SlideShare una empresa de Scribd logo

A perspective for counter strategy against cybercrime and cyber espionage

Gohsuke Takama
Gohsuke Takama
EmpresarialesTecnología
1 de 50
Descargar para leer sin conexión
Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
"what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
"what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
"whom targeted, why" • , • Sony PSN, Sony • , • • :
"whom targeted, why" http://paulsparrows.wordpress.com/category/security/cyber-attacks-timeline/
"spoofing, phishing & targeted attack" / 1
"cybercrime, cyber espionage, primary target = individual"
"know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
"know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
"know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
"disseminate characters" • • • • • • • • •
"disseminate characters"
"disseminate characters" https://us.mcafee.com/en-us/local/html/identity_theft/NAVirtualCriminologyReport07.pdf
"disseminate characters" how cyber criminals lure talents?
"disseminate characters" http://www.youtube.com/watch?v=2Tm7UKo4IBc http://www.youtube.com/watch?v=kZNDV4hGUGw
"disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
"disseminate motives" • , • • hacktivism, •
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture
"disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
"disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
"disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
"disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
"social change on Internet" 2000 • • • • • •
"social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
"real world vs. social data world"
"real world vs. social data world" :
"emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
"layer approach" •examle: OSI model
"a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
"attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
"state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
"perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
"perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
"perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
"perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
"perspective for counter strategy" be creative: Soft Power
"perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
"perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
"perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27
A perspective for counter strategy against cybercrime and cyber espionage

Recomendados

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation DataPhannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hackinghackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economyn|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 

Recomendados

How to Secure Your Organisation Data
How to Secure Your Organisation DataHow to Secure Your Organisation Data
How to Secure Your Organisation DataPhannarith Ou, G-CISO
 
What is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesWhat is a Hacker (part 1): Types, tools and techniques
What is a Hacker (part 1): Types, tools and techniquesKlaus Drosch
 
Learn Hacking
Learn HackingLearn Hacking
Learn Hackinghackingtraining
 
nullcon 2010 - Underground Economy
nullcon 2010 - Underground Economynullcon 2010 - Underground Economy
nullcon 2010 - Underground Economyn|u - The Open Security Community
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาOnwadee18
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
Hacking
HackingHacking
HackingDianna Marie Manalo
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナーGohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30Gohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーGohsuke Takama
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationMike Nowakowski
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?Winston & Strawn LLP
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataarx-deidentifier
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymizationarx-deidentifier
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาMuay31
 
Hacking
HackingHacking
HackingPurohit Rock
 
hacking
hackinghacking
hackingmayank1293
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
 

Más contenido relacionado

Destacado

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナーGohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Gohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30Gohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーGohsuke Takama
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationMike Nowakowski
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?Winston & Strawn LLP
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataarx-deidentifier
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymizationarx-deidentifier
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 

Destacado (17)

サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
 
Data Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-IdentificationData Privacy: Anonymization & Re-Identification
Data Privacy: Anonymization & Re-Identification
 
EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?EU-U.S. Privacy Shield: Should You Sign Up?
EU-U.S. Privacy Shield: Should You Sign Up?
 
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical dataARX - a comprehensive tool for anonymizing / de-identifying biomedical data
ARX - a comprehensive tool for anonymizing / de-identifying biomedical data
 
An overview of methods for data anonymization
An overview of methods for data anonymizationAn overview of methods for data anonymization
An overview of methods for data anonymization
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 

Similar a A perspective for counter strategy against cybercrime and cyber espionage

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาMuay31
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksEC-Council
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO CompliancePECB
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hackingBeing Uniq Sonu
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle BH
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and HackersFarwa Ansari
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016 arohan6
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingarohan6
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...Hackito Ergo Sum
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyCRS4 Research Center in Sardinia
 

Similar a A perspective for counter strategy against cybercrime and cyber espionage (20)

โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมาโครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
โครงงานการพัฒนาเว็บไซต์เรื่อง Hacking ชลธิชา.อรวดี.อรอุมา
 
Hacking
HackingHacking
Hacking
 
hacking
hackinghacking
hacking
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Defending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael BanksDefending Against 1,000,000 Cyber Attacks by Michael Banks
Defending Against 1,000,000 Cyber Attacks by Michael Banks
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Ethi mini - ethical hacking
Ethi mini - ethical hackingEthi mini - ethical hacking
Ethi mini - ethical hacking
 
What is Ethical hacking
What is Ethical hackingWhat is Ethical hacking
What is Ethical hacking
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
 
Hacking and Hackers
Hacking and HackersHacking and Hackers
Hacking and Hackers
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Ethical hacking 2016
Ethical hacking 2016 Ethical hacking 2016
Ethical hacking 2016
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
 
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
HES2011 - Raould Chiesa - Hackers Cybercriminals from Wargames to the Undergr...
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
 
