SlideShare a Scribd company logo

I Pv6 Cyber Criminal Opportunities 05

Barry Greene
Barry Greene

The global cyber criminal eco-systems have and will continue to use the IPv6 as a key tool for their economic gain. IPv4 to IPv6 migration will expose organizations and individuals to a multitude of risks, much of it happen quietly under the radar. The lack of IPv6 telemetry means that most “security companies” and “service providers” will not be able to monitor this growth in criminal activity. Barry Greene, ISC’s President, will cover the drivers behind these criminal eco-systems, why these drivers will logically lead to creative IPv6 innovations, and the gaps in IPv6 adoption that increase industry risk forcing “reactionary re-thinking” of how an organization will move to IPv6. ISC’s President and CEO, Barry Greene is leading a transformation in the Operational Security Community, providing new capabilities and capacities that empower organizations to push back against the cyber-security miscreants who threaten the resiliency, stability, and security of the Global Internet. Through the Security Information Exchange (SIE) and other projects, Barry is facilitating new models for how organizations should collaborate - fostering aggressive private-private collaboration with public participation. A recording of the Webinar is here: https://www.isc.org/webinars

1 of 71
Download to read offline
New Opportunities for Criminal Growth Forecasting Cyber-Crime during the IPv6 Transition Barry Raveendran Greene bgreene@isc.org Version 1.1 1
Context •  The Internet Systems Consortium (ISC) is a strong driver for IPv6 adoption. •  The information contained in this presentation is an effort to empower organizations to deploy IPv6 to take extra effort to be mindful of their security risk. •  Risk can be mitigated if a clear understanding of the risk exist. •  It takes one big “IPv6 back doors a network” Press Cycle to shake the confidence of CIOs around the World – slowing down IPv6 deployment. 2
ISC and IPv6 Yes! IPv6 is running natively at my desk, on our wireless, our services, our software, our services, and VPN tunneled from home. Open Source Software that are the “Gears” of the Net BIND DHCP AFTR PCP Secondary DNS RPKI (TBA) Services DNS F-Root SIE pDNS Hosted @ w/ Open Source Community and Others Internet Systems Consortium, Inc. (ISC) is a non-profit 501(c)(3) public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organizing Internet—and the autonomy of its participants—by developing and maintaining core production quality software, protocols, and operations. 3
Logistics •  This presentation can be downloaded from the Webinar recording and from ISC’s Knowledge Base: http://deepthought.isc.org •  ISC updates, presentations, and materials can be followed on: –  Facebook - http://www.facebook.com/InternetSystemsConsortium –  Twitter - ISCdotORG –  Linkedin - http://www.linkedin.com/company/internet-systems-consortium –  RSS via our Website 4
Agenda •  Today’s Cybercriminal Toolkit – The Criminal Cloud … what how Ipv6 will Enhance that “Cloud” •  Understanding Today’s Cyber-Criminal Behavior Drivers •  Now What? What do I need to do to deploy IPv6? 5
Cyber Criminal Toolkit that is the foundation for the Criminal Cloud 6
Components of the Criminal Cloud Payment SPAM Processors BOTNET Drive-By Secondary Controller Proxy Malware Mule Operations  Avalanche: SPAM Cloud that you can lease time Name Servers  Zeus: IPv6 Compliant “Build your Own Criminal Cloud. BOT  BlackHole: Metasploit Cloud you can lease Herder Malware Victim of Crime TLD Domain Packer 7
Why not use a IPv6 Criminal Cloud? Payment SPAM Processors BOTNET Drive-By Secondary Controller Proxy Malware Mule  Most Security tools do not detect IPv6. Operations  Firewalls, IPSs, Anti-SPAM, and the Name whole toolkit we use to manage and run Servers networks are built on IPv4 – no IPv6.  IPv6 is a way for criminals to go under BOT the radar – cause the “radar is IPv4” Herder Malware Victim of Crime TLD Domain Packer 8
Stage Domain Name SPAM BOTNET Drive-By Secondary Controller Proxy Malware Get Name Domain Servers IPv4 o r IPv BOT 6 Stage on NS Herder or FF NS Malware Victim of Crime TLD Domain Packer 9
Prepare Drive-By Send Malware SPAM BOTNET Drive-By Secondary Controller Proxy Malware Load Name Malware Servers Hacker Malware Victim of Crime TLD Domain Packer 10
Social Engineered SPAM to Get People to Click (Spear Phishing) Send SPAM SPAM BOTNET Drive-By Secondary Controller Proxy Malware IPv6 Name Servers Click on me now Hacker Malware Victim of Crime TLD Domain Packer 11
Drive-By Violation Click on me now SPAM BOTNET Drive-By Secondary Controller Proxy Malware What if Malvertisment was IPv6? Name Servers Hacker Malware Victim of Crime TLD Domain Packer 12
Poison Anti-Virus Updates SPAM BOTNET Drive-By Secondary Controller Proxy Malware Name Servers Poison the anti-virus updates Hacker All updates to 127.0.0.1 Anti-Virus Malware Vendor Victim of Crime TLD Domain Packer 13
Prepare Violated Computer SPAM BOTNET Drive-By Secondary Controller Proxy Malware What if this all happened Name via IPv6? Servers Call to secondary Malware site Hacker Load secondary package Malware Anti-Virus Vendor Victim of Crime TLD Domain Packer 14
Call Home SPAM BOTNET Drive-By Secondary Controller Proxy Malware Name Servers Call to Controller Report:  Operating System Hacker  Anti-Virus  Location on the Net Malware  Software  Patch Level Victim of Crime  Bandwidth TLD Domain  Capacity of the computer Packer 15
Load Custom Malware SPAM Drive-By Secondary Controller Proxy BOTNET Malware Name Go get New Servers Module Hacker Malware TLD Victim of Crime Domain Packer 16
Start Worming, Scanning, & Spreading SPAM Drive-By Secondary Controller Proxy Malware BOTNET Name Servers BOTNET Herder Malware IPv6 IPv6 Victims of Crime TLD Packer Domain 17
Load a Proxy with Trigger Corporate Network Drive-By Secondary Controller Proxy Malware Name Go get my Servers proxy Hacker Malware TLD Victim of Crime Domain Packer 18
Watch for the SSL VPN Connection Cool! Lets see what I can find to steal. Corporate Network Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware Tell me when the SSL VPN Connection is Established TLD Victim of Crime Domain Packer 19
Set up the Proxy Tunnel Cool! Lets see what I can find to steal. Corporate Network Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware TLD Victim of Crime Domain Packer 20
Proxy Behind the Bank Login Cool! Lets see what I can find to steal. BANKS Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware TLD Victim of Crime Domain Packer 21
OPSEC Community’s Action Make SPAM Harder We do not know how to SPAM lock this Drive-By Secondary Controller BOTNET Malware Proxy guy in jail! Disrupt Drive- By Phishing Disrupt Controllers Name Servers Help your victimized BOT customers Disrupt the NS Herder Infrastructure Clean Malware Violated Data Centers TLD Victim of Crime Domain Packer Filter Based on TLD 22
Scary Consequences (B4 IPv6) 1.  Building “Secure” Operating Systems with “Security Development Lifecycles” and aggressive testing are not delivering to expectations. 2.  Host Security Tools (anti-virus) are not delivering to expectations. 3.  Application Security is not delivering and becoming more complicated. 4.  Network Security tools (firewalls, IDP/IPS, etc) are not delivering as expected. 5.  Defense in Depth are not delivering as expected. 6.  Malware Remediation is not working (i.e. how to clean up infections). 7.  The Bad Guys follow economic equilibrium patterns – finding optimization thresholds. 8.  Law Enforcement is not in a position to act on International Crime – where the laws are not in place. 9.  The “eco-system” of the “security industry” is locked in a symbiotic relationship. 23
Touch Point •  Are you looking for miscreant activities on your network? •  If you have IPv6 turned on – are you watching? •  Are you looking for v6 in v4 tunnels? •  Recommendation – Views from your Network & from the Outside World: –  Free Server from www.shawdowserver.org 24
Understanding Today’s Cyber-Criminal Behavior Drivers 25
Our Traditional View of the World 26
The Reality of the Internet No Borders How to project civic society and the rule of law where there is no way to enforce the law? 27
