SlideShare una empresa de Scribd logo

Fabio Ghioni

Fabio Ghioni
Fabio Ghioni

Industrial Espionage. Fabio Ghioni - Esperto in Tecnologie non convenzionali e del rischio, e in strategia per la difesa nel Cyber Warfare Profiling. Fabio Ghioni, editorialista, Fabio Ghioni saggista, Fabio Ghioni conferenziere, Fabio Ghioni consulente strategico, Fabio Ghioni top manager, è riconosciuto come uno dei maggiori esperti mondiali di sicurezza.

TecnologíaEmpresariales
1 de 28
Descargar para leer sin conexión
THE LECTURERS Fabio Ghioni Roberto Preatoni
Corp Vs Corp: Industrial Espionage and Cyberwars
INDEX 1) Introduction: old and new threats after September 11th 2) Industrial Espionage: state-sponsored espionage 3) Cyber defense methodology: from digital identification of attacker to counterattack strategy 4) Cyber counterattacks: information leakage, Injected Interception
In the aftermath of September 11th, security issues came into the limelight… everybody focalized their attention on increasing anti-terrorist measures and countering the increasing number of hacker attacks to business and government networks…
… but hardly anyone has ever mentioned a more insidious and widespread criminal activity: INDUSTRIAL ESPIONAGE WHY ?
Companies are often reluctant to publicly admit that they have been victims of industrial espionage for two main reasons: •it implicitly means that THERE WAS SOME KIND OF VULNERABILITY to be exploited •it implies the unveiling of MORE CONFIDENTIAL lines of business
WHAT exactly is INDUSTRIAL ESPIONAGE? The illegal acquisition of intellectual property and trade secrets, in other words THEFT! The techniques to steal information from outside a company range from the traditional eavesdropping to social engineering tactics…
The FBI generally defines economic espionage as “government-directed, sponsored, or coordinated intelligence activity, which may or may not constitute violations of law, conducted for the purpose of enhancing that country’s or another country’s economic competitiveness by the use of the information by foreign government or by providing it to foreign private business entity thereby giving that entity a competitive advantage in the marketplace,...”
Since the 1990s Western Intelligence Agencies appear to have focused most of their time and resources on industrial espionage In most countries corporations rely on Government Agencies to carry out investigations whose results can be used to boost the National economy… France, the United States and Israeli have often been accused to spying on competitors’ industrial secrets through scanning systems such as Echelon or the Helios 1A satellite up until the more recent Carnivore software
Conversely, the INDUSTRIAL INTELLIGENCE process consists of researching information on public source documents in order to draw inferences about what competitors might be going to do and provide the basis for possible counteraction
Situational Awareness is the key word…
The classic Intelligence Cycle Source: Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies http://www.cops.usdoj.gov/mime/open.pdf?Item=1396
". . . attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy's army without fighting is the true pinnacle of excellence." Sun Tzu, The Art of War "There are but two powers in the world, the sword and the mind. In the long run the sword is always beaten by the mind." Napoleon Bonaparte
Nevertheless, there is sometimes a fine line between the legitimate tactics of competitive intelligence gathering and the illegitimate practice of industrial espionage…
Information may be obtained through the use of unethical but legal techniques, such as social engineering or the exploitation of competitors’ errors or negligence (e.g. e-mail hijacking)
Today, indeed, companies can rely on cyber-based techniques and methodologies to react to attacks coming from the real world… The Internet and the Web have dramatically impacted the classic intelligence cycle More information is migrating to the Web as companies use it to automate their value chain and build tight linkages with their business parties
THE ATTACKS Distributed Denial Of Service •Set up of botnets or drones instructed to perform synchronized attacks Information leakage and data manipulation •Intranet access due to loose access policies •Weak corporate applications •Exploitation of insiders
CASE STUDIES 1/4 T-Mobile • At the end of 2003 a hacker got access to the T-mobile users’ accounts and stole private material from jet-set users as well as a C.I.A. document located on a T- Mobile transit e-mail account belonging to a C.I.A. agent. The hacker exploited a Bea Weblogic interface flaw.
CASE STUDIES 2/4 Skynet 1.0 • A new application of Artificial Intelligence • Set up of intelligent networked agents • Underground work is in progress
CASE STUDIES 3/4 Israel Trojan Horse • In 2005 Israel was put in a difficult situation by an industrial espionage scandal involving several corporation and dozens of people. • Once again data were stolen using a trojan and social engineering. • Trojan-based attacks are growing rapidly and are considered as among the most important security risks for today’s corporations.
CASE STUDIES 4/4 Chinese Trojan Attacks • Several American corporations got compromised in the last year by trojan attacks perpetrated by chinese citizens, according to the attacks' logs. • Myfip, the trojan used for most of the attacks appeared to be one of the most sophisticated ever and one of its peculiarity was that it tried to steal also CAD/CAM files, usually related to engineering design works. • According to an IBM report, in the first half of 2005, 'customized‘ attacks against governments, corporations and financial institutions jumped to 50 per cent.
THE DEFENSE METHODOLOGY 1/2 Digital Identification of the Attacker •Understanding the originating path •“Digital fingerprinting” and pre-analysis of the attack methodology Passive Observation and Tracking •Logging the identified activity •Spotting the attacker
THE DEFENSE METHODOLOGY 2/2 Active Honeypots and Honeynets Situational Awareness •Case mapping Definition of Counterattack Strategy •Resource selection and allocation •Definition of timing, effort and techniques
CYBER COUNTERATTACKS An example… Injected Interception •allows to trace the IP address of a target and gain direct access to all data contained on the computer no matter what is the means of data transport (i.e. physical or digital)
The security management learning model Technology Methods Tools Resources Prevention/intelligence Incident Management Emergency/crisis management Security processes Policy and Tools Detection Handling Contrast Recovery procedures Risk analysis Assessment Planning Analysis Planning Analysis collection and Feed back Feed back Feed-back Learning analysis Common Knowledge Base Security KPI (Need to identify threshold values)
Questions? ¿Preguntas? English Spanish ‫ﺃَﻳﱠﺔ ﻣَﻄَﺎﻟِﺐ‬ Domande? вопросы? Russian Italian Arabic Ερωτήσεις? Greek tupoQghachmey Klingon Japanese

