Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.
1. Cyber Crime & Big Data
Paul Rosenzweig
www.paulrosenzweigesq.com
www.redbranchconsulting.com
2. The Scope of the Loss
• UK -- £27 billion/year (Detica) (2010)
• World -- $1 trillion/year (McAfee) (2009)
• Commission on the Theft of American Intellectual Property --
$300 billion/year (2013)
• Another way of looking at it:
• Top 45 US companies average $5.6 million/year (2011) in
cybersecurity losses from an incident, up from $3.8 million in 2010
(Ponemon Institute)
• Conclusion: Direct monetary loss is very significant but
not overwhelming
3. RBN -- HISTORY
• An internet service provider, run by criminals for criminals,
founded as early as 2004
• Allegedly created by “Flyman,” a 20-something programmer to
be the nephew of a well-connected Russian politician
• Initial activity was legal (though not exactly civic-minded)
• Provides URLs, dedicated servers and software – an evil
version of Comcast combined with Home Depot
4. SERVICES OFFERED
• “Bulletproof” servers ($600/month)
• Highly effective malware ($380 per 1,000 targets)
• Rentable bots ($200 per bot)
• Free technical support, patches, updates and fixes
5. WHY SO SUCCESSFUL?
• Better than a real job
• Professionalism
• Protection from the Kremlin?
6. Greatest Hits
• 2005-2006 “Rock phish” nets $150 million for participants
• 2007 Mpack/Bank of India : All users’ account info stolen
•
•
•
•
via keystroke logging malware; no download necessary
(!)
2007 Russia-Estonia incident
2008 Russia-Georgia Conflict
2009 Citibank*
2012(?) Operation Blitzkreig??
7. Connecting the Dots -- Starting
with 2 Known Terrorists in US
WATCH LIST: CIA/INS/FBI POSSIBLE TERRORISTS IN THE US:
On or before August 23rd, 2001, Nawaq Alhamzi and Khalid Al-Midhar
added to INS watchlist
MAKE PLANE RESERVATIONS USING SAME NAMES:
On or about August 25, 2001, Khalid Al-Midhar purchases cash ticket
for American Airlines flight #77 scheduled for September 11, 2001
On or about August 27, 2001, Nawaq Alhamzi books a flight on
American Airlines flight #77 scheduled for September 11, 2001
8. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Waleed Alshehri
Target - Unknown
Target - South Tower of World Trade Center
Saeed Alghamdi
Ahmed Alghamdi
Ahmed Al Haznawi
Fayez Ahmed
Ziad Jarrah
Mohand Alshehri
Hamza Alghamdi
Satam Al Suqami
United Airlines Flight 93
United Airlines Flight 175
Marwan Al-Shehhi
Abdulaziz Alomari
Wail Alshehri
Ahmed Alnami
9. Address Connections
RESERVATIONS MADE WITH ADDRESS #1 AND ADDRESS #2
On or about August 25, 2001, Khalid Al-Midhar makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Common Address #1
On or about August 27, 2001, Nawaq Alhamzi books flight on
American Airlines flight #77 scheduled for September 11, 2001 using
Common Address #2
ADDRESSES ARE USED BY THREE (3) ADDITIONAL PASSENGERS
Mohamed Atta has reservation on American Airlines flight #11
scheduled for September 11, 2001 using Common Address #1 as a
contact address
Marwan al-Shehhi has reservation on United Airlines flight #175
scheduled for September 11, 2001 using Common Address #1 as a
contact address
Salem Alhamzi has reservation on American Airlines flight #77
scheduled for September 11, 2001 using Common Address #2 as a
contact address
10. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
5 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
11. Phone Number Connections
ONE (1) ALERTED PASSENGER MAKES RESERVATION USING
COMMON TELEPHONE NUMBER
On or about August 28, 2001, Mohamed Atta uses
Florida Telephone #1 as a contact number when making reservations on
American Airlines flight #11 scheduled for September 11, 2001
