CYBER CRIME AND

SECURITY

BY :

RAMEEZ TAMBOLI
PAVAN KOTA

College :

Orchid college of Engg, Solapur.

TE CSE

Email ID:kotapavan75@gmail.com
Cell: 8055454565

Property of Argo Pacific Pty Ltd

 – “Is the Internet the new
“THREAT to our privacy ?”

Property of Argo Pacific Pty Ltd

 Computer Crime

• Computer used to commit

a crime
• Child porn, threatening
email, assuming someone’s
identity, sexual harassment,
defamation, spam, phishing

• Computer as a target of a
crime
• Viruses, worms, industrial
espionage, software piracy,
hacking
E-Commerce Network -
Property of Argo Pacific Pty Ltd Suzanne Mello - Nov 5 2004
 Uncovering Digital Evidence

Smart Criminals don’t use their

own computers

• Floppy disks
• Zip/Jazz disks
• Tapes
• Digital cameras
• Memory sticks
• Printers
• CDs
• PDAs
• Game boxes
• Networks
• Hard drives

E-Commerce Network -
Property of Argo Pacific Pty Ltd Suzanne Mello - Nov 5 2004
 Business has been aggregating data and risk
at an unprecedented rate…
5. Fully Integrated
information based
Business

4. Technology Integration

3. Transactional systems
Degree of Data Digitization

2. Storing Information

1.Messaging

Spectrum of Risk

Property of Argo Pacific Pty Ltd

 Top Cyber Crimes that
Attack Business

• Spam

• Viruses/Worms

• Industrial Espionage and Hackers

• Wi-Fi High Jacking

Property of Argo Pacific Pty Ltd
 Hackers are Everywhere

• Stealing data
• Industrial Espionage
• Identity theft
• Defamation

• Deleting data for fun

• A lot of bored 16 year olds late at
night
Mafia Boy
• Turning computers into
zombies
• To commit crimes
• Take down networks
• Distribute porn
• Harass someone

• Ethical/white hat hackers exist

too
• Help break into networks to prevent
crimes

E-Commerce Network -
Property of Argo Pacific Pty Ltd Suzanne Mello - Nov 5 2004
 2000 Hackers holy war between Israel and Palestine
2001 There was a war between Chinese and American
hackers

8
03/09/11
Property of Argo Pacific Pty Ltd
 9
03/09/11
Property of Argo Pacific Pty Ltd
 10
03/09/11
Property of Argo Pacific Pty Ltd
 Global
2008 CSI
Computer crime
survey

11
03/09/11
Property of Argo Pacific Pty Ltd
 Likely targets of cyber terrorism

Power grids (nuclear power stations)

Banking and Financial systems
Stock Exchanges
Transportation Control systems
MRTS, ATC, Rail/Airlines reservations
Tele-Communications
Gas / Oil / Water Pipelines control systems
Internet Backbones
Health/Food
Emergency services
Military/Defense Installations Attack on C4 I

12
03/09/11
Property of Argo Pacific Pty Ltd
 Cyber crime and cyber espionage
are having real impacts
• Estimated $1 Trillion of intellectual property stolen each year (Gartner &
McAfee, Jan 2009)
• Cybercrime up 53% in 2008 (McAfee)
• Topped $20 Billion at financial institutions
• Reported cyber attacks on U.S. government computer networks climbed 40% in
2008
• Sensitive records of 45,000 FAA workers breached (Feb 09)
• Chinese stole design secrets of all U.S. nuclear weapons (Michelle Van Cleave)
• U.S. nuclear weapons lab is missing 69 computers (Feb 09)
• Cost to repair average 2008 data breach = $6.6 Million

Source: Report of the CSIS Commission on Cybersecurity for the 44th Presidency

Property of Argo Pacific Pty Ltd 13

 Corporate Brands Under
Attack
• U.S. companies have lost
billions in intellectual property to
cyber
• A third of companies surveyed
said a major security breach
could put them out of business
• Terrorists finance their
operations