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economyRaoul chiesa - Auditing the hacker mind - da wargames a underground economy
Raoul chiesa - Auditing the hacker mind - da wargames a underground economy
 
HACKING
HACKINGHACKING
HACKING
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Último

A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 

Último (20)

A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
Nepali Escort Girl Kakori \ 9548273370 Indian Call Girls Service Lucknow ₹,9517
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 

A perspective for counter strategy against cybercrime and cyber espionage

  • 1. Gohsuke Takama / , Meta Associates, 2011 9 http://www.slideshare.net/gohsuket
  • 2. about… ✴ Gohsuke Takama ✴ Meta Associates (http://www.meta-associates.com/) ✴founder & president, connector, analyst, planner ✴ local organizer of security conferences: BlackHat Japan, PacSec ✴ liaison of security businesses: Patch Advisor, SecWest ✴ organizer of tech entrepreneur / startup support events ✴ independent tech journalist for over 10 years ✴ for security news: http://blog.f-secure.jp/ http://scan.netsecurity.ne.jp/ ✴ Privacy International (London, UK http://www.privacyinternational.org/) ✴advisory board member ✴ Computer Professionals for Social Responsibility (http://cpsr.org/) ✴Japan chapter founding supporter
  • 3. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... • Stuxnet • (MENA) *new • Wikileaks *new • Sony PSN • Anonymous *new • Indira Gandhi
  • 4. "what happened in the last 2 years" • OperationAurora, ShadyRAT, ... = = APT (Advanced Persistent Threat) • Stuxnet = SCADA • *new= • Wikileaks *new = : • Sony PSN: 3 = DDoS, , • Anonymous *new = + • Indira Gandhi =
  • 5. "what happened in the last 2 years" infra attack: SCADA Supervisory Control And Data Acquisition
  • 6. "whom targeted, why" • , • Sony PSN, Sony • , • • :
  • 8. "spoofing, phishing & targeted attack" / 1
  • 9. "cybercrime, cyber espionage, primary target = individual"
  • 10. "know your enemy: techniques" • phishing • website spoofing • targeted phishing • content altering • trojan • XSRF • spyware • XSS • keylogger • code injection • rootkit • IP hijacking • botnet DDoS • rogue WiFi AP • sniffer
  • 11. "know your enemy: techniques" http://www.ipa.go.jp/security/vuln/newattack.html
  • 12. "know your enemy: not just techniques" • • who are they? • disseminate characters • disseminate motives
  • 16. "disseminate characters" how cyber criminals lure talents?
  • 18. "disseminate characters" • = • = • = • = • : →CEO 26% • = Lulzsec, TeaMp0isoN • = Th3J35t3r, On3iroi • = Anonymous • vs
  • 19. "disseminate motives" • , • • hacktivism, •
  • 23. "disseminate motives" Law, Market, Norm, Architecture - - J-SOX - - ( ) - - - - : -
  • 24. "disseminate motives" • , = Power • = Money • hacktivism, = Ideology • = Control
  • 25. "disseminate motives" Power, Money, Ideology, Control Power $Money Ideology - - - - Control
  • 26. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Organized Extremist $Money Crime Hacktivist Ideology : - Hacker - Cracker - - Control
  • 27. "disseminate motives" Autocracy, Crime, Extremism, Hacker Power Autocratic Government Infra APT Disruption Organized Extremist $Money Crime Hacktivist Ideology Theft Hacktivism Fraud Lulz : - Hacker - Cracker - - Control
  • 28.
  • 29. "social change on Internet" 2000 • • • • • •
  • 30. "social change on Internet" 2001 • • • • • • • • • • • • • • (Wiki ) • / • • • 3D •
  • 31. "real world vs. social data world"
  • 32. "real world vs. social data world" :
  • 33. "emerging attack techniques" • malware: , • VM , bios • : VNC, Spycam, • spyware : keylogger, GPS logger • sabotage ware : Stuxnet • USB = • DDoS: JavaScript (LOIC) ($8/h~),
  • 34. "layer approach" •examle: OSI model
  • 35. "a security layer model " 7 Psychological , Human Factor 6 Custom (Habit) , 5 Operation 4 Content Intangibles 3 OS/Application 2 Hardware Tangibles 1 Physical
