SlideShare una empresa de Scribd logo

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

Mikko Hypponen
Mikko Hypponen

Keynote at SecTor 2011 in Toronto / Mikko Hypponen, F-Secure

TecnologíaNoticias y política
1 de 58
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
Fake News? Hacked News site?
6es7-417
Duqu
Connects to 206.183.111.97 aka canoyragomez.rapidns.com
Protecting the irreplaceable | f-secure.com
Protecting the irreplaceable | f-secure.com
21
Document Exploit Code EXE DOC Filling
28
29
Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
Data from Messagelabs / Symantec study
Case Agent.BTZ
• 48
• 49
Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
Poison ivy, gh0st rat, zwshell
20 October, 2011
How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com

Recomendados

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 

Recomendados

Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]Guerilla warfare by means of netwarfare [2001]
Guerilla warfare by means of netwarfare [2001]
Mikko Hypponen
 
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Mikko Hypponen
 
AusCERT - Mikko Hypponen
AusCERT - Mikko HypponenAusCERT - Mikko Hypponen
AusCERT - Mikko Hypponen
Mikko Hypponen
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generation
Tony Lauro
 
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
Why mobile-should-stop-worrying-learn-love-root-andrew-hoog-viaforensics-rsa-...
viaForensics
 
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO CXO Series Breakfast in partnership with Kaspersky Lab,, 11th Nov Sydney....
CSO_Presentations
 
My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!My dog is a hacker and will steal your data!
My dog is a hacker and will steal your data!
rafa_el_souza
 
Anonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian GovernmentAnonymous Attacks On Tunisian Government
Anonymous Attacks On Tunisian Government
Positive Hack Days
 
Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
Cyphort
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
Tanja Drca
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
Antonio Sanz Alcober
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
COIICV
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Badgujar
 
Hacking final
Hacking finalHacking final
Hacking final
JiyaaNaqvi
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
Simon Wilson
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
acinfotec
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
Priyanka Aash
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
Kingfin Enterprises Limited
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Asociación de Ejecutivos de Cooperativas de Puerto Rico
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
SelectedPresentations
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
n|u - The Open Security Community
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
Sudhanshu Maurya
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
Tenable Network Security
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
EC-Council
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
Shiva Bissessar
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
Neil Lines
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 

Más contenido relacionado

La actualidad más candente

Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Martin Vigo
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
CrowdStrike
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
CrowdStrike
 

La actualidad más candente (20)

Cyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_riseCyber espionage nation state-apt_attacks_on_the_rise
Cyber espionage nation state-apt_attacks_on_the_rise
 
Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)Mobile #Infosec hackathon for journalists(2)
Mobile #Infosec hackathon for journalists(2)
 
Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?Ciberamenazas - ¿A qué nos enfrentamos?
Ciberamenazas - ¿A qué nos enfrentamos?
 
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
Antonio Sanz. S2Grupo. Ciberamenazas. Semanainformatica.com 2015
 
Vishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM SpyingVishwadeep Presentation On NSA PRISM Spying
Vishwadeep Presentation On NSA PRISM Spying
 
Hacking final
Hacking finalHacking final
Hacking final
 
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay ProtocolDo-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
Do-it-Yourself Spy Program: Abusing Apple’s Call Relay Protocol
 
Securing blockchain assets
Securing blockchain assetsSecuring blockchain assets
Securing blockchain assets
 
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
C-SEC|2016 Session 2 The Security Game : You Failed at the Beginning By Incog...
 
Intelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber DefenseIntelligence-Led Security: Powering the Future of Cyber Defense
Intelligence-Led Security: Powering the Future of Cyber Defense
 
Datashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - KingfinDatashur Presentation pin flash drive - Kingfin
Datashur Presentation pin flash drive - Kingfin
 
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
Seguridad de la Información y Controles contra Hackers - Getting hacked 101 ...
 
Stu w25 b
Stu w25 bStu w25 b
Stu w25 b
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Analysis of cyber security and threats
Analysis of cyber security and threatsAnalysis of cyber security and threats
Analysis of cyber security and threats
 
Unwelcome Network Surprises
Unwelcome Network SurprisesUnwelcome Network Surprises
Unwelcome Network Surprises
 
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverCloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
Cloud Proxy Technology – Hacker Halted 2019 – Jeff Silver
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns Cyber Security Extortion: Defending Against Digital Shakedowns
Cyber Security Extortion: Defending Against Digital Shakedowns
 
Caribbean DDoS activity
Caribbean DDoS activityCaribbean DDoS activity
Caribbean DDoS activity
 

Similar a SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
Adam W. Warner
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
delmount
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
Rochester Security Summit
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
Wallarm
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
 

Similar a SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states (20)

Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
The Personal and Website Security Mindset
The Personal and Website Security MindsetThe Personal and Website Security Mindset
The Personal and Website Security Mindset
 
Keith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysisKeith J. Jones, Ph.D. - Crash Course malware analysis
Keith J. Jones, Ph.D. - Crash Course malware analysis
 
Technology in a global society presentation
Technology in a global society presentationTechnology in a global society presentation
Technology in a global society presentation
 
