SlideShare a Scribd company logo

Cybercrime and Business Process Hacking

Download as KEY, PDF
Richard Stiennon
Richard Stiennon

A presentation on the rise of cyber crime and the trend towards Business Process hacking

TechnologyBusiness
1 of 19
Cyber Crime Prepare for the next wave: Business Process Hacking Richard Stiennon – Chief Research Analyst, IT-Harvest
The Rise of Cybercrime INHIBITORS Better security International cooperation (or not)‫‏‬ BPH! Organization Insider recruitment 30 million bots Success (profits)‫‏‬ Market for identities New vulnerabilities Ubiquitous Internet DRIVERS IT-Harvest 2011
Historical Criminal Societies IT-Harvest 2011
The first wave: the adware economy E-commerce Sites Affiliate Web Sites Software parasites Hit Stats Worms Fake “Top Ten” Viruses Brokers Spam Webrings Infected Desktops ADware IT-Harvest 2011
The Adware economy E-commerce Sites Affiliate Web Sites Hit Stats Software parasites Popularity- Stats Worms Brokers Viruses Webrings Spam Infected Desktops ADware IT-Harvest 2011
IP theft as a service in Israel IT-Harvest 2011
Physical presence targets “where the money is” - Willie Sutton • Sumitomo Mitsui Bank Branch IT-Harvest 2011
Cyber Defense :-) Sumitomo Best Practice IT-Harvest 2011
Stop&Shop IT-Harvest 2011
Stop&Shop cyber defense IT-Harvest 2011
TJX: targeting data repositories TJ MAXX, Marshall’s 45 Million Credit cards @ $80/card =$3.6 Billion in costs! Pringle’s can or…? IT-Harvest 2011
Business Process Hacking • Step one: identify the business process • Step two: identify key vulnerabilities and trust relationships  Insiders  Customers  Partners • Step three: steal something • Step four: monitization IT-Harvest 2011 12
An insider’s perspective • Major railroad in US • Major computer manufacturer in US IT-Harvest 2011 13
Pump and dump • Break in to online trading account • Sell off owner’s portfolio • Purchase penny stocks • Dump attacker’s holdings when stock price jumps • Leave account holder with worthless portfolio • Canadian attacks thwarted $11 million frozen in Lithuanian bank. IT-Harvest 2011 14
E-ticketing fraud • Indian railway reservations. Scalpers use software to corner the market for tickets and resell them at a mark up. • Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000) • Even better: scammers buy seats and block others from getting seats. IT-Harvest 2011 15
Carbon credits • 2010 Phishing attack against dozens of companies • Seven out of 2,000 German companies fall for it • Carbon credits transferred to two accounts owned by attackers • $4 million stolen • 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million. IT-Harvest 2011 16
Vulnerable business processes • Treasury functions • Logistics • Payroll • Trading platforms for energy, natural resources, commodities, securities • Voting platforms • Gaming sites • Foreign Exchange • “Deal rooms” • Central banks • IT-Harvest 2011 17
Beyond theft • Commerce relies on trust. Break that trust and commerce fails. IT-Harvest 2011 18
richard@it-harvest.com threatchaos.com twitter.com/stiennon

Recommended

Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
Netop
 
Privacy in an interconnected world
Privacy in an interconnected worldPrivacy in an interconnected world
Privacy in an interconnected world
Bianca Mueller, LL.M.
 
Munk and vc
Munk and vcMunk and vc
Munk and vc
jimdewilde
 
Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025
Arushi00
 
Importance of IP to U.S. Jobs and Economy
Importance of IP to U.S. Jobs and EconomyImportance of IP to U.S. Jobs and Economy
Importance of IP to U.S. Jobs and Economy
NationalAllianceForJobsAndInnovation
 
iot-bringing-trust-to-iot[1]
iot-bringing-trust-to-iot[1]iot-bringing-trust-to-iot[1]
iot-bringing-trust-to-iot[1]
Haider Iqbal
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 

Recommended

Netop Remote Control Embedded Devices
Netop Remote Control Embedded DevicesNetop Remote Control Embedded Devices
Netop Remote Control Embedded Devices
Netop
 
Privacy in an interconnected world
Privacy in an interconnected worldPrivacy in an interconnected world
Privacy in an interconnected world
Bianca Mueller, LL.M.
 