  • 36. "attacks vs. counter measures " APT, espionage, phishing, Psychological social engineering ? spoofing, pharming, accustomed best practice, Custom phishing spam, XSS, XSRF, awareness, CIRT, PKI, spyware, ID spoof/theft digital ID, SSL certificate DoS, spam, ransom-ware, routing, filtering, policy, Operation sabotage-ware audit, CIRT sniffing, spyware, spam, encryption, filtering, Content alteration content-scan, host IDS OS/ DoS, vuln exploit, 0day, Firewall, network IDS, IPS, Application rootkit, botnet anti-virus, OS/app patch direct access, tampering, perimeter guard, anti- Hardware alteration tampering, hard seal lock pick, break in, surveillance, perimeter Physical vandalism alarm, armed guard
  • 37. "state of security methodology" ✴ •( + ) ✴ •= ( ) ✴ PKI = DigiNotar ✴ = •( ) ✴ =
  • 38. "perspective for counter strategy" set basic security measures: ✴ prevention, detection, response ✴ ✴ ✴ : 100% ✴ : ✴ (APT ) ✴ PET (Privacy Enhancing Technology ) ✴ PIA (Privacy Impact Assessment )
  • 39. "perspective for counter strategy" be creative: ✴ ✴ soft power • • PR deflective PR ✴ social intelligence ( ) ✴ counter social engineering • •
  • 40. "perspective for counter strategy" be creative: Learn Attack Technique • • • = CTF (Capture The Flag) • • DEFCON CTF CTF •
  • 41. "perspective for counter strategy" be creative: Soft Power • Soft Power = 1990 Joseph Nye • Hard Power • • http://en.wikipedia.org/wiki/Soft_power • / • •
  • 42. "perspective for counter strategy" be creative: Soft Power
  • 43. "perspective for counter strategy" be creative: Social Intelligence • • • hacktivism • • Twitter, Facebook, IRC, Weibo, RenRen
  • 44. "perspective for counter strategy" be creative: Counter Social Engineering • • • • • • • ( )
  • 45. "perspective for counter strategy" be prepared: Simulation Exercise ✴ • TableTop Exercise = • • Functional Exercise = • • • FullScale Exercise = • •
  • 46. references • CEOs - the new corporate fraudstersds http://www.iol.co.za/ sundayindependent/ceos-the-new-corporate-fraudstersds-1.1144649 • PwC Survey Says: Telecoms Are Overconfident About Security http:// www.readwriteweb.com/cloud/2011/09/pwc-survey-says-telecoms-are-o.php • Cyber attack led to IGI shutdown http://www.indianexpress.com/news/ cyber-attack-led-to-igi-shutdown/851365/ • Anonymous announces global plans http://www.digitaltrends.com/ computing/video-anonymous-announces-global-plans/ • ANONYMOUS - OPERATION PAYBACK - Sony Press Release http:// www.youtube.com/watch?v=2Tm7UKo4IBc • Operation Payback - Anonymous Message About ACTA Laws, Internet Censorship and Copyright http://www.youtube.com/watch? v=kZNDV4hGUGw • Anonymous: Message to Scientology http://www.youtube.com/watch? v=JCbKv9yiLiQ • Anonymous http://www.atmarkit.co.jp/ fsecurity/special/161dknight/dknight01.html
  • 47. references • 28 Nation States With Cyber Warfare Capabilities http:// jeffreycarr.blogspot.com/2011/09/27-nation-states-with-cyber-warfare.html • Far East Research http://scan.netsecurity.ne.jp/archives/52017036.html • CVE-2011-0611 : Adobe Flash Player SWF Memory Corruption Vulnerability http://www.youtube.com/watch?v=DP_rRf468_Y • MYBIOS. Is BIOS infection a reality? http://www.securelist.com/en/analysis/ 204792193/MYBIOS_Is_BIOS_infection_a_reality • McAfee Virtual Criminology Report 2007 http://us.mcafee.com/en-us/local/ html/identity_theft/NAVirtualCriminologyReport07.pdf • Google Zeitgeist http://blog.f-secure.jp/ archives/50630539.html • "The Tragedies in Oslo and on Utøya island" Speech held by King Harald V http://www.kongehuset.no/c27262/nyhet/vis.html?tid=92959
  • 48. references • -- DEFCON CTF http://scan.netsecurity.ne.jp/archives/52002536.html • PET http://www.soumu.go.jp/denshijiti/pdf/ jyumin_p_s3.pdf • PIA http://www.soumu.go.jp/denshijiti/pdf/jyumin_p_s2.pdf • http:// jp.reuters.com/article/topNews/idJPJAPAN-21406320110527 • GIE http://d.hatena.ne.jp/ukky3/20110829/1314685819 • Diginotar Black.Spook http://blog.f-secure.jp/archives/50626009.html
  • 49. references • Computer virus hits US Predator and Reaper drone fleet http:// arstechnica.com/business/news/2011/10/exclusive-computer-virus-hits- drone-fleet.ars • F-Secure: Possible Governmental Backdoor found, MD5 hashes ("case R2D2") http://www.f-secure.com/weblog/archives/00002249.html • State-sponsored spies collaborate with crimeware gang | The Unholy APT- botnet union http://www.theregister.co.uk/2011/09/13/ apt_botnet_symbiosis/ • NISC 10 7 http://www.nisc.go.jp/ conference/seisaku/index.html#seisaku27