The Good Guys are part of the the Security Problem •  The “White Hat” Security Community fixates on the mechanics – rushing to blog details of how the malware works and how the botnet is built. •  It is like the US Drug Enforcement Agency approaching the Meth epidemic with this approach: –  We’re trying to solve the methamphetamine drug abuse problem by funding studies and pontificating on the chemical make up of methamphetamine, processes for producing methamphetamine, and variations for new methamphetamine mixes. •  What about the Meth criminal eco-system? What about the gangs? What about the victims? 28
The Good Guys are part of the the Security Problem Who we need to Target This is nice to know Not understanding that our problem is a human problem leads to “security solutions” which get bought, deployed, and never used. 29
Three Major Threat Vectors •  Critical Infrastructure has three major threat drivers: –  Community #1 Criminal Threat •  Criminal who use critical infrastructure as a tools to commit crime. Their motivation is money. –  Community #2 War Fighting, Espionage and Terrorist Threat •  What most people think of when talking about threats to critical infrastructure. –  Community #3 P3 (Patriotic, Passion, & Principle) Threat •  Larges group of people motivated by cause – be it national pride (i.e. Estonia & China) or a passion (i.e. Globalization is Wrong) 30
Essential Criminal Principles •  There are key essential principles to a successful miscreant (i.e. cyber criminal) •  These principles need to be understood by all Security Professionals •  Understanding allows one to cut to the core concerns during security incidents •  Attacking the dynamics behind these principles are the core ways we have to attempt a disruption of the Miscreant Economy 31
Principles of Successful Cybercriminals 1.  Don’t Get Caught 2.  Don’t work too hard 3.  Follow the money 4.  If you cannot take out the target, move the attack to a coupled dependency of the target 5.  Always build cross jurisdictional attack vectors 6.  Attack people who will not prosecute 7.  Stay below the pain threshold 32
Principle 1: Do Not Get Caught! •  The first principle is the most important – it is no fun getting caught, prosecuted, and thrown in jail –  (or in organized crime – getting killed) •  All threat vectors used by a miscreant will have an element of un-traceability to the source •  If a criminate activity can be traced, it is one of three things: 1.  A violated computer/network resources used by the miscreant 2.  A distraction to the real action 3.  A really dumb newbie 33
Principle 2: Do Not Work Too Hard! •  Use the easiest attack/penetration vector available in the toolkit to achieve the job’s objective •  Example: If your job is to take out a company’s Internet access the day of the quarterly number’s announcement, would you: 1.  Penetrate the Site and Delete files? 2.  Build a custom worm to create havoc in the company? 3.  DOS the Internet connection? 4.  DOS the SP supporting the connection? Why Use DNS “Noisy” Poisoning when it is easier to violate a ccTLD? 34
Principle 3: Follow the Money •  If there is no money in the crime then it is not worth the effort. •  Follow the money is the flow of money or exchanged value as one miscreant transfers value to another miscreant (or the victim transfers value to the criminal) •  A Cyber-Criminal Threat Vector opens when the miscreant finds a way to move ‘stored value’ from the victim through the economy •  It is worse if the cyber ‘stored value’ can cross over to normal economic exchange 35
Principle 4: If You Cannot Take Out The Target… •  If you cannot take out the target, move the attack to a coupled dependency of the target •  There are lots of coupled dependencies in a system: –  The target’s supporting PE router –  Control Plane –  DNS Servers –  State Devices (Firewalls, IPS, Load Balancers) •  Collateral Damage! 36
Principle 5: Always Build Cross Jurisdictional Attack Vectors •  Remember – Don’t get caught! Do make sure ever thing you do is cross jurisdictional. BOTNET LEAF US •  Even better – cross the BOTNET HUB law systems (Constitutional, Tort, BOTNET LEAF Japan Statutory, Islamic, etc.) •  Even Better – Make BOTNET LEAF sure your “gang” is Australia multi-national – making it harder for Law Enforcement BOTNET LEAF Norway BOTNET LEAF Kuwait BOTNET LEAF China 37
Principle 6: Attack People Who Will NOT Prosecute •  If your activity is something that would not want everyone around you to know about, then you are a miscreant target •  Why? Cause when you become a victim, you are not motivated to call the authorities •  Examples: –  Someone addicted to gambling is targeted via a Phishing site –  Someone addicted to porn is targeted to get botted –  Someone addicted to chat is targeted to get botted –  Someone new to the Net is targeted and abused on the physical world –  Government, Finance, and Defense, Employees – who lose face when they have to call INFOSEC 38
Principle 7: Stay below the Pain Threshold •  The Pain Threshold is the point where an SP or Law Enforcement would pay attention •  If you are below the pain threshold – where you do not impact an SP’s business, then the SP’s Executive Management do not care to act •  If you are below the pain threshold – where you do not have a lot of people calling the police, then the Law Enforcement and Elected Official do not care to act •  The Pain Threshold is a matter of QOS, Resource Management, and picking targets which will not trigger action 39
Criminal Trust •  Miscreants will guardedly trust each other •  They can be competitors •  They can be collaborators •  But when there is money on the table, criminal human behavior and greed take over. •  Cybercriminal cannibalize each other’s infrastructure. •  Cybercriminals attack each other’s infrastructure. DDOS Internet DDOS 40
Dire Consequences •  The Miscreant Economy is not a joke. It is not a game. It is not something to play with. –  PEOPLE DIE •  Once organized crime enter the world of the Miscreant Economy, the days of fun were over. •  Now that Cyber-Criminals will use any resource on the net to commit their crime, they don’t worry about the collateral damage done. –  Think of computer resources at a hospital, power plant, or oil refinery – infected and used to commit phishing and card jacking. –  What happens if someone gets mad at the phishing site, attacks it in retaliation, unintentionally knocking out a key systems. 41
Enduring Financial Opportunities Postulate: Strong, Enduring Criminal Financial Opportunities Will Motivate Participants in the Threat Economy to Innovate to Overcome New Technology Barriers Placed in Their Way Enduring criminal financial opportunities: •  Extortion •  Advertising •  Fraudulent sales •  Identity theft and financial fraud •  Theft of goods/services •  Espionage/theft of information 42
Threat Economy: In the Past Writers Asset End Value Tool and Toolkit Compromise Fame Writers Individual Host or Application Theft Malware Writers Worms Espionage Compromise (Corporate/ Viruses Environment Government) Trojans 43
Threat Economy: Today First Stage Second Stage Writers Abusers Middle Men Abusers End Value Tool and Hacker/Direct Criminal Toolkit Writers Attack Compromised Competition Host and Application Theft Malware Writers Espionage Extortionist/ (Corporate/ Machine DDoS-for-Hire Government) Harvesting Bot-Net Creation Worms Extorted Pay-Offs Spammer Viruses Bot-Net Management: For Rent, for Lease, Commercial Sales Trojans for Sale Phisher Fraudulent Sales Information Personal Spyware Harvesting Information Pharmer/DNS Poisoning Click-Through Revenue Information Brokerage Internal Theft: Identity Theft Financial Fraud Abuse of Privilege Electronic IP Leakage $$$ Flow of Money $$$ 44
Miscreant - Incident Economic Cycles Lots of Peak Survive the Community Problems Mitigation Next Attack & Attacks New Criminal Revenue Incidents Miscreant & Opportunities Criminal R&D Resolve the Problem Recession Expansion Drive the Post Mortem Drive the Trough Preparation time These Cycles Repeat 45
Miscreant Economic Cycles Expansion Recession Expansion Peak Total Incidents Incident Growth Trough Trend 0 Jan.- Apr.- July- Oct.- Jan.- Apr.- July- Oct.- Jan.- Apr.- Mar June Sept. Dec. Mar June Sept. Dec. Mar June 46
