cyber crime & cyber war

24
CYBER CRIME & CYBER WAR English . Reality . Data

Upload: nu-the-open-security-community

Post on 06-May-2015

1.073 views

Category:

Education


5 download

DESCRIPTION

null Hyderabad CHapter - February 2014 Meet

TRANSCRIPT

Page 1: Cyber Crime & Cyber War

CYBER CRIME & CYBER WAR

English . Reality . Data

Page 2: Cyber Crime & Cyber War

THIS IS

• Purely academic debate. Do not read otherwise

• No room for discussion, but for arguments.

• My opinion on a deck and your opinion as voice

• Abuse of English

• Based on evidence ?

• Fact vs Fiction

• Cyber Crime Business Models

• Budget Meeting

Page 3: Cyber Crime & Cyber War

ME

• I am Uday

• I work as a pen tester

• Currently into Data Analysis & Machine Learning Learning

• Yawn, Steam, Argue, Debate, Learn

• Big Data can change the world or solve some problems.

• Big data for hacking ? People are really doing that.

• Alejandro Caceres http://www.hyperiongray.com/

Page 4: Cyber Crime & Cyber War

BEFORE WE START, PLEASE BE ASSURED

• All my words are an outcome of months of research

• We are always assured

• “The president of India would be visiting Hyderabad tomorrow” and I have this information from an impeccable source from the president’s staff at Rastrapathi Bhavan

Page 5: Cyber Crime & Cyber War

HOW DOES ASSURANCE WORK ?

• Authoritative speech powerful enough to make me believe that men are from mars and aliens are from earth

• When assured, there is no question left to ask

Page 6: Cyber Crime & Cyber War

ASSURANCE & CYBER WAR

• Are we being assured that Cyber War is in progress ?

• Audience: What is Cyber War ?

• Audience: What is Cyber Crime ?

• Espionage vs Cyber War vs Cyber Crime ?

• Your responses are invaluable!

Page 7: Cyber Crime & Cyber War

WHO HAS DEFINED CYBER WAR

• International Laws are still WIP

• Has EU or US declared definitions ? The answer is no.

• What has been taken into account to call this as a war ?

Page 8: Cyber Crime & Cyber War

THE ‘ULTIMATELY’ JUSTIFICATION

• Ultimately, Cyber Wars have a toll on our daily lives.

Page 9: Cyber Crime & Cyber War

WHATEVER HAPPENS ONLINE WITH US

• Is not cyber war

• Is not Cyber Terrorism

• Could be Cyber Bullying

• Could be violation of privacy

• Could have legal implications

• Could be cumbersome

• Affects our personal lives indirectly especially longterm

Page 10: Cyber Crime & Cyber War

ENOUGH ENGLISH

• Do We have some data as evidence to argue upon ?

• Yes we do!• Measuring Pay-per-Install: The Commoditization of Malware Distribution

• White Paper fromJuan Caballero, Chris Grier, Christian Kreibich, Vern Paxson, Berkley

• Is this Authentic data ?

• Please be assured that this is more genuine than pure cocaine

Page 11: Cyber Crime & Cyber War

CRIME AS A BUSINESS MODEL

• Can I design crime ?

• Instance: CarderPlanet.com

• PPI Model – Pay Per Install

• Exploit as a service

• Malware is the new commodity

• Better off than your shares and market

• Who the bullish ? What the bearish ?

Page 12: Cyber Crime & Cyber War

SERVICE PROVIDER

• What is this PPI Market

Business Client

• I am the bad guy

Service • I run the show

Service Affiliate

•Oh yeah! Malware

Page 13: Cyber Crime & Cyber War

WHAT IS THIS BUSINESS MODEL ?

• This is one observed business model that generates the underground economy

• Offerings are highly customized

Page 14: Cyber Crime & Cyber War
Page 15: Cyber Crime & Cyber War

ARTICLE A YEAR AGO

• http://www.reddit.com/r/IAmA/comments/sq7cy/iama_a_malware_coder_and_botnet_operator_ama/

• IAmA a malware coder and botnet operator, AMA

• TOR + Dedicated Enhanced Service

• Stealthy really

Page 16: Cyber Crime & Cyber War

MEMORY ERRORS

• Past present Future

• Corrupted Pointer, Uninitialized Pointer Access, Out of bounds etc.

• Subversion of logic

• This is relevant even today even after 20 years

Page 17: Cyber Crime & Cyber War
Page 18: Cyber Crime & Cyber War
Page 19: Cyber Crime & Cyber War
Page 20: Cyber Crime & Cyber War

SO WHAT DEFINITION IS WRONG ?

• Cyber War vs Cyber Crime

• We have never had a Cyber War yet

• This comes from the definition of traditional war

• We can have a separate debate on this

• When a conventional war follows the strategy of “Greater the offense, Greater the defense”, Cyber War is opposite.

Page 21: Cyber Crime & Cyber War

CYBER TERRORISM

• Many people are using this word already & extensively

• David Rappaport has not coined this term.

• I believe that the word “Cyber Terrorism” is completely wrong.

• You can have your view.

Page 22: Cyber Crime & Cyber War

BUDGET MEETING

• $100-180 for Unique thousand installs, This is for US/UK/Europe

• $7-8 is the lowest for the same service, least popular geography

• Rivalry in PPI

• Often difficult to validate on the installs when using two rival PPI Providers

• Affiliates receive credit for confirmed Installs

Page 23: Cyber Crime & Cyber War

CRIMEWARE KITS

• To build botnet variants

• Instance zbot

• This is not an exhaustive talk on cyber crime

• We can have a dedicated session for a deep dive on cyber crime

• Let’s quickly see what someone from NATO has to say

Page 24: Cyber Crime & Cyber War

• (NATO – Cyber War exists Video)