Recomendados

By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
 
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Fabio Ghioni
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochureEhab El Barbary
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksCraig Clark ITIL, CIS LI,EU GDPR P
 

Recomendados

By Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpBy Roberto Preatoni Fabio Ghioni Corp Vs Corp
By Roberto Preatoni Fabio Ghioni Corp Vs CorpFabio Ghioni
 
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...
Ghioni Fabio The Importance of System Availability in Corporate Critical Infr...Fabio Ghioni
 
IT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckIT Security and Wire Fraud Awareness Slide Deck
IT Security and Wire Fraud Awareness Slide DeckDon Gulling
 
Ehc brochure
Ehc brochureEhc brochure
Ehc brochureEhab El Barbary
 
Cyber Threat Intel : Overview
Cyber Threat Intel : OverviewCyber Threat Intel : Overview
Cyber Threat Intel : OverviewDeepak Kumar (D3)
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictZsolt Nemeth
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Hacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksHacking the Helpdesk: Social Engineering Risks
Hacking the Helpdesk: Social Engineering RisksCraig Clark ITIL, CIS LI,EU GDPR P
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESSEDUJIE DOMINIC IGHODALO
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionageMarie Elisabeth Gaup Moe
 
Info sec 12 v1 2
Info sec 12 v1 2Info sec 12 v1 2
Info sec 12 v1 2Prof John Walker FRSA Purveyor Dark Intelligence
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018Chiranjit Adhikary
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central BanksCommunity Protection Forum
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0Deepak Kumar (D3)
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaTechBiz Forense Digital
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence OperationsPapadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallCommonwealth Telecommunications Organisation
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013 The eCore Group
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 

Más contenido relacionado

La actualidad más candente

Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecuritySatnam Singh
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackinganonymousrider
 
3 f6 security
3 f6 security3 f6 security
3 f6 securityop205
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013 The eCore Group
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales Ahmed Musaad
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationJacqueline Fick
 

La actualidad más candente (20)

Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
 
AI for CyberSecurity
AI for CyberSecurityAI for CyberSecurity
AI for CyberSecurity
 
Incident handling of cyber espionage
Incident handling of cyber espionageIncident handling of cyber espionage
Incident handling of cyber espionage
 
Info sec 12 v1 2
Info sec 12 v1 2Info sec 12 v1 2
Info sec 12 v1 2
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018
 
Cyber Security and the National Central Banks
Cyber Security and the National Central BanksCyber Security and the National Central Banks
Cyber Security and the National Central Banks
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
3 f6 security
3 f6 security3 f6 security
3 f6 security
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Cyber Influence Operations
Cyber Influence OperationsCyber Influence Operations
Cyber Influence Operations
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Internet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wallInternet safety and security strategies for building an internet safety wall
Internet safety and security strategies for building an internet safety wall
 