Community Action Can Have an Impact Source: http://voices.washingtonpost.com/securityfix/2008/11/64_69_65_73_70_61_6d_64_69_65.html 47
But for how long ….. New Attack Good Tools Guys & Techniques Whack Bad Guys Back Guys Learn Analyze This virtuous cycle drives cyber- criminal IPv6 innovations. 48
Cyber Warfare •  Of the three threat vectors, cyber-warfare is a “constrained” threat. •  All cyber warfare is a constrained with in State Actors and Actions. –  There are Generals who are in charge giving orders. –  There are Government officials who are providing state policy. •  Espionage is part of state policy, a persistent threat, but not “warfare.” •  New State actors can make mistakes – unintentionally creating collateral consequence. Michael Falco / The New York Times / Redux 49
Cyber Warfare’s Consequences … Peer A IXP-W A Peer B IXP- E Upstream A D Upstream A B C Upstream Upstream B E B Target NOC G F POP Target is taken out 50
… Extend beyond the perceived “Battle Space.” Peer A IXP-W A Peer B IXP-E Upstream A D Upstream A B C Upstream Upstream B E B Target Customers NOC G F POP Attack causes Collateral Damage 51
Cyber Warfare’s Reality •  Cyber Warfare is a threat to business, but not the threat to spend hours and money to protect. •  Protecting against Cyber-Crime and the P3 threat will mitigate many of the cyber warfare threats. 52
P3 Threat – the Big Change •  The Dramatic Change over the past year has been the increasing security threat from individuals and groups that are not “constrained.” •  These groups are driven by motivations that are not “money driven.” They are not given “orders.” They do it based on self motivation. •  Patriotic – They believe they have a right to stand up for their country, cause, or crusade. •  Passionate – They attach to a cause and will work long hours to further that cause. •  “Principled” – The base their actions on principles they passionately believe and will perform actions that they feel is within their “Internet Rights.” 53
Patriotic, Passion, & Principle Drivers “The post-90 generation teens that run 2009.90admin. com, wrote on their website, “We are not Internet attackers, we are just a group of computer fans; we are not mentally handicapped kids, we are the real patriotic youth. We’ll target anti-China websites across the nation and send it as a birthday gift to our country.” “The 500-word statement appeared over a red and black background decorated with a flying national flag. Zhang Yiwu, a professor at Peking University and a literary critic, said although many believe young people are not as patriotic as previous generations, there are exceptions. "The post-90s generation is undoubtedly passionate and patriotic, but their lifestyle and attitude is varied. The campaign of attacking anti-China websites shows their unstable and immature nature," Zhang said. "Although their behavior is not worthy of praise, the unfair reports about China coming from many foreign media will encourage the youngsters to fight back.“” - http://news.alibaba.com/article/detail/technology/100168523-1-teen-hackers-vow-prove-patriotism.html 54
Touch Point •  Do you use “behavior” as a tool to help you evaluate risk? 55
Now What? 56
What can you do? 1.  This security problem is happening now – with IPv4. Gain control over it now. –  Use the IPv4 knowledge to map what you really need for dual stack. –  Use Open Source Security tools (Bothunter, Netflow Tools, IDP/IDS tools, etc). Open source gives you experience before the big capital investment. 2.  Understand that you might have a IPv6 “security problems” right now. –  Security people inside a organization need to be pushing for strategic IPv6 deployment to gain situational awareness of the IPv6 in their network. 57
What can you do? 3.  An IPv6 VISIBILITY plan is needed as part of your IPv6 deployment. –  Given the criminal economic incentives behind the threat, all organizations need to have visibility tools as an integral part of their IPv6 plan. –  Passive DNS, Open Source Netflow, IPv6 Sinkholes, Network management, logging (compatible with IPv6). 5.  Yes, you will need a IPv6 Security Plan. –  Know how you security team is going to cope with IPv6. 58
No Excuses! •  An organization cannot use the dynamics & threat of the cyber criminal ecosystem to not deploy IPv6. •  The pace if IPv6 migration is not in the control of the end-user. Moving from “zero” to “100” is a crowd dynamic. •  That “crowd” can move the industry faster than anyone expects. •  The criminals will follow the crowd – following their potential markets. 59
Plug into the Operational Security Community •  Step 1: Get the Operational and Security Contacts for each of your peering and transit networks. –  Get their phone numbers, Chat IDs, and E-mails. –  Find out what tools they have deployed to help you “work an attack” and “work a criminal investigation.” –  Find out what other civic self-defense groups they belong to. •  Step 2: Join open “security communities” which allow you to work with others to defend each other. –  CERTs –  ISACs –  Others. •  Step 3: Act! Do Something! Fight Back! –  Investigate – pursue – take legal action –  Call Law Enforcement – pull in the police – file a case –  International Laws only change through action 60
What can you do? •  Join the Security Information Exchange Forum (SIE@ISC). –  Forum only briefings on the threat and tools used to change the battle against the threat. –  Connect you and your organizations to the most appropriate operational security communities – building the sphere of trust with peers –  Funding the tools the Operational Security Community need to track the threats, disrupt the threat, and put the community into a position to arrest the threat. –  Gain insight into how “collective defense” protects everyone. everyone. Send E-mail to info@sie.isc.org 61
Summary and Questions 62
Internet Systems Consortium (ISC) How we can help your IPv6 Journey 63
Who Builds the Cogs? •  The Internet’s “Guts” require someone to build the cogs which keep the Internet moving. •  These “cogs” need to be open and accessible to anyone who wants to connect to the Internet. •  Standards need to be open so that anyone can build. •  Enter the Internet Systems Consortium (ISC) 64
Technology Leadership for the Common Good REFERENCEABLE • IETF CODE • FREE OPEN SOURCE PRODUCTION • ISC FORUM QUALITY SOFTWARE • E.G BIND, DHCP, AFTR,SIE •  ISC SUPPORT SERVICES • OPEN SOURCE CODE DEVELOPMENT • OTHER COMMERCIAL PLAYERS BENEFIT • Agile and scrum • Infoblox • Regression testing • Bluecat, etc • Community input OPERATIONAL DIALOGUE CODE 65
More “Common Good” Activities DNS Everywhere IPv6 DNSSEC Secondary DNS OPS-SEC Services DNS F-Root Hosted @ w/ Open Source Community and Others Security Data Peering 66
Sustainability while Serving Community •  Professional Services –  Software Support –  Training –  Consulting •  Custom Software Development –  Usability features –  Operation Improvements –  Private branches –  Proto types –  Integration/APIs 67
New from ISC 68
ISC In a Nutshell Forum Professional Services Public Benefit Services •  BIND •  Consulting •  DNS “F-ROOT” •  BIND 10 Working Group •  Training •  DNS Secondary Server •  DHCP •  Software Support Services Resiliency (SNS) PB •  AFTR/PCP •  Custom Software Development •  Hosted@ - hosting a range of open source code) •  SIE •  F-root Corporate Node •  •  Free Domain Survey Report •  Open Source Routing DNS SNS-Com •  Full version The Domain Survey •  ISC assistance at IETF, ICANN, ARIN, ISOC RIPE RPKI (Securing BGP) and more WG, UKNOF, etc to come … first reference, standards based code. Empowerment •  Standards drivers – with first implementation of standards based code. •  Policy Meetings – Empowering Spheres of Influence •  Operational Security – Pioneering new approaches to safe guard the Internet (OPSEC-Trust). •  Operations Meeting Empowerment (APRICOT, AFNOG, NANOG, etc) •  Research (DNS OARC) 69
How can ISC Help? (Keeping it Simple) 1.  Check your Ipv6 Health @ http://usgv6-deploymon.antd.nist.gov/ 2.  If your DNS or DNSSEC is RED (i.e. not IPv6 dual stack), contact ISC for help. Everyone needs to be GREEN. 3.  Send an E-mail to info@isc.org to start the conversation. 70
71

