2. Presentation
@LucBeirens
Chief Commissioner
Head of the Federal Computer Crime Unit
Belgian Federal Judicial Police
Direction Economical and financial crime
Chairman of the EU Cybercrime task force
representing the organization of heads of
national hightech crime units of the EU
3. Topics - overview
An analysis of the eSociety situation
Who is threating eSociety and how ?
Inside threat / outside threats
Possible damage to eGov and
eSociety
Which response to give to this ?
8. General trends today
Evolution towards e-society
replace persons by e-applications
Interconnecting all systems (admin, industrial, control)
Mobile systems – Cloud
Social networks
IP is common platform offered by many ISPs
integrating telephony / data / VPN & all new apps
=opportunities / Achilles tendon / scattered traces
Poor security in legacy applications and protocols
(userid+pw)=> identity fraud is easy
Enduser is not yet educated to act properly
9. What do criminals want ?
Become rich / powerfull
rapidly, easily, very big ROI
in an illegal way if needed
Destabilaze (e-)society
by causing troubles
10. First conclusions ?
Society is thus very heavily depending on ICT
ICT = important vulnerability of modern society
End user = weakest link => biggest danger
Need to
Guarantee continuity of ICT functioning
Availability and integrity of data
Data is more and more in the cloud
Accessible from all over the world
Outside jurisdiction of your country
11. Who is threating us ?
Script kiddies
Insider ICT guy in your company
Loosely organized criminals
Firmly organized criminal groups
Terrorists / hacktivists
Foreign states / economical powers
Nation warfare troups
27. Cyber crime
against cyber infrastructure
Payment systems
2010 Wikileaks case : “Anonymous” attack on VISA,
Paypal, Mastercard,...
DNS – system
create fraudulent routing or use for DDOS
Certification autorities (Diginotar)
Data centers (Blocs all servers in it)
Dossier Cybercrime - NVP PNS 2012-2015
29. Cybercrime focusing
individuals
Individuals are
also working in companies / government
Use social networks / webmail
Often used to exchange business related info
Containing access code information
Hacking of these profiles / webmails
Abuse to infect people you know
Get personal information of you and your contacts
Commit fraud
Internet fraud of all kinds
Webcam sex interception to do extortion
Luc Beirens - FCCU -2012
31. Webserver / node
Computer
Crash
Hacker
Internet
Info Access line
Cmd
blocked
My IP is x.y.z.z
Command & Botnet attack on a webserver / node
Control Server
32. Webserver / node
Hacker Knowledge server
Internet
trigger
event MW update
Very frequent MW
update request
Malware update server
Command & Malware update / knowledge transfer
Control Server
34. How big is the problem ?
Already criminal cases in several countries
Botnets detected
Several hundreds of botnets worldwide
Several thousands of C&C worldwide
Thousands upto millions of zombie computers
online
generated huge datatraffic upto 40 Gbps
Dismantling / crippling botnets
38. Authentication
eService website eService user
Authentication systems
Intercepted userid + pw
user : u123
password : secret123
Give token 15 : Word15
Intercepting 36 sessions
Phishing website 3 x 12
Consultation & Transfers
New authentication systems
One time passwords
Time based
Give OT password : Timedependentcode
Consultation & Transfers
Waiting the authentication
Afterwards perform transaction
Challenge based
Calculate OTP with challenge 12345678
Calculated OTP Consultation & Transfers
Waiting the authentication
Need for user cooperation ????
39. If technical security is ok ...
They are informed of webactivity over the botnet
They know you ! (knowledge base & social networks)
They will switch to social engineering
They will make you believe they are someone else
to make you do something they want / need
Abusing expected “normal user behaviour”
Fear of or willingness to help or coope with hierarchy
security services / helpdesk / vendors / (business) partners
Love for (new) friends
Greed
40. Activity spying
Keylogging 5
4 Local
6 storage
trying to surf on the real website
Bank site eBank user
10
Bank account transfer 8
9
Authentication
Money transfer order Authentication
Fake site
3 Hackers
Knowledge
database 7
Money Mule
Trojan
Proxy 2 Use of 1 distribution
intermediate campain
systems
Spam to control network
Fake Company
11
12 Money collector 13
Money Mule
45. And the victims ?
Who ?
Transactional websites
Communication networks
ISPs and all other clients
Reaction
Unaware of incidents going on
ISPs try to solve it themselves
Nearly no complaints made – even if asked ...
Result ? The hackers go on developing botnets