Munk and vc
Munk and vcMunk and vc
Munk and vc
jimdewilde
 
Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025Deception Technology Market – Overview of advancements in innovation 2025
Deception Technology Market – Overview of advancements in innovation 2025
Arushi00
 
Importance of IP to U.S. Jobs and Economy
Importance of IP to U.S. Jobs and EconomyImportance of IP to U.S. Jobs and Economy
Importance of IP to U.S. Jobs and Economy
NationalAllianceForJobsAndInnovation
 
iot-bringing-trust-to-iot[1]
iot-bringing-trust-to-iot[1]iot-bringing-trust-to-iot[1]
iot-bringing-trust-to-iot[1]
Haider Iqbal
 
Cyber Risk for Construction Industry
Cyber Risk for Construction Industry Cyber Risk for Construction Industry
Cyber Risk for Construction Industry
BrianHuntMSFCPACRISC
 
The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017The 10 Fastest Growing Cyber Security Companies of 2017
The 10 Fastest Growing Cyber Security Companies of 2017
Insights success media and technology pvt ltd
 
The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
at MicroFocus Italy ❖✔
 
Wellspring intellectual property complexity trends
Wellspring intellectual property complexity trendsWellspring intellectual property complexity trends
Wellspring intellectual property complexity trends
Wellspring
 
Apt 510 slideshare
Apt 510 slideshareApt 510 slideshare
Apt 510 slideshare
ShondaRobinson2
 
Presentation3
Presentation3Presentation3
Presentation3
Polina Ostasheva
 
Amb's Herbal Bath Care
Amb's Herbal Bath CareAmb's Herbal Bath Care
Amb's Herbal Bath Care
Anika Mckenzie
 
ihegc012
ihegc012ihegc012
ihegc012
Maksym Schipka
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
Goutama Bachtiar
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
VidaB
 
Challenge Accepted
Challenge AcceptedChallenge Accepted
Challenge Accepted
Edward Jackson
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
Teo Leonard
 
The New Industrial Revolution(s)? Exploring blockchains and the future of val...
The New Industrial Revolution(s)? Exploring blockchains and the future of val...The New Industrial Revolution(s)? Exploring blockchains and the future of val...
The New Industrial Revolution(s)? Exploring blockchains and the future of val...
Robin Teigland
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
Sooraj Maurya
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015
Kevin Murphy
 
IT in Business - Digital Piracy
IT in Business - Digital PiracyIT in Business - Digital Piracy
IT in Business - Digital Piracy
Erick Prajogo
 
Corporate-Espionage
Corporate-EspionageCorporate-Espionage
Corporate-Espionage
Sam
 
Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
BlueBit Technologies
 
Internet of Things-A trillion dollar market
Internet of Things-A trillion dollar marketInternet of Things-A trillion dollar market
Internet of Things-A trillion dollar market
sksaif95
 
CyberSecurity.pptx
CyberSecurity.pptxCyberSecurity.pptx
CyberSecurity.pptx
PranavRaj96
 
2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
McafeeCareers
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
Enterprise Security Risk Management
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
cheinyeanlim
 

More Related Content

What's hot

The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
at MicroFocus Italy ❖✔
 
Wellspring intellectual property complexity trends
Wellspring intellectual property complexity trendsWellspring intellectual property complexity trends
Wellspring intellectual property complexity trends
Wellspring
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
VidaB
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015
Kevin Murphy
 
IT in Business - Digital Piracy
IT in Business - Digital PiracyIT in Business - Digital Piracy
IT in Business - Digital Piracy
Erick Prajogo
 
Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 

What's hot (19)

The Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hackingThe Business of Hacking - Business innovation meets the business of hacking
The Business of Hacking - Business innovation meets the business of hacking
 
Wellspring intellectual property complexity trends
Wellspring intellectual property complexity trendsWellspring intellectual property complexity trends
Wellspring intellectual property complexity trends
 
Apt 510 slideshare
Apt 510 slideshareApt 510 slideshare
Apt 510 slideshare
 
Presentation3
Presentation3Presentation3
Presentation3
 
Amb's Herbal Bath Care
Amb's Herbal Bath CareAmb's Herbal Bath Care
Amb's Herbal Bath Care
 
ihegc012
ihegc012ihegc012
ihegc012
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
Chapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce JenChapter 17 a fraud in e commerce Jen
Chapter 17 a fraud in e commerce Jen
 
Challenge Accepted
Challenge AcceptedChallenge Accepted
Challenge Accepted
 
Red Flags Rule General
Red Flags Rule GeneralRed Flags Rule General
Red Flags Rule General
 
The New Industrial Revolution(s)? Exploring blockchains and the future of val...
The New Industrial Revolution(s)? Exploring blockchains and the future of val...The New Industrial Revolution(s)? Exploring blockchains and the future of val...
The New Industrial Revolution(s)? Exploring blockchains and the future of val...
 
Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER Cybercrime IN INDIA , LAW AND ORDER
Cybercrime IN INDIA , LAW AND ORDER
 
Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015Cyber Crime Seminar Jan 2015
Cyber Crime Seminar Jan 2015
 
IT in Business - Digital Piracy
IT in Business - Digital PiracyIT in Business - Digital Piracy
IT in Business - Digital Piracy
 
Corporate-Espionage
Corporate-EspionageCorporate-Espionage
Corporate-Espionage
 
Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019Chinese Facial Recognition Will Take over the World in 2019
Chinese Facial Recognition Will Take over the World in 2019
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sony
 
Internet of Things-A trillion dollar market
Internet of Things-A trillion dollar marketInternet of Things-A trillion dollar market
Internet of Things-A trillion dollar market
 
CyberSecurity.pptx
CyberSecurity.pptxCyberSecurity.pptx
CyberSecurity.pptx
 

Similar to Cybercrime and Business Process Hacking

Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
Enterprise Security Risk Management
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
Abdelfatah hegazy
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Tech and Law Center
 
domain names management whitepaper
domain names management whitepaperdomain names management whitepaper
domain names management whitepaper
VAYTON
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
Oracle BH
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
IbuSrikandi
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
Internet Law Center
 

Similar to Cybercrime and Business Process Hacking (20)

2010q1 Threats Report
2010q1 Threats Report2010q1 Threats Report
2010q1 Threats Report
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
 
Symantec Website Security Threat Report
Symantec Website Security Threat ReportSymantec Website Security Threat Report
Symantec Website Security Threat Report
 
Apresentação Allen ES
Apresentação Allen ESApresentação Allen ES
Apresentação Allen ES
 
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
30 years living a happy life - Breaking Systems, Chasing Bad Guys and Teachin...
 
DSS @SFK Conference_2012_Cybercrime_welcomes_you
DSS @SFK Conference_2012_Cybercrime_welcomes_youDSS @SFK Conference_2012_Cybercrime_welcomes_you
DSS @SFK Conference_2012_Cybercrime_welcomes_you
 
Ivanti threat thursday deck july final - read-only
Ivanti threat thursday deck july final - read-onlyIvanti threat thursday deck july final - read-only
Ivanti threat thursday deck july final - read-only
 
E security and payment 2013-1
E security and payment 2013-1E security and payment 2013-1
E security and payment 2013-1
 
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
Francesca Bosco, Cybercrimes - Bicocca 31.03.2011
 
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
Cybercrime, Digital Investigation and Public Private Partnership by Francesca...
 
Emerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business ReadyEmerging Threats to Digital Payments - Is Your Business Ready
Emerging Threats to Digital Payments - Is Your Business Ready
 
IBM Cyber Threat Analysis
IBM Cyber Threat AnalysisIBM Cyber Threat Analysis
IBM Cyber Threat Analysis
 
Vodqa why cybersecurity
Vodqa why cybersecurityVodqa why cybersecurity
Vodqa why cybersecurity
 
domain names management whitepaper
domain names management whitepaperdomain names management whitepaper
domain names management whitepaper
 
Cyber Security Report 2019
Cyber Security Report 2019Cyber Security Report 2019
Cyber Security Report 2019
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010Oracle tech db-02-hacking-neum-15.04.2010
Oracle tech db-02-hacking-neum-15.04.2010
 
Forensics Expo, London 2015
Forensics Expo, London 2015Forensics Expo, London 2015
Forensics Expo, London 2015
 
Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011Risk base approach for security management fujitsu-fms event 15 aug 2011
Risk base approach for security management fujitsu-fms event 15 aug 2011
 
Unearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet FraudUnearthing and Dissecting Internet Fraud
Unearthing and Dissecting Internet Fraud
 

More from Richard Stiennon

More from Richard Stiennon (15)

Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
 
Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trends
 
The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be Cyberwar
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar
 
How the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwarsHow the Revolution in Military Affairs has set the stage for future cyberwars
How the Revolution in Military Affairs has set the stage for future cyberwars
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security Forever
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick?
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Cyberwar Update2010
Cyberwar Update2010Cyberwar Update2010
Cyberwar Update2010
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09
 
Surviving Cyber War
Surviving Cyber WarSurviving Cyber War
Surviving Cyber War
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Cybercrime and Business Process Hacking

  • 1. Cyber Crime Prepare for the next wave: Business Process Hacking Richard Stiennon – Chief Research Analyst, IT-Harvest
  • 2. The Rise of Cybercrime INHIBITORS Better security International cooperation (or not)‫‏‬ BPH! Organization Insider recruitment 30 million bots Success (profits)‫‏‬ Market for identities New vulnerabilities Ubiquitous Internet DRIVERS IT-Harvest 2011
  • 4. The first wave: the adware economy E-commerce Sites Affiliate Web Sites Software parasites Hit Stats Worms Fake “Top Ten” Viruses Brokers Spam Webrings Infected Desktops ADware IT-Harvest 2011
  • 5. The Adware economy E-commerce Sites Affiliate Web Sites Hit Stats Software parasites Popularity- Stats Worms Brokers Viruses Webrings Spam Infected Desktops ADware IT-Harvest 2011
  • 6. IP theft as a service in Israel IT-Harvest 2011
  • 7. Physical presence targets “where the money is” - Willie Sutton • Sumitomo Mitsui Bank Branch IT-Harvest 2011
  • 8. Cyber Defense :-) Sumitomo Best Practice IT-Harvest 2011
  • 11. TJX: targeting data repositories TJ MAXX, Marshall’s 45 Million Credit cards @ $80/card =$3.6 Billion in costs! Pringle’s can or…? IT-Harvest 2011
  • 12. Business Process Hacking • Step one: identify the business process • Step two: identify key vulnerabilities and trust relationships  Insiders  Customers  Partners • Step three: steal something • Step four: monitization IT-Harvest 2011 12
  • 13. An insider’s perspective • Major railroad in US • Major computer manufacturer in US IT-Harvest 2011 13
  • 14. Pump and dump • Break in to online trading account • Sell off owner’s portfolio • Purchase penny stocks • Dump attacker’s holdings when stock price jumps • Leave account holder with worthless portfolio • Canadian attacks thwarted $11 million frozen in Lithuanian bank. IT-Harvest 2011 14
  • 15. E-ticketing fraud • Indian railway reservations. Scalpers use software to corner the market for tickets and resell them at a mark up. • Concert tickets. Scammers snipe tickets when they go on sale using elaborate hacks to avoid fraud detection schemes. They resell them immediately on sites such as StubHub.com or TicketsNow.com ($1,000) • Even better: scammers buy seats and block others from getting seats. IT-Harvest 2011 15
  • 16. Carbon credits • 2010 Phishing attack against dozens of companies • Seven out of 2,000 German companies fall for it • Carbon credits transferred to two accounts owned by attackers • $4 million stolen • 2011 1.6 million carbon credits stolen from the Romanian branch of Swiss cement company Holcim. $36 million. IT-Harvest 2011 16
  • 17. Vulnerable business processes • Treasury functions • Logistics • Payroll • Trading platforms for energy, natural resources, commodities, securities • Voting platforms • Gaming sites • Foreign Exchange • “Deal rooms” • Central banks • IT-Harvest 2011 17
  • 18. Beyond theft • Commerce relies on trust. Break that trust and commerce fails. IT-Harvest 2011 18