Recommended

Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyxiaoran815
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peerxiaoran815
 
Jan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teamsJan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teamsIKT-Norge
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 

Recommended

Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
An experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemAn experimental study of the skype peer to-peer vo ip system
An experimental study of the skype peer to-peer vo ip systemxiaoran815
 
Content aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyContent aware p2 p video streaming with lowlatency
Content aware p2 p video streaming with lowlatencyxiaoran815
 
An analysis of the skype peer to-peer
An analysis of the skype peer to-peerAn analysis of the skype peer to-peer
An analysis of the skype peer to-peerxiaoran815
 
Jan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teamsJan Zorz - IPv6 and mobile emergency response teams
Jan Zorz - IPv6 and mobile emergency response teamsIKT-Norge
 
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...
Martin J Levy - Hurricane Electric - The IPv6 global view - norway ipv6 - apr...IKT-Norge
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&CCourtland Smith
 
Eric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalEric Vyncke - IPv6 security in general
Eric Vyncke - IPv6 security in generalIKT-Norge
 
Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Anonymous Network
Anonymous NetworkAnonymous Network
Anonymous Networkpauldeng
 
Peer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling ActivityPeer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling ActivityAcademia Sinica
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyCourtland Smith
 
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012Wire & Ether Communications
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2Haystack Technologies
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test MethodologyIxia
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerDavid Sweigert
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingVideoguy
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
DASH7 Mode 2 Summary
DASH7 Mode 2 Summary DASH7 Mode 2 Summary
DASH7 Mode 2 Summary Haystack Technologies
 
Vineyard Networks Product Overview
Vineyard Networks Product OverviewVineyard Networks Product Overview
Vineyard Networks Product Overviewlaurenjthomson
 
Leaked Network Security Information Analysis
Leaked Network Security Information AnalysisLeaked Network Security Information Analysis
Leaked Network Security Information Analysisallengalvan
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessCompuTrain. De IT opleider.
 
Lte and future frauds
Lte and future fraudsLte and future frauds
Lte and future fraudsRanjeet Kumar
 
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
Toorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksToorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksAditya K Sood
 

More Related Content

What's hot

Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayIKT-Norge
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYIKT-Norge
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Finalmasoodnt10
 
Anonymous Network
Anonymous NetworkAnonymous Network
Anonymous Networkpauldeng
 
Peer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling ActivityPeer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling ActivityAcademia Sinica
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyCourtland Smith
 
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012Wire & Ether Communications
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2Haystack Technologies
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetDavid Sweigert
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test MethodologyIxia
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introductionswang2010
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerDavid Sweigert
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingVideoguy
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
Vineyard Networks Product Overview
Vineyard Networks Product OverviewVineyard Networks Product Overview
Vineyard Networks Product Overviewlaurenjthomson
 
Leaked Network Security Information Analysis
Leaked Network Security Information AnalysisLeaked Network Security Information Analysis
Leaked Network Security Information Analysisallengalvan
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessCompuTrain. De IT opleider.
 
Lte and future frauds
Lte and future fraudsLte and future frauds
Lte and future fraudsRanjeet Kumar
 

What's hot (20)

Eric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norwayEric Vyncke - Layer-2 security, ipv6 norway
Eric Vyncke - Layer-2 security, ipv6 norway
 
Gabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHYGabriel Paues - IPv6 address planning + making the case for WHY
Gabriel Paues - IPv6 address planning + making the case for WHY
 
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 FinalExploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
Exploiting Network Protocols To Exhaust Bandwidth Links 2008 Final
 
Anonymous Network
Anonymous NetworkAnonymous Network
Anonymous Network
 
Peer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling ActivityPeer-to-Peer Application Recognition Based on Signaling Activity
Peer-to-Peer Application Recognition Based on Signaling Activity
 
OpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform TechnologyOpenDNS Whitepaper: Platform Technology
OpenDNS Whitepaper: Platform Technology
 
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
Ip, the internet & its impact on the maritime industry paul jolley-v1-2012
 
DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2DASH7 Webinar: Working With Open Tag For Mode 2
DASH7 Webinar: Working With Open Tag For Mode 2
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
 
Certified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheetCertified Ethical Hacker quick test prep cheat sheet
Certified Ethical Hacker quick test prep cheat sheet
 
Server Load Balancer Test Methodology
Server Load Balancer Test MethodologyServer Load Balancer Test Methodology
Server Load Balancer Test Methodology
 
Fortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_IntroductionFortinet_FortiDDoS_Introduction
Fortinet_FortiDDoS_Introduction
 
CEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical HackerCEH v9 cheat sheet notes Certified Ethical Hacker
CEH v9 cheat sheet notes Certified Ethical Hacker
 
Picturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair QueuingPicturetel RSVP and Weighted Fair Queuing
Picturetel RSVP and Weighted Fair Queuing
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
 
DASH7 Mode 2 Summary
DASH7 Mode 2 Summary DASH7 Mode 2 Summary
DASH7 Mode 2 Summary
 
Vineyard Networks Product Overview
Vineyard Networks Product OverviewVineyard Networks Product Overview
Vineyard Networks Product Overview
 
Leaked Network Security Information Analysis
Leaked Network Security Information AnalysisLeaked Network Security Information Analysis
Leaked Network Security Information Analysis
 
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct AccessWindows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
Windows Server 2012 Seminar 4 - De mogelijkheden van Direct Access
 
Lte and future frauds
Lte and future fraudsLte and future frauds
Lte and future frauds
 

Similar to I Pv6 Cyber Criminal Opportunities 05

Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsTEO LT, AB
 
Toorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksToorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksAditya K Sood
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Usevngundi
 
Cansec West 2009
Cansec West 2009Cansec West 2009
Cansec West 2009abhicc285
 
Internet security
Internet securityInternet security
Internet securitygohel
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test MethodologyIxia
 
Mu App-ID Test Methodology
Mu App-ID Test MethodologyMu App-ID Test Methodology
Mu App-ID Test Methodologyaquaphlex
 
Virtual Data Centers with OpenStack Quantum
Virtual Data Centers with OpenStack QuantumVirtual Data Centers with OpenStack Quantum
Virtual Data Centers with OpenStack Quantumlaurabeckcahoon
 
Virtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumVirtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumLew Tucker
 
Outside The Wire
Outside The WireOutside The Wire
Outside The WireSalo Shp
 
Hadoop World 2011: Sherpasurfing - Wayne Wheeles
Hadoop World 2011: Sherpasurfing - Wayne WheelesHadoop World 2011: Sherpasurfing - Wayne Wheeles
Hadoop World 2011: Sherpasurfing - Wayne WheelesCloudera, Inc.
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke
 

Similar to I Pv6 Cyber Criminal Opportunities 05 (20)

Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmėsRainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
Rainer Baeder. Sudėtingos tikslinės ir ilgai išliekančios grėsmės
 
Toorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit PacksToorcon Seattle 2011 - Browser Exploit Packs
Toorcon Seattle 2011 - Browser Exploit Packs
 
Tom Krcha - Future of Flash
Tom Krcha - Future of FlashTom Krcha - Future of Flash
Tom Krcha - Future of Flash
 
S series presentation
S series presentationS series presentation
S series presentation
 
JAKU Botnet Analysis
JAKU Botnet AnalysisJAKU Botnet Analysis
JAKU Botnet Analysis
 
Myip
MyipMyip
Myip
 
Download It
Download ItDownload It
Download It
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
Exploits
ExploitsExploits
Exploits
 
Day 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious UseDay 2 Dns Cert 4c Malicious Use
Day 2 Dns Cert 4c Malicious Use
 
Cansec West 2009
Cansec West 2009Cansec West 2009
Cansec West 2009
 
Internet security
Internet securityInternet security
Internet security
 
Internet security
Internet securityInternet security
Internet security
 
IPv6 Test Methodology
IPv6 Test MethodologyIPv6 Test Methodology
IPv6 Test Methodology
 
Mu App-ID Test Methodology
Mu App-ID Test MethodologyMu App-ID Test Methodology
Mu App-ID Test Methodology
 
Virtual Data Centers with OpenStack Quantum
Virtual Data Centers with OpenStack QuantumVirtual Data Centers with OpenStack Quantum
Virtual Data Centers with OpenStack Quantum
 
Virtual data centers with OpenStack Quantum
Virtual data centers with OpenStack QuantumVirtual data centers with OpenStack Quantum
Virtual data centers with OpenStack Quantum
 
Outside The Wire
Outside The WireOutside The Wire
Outside The Wire
 
Hadoop World 2011: Sherpasurfing - Wayne Wheeles
Hadoop World 2011: Sherpasurfing - Wayne WheelesHadoop World 2011: Sherpasurfing - Wayne Wheeles
Hadoop World 2011: Sherpasurfing - Wayne Wheeles
 
Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7Jesse Burke RDPwned HackMiami7
Jesse Burke RDPwned HackMiami7
 

More from Barry Greene

Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Barry Greene
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated CustomersBarry Greene
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"Barry Greene
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Barry Greene
 

More from Barry Greene (6)

Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...Are you ready for the next attack? reviewing the sp security checklist (apnic...
Are you ready for the next attack? reviewing the sp security checklist (apnic...
 
IDNOG - 2014
IDNOG - 2014IDNOG - 2014
IDNOG - 2014
 
Remediating Violated Customers
Remediating Violated CustomersRemediating Violated Customers
Remediating Violated Customers
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For Action
 
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
BIND’s New Security Feature: DNSRPZ - the "DNS Firewall"
 
Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1Sp Security 101 Primer 2 1
Sp Security 101 Primer 2 1
 

