crime does pay (unless you get caught) renana friedlich, ir & forensic team leader hacktics...
TRANSCRIPT
![Page 1: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/1.jpg)
Crime DOES Pay(Unless you get caught)
Renana Friedlich, IR & Forensic Team LeaderHacktics Advanced Security Center, Ernst & YoungFebruary 2013
![Page 2: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/2.jpg)
Crime DOES Pay – OWASP ConferencePage 2
Traditional Forensics
![Page 3: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/3.jpg)
Crime DOES Pay – OWASP ConferencePage 3
Digital Forensics
He’s tough, but we’ll make him talk.
![Page 4: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/4.jpg)
Crime DOES Pay – OWASP ConferencePage 4
Example – Bredolab
Russia
Netherlands France
![Page 5: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/5.jpg)
Crime DOES Pay – OWASP ConferencePage 5
Agenda
► Computer Crime Definition
► Crime Detection
► Dealing with an Incident► Jurisdiction
► Punishment
► Case Studies
► Summary and Recommendations
![Page 6: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/6.jpg)
Crime DOES Pay – OWASP ConferencePage 6
Computer Crime Definition
► What name would best describe this type of offense?
► Is it a new form of crime?
Computer as a weaponComputer as a target
![Page 7: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/7.jpg)
Crime DOES Pay – OWASP ConferencePage 7
Rising Above the Noise Level
Vectors that may lead to detection:
Security systems
ProportionsSubject of
attack
![Page 8: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/8.jpg)
Crime DOES Pay – OWASP ConferencePage 8
Relevant Parties for Detection
End Users
Security Vendors
HoneyNets
ISPs
Local Police
SOCs
And more …
Auditing Processes
Governmental Agencies
![Page 9: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/9.jpg)
Crime DOES Pay – OWASP ConferencePage 12
Top 10 Detected Incidents
► Verizon 2012 Data Breach Investigations Report
Category Attack Overall Rank
Rank @ Large Org.
Hacking Use of stolen login credentials 3 1
Malware Backdoor 6 2
Hacking Exploitation of backdoor C&C channel 7 3
Physical Tampering 9 4
Malware Keylogger/Form-grabber/Spyware 1 5
Social Pretexting (classic social engineering) 11 6
Hacking Brute force and dictionary attacks 5 7
Hacking SQL injection 15 8
Social Phishing (or any type of *ishing) 20 9
Malware C&C (listens for and executes commands) 22 10
![Page 10: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/10.jpg)
Crime DOES Pay – OWASP ConferencePage 13
Duration Until the Incident is Discovered
Early detection heavily depends on the organization’s security maturity level.
Regulatory Detection
Public Detection
Law Enforcement
Self Detection
0 20 40 60 80 100 120 140 160 180 200
156.5
87.5
51.5
28
Average time until detection( Days)
![Page 11: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/11.jpg)
Crime DOES Pay – OWASP ConferencePage 14
Dealing with an Incident
Common ways of dealing with an incident:
Internal Care Law Enforcement Entity
Regulations
Incident Severity
![Page 12: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/12.jpg)
Crime DOES Pay – OWASP ConferencePage 16
Local crime International crime
Law enforcement authorities ask for extradition
Accepted Denied
Jurisdiction
![Page 13: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/13.jpg)
Crime DOES Pay – OWASP ConferencePage 17
Punishment
The penalty usually depends on the following factors:
Financial damage
Current & potential damage
Offender intentions &
personal gain
![Page 14: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/14.jpg)
Crime DOES Pay – OWASP ConferencePage 18
Case Studies
![Page 15: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/15.jpg)
Crime DOES Pay – OWASP ConferencePage 19
Case Study 1
► Attacker: Pablo Escobar (James Jeffery)
► Victim: Abortions website
![Page 16: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/16.jpg)
Crime DOES Pay – OWASP ConferencePage 20
Case Study 2
► Attacker: Gary McKinnon
► Victim : USA military computers(“The biggest military computer hack of all time”)
► The US authorities tried to get an extradition
► Requested penalty: Up to 60 years in prison
![Page 17: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/17.jpg)
Crime DOES Pay – OWASP ConferencePage 21
Case Study 3
![Page 18: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/18.jpg)
Crime DOES Pay – OWASP ConferencePage 22
Take 1► Age – 19► Arrested for hacking to
computers at NASA, the Pentagon, and more.
► Didn’t try to get a hold of secrets, rather to prove that the systems were flawed.
Take 2
► Age – 28► Accused with charges of
conspiracy and fraud.► Increased or deleted cards
limit, then sold the stolen credit card numbers in the black market.
Case Study 3
1.5 years in prison 3 years probation + $503,000 fine
![Page 19: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/19.jpg)
Crime DOES Pay – OWASP ConferencePage 23
Summary
► The chances of getting caught are slim.
► Even if an offender does get caught, there is a long way to go before he may stand trial.
► Since so “MANY” stand trial, penalty is disproportionate.
![Page 20: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/20.jpg)
Crime DOES Pay – OWASP ConferencePage 24
And the Conclusion Is …
Crime Does Pay …
![Page 21: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/21.jpg)
Crime DOES Pay – OWASP ConferencePage 25
Recommendations
Save logsPoor
Continuous log monitoringModerate
Build incident response capabilitiesGood
![Page 22: Crime DOES Pay (Unless you get caught) Renana Friedlich, IR & Forensic Team Leader Hacktics Advanced Security Center, Ernst & Young February 2013](https://reader035.vdocuments.net/reader035/viewer/2022062511/551c4e6f550346b1458b4bee/html5/thumbnails/22.jpg)
How good is your detection mechanism…?