iran launched a series of Denial-of-Service attacks on US banks. Though Izz ad-Din al-Qassam Cyber Fighters took responsibility, US officials claimed Iran was retaliating for Stuxnet and UN sanctions. The attacks consumed resources, but no long-term damage was reported. • Iran was the victim of a cyber attack cyber-worm ‘Stuxnet’, a combined effort by the United States and Israel, Stuxnet destroyed perhaps over 1000 nuclear centrifuges. • In 2013, a Revolutionary Guards general stated that Iran has “the 4th biggest cyber power among the world’s cyber armies. • Distributed denial-of-service (DDoS), spear phishing, viruses, and brute force attacks are the most common weapons in an Iranian hacker's toolkit. • Since 2010, Iran's funding for cyber-security has been increased from $3.4 million to 19.8 million C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 27. RUSSIA YEAR ATTACK OUTCOME 2014 Russia allegedly hacked the US State Department and the White House. The attackers had access to unclassified emails for President Obama as well as nonpublic details about his schedule. 2015 Russia reportedly hacked TV5Monde, a French-language broadcaster. A group calling itself the CyberCaliphate took credit, but French officials have pointed the finger at Russia. The hackers blacked out broadcasting for several hours and posted messages expressing support for ISIS to the TV channel’s social media accounts. • Cyberwarfare in Russia includes allegations of denial of service attacks, hacker attacks, dissemination of disinformation over the internet, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, and persecution of cyber-dissidents. • APT28 cyberespionage group is active since 2007 and it has targeted governments, militaries, and security organizations. The group focused its hacking campaign on targets that would be of interest to Russia, such as the Caucasus region with a focus on Georgia. • Russian hackers group "Turla" Spy Gang Has Clever, Less-Detectable Hacking Technique, using highly sophisticated malware for both Windows and Linux platforms, as well as multistage proxies for bypassing network segmentation and isolation mechanisms. It has been found to have been hijacking legitimate satellite internet connections to mask the location of its command-and-control (C&C) servers & active since for more than 8 years. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 28. Some Facts • Cyber-attacks cost business $400 Billion a year • 25 % of cyber cases unresolved • Only 17% of companies are fully prepared for an incident • Social media – a hackers’ favorite target, Hacking an Plane, Car… IoT Smart-Devices • 37% of Microsoft servers on ships are vulnerable to hacking • 48 % of mobile phone users don't have a passcode or other access authentication method • Approx. 600,000 no of hackers that log into Facebook everyday trying to breach user's personal Security • 91% of all attacks on the enterprise network are the result of successful spear-phishing • 53% Of breaches stem from malware & hacks • Largest DDoS attack reached 400Gbps (Avg 14 Gbps) • …… • Every smart-phone is a computer. • Majority are not tech-savvy, or security conscious. So From Authentic source • There are more than 900 million mobile users and 200 million Internet subscribers in India. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 29. EMERGING THREATS • Social-Media • Internet-Of-Things threats , Fileless Threat , Memory Scrapping Malware • BIGDATA • Unsecure CLOUD • 3D- printers Bio-Printing • Crypto-currency threats • Drone : Imagine such a device delivering RDX to a critical building or structure • Leveraging Technology for Building National cyber intelligence • Lack of Qualified Skills, providing end –user training awareness • Crimeware-as-a-Service, Prosecution remains a challenge • Can there be true anonymity on the internet ? To some extent, the answer to the title is "YES“ • ----- • World’s internet is powered by the complex network of internet submarine cables hidden inside the mighty oceans of Earth. These cables are not much thicker than 8 cm and they transmit about 99 percent of all international data. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 30. WHERE TO START • Establish proper clear ownership of risk at the highest level • Assume you are compromised , randomly perform assessments to detect APTs • Hands-on experts who skilled in the functional areas of Cyber-Security- Identify, Protect, Detect, Respond and Recover • Build world class R&D & policing. Set-up Cyberdome to tackle Cyber-crime • Computer forensics & Leverage Threat Intelligence is not enough, Identity management must be world-class • Governments, organizations and citizens should prepare themselves against these inevitable threats • Isolate critical infrastructure & Two-factor authentication, minimum for sensitive areas. • Positive collaboration between the security industry, academia, law enforcement, and governments to take down cybercriminal operations • Secure the Mechanisms of the Internet. Essential to the security of the Internet infrastructure is ensuring the reliability and secure use of three key protocols: 1 : The Internet Protocol (IP) 2 : The Domain Name System (DNS) 3 : The Border Gateway Protocol (BGP) • You need tools, skilled people, and a plan for detection and incident response. Such team must be well aware of techno legal aspects of cyber law, cyber security, cyber forensics, etc. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 31. Terminologies • Upstream collection is a term used by the National Security Agency (NSA) of the United States for intercepting telephone and internet traffic from major internet cables and switches, both domestic and foreign. Besides the Upstream collection, NSA also gathers information from internet communications through arrangements with internet companies under the program codenamed PRISM • Fire Sale attack is an all-out Cyberwarfare attack that performs a three-stage systematic attack on a nation's computer infrastructure. Hackers called it Fire Sale because "Everything must go“ • Stage 1: Shutting down all transportation systems; such as traffic lights, railroad lines, subway system and airport systems. • Stage 2: Disable the financial systems; including Wall Street, banks and financial records. • Stage 3: Turning off public utility systems, such as electricity, gas lines, telecommucations and satellite systems. • Red Team-Blue Team exercises take their name from their military antecedents. The idea is simple: One group of security pros--a red team--attacks something, and an opposing group--the blue team--defends it. Originally, the exercises were used by the military to test force-readiness. • Tallinn Manual on the International Law Applicable to Cyber Warfare is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. The Tallinn Manual was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012. • Cyberwarriors are agents or quasi-agents of nation-states who develop capabilities and undertake cyberattack in support of a country’s strategic objectives. Cyberactivists are individuals who perform cyberattack for pleasure, philosophical, political, or other nonmonetary reasons. C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 32. About me (shame self-promotion) Email : Deepakniit14@gmail.com Google : D3pak Kumar Twitter : @D3pak Web : www.D3pak.branded.me C3 : Cyber-crime , Cyber-war , Cyber-terrorism
  • 33. Resources • Wiki , ToR, Rands, Homeland security, Kaspersky , TrendMicro, Dell, Bright talk, Securus First, National Research Council, Fas, General Accounting Office, Cyber Conflict Studies Association, Strategic Studies Quarterly, Center for Strategic and International Studies, and Monitor reporting • See http://www.bloomberg.com/politics/articles/2015-01-07/clapper-warns-of-more-potential-north-korean-hacksafter-sony. • For additional information, see CRS Report RL33123, Terrorist Capabilities for Cyberattack: Overview and Policy Issues, by John W. Rollins and Clay Wilson. • See “Challenges Remain in DHS’ Efforts to Security Control Systems,” Department of Homeland Security, Office of Inspector General, August 2009. For a discussion of how computer code may have caused the halting of operations at an Iranian nuclear facility see CRS Report R41524, The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability, by Paul K. Kerr, John W. Rollins, and Catherine A. Theohary. • Executive Assistant Director Shawn Henry, Responding to the Cyber Threat, Federal Bureau of Investigation, Baltimore, MD, 2011. • Department of Defense Deputy Secretary of Defense William J. Lynn III, “Defending a New Domain,” Foreign Affairs, October 2010. C3 : Cyber-crime , Cyber-war , Cyber-terrorism