Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill drshill@gmx.co.uk We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world. Ginni Rometty IBM Corp. ’s Chairman, President & CEO 1
Who Would Attack You & Why? ▪ Cyber Criminal – attack organisations and steal information such as credit cards and bank details for financial gain ▪ Hackers – attack IT systems and online services for financial gain or to break the security on a website (‘hacktivists’ for example) ▪ Insiders – disgruntled or dishonest staff who steal or destroy to cause embarrassment, disruption or financial gain by selling data for personal profit ▪ State Sponsored – attacks on business or government organisations to gain information on bids or planned acquisitions for commercial advantage or financial/political gain … What is Cybercrime? Cyber Dependent Crime Cyber Enabled Crime Home Office and National Cyber Crime Unit 2
Cyber Dependent Crime Cyber dependent crimes are offences that can only be committed using a computer, computer networks or other form of information communication technology These acts include: ▪ Malware/spyware ▪ Hacking ▪ Viruses ▪ Distributed Denial of Service attacks (DDoS) Cyber dependent crimes are primarily acts directed against computers or network resources… Cyber Dependent Crime Denial of Service attacks 3
Cyber Enabled Crime Cyber enabled crimes are traditional crimes that are increased in scale or reach by the use of computers, computer networks or other information communication technology Cyber enabled crimes include : ▪ Grooming ▪ Theft ▪ Fraud ▪ Hate crime Cyber enabled crimes can be committed both on and offline… Cyber Enabled Crime CEO/Mandate Fraud 4
10 Title of presentation https://www.fireeye.com/cyber-map/threat- map.html 5
5 Reasons Why Attacks Are Possible 1 End user didn’t think before clicking 2 Weak password/default password in use 3 Insecure configuration 4 Use of legacy or un-patched hardware or software 5 Lack of basic network security protection/segmentation… Tools & Techniques for Cyber Attack Social Media Exploitation Phishing DDOS Attack, Hacking Insider Threats Techniques Malicious Software Source: ICAEW 6
Ransomware ▪ Ransomware stops you from using your PC ▪ There are different types of ransomware ▪ It effectively holds your PC or files for "ransom“ typically until a payment is made ▪ Ransomware can: ▪ Prevent you from accessing your operating system ▪ Encrypt files so you can't use them ▪ Stop certain apps from running (like your web browser) … Ransomware Attacks 7
Ransomware ▪ No guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again! ▪ So - Protect yourself from ransomware ▪ Use reputable antivirus software and a firewall ▪ Exercise caution ▪ Back up often ▪ Enable your popup blocker ▪ Disconnect from the Internet (if under attack) ▪ Report it to the police … Phishing Attacks 8
The Web Explained 9
Dark Net Surface vs Dark Website (surface) From the address we can derive: ▪ The domain name (and associated registration details) ▪ ▪ The IP address (and thus the physical location and registered owner) Darknet hosted website From the address we can derive nothing: ▪ ▪ No physical location No owner details ▪ NB: A darknet allows the hosting of content or services in a way that makes it difficult to identify who is running a server and where it is thus making it a challenge to take any lawful action against … 10
Darknet Markets A darknet market or cryptomarket is a commercial website on the dark web that operates via darknets such as Tor or I2P Dark Market – price guide 11
Security experts say health data is showing up in the black market more and more While prices vary, this data is more expensive than stolen credit card numbers 12
The Hidden Wiki The hidden wiki is a Wikipedia for the Darknet 13
The Hidden Wiki The Hidden Wiki 14
Website Examples 15
16
Dark Market Search Engine 17
Hidden Services 18
Surface Web Open Source Intelligence (OSINT) Intelligence from publicly available sources – open refers to ‘overt’ Open-Source Intelligence (OSINT) refers to “a broad array of information and sources that are generally available, including information obtained from the media (newspapers, radio, television, etc.), professional and academic records (papers, conferences, professional associations, etc.), and public data (government reports, demographics, hearings, speeches, etc. )” 19
Google – Index Search https://www.google.com.au Google – Index Search https://www.google.co.nz 20
Google – Index Search (Regional) https://www.google.co.uk ‘Bubbling & Tracking’ 21
Google – Time Filter Google – Time Filter 22
Google – Cache Google – Cache http://webcache.googleusercontent.com/search?q=cache:efj0Wj8fzxUJ:dfk.com/+ &cd=1&hl=en&ct=clnk&gl=au 23
Google Image Search Google Image Search 24
Google Image Search Google Image Search – Face Filter 25
Google Image Search Google Image Search 26
Bing https://www.bing.com 27
StartPage https://startpage.com 28
29
DuckDuckGo http://duckduckgo.com 30
DuckDuckGo Bangs https://duckduckgo.com/bang 31
Semantic Search www.cluuz.com 32
Semantic Search Semantic Search www.cluuz.com/ 33
34
35
Classifieds - A Criminal Hotspot? 36
37
Paste Sites – What Could You Find? ▪ Paste sites are websites allowing users to upload text for public viewing. ▪ Originally designed for software developers who needed a place to store large amounts of text ▪ Links would be created to the text and the user could share the link with other programmers to review the code. ▪ Many hacking groups use this area of the Internet to store compromised data. ▪ Most popular site – ‘Pastebin’ Searching Paste Sites 38
Searching Paste Sites http://pastebin.com/dJ8BZS9T Finding Archived Web Pages https://archive.org/web 39
Internet Archive http://archive.org/web 40
Tools for Social Media Intelligence 41
People Search https://pipl.com 42
Geo-Location Search https://app.echosec.net 43
44
Hiding Your Identity Online Disguising your ID ▪ Every time you surf the Internet, your IP address is publicly visible to everyone on target network resources ▪ It is important therefore not to leave a digital footprint... 45
Disguising Your Online ID Proxy and VPN services re-route your internet traffic and change your IP A Proxy is like a web filter ▪ Proxy will only secure traffic via the internet browser using the proxy server settings A VPN encrypts all of your traffic ▪ VPN’s replace your ISP and route all traffic through the VPN server, including all programs and applications... TOR https://www.torproject.org 46
TOR “Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: It prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol” . So – to wrap up on security ▪ Install firewalls onto your IT systems to prevent outside parties from gaining access to information ▪ Keep anti-virus and anti-spyware software up-to-date and download the latest security updates ▪ Use encryption to protect information contained in emails or stored on laptops or other portable devices such as memory sticks or PDAs ▪ Destroy old computers, backup tapes memory sticks etc using a specialist 'shredding' application or seek the services of a reputable third party contractor ▪ Clear out temporary Internet files, cache and history files (also monitor third party cookies)... 47
How Transparent are You? https://panopticlick.eff.org Email Exposed? https://breachalarm.com 48
LastPass Guidance Get Safe Online https://www.getsafeonline.org 49
“Half of all UK adults now access the Internet on their mobile phone” Source: OFCOM 50
Computer Security Rules! 1st Rule of Computer Security Don’t buy a computer! 2nd Rule of Computer Security If you do don’t turn it on! Dark Avenger – legendary virus writer Cyber Crime & OSINT Will your business be victorious or a victim? Dr Stephen Hill drshill@gmx.co.uk 51
Recommend
More recommend