Wi r

e sha r k

Death of Security:Breached Hosts/Stolen Data/IP EspionageLaura ChappellAuthorWireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guidewiresharkbook.com

SESSION CODE: SIA335

Case 1: OutsourcingCompany Name Withheld

Company A prepared to release new cellular product – they defined this product as their “future cash cow”

Manufacturing cost reduction issuesManagement decided to outsource production to IndiaSingle hard drive contained all technical specs for the companySingle person responsible for hand-delivering drive to outsource targetDrive “disappeared”Cross-country issues for law enforcementNo one watching single personCompetitor released product first

Case 2: Failed Employee “Separation”Intake brings in new employees; separation removes them from company

Separation process leakedEmployee copied content from server to a series of USB drivesEx-employees should be “separated” properly

Case #3: The Beer Garden Employee Birthday Gone Wrong

Company A’s employee allegedly leaves prototype product in beer garden on birthdayPrototype allegedly “found” by another customerPrototype sold to gadget magGadget mag article describes prototypeREACT team searches author’s homePrototype returned to Company A

Gourmet Haus StaudtRedwood City, California

Case #4: Blabla by Stephen WattOn behalf of Albert Gonzalez

Gonzales was a Paid USSS Informant170 million credit/debit card numbers

TJX7-11Barnes & NobleOfficeMaxHeartland Payment SystemsHannaford Brothers

Watt pleaded guilty in 2009 as an accomplice to Gonzalez's multi-million card-hacking business. Watt created a sniffer program, Blabla, used to access at least 45 million credit and debit card numbers from TJX's corporate network.Gonzales 17-25 years + $3 million restitutionWatt 2 years and $171.5 million restitution (May 7th in)

Stephen Watt

Case #4: Jeremy JethroOn behalf of Albert Gonzalez

Jeremy Jethro Paid $60,000 by Gonzales for IE exploitConfined to home for the first 6 months of his 3-year long sentence; $10,000 restitution

Christopher Scott; 7-year sentenceDamon Toey; 5-year sentenceHumza Zaman; 46 months and $75,000*

“They want to turn their skills into cash;

information for money exchange.”

*Former network security manager at Barclays Bank

Where R UR Credit Card Numbers?

Case #4: Blabla by Stephen WattOn behalf of Albert Gonzalez

Gonzales was a Paid USSS Informant170 million credit/debit card numbers

TJX7-11OfficeMaxHeartland Payment SystemsHannaford Brothers

Watt pleaded guilty in 2009 as an accomplice to Gonzalez's multi-million card-hacking business. Watt created a sniffer program, Blabla, used to access at least 45 million credit and debit card numbers from TJX's corporate network.

WAIT!

WHAT!!!?

Suspect Traffic OverviewTrace files available at wiresharkbook.comLook for traces preceded by “sec-” and “nmap-”

DEMO

Related Content

WSV303 Death of a Network: Identify the Hidden Cause of Lousy Network Performance

SIA336 Wiretapping Kung Fu: Becoming a Network Analyst Guru

SIA332 (Panel) Securing the Cloud: Expert Panel

Online Videos: www.wiresharkbook.com

Resources

www.microsoft.com/teched

Sessions On-Demand & Community Microsoft Certification & Training Resources

Resources for IT Professionals Resources for Developers

www.microsoft.com/learning

http://microsoft.com/technet http://microsoft.com/msdn

Learning

Complete an evaluation on CommNet and enter to win!

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st

http://northamerica.msteched.com/registration

You can also register at the

North America 2011 kiosk located at registrationJoin us in Atlanta next year

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

JUNE 7-10, 2010 | NEW ORLEANS, LA