pacific northwest digital government summit
DESCRIPTION
Pacific Northwest Digital Government Summit. Security – How Much is Enough? June 20, 2006 SA Kenneth A. Schmutz. National Priorities. Counterterrorism Counterintelligence Cyber Crime. Cyber Crime Components. Computer Intrusions BOTNETS DDOS Attacks Intellectual Property Theft - PowerPoint PPT PresentationTRANSCRIPT
Pacific Northwest Digital Government SummitSecurity – How Much is Enough?June 20, 2006 SA Kenneth A. Schmutz
National Priorities Counterterrorism Counterintelligence Cyber Crime
Cyber Crime Components Computer Intrusions
BOTNETS DDOS Attacks Intellectual Property Theft Theft of Trade Secrets Virus/Worm Activity
Child Pornography Internet Fraud
How Severe is the Threat?
THREAT
•Professional Cyber Criminals•Organized Crime (Foreign and Domestic)
•Money
•Information
Growing Trend BOTNETS
Distributed Denial Of Service Attacks (DDoS)
Extortion Malicious Attacks
Pay for Click (Adware installations) Network Traffic
Identity Theft (keylogging, phishing) SPAM
Components of BOTNET Internet Relay Chat (IRC) Server
Usually a compromised Linux box
Zombies- Compromised computers Home, Military, Government, Education,
and Business infected by a worm, trojan, or virus
Botherder – Person controlling BOTNET
Attack Network
Attack Control Computer
Recent BOTNET Case ZOTOB
Released ~8/2005 Spreads through email and MS05-
039(PnP) Sets up Backdoor via trojan Controlled by Internet Relay Chat (IRC) Zotob A, B, C derived from MyTob Zotob D, E, F derived from Rxbot
ZOTOB- victims
IRC SERVERDiabl0.turkcoders.net
ZOTOB - Subjects Code Analysis
43 41 4e 00 00 00 00 5b 78 5d 20 42 6f 74 7a 6f 72 B-O-T-Z-O-R.SCAN....[x] Botzor
32 30 30 35 20 42 79 20 44 69 61 62 6c 4f 00 00 2005 By DiablO................
ZOTOB - Subjects Diabl0
FBI Headquarters CyberFBI Seattle Cyber Squad Identify hotmail account for Diabl0
through DNS Whois for blackcarder.net
Worm analysis “greetz to my good friend coder”
ZOTOB - SubjectsFBI flies to Morocco/Turkey
ZOTOB Conclusion Two subjects located and arrested in
less than two weeks from infection
Cyber Prevention Current, patched Operating System
Enable automatic updates Current virus protection
Update as often as service allows Software and Hardware based firewall Anti-Spyware Protection
Now a necessity Identify points of vulnerability
Remote access Laptops
Resources
www.consumer.gov/idtheft/ www.ic3.gov/ www.annualcreditreport.com (877-322-
8228)
Contact Special Agent Kenneth A. Schmutz
(206) 262-2114 [email protected]