I Pv6 Cyber Criminal Opportunities 05

  • 1. New Opportunities for Criminal Growth Forecasting Cyber-Crime during the IPv6 Transition Barry Raveendran Greene bgreene@isc.org Version 1.1 1
  • 2. Context •  The Internet Systems Consortium (ISC) is a strong driver for IPv6 adoption. •  The information contained in this presentation is an effort to empower organizations to deploy IPv6 to take extra effort to be mindful of their security risk. •  Risk can be mitigated if a clear understanding of the risk exist. •  It takes one big “IPv6 back doors a network” Press Cycle to shake the confidence of CIOs around the World – slowing down IPv6 deployment. 2
  • 3. ISC and IPv6 Yes! IPv6 is running natively at my desk, on our wireless, our services, our software, our services, and VPN tunneled from home. Open Source Software that are the “Gears” of the Net BIND DHCP AFTR PCP Secondary DNS RPKI (TBA) Services DNS F-Root SIE pDNS Hosted @ w/ Open Source Community and Others Internet Systems Consortium, Inc. (ISC) is a non-profit 501(c)(3) public benefit corporation dedicated to supporting the infrastructure of the universal connected self-organizing Internet—and the autonomy of its participants—by developing and maintaining core production quality software, protocols, and operations. 3
  • 4. Logistics •  This presentation can be downloaded from the Webinar recording and from ISC’s Knowledge Base: http://deepthought.isc.org •  ISC updates, presentations, and materials can be followed on: –  Facebook - http://www.facebook.com/InternetSystemsConsortium –  Twitter - ISCdotORG –  Linkedin - http://www.linkedin.com/company/internet-systems-consortium –  RSS via our Website 4
  • 5. Agenda •  Today’s Cybercriminal Toolkit – The Criminal Cloud … what how Ipv6 will Enhance that “Cloud” •  Understanding Today’s Cyber-Criminal Behavior Drivers •  Now What? What do I need to do to deploy IPv6? 5
  • 6. Cyber Criminal Toolkit that is the foundation for the Criminal Cloud 6
  • 7. Components of the Criminal Cloud Payment SPAM Processors BOTNET Drive-By Secondary Controller Proxy Malware Mule Operations  Avalanche: SPAM Cloud that you can lease time Name Servers  Zeus: IPv6 Compliant “Build your Own Criminal Cloud. BOT  BlackHole: Metasploit Cloud you can lease Herder Malware Victim of Crime TLD Domain Packer 7
  • 8. Why not use a IPv6 Criminal Cloud? Payment SPAM Processors BOTNET Drive-By Secondary Controller Proxy Malware Mule  Most Security tools do not detect IPv6. Operations  Firewalls, IPSs, Anti-SPAM, and the Name whole toolkit we use to manage and run Servers networks are built on IPv4 – no IPv6.  IPv6 is a way for criminals to go under BOT the radar – cause the “radar is IPv4” Herder Malware Victim of Crime TLD Domain Packer 8
  • 9. Stage Domain Name SPAM BOTNET Drive-By Secondary Controller Proxy Malware Get Name Domain Servers IPv4 o r IPv BOT 6 Stage on NS Herder or FF NS Malware Victim of Crime TLD Domain Packer 9
  • 10. Prepare Drive-By Send Malware SPAM BOTNET Drive-By Secondary Controller Proxy Malware Load Name Malware Servers Hacker Malware Victim of Crime TLD Domain Packer 10
  • 11. Social Engineered SPAM to Get People to Click (Spear Phishing) Send SPAM SPAM BOTNET Drive-By Secondary Controller Proxy Malware IPv6 Name Servers Click on me now Hacker Malware Victim of Crime TLD Domain Packer 11
  • 12. Drive-By Violation Click on me now SPAM BOTNET Drive-By Secondary Controller Proxy Malware What if Malvertisment was IPv6? Name Servers Hacker Malware Victim of Crime TLD Domain Packer 12
  • 13. Poison Anti-Virus Updates SPAM BOTNET Drive-By Secondary Controller Proxy Malware Name Servers Poison the anti-virus updates Hacker All updates to 127.0.0.1 Anti-Virus Malware Vendor Victim of Crime TLD Domain Packer 13
  • 14. Prepare Violated Computer SPAM BOTNET Drive-By Secondary Controller Proxy Malware What if this all happened Name via IPv6? Servers Call to secondary Malware site Hacker Load secondary package Malware Anti-Virus Vendor Victim of Crime TLD Domain Packer 14
  • 15. Call Home SPAM BOTNET Drive-By Secondary Controller Proxy Malware Name Servers Call to Controller Report:  Operating System Hacker  Anti-Virus  Location on the Net Malware  Software  Patch Level Victim of Crime  Bandwidth TLD Domain  Capacity of the computer Packer 15
  • 16. Load Custom Malware SPAM Drive-By Secondary Controller Proxy BOTNET Malware Name Go get New Servers Module Hacker Malware TLD Victim of Crime Domain Packer 16
  • 17. Start Worming, Scanning, & Spreading SPAM Drive-By Secondary Controller Proxy Malware BOTNET Name Servers BOTNET Herder Malware IPv6 IPv6 Victims of Crime TLD Packer Domain 17
  • 18. Load a Proxy with Trigger Corporate Network Drive-By Secondary Controller Proxy Malware Name Go get my Servers proxy Hacker Malware TLD Victim of Crime Domain Packer 18
  • 19. Watch for the SSL VPN Connection Cool! Lets see what I can find to steal. Corporate Network Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware Tell me when the SSL VPN Connection is Established TLD Victim of Crime Domain Packer 19
  • 20. Set up the Proxy Tunnel Cool! Lets see what I can find to steal. Corporate Network Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware TLD Victim of Crime Domain Packer 20
  • 21. Proxy Behind the Bank Login Cool! Lets see what I can find to steal. BANKS Drive-By Secondary Controller Proxy Malware Name Servers Hacker Malware TLD Victim of Crime Domain Packer 21
  • 22. OPSEC Community’s Action Make SPAM Harder We do not know how to SPAM lock this Drive-By Secondary Controller BOTNET Malware Proxy guy in jail! Disrupt Drive- By Phishing Disrupt Controllers Name Servers Help your victimized BOT customers Disrupt the NS Herder Infrastructure Clean Malware Violated Data Centers TLD Victim of Crime Domain Packer Filter Based on TLD 22
  • 23. Scary Consequences (B4 IPv6) 1.  Building “Secure” Operating Systems with “Security Development Lifecycles” and aggressive testing are not delivering to expectations. 2.  Host Security Tools (anti-virus) are not delivering to expectations. 3.  Application Security is not delivering and becoming more complicated. 4.  Network Security tools (firewalls, IDP/IPS, etc) are not delivering as expected. 5.  Defense in Depth are not delivering as expected. 6.  Malware Remediation is not working (i.e. how to clean up infections). 7.  The Bad Guys follow economic equilibrium patterns – finding optimization thresholds. 8.  Law Enforcement is not in a position to act on International Crime – where the laws are not in place. 9.  The “eco-system” of the “security industry” is locked in a symbiotic relationship. 23
  • 24. Touch Point •  Are you looking for miscreant activities on your network? •  If you have IPv6 turned on – are you watching? •  Are you looking for v6 in v4 tunnels? •  Recommendation – Views from your Network & from the Outside World: –  Free Server from www.shawdowserver.org 24
  • 26. Our Traditional View of the World 26
  • 27. The Reality of the Internet No Borders How to project civic society and the rule of law where there is no way to enforce the law? 27
  • 28. The Good Guys are part of the the Security Problem •  The “White Hat” Security Community fixates on the mechanics – rushing to blog details of how the malware works and how the botnet is built. •  It is like the US Drug Enforcement Agency approaching the Meth epidemic with this approach: –  We’re trying to solve the methamphetamine drug abuse problem by funding studies and pontificating on the chemical make up of methamphetamine, processes for producing methamphetamine, and variations for new methamphetamine mixes. •  What about the Meth criminal eco-system? What about the gangs? What about the victims? 28
  • 29. The Good Guys are part of the the Security Problem Who we need to Target This is nice to know Not understanding that our problem is a human problem leads to “security solutions” which get bought, deployed, and never used. 29