NUMBER IS USED BY FIVE (5) ADDITIONAL PASSENGERS
On or about August 26, 2001, Waleed Alshehri and Wail Alshehri make
reservations on American Airlines flight #77 scheduled for September
11, 2001 using Florida Telephone #1 as a contact number
On or about August 27, 2001, reservations for electronic, one-way
tickets were made for Fayez Ahmed and Mohand Alshehri for United
Airlines flight #175 using Florida Telephone #1 as a contact number
On or about August 28, 2001, Abdulaziz Alomari reserves a seat on
American Airlines flight #11 using Florida Telephone #1 as a contact
number
12. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
10 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
13. Frequent Flyer Connections
ONE (1) ALERTED PASSENGER MAKES RESERVATION USING A
FREQUENT FLYER NUMBER
On or about August 25, 2001, Khalid Al-Midhar makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Frequent Flyer #1
FREQUENT FLYER NUMBER IS USED BY ONE (1) ADDITIONAL
PASSENGER
On or about August 25, 2001, Majed Moqed makes a reservation on
American Airlines flight #77 scheduled for September 11, 2001 using
Frequent Flyer #1
14. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
11 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
15. Public Record Connections
PUBLIC RECORDS
Alerted subjects Nawaq Alhamzi and Khalid Al-Midhar lived with Hani
Hanjour
Alerted subject Wail Ashehri was roommates and shares PO Box with
Satan Al Suqami
16. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Mohamed Atta
Majed Moqed
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
13 are Identified
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
17. Remaining Connections
WATCH LIST: INS ILLEGAL/EXPIRED VISAS
On or about August 29, 2001, Ahmed Alghamdi reserves an electronic oneway ticket on United Airlines flight #175 scheduled for September 11, 2001
FIVE (5) ADDITIONAL PASSENGERS:
Alerted subject Ahmed Alghamdi and Hamza Alghamdi both use same
address on their airline reservations
Alerted subject Hamza Alghamdi has/does live with Saeed Alghamdi,
Ahmed Alhaznawi, Ahmed Alnami
Alerted subject Ahmed Alhaznawi lives/lived with Ziad Jarrah
18. American Airlines Flight 77
American Airlines Flight 11
Target - Pentagon
Target - North Tower of World Trade Center
Nawaq Alhamzi
Salem Al-Hazmi
Khalid Al-Midhar
Hani Hanjour
Majed Moqed
Mohamed Atta
Abdulaziz Alomari
Wail Alshehri
Waleed Alshehri
Satam Al Suqami
All 19 are Identified!
United Airlines Flight 175
United Airlines Flight 93
Target - South Tower of World Trade Center
Target - Unknown
Ahmed Alghamdi
Marwan Al-Shehhi
Mohand Alshehri
Fayez Ahmed
Hamza Alghamdi
Saeed Alghamdi
Ahmed Al Haznawi
Ziad Jarrah
Ahmed Alnami
19. All 19 via 7 “Clicks”
Khalid Al-Midhar
Majed Moqed
Mohamed Atta
Waleed Alshehri
Marwan Al-Shehhi
Wail Alshehri
Satam Al Suqami
Fayez Ahmed
Nawaq Alhamzi
Salem Al-Hazmi
Mohand Alshehri
Ahmed Alghamdi
Hani Hanjour
Abdulaziz Alomari
Saeed Alghamdi
Hamza Alghamdi
Ahmed Alhaznawi
Ziad Jarrah
Ahmed Alnami
22. Privacy is dead. Get over it.
– Scott McNealy, Sun
MicroSystems CEO (1999)
23. End of Practical Obscurity
Dept. of Justice v. Reporters Committee, 489 U.S. 749 (1989)
Denial of FOIA request for “rap sheet” of suspected Mafia don upheld
“Plainly there is a vast difference between the public records that might be
found after a diligent search of courthouse files, county archives, and local
police stations throughout the country and a computerized summary located
in a single clearinghouse of information”
“The privacy interest in maintaining the practical obscurity of rap-sheet
information will always be high”
Contrast that with the operation of Acxiom, Experian,
ChoicePoint or Lexis/Nexis, today.