• Heartland Payment Systems

(HPY) suffered an intrusion that
compromised at least 130 million
consumer cards

Source: Brenton Greene, Northrop Grumman

Property of Argo Pacific Pty Ltd 14

 Significance of Cyber Security

Cyber Security provides three elements:

• Engagement: foundation for economic, social and
political development
• Empowerment: platform for activism and social
networking for “netizens”
• Entrepreneurship: incentive for technological
innovation and R&D

Cyber Security is also necessary for the

development of a knowledge-based
economy

15
Property of Argo Pacific Pty Ltd
 Why Develop a Cyber Security
Center?

Criminal Watch

http://criminalwatch.com/resources/cybercrime.asp

• United States Internet Crime Task Force

• Computer Crime and Intellectual Property Section (CCIPS)

• McAfee Anti-Virus Emergency Response Team (AVERT)

• Carnegie Mellon CERT Coordinator Center

Ray Greenlaw, School of Computing

Property of Argo Pacific Pty Ltd Armstrong Atlantic State 16
University
 Why Develop a Cyber Security
Center?
National Strategy to Secure Cyberspace
• Level 1: Home User and Small Business
• Level 2: Large Enterprises
• Level 3: Critical Sectors
• Level 4: National Priorities
• Military Bases
• Coast Guard Facilities
• Ports of Embarkation/Debarkation
• Vulnerable and Potentially Exploitable
Coastal Area
• Level 5: Global

Ray Greenlaw, School of Computing

Property of Argo Pacific Pty Ltd Armstrong Atlantic State 17
University
 Cyber Security Goals

• Need to raise public awareness of cyber

security & safe, prudent use of Internet
• Assess new cyber trends, threats &
vulnerabilities
• Incorporate lessons learned & international
best practices
• Develop counter measures & safeguards
• Adopt and pursue comprehensive approach to
cyber security

18
Property of Argo Pacific Pty Ltd
 Critical Infrastructure

• Telecommunications • Energy networks & safety

systems

• Banking & financial

services • Transportation- air safety &
border security

• Government services: E-
• Defense & security: data
Government networks and communications

19
Property of Argo Pacific Pty Ltd
 Cyber risks are an increasing threat to
sources of enterprise capability and brand
competitiveness
Extortion • Phishing and pharming driving increased Now
customer costs, especially for financial
services sector
• DDOS extortion attacks

Loss of intellectual • National security information/export controlled Now

property/data information
• Sensitive competitive data
• Sensitive personal/customer data

Potential for disruption • eBusiness and internal administration Emerging

• As part of cyber conflict • Connections with partners
(i.e. Estonia) • Ability to operate and deliver core services
• As target of cyber protest
(i.e. anti-globalization)

Potential accountability for • Reputational hits; legal accountability Now

misuse (i.e. botnets)

Potential for data corruption • Impact operations or customers through data Future

Terrorism • DDOS and poisoning attacks Emerging

• Focused attacks coordinated with physical
attacks
Property of Argo Pacific Pty Ltd 20
 Recent Incidents: Rise of the
Professionals
• F-35: WSJ article: “Computer spies have broken into the
Pentagon's $300 billion Joint Strike Fighter project -- the Defense
Department's costliest weapons program ever -- according to
current and former government officials familiar with the attacks” ...
China suspected
• Google: Internet search company reveals existence of large-scale
computer intrusions, apparently coming from China with some
support from the state
• US Electrical System: WSJ article: “Cyberspies have penetrated
the U.S. electrical grid and left behind software programs that could
be used to disrupt the system” … Russia and China suspected
• Optus: In April 2010, customers of Optus, its partner internet
service providers, and a number of major corporate customers
suffered traffic degradation as a result of a distributed denial of
service attack sourced from China and aimed at a large,
unnamed Optus financial services customer.