  • 30. Three Major Threat Vectors •  Critical Infrastructure has three major threat drivers: –  Community #1 Criminal Threat •  Criminal who use critical infrastructure as a tools to commit crime. Their motivation is money. –  Community #2 War Fighting, Espionage and Terrorist Threat •  What most people think of when talking about threats to critical infrastructure. –  Community #3 P3 (Patriotic, Passion, & Principle) Threat •  Larges group of people motivated by cause – be it national pride (i.e. Estonia & China) or a passion (i.e. Globalization is Wrong) 30
  • 31. Essential Criminal Principles •  There are key essential principles to a successful miscreant (i.e. cyber criminal) •  These principles need to be understood by all Security Professionals •  Understanding allows one to cut to the core concerns during security incidents •  Attacking the dynamics behind these principles are the core ways we have to attempt a disruption of the Miscreant Economy 31
  • 32. Principles of Successful Cybercriminals 1.  Don’t Get Caught 2.  Don’t work too hard 3.  Follow the money 4.  If you cannot take out the target, move the attack to a coupled dependency of the target 5.  Always build cross jurisdictional attack vectors 6.  Attack people who will not prosecute 7.  Stay below the pain threshold 32
  • 33. Principle 1: Do Not Get Caught! •  The first principle is the most important – it is no fun getting caught, prosecuted, and thrown in jail –  (or in organized crime – getting killed) •  All threat vectors used by a miscreant will have an element of un-traceability to the source •  If a criminate activity can be traced, it is one of three things: 1.  A violated computer/network resources used by the miscreant 2.  A distraction to the real action 3.  A really dumb newbie 33
  • 34. Principle 2: Do Not Work Too Hard! •  Use the easiest attack/penetration vector available in the toolkit to achieve the job’s objective •  Example: If your job is to take out a company’s Internet access the day of the quarterly number’s announcement, would you: 1.  Penetrate the Site and Delete files? 2.  Build a custom worm to create havoc in the company? 3.  DOS the Internet connection? 4.  DOS the SP supporting the connection? Why Use DNS “Noisy” Poisoning when it is easier to violate a ccTLD? 34
  • 35. Principle 3: Follow the Money •  If there is no money in the crime then it is not worth the effort. •  Follow the money is the flow of money or exchanged value as one miscreant transfers value to another miscreant (or the victim transfers value to the criminal) •  A Cyber-Criminal Threat Vector opens when the miscreant finds a way to move ‘stored value’ from the victim through the economy •  It is worse if the cyber ‘stored value’ can cross over to normal economic exchange 35
  • 36. Principle 4: If You Cannot Take Out The Target… •  If you cannot take out the target, move the attack to a coupled dependency of the target •  There are lots of coupled dependencies in a system: –  The target’s supporting PE router –  Control Plane –  DNS Servers –  State Devices (Firewalls, IPS, Load Balancers) •  Collateral Damage! 36
  • 37. Principle 5: Always Build Cross Jurisdictional Attack Vectors •  Remember – Don’t get caught! Do make sure ever thing you do is cross jurisdictional. BOTNET LEAF US •  Even better – cross the BOTNET HUB law systems (Constitutional, Tort, BOTNET LEAF Japan Statutory, Islamic, etc.) •  Even Better – Make BOTNET LEAF sure your “gang” is Australia multi-national – making it harder for Law Enforcement BOTNET LEAF Norway BOTNET LEAF Kuwait BOTNET LEAF China 37
  • 38. Principle 6: Attack People Who Will NOT Prosecute •  If your activity is something that would not want everyone around you to know about, then you are a miscreant target •  Why? Cause when you become a victim, you are not motivated to call the authorities •  Examples: –  Someone addicted to gambling is targeted via a Phishing site –  Someone addicted to porn is targeted to get botted –  Someone addicted to chat is targeted to get botted –  Someone new to the Net is targeted and abused on the physical world –  Government, Finance, and Defense, Employees – who lose face when they have to call INFOSEC 38
  • 39. Principle 7: Stay below the Pain Threshold •  The Pain Threshold is the point where an SP or Law Enforcement would pay attention •  If you are below the pain threshold – where you do not impact an SP’s business, then the SP’s Executive Management do not care to act •  If you are below the pain threshold – where you do not have a lot of people calling the police, then the Law Enforcement and Elected Official do not care to act •  The Pain Threshold is a matter of QOS, Resource Management, and picking targets which will not trigger action 39
  • 40. Criminal Trust •  Miscreants will guardedly trust each other •  They can be competitors •  They can be collaborators •  But when there is money on the table, criminal human behavior and greed take over. •  Cybercriminal cannibalize each other’s infrastructure. •  Cybercriminals attack each other’s infrastructure. DDOS Internet DDOS 40
  • 41. Dire Consequences •  The Miscreant Economy is not a joke. It is not a game. It is not something to play with. –  PEOPLE DIE •  Once organized crime enter the world of the Miscreant Economy, the days of fun were over. •  Now that Cyber-Criminals will use any resource on the net to commit their crime, they don’t worry about the collateral damage done. –  Think of computer resources at a hospital, power plant, or oil refinery – infected and used to commit phishing and card jacking. –  What happens if someone gets mad at the phishing site, attacks it in retaliation, unintentionally knocking out a key systems. 41
  • 42. Enduring Financial Opportunities Postulate: Strong, Enduring Criminal Financial Opportunities Will Motivate Participants in the Threat Economy to Innovate to Overcome New Technology Barriers Placed in Their Way Enduring criminal financial opportunities: •  Extortion •  Advertising •  Fraudulent sales •  Identity theft and financial fraud •  Theft of goods/services •  Espionage/theft of information 42
  • 43. Threat Economy: In the Past Writers Asset End Value Tool and Toolkit Compromise Fame Writers Individual Host or Application Theft Malware Writers Worms Espionage Compromise (Corporate/ Viruses Environment Government) Trojans 43
  • 44. Threat Economy: Today First Stage Second Stage Writers Abusers Middle Men Abusers End Value Tool and Hacker/Direct Criminal Toolkit Writers Attack Compromised Competition Host and Application Theft Malware Writers Espionage Extortionist/ (Corporate/ Machine DDoS-for-Hire Government) Harvesting Bot-Net Creation Worms Extorted Pay-Offs Spammer Viruses Bot-Net Management: For Rent, for Lease, Commercial Sales Trojans for Sale Phisher Fraudulent Sales Information Personal Spyware Harvesting Information Pharmer/DNS Poisoning Click-Through Revenue Information Brokerage Internal Theft: Identity Theft Financial Fraud Abuse of Privilege Electronic IP Leakage $$$ Flow of Money $$$ 44
  • 45. Miscreant - Incident Economic Cycles Lots of Peak Survive the Community Problems Mitigation Next Attack & Attacks New Criminal Revenue Incidents Miscreant & Opportunities Criminal R&D Resolve the Problem Recession Expansion Drive the Post Mortem Drive the Trough Preparation time These Cycles Repeat 45
  • 46. Miscreant Economic Cycles Expansion Recession Expansion Peak Total Incidents Incident Growth Trough Trend 0 Jan.- Apr.- July- Oct.- Jan.- Apr.- July- Oct.- Jan.- Apr.- Mar June Sept. Dec. Mar June Sept. Dec. Mar June 46
  • 47. Community Action Can Have an Impact Source: http://voices.washingtonpost.com/securityfix/2008/11/64_69_65_73_70_61_6d_64_69_65.html 47
  • 48. But for how long ….. New Attack Good Tools Guys & Techniques Whack Bad Guys Back Guys Learn Analyze This virtuous cycle drives cyber- criminal IPv6 innovations. 48