Editor's Notes

  1. \n
  2. The purpose of this presentation is to depict a scenario. It is only through imagining the worst that we can prepare for it and hopefully curtail the chances of a particular scenario playing out in real life. \n\nThe cyber crime scenario is fueled by the lack of balance between the fundemental drivers and the countervailing inhibitors. \nDRIVERS\nCriminals historically prey on their immediate neighbors. The Internet changes all that\nThe monthly barrage of vulnerability announcements, particularly from MSFT give cyber criminals the opportunities they need. Total impact of Vista will be…ZERO\nOnline trading sites for identities create a market for thieves to sell to more sophisticated criminals.\nSuccess (profits) breeds more success. Just as eBay created a new generation of garage sale entrepreneurs, Cyber crime is sucking in more and more players. \nLarge botnets, in particular a million member army being prepped for the holiday season indicate growing power. \nOrganized crime is turning to bribery and infiltration to steal identities. \n
  3. The Wild West, Chicago in the 20’s, the Caribbean previous centuries and Columbia as well as aspects of Russia and Italy today are all examples of where unchecked crime can lead. This is the scenario that we must avoid. \n
  4. \n
  5. \n
  6. Since May 30, Memorial Day weekend, Israel’s business community has been in an uproar. Here is a snapshot of the outbreak of a major industrial espionage incident. Spyware plays a crucial role in this fiasco. \n\nThis slide depicts the targets, the perpetrators, and the Private Investigators that carried off these invasions. The story started when an Israeli author noticed that his unpublished works were being posted to the Internet. Suspecting his step-daughters ex-husband he called in the Israeli police. The police discovered the HotWar Trojan on his home computer. Files, emails, and everything the author typed were being sent to FTP servers in Germany, the UK and the US. When those servers were seized by local authorities in each country they were found to contain internal documents from dozens of companies in Israel including the state owned telephone company, Bezeq, a cell phone company, a car dealer, satellite TV company(Hot!), a cell phone company (Patner), a water company (Gal-Al), a defense contractor and more. \n\nIt turns out that at least a dozen companies in Israel had hired Private Investigators to gather competitive intelligence on their counterparts. The PI’s had purchased software from Michael Hephrati in the UK and sent it to the targets disguised as a legitimate email proposal. While 22 people are under arrest, one was indicted this week (June 20), and the investigation continues.:\n-The CEO of one of the PI firms through himself down a stairwell at the police station and is in critical condition with multiple head and spine injuries. \n-The private firms that were in the process of purchasing Bezeq have asked for a new sale to take place. \n-The water company that was hacked lost documents that detailed heavy water extraction techniques. Heavy water is critical to the manufacture of H bombs. \n-Israeli authorities themselves have been using spyware to gather information from PC of the wife of the Syrian President. \nStay tuned. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n