Property of Argo Pacific Pty Ltd 21

 Recent Incidents: Rise of the
Professionals
• Estonia: As part of unrest and pro-Russian riots in Tallinn, the
Internet-embracing nation undergoes massive online attacks from
ethnic Russians
• Rio Tinto and BHP Billiton: Around the time executives are
arrested in China, Rio Tinto experiences a large intrusion, shutting
down their Singapore office for days. BHP and Fortescue
experience intrusion. Chinese sources suspected
• Zeus Trojan: Zeus Trojan, capable of defeating the one-time
password systems used in the finance sector, targets commercial
bank accounts and has gained control of more than 3 million
computers, just in the US
• Mariposa: "botnet" of infected computers included PCs inside
more than half of the Fortune 1,000 companies and more than 40
major banks

Property of Argo Pacific Pty Ltd 22

 Mass-scale hacking

• It's ROI focused..

• It's not personal. Automated attacks against mass targets, not specific individuals.

• It's multilayer. Each party involved in the hacking process has a unique role and uses a different
financial model.

• It's automated. Botnets exploit vulnerabilities and extract valuable data, conduct brute force
password attacks, disseminate spam, distribute malware and manipulate search engine results.

• Common attack types include:

• Data theft or SQL injections.
• Business logic attacks.
• Denial of service attacks.

Source: Amichai Shulman

Property of Argo Pacific Pty Ltd 23

 Advanced Persistent Threats

• It's very personal. The attacking party carefully selects targets based on political, commercial and security interests.
Social engineering is often employed.

• It's persistent. If the target shows resistance, the attacker will not leave, but rather change strategy and deploy a new
type of attack against the same target.
•
• Control focused. APTs are focused on gaining control of crucial infrastructure, such as power grids and communication
systems. APTs also target data comprised of intellectual property and sensitive national security information.

• It's automated, but on a small scale. Automation is used to enhance the power of an attack against a single target, not
to launch broader multi-target attacks.

• It's one layer. One party owns and controls all hacking roles and responsibilities.

Source: Amichai Shulman

Property of Argo Pacific Pty Ltd 24

 Cyber warfare?: Estonia cyber
attacks

Started on April 27, 2007 and this attacks last about 3 weeks.
•

Series of attacks targeting government portals, parliament portal, banks, ministries, newspapers and broadcasters of Estonia.
•

Estonians claimed this attacks as a political attack or revenge from Russians for the moving of a WWII memorial.
•

Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

Property of Argo Pacific Pty Ltd

 How the attacks took place

• Weeks of cyber attacks followed, targeting government and banks,

ministries, newspapers and broadcasters Web sites of Estonia.

• Some attacks took the form of distributed denial of service (DDoS)

attacks (using ping floods to expensive rentals of botnets).

• 128 unique DDOS attacks (115 ICMP floods, 4 TCP SYN floods and 9
generic traffic floods).

• Used hundreds or thousands of "zombie" computers and pelted

Estonian Web sites with thousands of requests a second, boosting
traffic far beyond normal levels.

• Attacker commanding other computers to bombard a web site with

requests for data, causing the site to stop working.
Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

Property of Argo Pacific Pty Ltd

 How the attack took place …

• The attack heavily affected infrastructures of all network:

 Routers damaged.

 Routing tables changed.

 DNS servers overloaded.

 Email servers mainframes failure, and etc.

Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

Property of Argo Pacific Pty Ltd

 How did Estonia respond?

• Estonia's Computer Emergency Response Team (CERT) acted as a coordinating unit, concentrating its
efforts on protecting the most vital resources.

• Closing down the sites under attacked to foreign internet addresses and keep the sites only
accessible to domestic users.

• Cutting 99% of bogus traffic which was originated outside Estonia.

• Implemented an online "diversion" strategy that made attackers hack sites that had already been
destroyed.

• Implemented advanced filters to the traffic, then Cisco Guard was installed to lower malicious traffic.

Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

Property of Argo Pacific Pty Ltd

 International impact

• The Estonian CERT analyze server logs and data to find out who is
behind the attacks.

• NATO assisted Estonia in combating the cyber attacks and has voted to
work with member governments to improve cyber security.

• NATO's new cyber-warfare center will be based in Tallinn.

• Estonia called in July 2008 for an international convention on combating

computer-based attacks.

Source: Presentation to Africa Asia Forum on Network Research & Engineering workshop, Dakar, Senegal, 23 November 2009

Property of Argo Pacific Pty Ltd

 War by proxy?
Kremlin Kids: We Launched the Estonian Cyber War
By Noah Shachtman
March 11, 2009 |
Wired.com

Like the online strikes against Georgia, the origins of the 2007 cyber attacks on Estonia remain hazy. Everybody
suspects the Russian government was somehow behind the assaults; no one has been able to prove it. At least so
far. A pro-Kremlin youth group has taken responsibility for the network attacks. And that group has a track record of
conducting operations on Moscow’s behalf.
Nashi ("Ours") is the "largest of a handful of youth movements created by Mr. Putin’s Kremlin to fight for the hearts and
minds of Russia’s young people in schools, on the airwaves and, if necessary, on the streets," according to the New
York Times.
Yesterday, one of the group’s "commissars," Konstantin Goloskokov (pictured), told the Financial Times that
he and some associates had launched the strikes. "I wouldn’t have called it a cyber attack; it was cyber defense," he
said. "We taught the Estonian regime the lesson that if they act illegally, we will respond in an adequate way." He
made similar claims, in 2007.
If true, it would be only one in a long string of propaganda drives the group has waged in support of the Kremlin. Not
only has Nashi waged intimidation campaigns against the British and Estonian ambassadors to Moscow, and staged
big pro-Putin protests. Not only has been it been accused of launching denial-of-service attacks against unfriendly
newspapers. Last month, Nashi activist Anna Bukovskaya acknowledged that the group was paid by Moscow to
spy on other youth movements. The project, for which she was paid about $1100 per month, included obtaining
"videos and photos to compromise the opposition, data from their computers; and, as a separate track, the dispatch
of provocateurs," she told a Russian television channel.

Property of Argo Pacific Pty Ltd 30

 Cyber crime and cyber
espionage pose increasing risk
to
• Operations

• Reputation

• Financial performance

• Competitive position in the market

• And managing risk is a Board responsibility

Property of Argo Pacific Pty Ltd 31

 Indian Scenario

• Booming software and BPO Industry

• IT Revolution Digital Dependence
• National E Governance program
• Very few organisations in India have CISO and IT Security budget
• No law for privacy
• No compliance laws and breach disclosure
• No law against spamming
• Limitations of IT Act 2000
• Weak and delayed criminal Justice System

32
03/09/11
Property of Argo Pacific Pty Ltd
 Protect your Computers!

• Use anti-virus software and firewalls

- keep them up to date
• Don't share access to your
computers with strangers

• Keep your operating system up to

date with critical security updates
• If you have a wi-fi network,
password protect it
and patches

• Don't open emails or attachments • Disconnect from the Internet when

not in use
from unknown sources

• Use hard-to-guess passwords. Don’t • Reevaluate your security on a

regular basis
use words found in a dictionary.
Remember that password cracking
tools exist
• Make sure your employees and
family members know this info too!
• Back-up your computer data on
disks or CDs often

E-Commerce Network -
Property of Argo Pacific Pty Ltd Suzanne Mello - Nov 5 2004
 Conclusion
• Cyber threats are real & growing
• New technologies forge new vulnerabilities
• New vulnerabilities foster new threats
• As the nature of national security has
changed, the response must also adapt
• And the most important pipelines in this region
transport neither oil nor gas…..they carry data,
the most significant pipelines are fiber optic

34
Property of Argo Pacific Pty Ltd
 THANK YOU

Property of Argo Pacific Pty Ltd 35