Cyber crime trends in 2013
Cyber crime trends in 2013 Cyber crime trends in 2013
Cyber crime trends in 2013
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Creating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisationCreating cyber forensic readiness in your organisation
Creating cyber forensic readiness in your organisation
 

Similar a Fabio Ghioni

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...James Anderson
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...APNIC
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...TI Safe
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskBeyondTrust
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Government
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteDamir Delija
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTSimone Onofri
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with aiBurhan Ahmed
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philAPhil Agcaoili
 

Similar a Fabio Ghioni (20)

GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
GDG Cloud Southlake #4 Biodun Awojobi and Wade Walters Security Programs and ...
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Računalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidenteRačunalna forenzika i automatizirani odgovor na mrežne incidente
Računalna forenzika i automatizirani odgovor na mrežne incidente
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Cyber security with ai
Cyber security with aiCyber security with ai
Cyber security with ai
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA2016 ISSA Conference Threat Intelligence Keynote philA
2016 ISSA Conference Threat Intelligence Keynote philA
 
Case Study.pdf
Case Study.pdfCase Study.pdf
Case Study.pdf
 

Más de Fabio Ghioni

Fabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni
 
Fabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni
 
Fabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni
 
Fabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni
 
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni
 
Fabio Ghioni Asymmetric Warfare and Interception revealed
Fabio Ghioni Asymmetric Warfare and Interception revealedFabio Ghioni Asymmetric Warfare and Interception revealed
Fabio Ghioni Asymmetric Warfare and Interception revealedFabio Ghioni
 
Fabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni
 

Más de Fabio Ghioni (7)

Fabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private InvestigationFabio Ghioni Hero Z Private Investigation
Fabio Ghioni Hero Z Private Investigation
 
Fabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista AndromedaFabio Ghioni Intervista Andromeda
Fabio Ghioni Intervista Andromeda
 
Fabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private InvestigationsFabio Ghioni Hero Z Private Investigations
Fabio Ghioni Hero Z Private Investigations
 
Fabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona EmanazioneFabio Ghioni La Nona Emanazione
Fabio Ghioni La Nona Emanazione
 
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
Fabio Ghioni - Preatoni Ombre asimmetriche. La guerra cibernetica ei suoi pro...
 
Fabio Ghioni Asymmetric Warfare and Interception revealed
Fabio Ghioni Asymmetric Warfare and Interception revealedFabio Ghioni Asymmetric Warfare and Interception revealed
Fabio Ghioni Asymmetric Warfare and Interception revealed
 
Fabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest BrotherFabio Ghioni, Roberto Preatoni The Biggest Brother
Fabio Ghioni, Roberto Preatoni The Biggest Brother
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Fabio Ghioni