I´m not a number, I´m a free man
I´m not a number, I´m a free manI´m not a number, I´m a free man
I´m not a number, I´m a free man
 
Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!Social and Mobile and Cloud OH MY!
Social and Mobile and Cloud OH MY!
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
 
Google Hacking 101
Google Hacking 101Google Hacking 101
Google Hacking 101
 
Free lowcost dec2010
Free lowcost dec2010Free lowcost dec2010
Free lowcost dec2010
 
Modern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layerModern Reconnaissance Phase on APT - protection layer
Modern Reconnaissance Phase on APT - protection layer
 
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkinRv defcon25 keeping an eye on mobile applications - mikhail sosonkin
Rv defcon25 keeping an eye on mobile applications - mikhail sosonkin
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Real Business Threats!
Real Business Threats!Real Business Threats!
Real Business Threats!
 
IT security for all. Bootcamp slides
IT security for all. Bootcamp slidesIT security for all. Bootcamp slides
IT security for all. Bootcamp slides
 
Splunk at Oscar Health
Splunk at Oscar HealthSplunk at Oscar Health
Splunk at Oscar Health
 
Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015Sandbox detection: leak, abuse, test - Hacktivity 2015
Sandbox detection: leak, abuse, test - Hacktivity 2015
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
 
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
Project KidHack - Teaching Kids Security through Gaming at BSidesCharm on Apr...
 

Más de Mikko Hypponen

Más de Mikko Hypponen (7)

State of the Net
State of the NetState of the Net
State of the Net
 
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
The Internet is on Fire - Mikko Hypponen at TEDxBrussels 2014
 
Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013Living In A Surveillance State - TEDxBrussels 2013
Living In A Surveillance State - TEDxBrussels 2013
 
SXSW - Mikko Hypponen
SXSW - Mikko HypponenSXSW - Mikko Hypponen
SXSW - Mikko Hypponen
 
Google Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko HypponenGoogle Zeitgeist - Mikko Hypponen
Google Zeitgeist - Mikko Hypponen
 
TEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko HypponenTEDxRotterdam - Mikko Hypponen
TEDxRotterdam - Mikko Hypponen
 
TEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko HypponenTEDxHelsinki - Mikko Hypponen
TEDxHelsinki - Mikko Hypponen
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

SecTor 2011 Keynote: Online Attacks and Espionage by Nation-states

  • 1. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com
  • 2. Fake News? Hacked News site?
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 12.
  • 13. Duqu
  • 14. Connects to 206.183.111.97 aka canoyragomez.rapidns.com
  • 15.
  • 16.
  • 19.
  • 20.
  • 21. 21
  • 22.
  • 23.
  • 24. Document Exploit Code EXE DOC Filling
  • 25.
  • 26.
  • 27.
  • 28. 28
  • 29. 29
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. Little financial incentive to target: • Supporters of Tibet • Members of Falun Dafa / Falun Kong • Supporters of the Uighur minorities • Supporters of Inner Mongolian minorities
  • 41. Data from Messagelabs / Symantec study
  • 42.
  • 43.
  • 45.
  • 46.
  • 47.
  • 50.
  • 51. Our desire for success is like wolf's desire for blood. We work together against the enemy like a pack of wolves.
  • 52. Poison ivy, gh0st rat, zwshell
  • 54. How do I know if I was hit? • Your colleagues have no idea of the mail you got from them • Your machine connects to funky hosts on it's own • Word / Excel / Acrobat flashes and restarts • You get weird error messages from Office • Non-SSL port 443 traffic in your network
  • 55. Funky hosts? • Some actual hosts we've seen in targeted attacks • kira.8800.org • angelwp.3322.org • xpgod.8866.org:8181 • ysc20008.3322.org • a041181.3322.org • mm2007.6600.org • sgiorgus.8800.org • a85468546.9966.org • cvnxus.8800.org • wcs.8800.org • qingchun521.9966.org • miao1314.8800.org • getmeg.go.8866.org • update-microsoft.kmip.net • hobby.8800.org • a2b2.3322.org • dns3.westcowboy.com • swzcs.to.8866.org • hi222.3322.org • www.scratchindian.com • hackeroo.3322.org • wangba8888.3322.org • hgz3.8800.org • cybersyndrome.3322.org
  • 56. From obvious to non-obvious • boxy.3322.org • jj2190067.3322.org • hzone.no-ip.biz • tempsys.8866.org • zts7.8800.org • shenyuan.9966.org • xinxin20080628.gicp.net • www.adobeupdating.com • ip2.kabsersky.com • mapowr.symantecs.com.tw • iran.msntv.org • windows.redirect.hm
  • 57. PATCH, PATCH, PATCH GET RID OF ADOBE READER ADD TRAPS TO YOUR FIREWALLS HOPE THAT THEY DON’T TARGET YOU
  • 58. ONLINE ATTACKS AND ESPIONAGE BY NATION-STATES Mikko Hypponen CRO, F-Secure Corp twitter.com/mikko Protecting the irreplaceable | f-secure.com