Just got back from AusCert 2007. No fallout from my bagging the annual survey and no nude protests in front of our stand as was threatened. It’s no Black Hat, DEFCON, or for us local guys, Ruxcon but there were some good presentations.
My favourite had to be Stas Filshtinskiy’s presentation on cyber crime – a real world analysis of what is actually happening out there. With his knowledge of Russian allowing him to navigate Russian sites, he has been researching the types of underground (so to speak) activity happening on the Net every day; identity theft and sales of “identity” (just summarising here), credit card details, botnet sales, hacked server sales/ownership, logs, sites that traded all of the above…etc etc. Very eye-opening and something CEOs should be sitting here and listening too.
At one point, it was interesting to see a slide relevant to Australia that showed a website selling 700 “owned” servers in Australia to whoever wanted to buy them. I think many in the crowd thought, “wow, 700”. I am sure Stas was only showing information from one of a score of sites selling similar information! We looked around the room and thought that there was probably quite a few on sale on that site that Stas referenced that belonged to guys in the room………. 700? Very conservative number.
An interesting point that Stas made was on the amount of time and effort these guys put into developing their software and keeping it updated, hidden (and secure). There is some amazing talent working the wrong side of the fence. Most developers we run into could do with the same level of dedication and commitment. (Yeah, I’m ranting again….but that’s the point of this site). Makes you also think if these guys are helping the organisations that they are “using” keep to their SLAs for uptime. Hey don’t laugh…..it’s probably happening……if all seems to be working well, well then, there must be no problem.
Stas talked about their management systems. Would Tivoli or the like compare? Just think about that one and consider the thousands or millions of systems they are “managing”.
I don’t have a copy of Stas’ presentation due to him not being able to make it public. (Legal at his work I assume). We are hoping to get Stas to present this again at an upcoming SA session.
Joanna Rutkowska’s presentation (link from Black Hat earlier this year but pretty much the same) was probably the most technical of the conference. (I told you it’s no Black Hat, DEFCON or Ruxcon). From our perspective, it was cool to see her reference Security-Assessment.com’s work presented at Ruxcon 2006 and use Adam Boileau’s Firewire hack throughout her presentation. Who is Joanna? 
Draz,
firstly, my full respect to Stas, whose presentation was remarkable and highly informative, however, the overall picture is *far* more sinister than Stas alluded to, in my opinion. Perhaps Stas was being diplomatic. :- )
Look closely at the factual info Stas has collated, combine that with the information presented by those ‘other’ guys (you know – the men in black wearing dark sunnies -can we mention them ?) and other presentations by organisations who should remain anonymous for obvious reasons.
My question is – what is the overall picture of global online fraud right now ?
The high degree of sophistication, organisation and inaction by countries that corruptly ‘allow’ these operations to continue unhindered are real indications that online fraud has moved far beyond the realms of ‘organised crime’ into a completely new ball game. At best, we’re talking about being State-endorsed, and at worst, State-sponsored, crime.
Think about it. There’s *serious* money to be made, billions of dollars at stake, 24/7. And your country’s suffering, corrupt economy badly needs cash. You need a low-risk, high return operation. You need to be able to cover your tracks to avoid potential embarrasment & sanctions. What to do ?
This is potentially a very dangerous thing if you consider the implications – having the backing, suppport and organisation of an entire country to fund your best brains to support your country’s secret online crime operations.
And if your operation unfortunately gets exposed by another country’s online crime agency, who does your country blame ? You guessed it – ‘Organised crime’. Well, its organised all right, but this time it’s not the crime gangs or russian mafia.
Hopefully I am wrong. But I doubt it. The other question I have is, how many countries are already involved, and what are our agencies doing about it ?
Draz,
firstly, my full respect to Stas, whose presentation was remarkable and highly informative, however, the overall picture is *far* more sinister than Stas alluded to, in my opinion. Perhaps Stas was being diplomatic. :- )
Look closely at the factual info Stas has collated, combine that with the information presented by those ‘other’ guys (you know – the men in black wearing dark sunnies -can we mention them ?) and other presentations by organisations who should remain anonymous for obvious reasons.
My question is – what is the overall picture of global online fraud right now ?
The high degree of sophistication, organisation and inaction by countries that corruptly ‘allow’ these operations to continue unhindered are real indications that online fraud has moved far beyond the realms of ‘organised crime’ into a completely new ball game. At best, we’re talking about being State-endorsed, and at worst, State-sponsored, crime.
Think about it. There’s *serious* money to be made, billions of dollars at stake, 24/7. And your country’s suffering, corrupt economy badly needs cash. You need a low-risk, high return operation. You need to be able to cover your tracks to avoid potential embarrasment & sanctions. What to do ?
This is potentially a very dangerous thing if you consider the implications – having the backing, suppport and organisation of an entire country to fund your best brains to support your country’s secret online crime operations.
And if your operation unfortunately gets exposed by another country’s online crime agency, who does your country blame ? You guessed it – ‘Organised crime’. Well, its organised all right, but this time it’s not the crime gangs or russian mafia.
Hopefully I am wrong. But I doubt it. The other question I have is, how many countries are already involved, and what are our agencies doing about it ?
It would be great to get Joanna Rutowska along to do a breakfast briefing…. Purely from a technical perspective, of course.
;- )
It would be great to get Joanna Rutowska along to do a breakfast briefing…. Purely from a technical perspective, of course.
;- )
Los Angeles Times
January 12, 1998 (WASHINGTON)
Foreign spies target U.S. industry
FBI says at least 23 nations take part in economic spying
… Fraumann wrote that Germany’s Federal Intelligence Service had been “very active and quite successful” in economic espionage by using a top-secret computer facility outside Frankfurt to break into data networks and databases of companies and governments around the world.
Their operation, code-named project RAHAB, he wrote, involves gaining systematic entry into computer databases and accessing computer systems throughout the United States, targeting electronics, optics, avionics, chemistry, computers and telecommunications.
Los Angeles Times
January 12, 1998 (WASHINGTON)
Foreign spies target U.S. industry
FBI says at least 23 nations take part in economic spying
… Fraumann wrote that Germany’s Federal Intelligence Service had been “very active and quite successful” in economic espionage by using a top-secret computer facility outside Frankfurt to break into data networks and databases of companies and governments around the world.
Their operation, code-named project RAHAB, he wrote, involves gaining systematic entry into computer databases and accessing computer systems throughout the United States, targeting electronics, optics, avionics, chemistry, computers and telecommunications.