  • 1. THE LECTURERS Fabio Ghioni Roberto Preatoni
  • 2.
  • 3. Corp Vs Corp: Industrial Espionage and Cyberwars
  • 4.
  • 5. INDEX 1) Introduction: old and new threats after September 11th 2) Industrial Espionage: state-sponsored espionage 3) Cyber defense methodology: from digital identification of attacker to counterattack strategy 4) Cyber counterattacks: information leakage, Injected Interception
  • 6. In the aftermath of September 11th, security issues came into the limelight… everybody focalized their attention on increasing anti-terrorist measures and countering the increasing number of hacker attacks to business and government networks…
  • 7. … but hardly anyone has ever mentioned a more insidious and widespread criminal activity: INDUSTRIAL ESPIONAGE WHY ?
  • 8. Companies are often reluctant to publicly admit that they have been victims of industrial espionage for two main reasons: •it implicitly means that THERE WAS SOME KIND OF VULNERABILITY to be exploited •it implies the unveiling of MORE CONFIDENTIAL lines of business
  • 9. WHAT exactly is INDUSTRIAL ESPIONAGE? The illegal acquisition of intellectual property and trade secrets, in other words THEFT! The techniques to steal information from outside a company range from the traditional eavesdropping to social engineering tactics…
  • 10. The FBI generally defines economic espionage as “government-directed, sponsored, or coordinated intelligence activity, which may or may not constitute violations of law, conducted for the purpose of enhancing that country’s or another country’s economic competitiveness by the use of the information by foreign government or by providing it to foreign private business entity thereby giving that entity a competitive advantage in the marketplace,...”
  • 11. Since the 1990s Western Intelligence Agencies appear to have focused most of their time and resources on industrial espionage In most countries corporations rely on Government Agencies to carry out investigations whose results can be used to boost the National economy… France, the United States and Israeli have often been accused to spying on competitors’ industrial secrets through scanning systems such as Echelon or the Helios 1A satellite up until the more recent Carnivore software
  • 12. Conversely, the INDUSTRIAL INTELLIGENCE process consists of researching information on public source documents in order to draw inferences about what competitors might be going to do and provide the basis for possible counteraction
  • 13. Situational Awareness is the key word…
  • 14. The classic Intelligence Cycle Source: Law Enforcement Intelligence: A Guide for State, Local, and Tribal Law Enforcement Agencies http://www.cops.usdoj.gov/mime/open.pdf?Item=1396
  • 15. ". . . attaining one hundred victories in one hundred battles is not the pinnacle of excellence. Subjugating the enemy's army without fighting is the true pinnacle of excellence." Sun Tzu, The Art of War "There are but two powers in the world, the sword and the mind. In the long run the sword is always beaten by the mind." Napoleon Bonaparte
  • 16. Nevertheless, there is sometimes a fine line between the legitimate tactics of competitive intelligence gathering and the illegitimate practice of industrial espionage…
  • 17. Information may be obtained through the use of unethical but legal techniques, such as social engineering or the exploitation of competitors’ errors or negligence (e.g. e-mail hijacking)
  • 18. Today, indeed, companies can rely on cyber-based techniques and methodologies to react to attacks coming from the real world… The Internet and the Web have dramatically impacted the classic intelligence cycle More information is migrating to the Web as companies use it to automate their value chain and build tight linkages with their business parties
  • 19. THE ATTACKS Distributed Denial Of Service •Set up of botnets or drones instructed to perform synchronized attacks Information leakage and data manipulation •Intranet access due to loose access policies •Weak corporate applications •Exploitation of insiders
  • 20. CASE STUDIES 1/4 T-Mobile • At the end of 2003 a hacker got access to the T-mobile users’ accounts and stole private material from jet-set users as well as a C.I.A. document located on a T- Mobile transit e-mail account belonging to a C.I.A. agent. The hacker exploited a Bea Weblogic interface flaw.
  • 21. CASE STUDIES 2/4 Skynet 1.0 • A new application of Artificial Intelligence • Set up of intelligent networked agents • Underground work is in progress
  • 22. CASE STUDIES 3/4 Israel Trojan Horse • In 2005 Israel was put in a difficult situation by an industrial espionage scandal involving several corporation and dozens of people. • Once again data were stolen using a trojan and social engineering. • Trojan-based attacks are growing rapidly and are considered as among the most important security risks for today’s corporations.
  • 23. CASE STUDIES 4/4 Chinese Trojan Attacks • Several American corporations got compromised in the last year by trojan attacks perpetrated by chinese citizens, according to the attacks' logs. • Myfip, the trojan used for most of the attacks appeared to be one of the most sophisticated ever and one of its peculiarity was that it tried to steal also CAD/CAM files, usually related to engineering design works. • According to an IBM report, in the first half of 2005, 'customized‘ attacks against governments, corporations and financial institutions jumped to 50 per cent.
  • 24. THE DEFENSE METHODOLOGY 1/2 Digital Identification of the Attacker •Understanding the originating path •“Digital fingerprinting” and pre-analysis of the attack methodology Passive Observation and Tracking •Logging the identified activity •Spotting the attacker
  • 25. THE DEFENSE METHODOLOGY 2/2 Active Honeypots and Honeynets Situational Awareness •Case mapping Definition of Counterattack Strategy •Resource selection and allocation •Definition of timing, effort and techniques
  • 26. CYBER COUNTERATTACKS An example… Injected Interception •allows to trace the IP address of a target and gain direct access to all data contained on the computer no matter what is the means of data transport (i.e. physical or digital)
  • 27. The security management learning model Technology Methods Tools Resources Prevention/intelligence Incident Management Emergency/crisis management Security processes Policy and Tools Detection Handling Contrast Recovery procedures Risk analysis Assessment Planning Analysis Planning Analysis collection and Feed back Feed back Feed-back Learning analysis Common Knowledge Base Security KPI (Need to identify threshold values)
  • 28. Questions? ¿Preguntas? English Spanish ‫ﺃَﻳﱠﺔ ﻣَﻄَﺎﻟِﺐ‬ Domande? вопросы? Russian Italian Arabic Ερωτήσεις? Greek tupoQghachmey Klingon Japanese