  • 49. Cyber Warfare •  Of the three threat vectors, cyber-warfare is a “constrained” threat. •  All cyber warfare is a constrained with in State Actors and Actions. –  There are Generals who are in charge giving orders. –  There are Government officials who are providing state policy. •  Espionage is part of state policy, a persistent threat, but not “warfare.” •  New State actors can make mistakes – unintentionally creating collateral consequence. Michael Falco / The New York Times / Redux 49
  • 50. Cyber Warfare’s Consequences … Peer A IXP-W A Peer B IXP- E Upstream A D Upstream A B C Upstream Upstream B E B Target NOC G F POP Target is taken out 50
  • 51. … Extend beyond the perceived “Battle Space.” Peer A IXP-W A Peer B IXP-E Upstream A D Upstream A B C Upstream Upstream B E B Target Customers NOC G F POP Attack causes Collateral Damage 51
  • 52. Cyber Warfare’s Reality •  Cyber Warfare is a threat to business, but not the threat to spend hours and money to protect. •  Protecting against Cyber-Crime and the P3 threat will mitigate many of the cyber warfare threats. 52
  • 53. P3 Threat – the Big Change •  The Dramatic Change over the past year has been the increasing security threat from individuals and groups that are not “constrained.” •  These groups are driven by motivations that are not “money driven.” They are not given “orders.” They do it based on self motivation. •  Patriotic – They believe they have a right to stand up for their country, cause, or crusade. •  Passionate – They attach to a cause and will work long hours to further that cause. •  “Principled” – The base their actions on principles they passionately believe and will perform actions that they feel is within their “Internet Rights.” 53
  • 54. Patriotic, Passion, & Principle Drivers “The post-90 generation teens that run 2009.90admin. com, wrote on their website, “We are not Internet attackers, we are just a group of computer fans; we are not mentally handicapped kids, we are the real patriotic youth. We’ll target anti-China websites across the nation and send it as a birthday gift to our country.” “The 500-word statement appeared over a red and black background decorated with a flying national flag. Zhang Yiwu, a professor at Peking University and a literary critic, said although many believe young people are not as patriotic as previous generations, there are exceptions. "The post-90s generation is undoubtedly passionate and patriotic, but their lifestyle and attitude is varied. The campaign of attacking anti-China websites shows their unstable and immature nature," Zhang said. "Although their behavior is not worthy of praise, the unfair reports about China coming from many foreign media will encourage the youngsters to fight back.“” - http://news.alibaba.com/article/detail/technology/100168523-1-teen-hackers-vow-prove-patriotism.html 54
  • 55. Touch Point •  Do you use “behavior” as a tool to help you evaluate risk? 55
  • 56. Now What? 56
  • 57. What can you do? 1.  This security problem is happening now – with IPv4. Gain control over it now. –  Use the IPv4 knowledge to map what you really need for dual stack. –  Use Open Source Security tools (Bothunter, Netflow Tools, IDP/IDS tools, etc). Open source gives you experience before the big capital investment. 2.  Understand that you might have a IPv6 “security problems” right now. –  Security people inside a organization need to be pushing for strategic IPv6 deployment to gain situational awareness of the IPv6 in their network. 57
  • 58. What can you do? 3.  An IPv6 VISIBILITY plan is needed as part of your IPv6 deployment. –  Given the criminal economic incentives behind the threat, all organizations need to have visibility tools as an integral part of their IPv6 plan. –  Passive DNS, Open Source Netflow, IPv6 Sinkholes, Network management, logging (compatible with IPv6). 5.  Yes, you will need a IPv6 Security Plan. –  Know how you security team is going to cope with IPv6. 58
  • 59. No Excuses! •  An organization cannot use the dynamics & threat of the cyber criminal ecosystem to not deploy IPv6. •  The pace if IPv6 migration is not in the control of the end-user. Moving from “zero” to “100” is a crowd dynamic. •  That “crowd” can move the industry faster than anyone expects. •  The criminals will follow the crowd – following their potential markets. 59
  • 60. Plug into the Operational Security Community •  Step 1: Get the Operational and Security Contacts for each of your peering and transit networks. –  Get their phone numbers, Chat IDs, and E-mails. –  Find out what tools they have deployed to help you “work an attack” and “work a criminal investigation.” –  Find out what other civic self-defense groups they belong to. •  Step 2: Join open “security communities” which allow you to work with others to defend each other. –  CERTs –  ISACs –  Others. •  Step 3: Act! Do Something! Fight Back! –  Investigate – pursue – take legal action –  Call Law Enforcement – pull in the police – file a case –  International Laws only change through action 60
  • 61. What can you do? •  Join the Security Information Exchange Forum (SIE@ISC). –  Forum only briefings on the threat and tools used to change the battle against the threat. –  Connect you and your organizations to the most appropriate operational security communities – building the sphere of trust with peers –  Funding the tools the Operational Security Community need to track the threats, disrupt the threat, and put the community into a position to arrest the threat. –  Gain insight into how “collective defense” protects everyone. everyone. Send E-mail to info@sie.isc.org 61
  • 63. Internet Systems Consortium (ISC) How we can help your IPv6 Journey 63
  • 64. Who Builds the Cogs? •  The Internet’s “Guts” require someone to build the cogs which keep the Internet moving. •  These “cogs” need to be open and accessible to anyone who wants to connect to the Internet. •  Standards need to be open so that anyone can build. •  Enter the Internet Systems Consortium (ISC) 64
  • 65. Technology Leadership for the Common Good REFERENCEABLE • IETF CODE • FREE OPEN SOURCE PRODUCTION • ISC FORUM QUALITY SOFTWARE • E.G BIND, DHCP, AFTR,SIE •  ISC SUPPORT SERVICES • OPEN SOURCE CODE DEVELOPMENT • OTHER COMMERCIAL PLAYERS BENEFIT • Agile and scrum • Infoblox • Regression testing • Bluecat, etc • Community input OPERATIONAL DIALOGUE CODE 65
  • 66. More “Common Good” Activities DNS Everywhere IPv6 DNSSEC Secondary DNS OPS-SEC Services DNS F-Root Hosted @ w/ Open Source Community and Others Security Data Peering 66
  • 67. Sustainability while Serving Community •  Professional Services –  Software Support –  Training –  Consulting •  Custom Software Development –  Usability features –  Operation Improvements –  Private branches –  Proto types –  Integration/APIs 67
  • 69. ISC In a Nutshell Forum Professional Services Public Benefit Services •  BIND •  Consulting •  DNS “F-ROOT” •  BIND 10 Working Group •  Training •  DNS Secondary Server •  DHCP •  Software Support Services Resiliency (SNS) PB •  AFTR/PCP •  Custom Software Development •  Hosted@ - hosting a range of open source code) •  SIE •  F-root Corporate Node •  •  Free Domain Survey Report •  Open Source Routing DNS SNS-Com •  Full version The Domain Survey •  ISC assistance at IETF, ICANN, ARIN, ISOC RIPE RPKI (Securing BGP) and more WG, UKNOF, etc to come … first reference, standards based code. Empowerment •  Standards drivers – with first implementation of standards based code. •  Policy Meetings – Empowering Spheres of Influence •  Operational Security – Pioneering new approaches to safe guard the Internet (OPSEC-Trust). •  Operations Meeting Empowerment (APRICOT, AFNOG, NANOG, etc) •  Research (DNS OARC) 69
  • 70. How can ISC Help? (Keeping it Simple) 1.  Check your Ipv6 Health @ http://usgv6-deploymon.antd.nist.gov/ 2.  If your DNS or DNSSEC is RED (i.e. not IPv6 dual stack), contact ISC for help. Everyone needs to be GREEN. 3.  Send an E-mail to info@isc.org to start the conversation. 70
  • 71. 71