Cyberbad Where Spam is leading to

1
CyberbadWhere Spam is leading to

• Phillip Hallam-Baker
• hallam_at_dotcrimemanifesto.com

2
Spam is Criminal Infrastructure
3
Botnets beget

• Spam
• Adverts for criminal / defective products
• Phishing
• Advance Fee Frauds
• Denial of Service Extortion
• All Things Cyber-bad

4
What is Cyber-Terror?
Cyber-Bad
5
Lowering the barriers
6
Cyber-Bad for Hire

• Hacking tools (commodity ? ø day exploits)
• Stolen credentials
• Crime as Service
• Spam
• Botnets
• Unwitting Accomplices (mules)
• Receiving stolen goods
• Money laundering

7
Cyber-bad Purposes

• Vandalism
• Vigilantism
• Fraud
• Terrorism
• Warfare

8
Criminals extend reach

• Compromise systems during manufacture
• Pin Entry Devices compromised during manufacture
• Phone home with PIN data to Pakistan
• Criminal insiders
• Blackmailed or bought prior to hire
• US Cert 41 incidents involve insiders
• Soc Generalé demonstrates bn potential

9
Internet Crime Isnt

• The banks are still where the money is

10
Russian Business Network
11
Cyber Crime to Cyber Terror?

• RBN customer 1488.ru

12
Its not a new game
13
Internet Terrorism Today
14
Internet Outreach
15
Internet Praxis
16
Realistic Future Scenarios
17
Internet Research

• Open Sources
• AQ manual claims 80 of information is available
• Criminal Expert Sources
• Who can tell me X for 100?
• Espionage
• Find an honest expert, penetrate their machine

18
Internet Crime Funding
19
Internet Crime Money Laundry
20
Internet Sabotage Force Multiplier
21
Is a Hollywood Scenario likely?
22
Past Performance is no guarantee
23
Security through obscurity works

• until it fails

24
Fixing the Problem
25
What is the problem?

• Banks
• Cost of Internet crime
• Direct Losses
• Customer Service
• Opportunity Losses
• National Security
• Potential criminal profits
• Potential sabotage damage

26
Are there solutions?

• Chip and PIN
• Eliminated Card Present Fraud in Europe
• Remaining attacks exploit legacy channels
• Why not in the US?
• Different market structure
• Anti-trust used to block changes

27
Anti-Crime Solutions

• Email Authentication
• SPF, DKIM, Secure Internet Letterhead
• Web Authentication
• Extended Validation, Secure Internet Letterhead
• Secure Identity
• SAML, WS-, OpenID, OATH, Identity 3.0
• Data Level Security
• CRM Infrastructure, Open CRM
• Network Security
• Reverse Firewalls, DNSSEC, BGP Security
• Domain Centric Administration, Default Deny
  Infrastructure

28
Conclusions

• The threats are real
• They are not necessarily Internet threats
• But the Internet changes the game
• The threats are serious
• They may not be terrorism as we know it
• But they are worth caring about
• Criminal infrastructure is an ongoing threat
• Some states are playing the privateer game
• We cannot rely on international cooperation