Private companies that “harvest” public records for its own database
Birth records, credit records, convictions, real estate, liens, bridal registries,
kennel club records, etc. etc. etc.
Notably, most (though not all) such records are of
governmental origin
24. Guess What This Is …
Facebook Break-Up Data
Holiday Stress
Spring Break
April Fools
Mondays
Summer Vacation
Xmas –
“Too Cruel”
25. Passenger Name Record (PNR)
Typical Data Elements
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
PNR record locator code
Date of reservation
Date(s) of intended travel
Name
Other names on PNR
Address
All forms of payment information
Billing address
Contact telephone numbers
All travel itinerary for specific PNR
Frequent flyer information (miles flown,
address)
Travel agency
Travel agent
Code share PNR information
Travel status of passenger
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
Split/Divided PNR information
Email address
Ticketing field information
General remarks
Ticket number
Seat number
Date of ticket issuance
No show history
Bag tag numbers
Go show information
OSI information *
SSI/SSR information *
Received from information
All historical changes to the PNR
Number of travelers on PNR
Seat information
One-way tickets
Any collected APIS information
ATFQ fields
* Restricted field
26. Keeping A Future Terrorist Out of the United States
Situation
DHS uses a sophisticated data assessment
program called the Automated Targeting System
(ATS) to perform risk assessments on those who
seek to enter the United States
Roughly 411 million people attempt to enter the U.S.
annually; nearly 91 million come to the U.S. by air
ATS allows DHS’ Customs and Border Protection
(CBP) to connect the dots to foil potential terrorist
plots by denying entry to would-be terrorists
Action
June 14, 2003: a Jordanian named Raed al-Banna,
carrying a valid business visa on his Jordanian
passport, tries to enter the U.S. at O’Hare Airport
His data is run through ATS; CBP is wary of his
travel habits and takes him to secondary screening
CBP gleans that al-Banna has been living in the
U.S. since 2001 and illegally working petty jobs
A CBP officer takes al-Banna’s photograph and
fingerprints, and he is deported soon there after
Result
February 28, 2005: al-Banna rams a car filled with
explosives into a crowd of military and police
recruits in the Iraqi town of Hillah, killing more than
125
His hand and forearm are found inside the
smoldering vehicle handcuffed to the steering wheel
The attack remains one of the deadliest suicide
bombings in Iraq since the inception of the war
Raed al-Banna
The CBP officer who deported al-Banna said, “I was shocked. That it was so close
to home, that I actually interviewed someone who not only was capable of doing
but actually did something like that. You never know who you are interviewing or
what they are capable of doing.”
Case# 0000016
2005/03/01
www.dhs.gov
26
27.
28.
29. The “Right” to Privacy
No Constitutional right to protect records held by third parties
Bank records -- U.S. v. Miller, 425 U.S. 435 (1973)
Phone toll records – Smith v. Maryland, 442 U.S. 735 (1979)
Common law right?
Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890-1891)
"The common law secures to each individual the right of determining, ordinarily, to what
extent his thoughts, sentiments, and emotions shall be communicated to others.”
Not historically applicable against the government
Such “rights” as we have are therefore creatures of statute
Privacy Act of 1974
E-Government Act of 2002
Our Privacy Laws Are Out of Date And Do Not Match The
Technology Or The Need
29
30. Mossad in Dubai
“The Murder of Mahmoud alMabhouh,”February 2010
http://video.gulfnews.com/services/player/bc
pid4267205001?bckey=AQ~~,AAAAAFv965
0~,tQKIhooE6H7bm0EXwcdF0fKpVqjAuia&bctid=66672644001
“Bulletproof” hosting, also known as “bulk-friendly hosting” that enables users to circumvent applicable laws in their country of origin.At one point maintained that accusations leveled against them were slander.
Possibility for computer science grads to earn 10x what they would in Russia and twice as much as they would in WestSophisticated phishing: MalwareAlarm.com, a site operated by the RBN, at one point averaged 2 million US users per monthMalware functions perfectly
Users tricked into entering personal financial info