How cyber criminals are using security technology against us … And ...

wallbroadΑσφάλεια

3 Δεκ 2013 (πριν από 3 χρόνια και 9 μήνες)

96 εμφανίσεις

{

Turnabout is

foul play

How cyber criminals are using
security technology against us



And how we’re fighting back

Steve Bruck

BruckEdwards, Inc.

Data Encryption
Standard (DES)

Cryptography before 1977

Symmetric
Cryptography

Same key to encrypt
and decrypt, doesn’t
scale very well….

A new approach to cryptography

Public / Private Key


Ronald L. Rivest,
Adi Shamir, and
Leonard Adleman
in 1977

What the public key encrypts the private key decrypts.

Private
Key
is kept private.

Public Key
can
be
safely
published to allow other
users to encrypt documents
that only you can read (using
your private key)

A real public
k
ey

35 years of maturation


Ronald L. Rivest,
Adi Shamir, and
Leonard Adleman
in 1977

1994
-

present

NIST
Standards

&
Module Verification

1991
-

present

Public
Key
Cryptography
Standards

21 Testing
Laboratories

Over 1900
product
certifications

Got Crypto?


Digital Rights Management


Confidentiality and Privacy


SSL


Authentication


Authenticity


Disk encryption


E
-
prescribing




All of this is made possible on the
Internet by companies that verify
corporate identities and issue certificates
for their websites and for users

{

Are we safe?

How is all of this working out?

Late 2000’s

2006


160M for a laptop

2007

2009

More hacks in 2010

1.3M email
addresses and
associated
passwords


We are creatures
of habit

2011

Attacks against Internet
infrastructure

No… But i
ts
not the crypto
!


Laziness





Administrators don’t change default passwords


Using the same passwords across multiple sites that
use email address as the username



Complexity

leads to mistakes… We’re all human



Curiosity





clicking on fraudulent links, loading of malicious
software


Responding to phishing attacks


Malware and Advanced Persistent Threats (APT)


The future of Cryptography

“Well
I may sound a bit
controversial but I
definitely believe that
cryptography is becoming
less important.



Adi Shamir, Feb 2013

A user account scalability
problem

From the cyber criminals
perspective

The internet can be too
scary for cyber criminals !

Sensitive, bold, and uncaring
Cyber criminal in search of
technologies that support:



Network Anonymity


Transaction Anonymity


Money


Buyer/seller


Dark Marketplace

Tor Project


The Dark Web

User, relay, or exit point ?

Encryption
over a random
path



TOR
m
ay be gaining traction

Sites may not block TOR…

but it can make them nervous

Connecting to the Dark Internet

Ubuntu

TOR

Tor Browser

The Hidden
W
iki….

Dark Internet (.ONION) sites should not be confused
with the deep web. Only accessible using TOR
Network.

Topics include


Political
Advocacy


Whistleblowing


Drugs


Financial
Services


Etc.

Crypto Currency

Bitcoin

Peer to peer e
-
cash


Local or web based Wallet


Anonymity when
Bitcoin
addresses
cannot be linked to a
name


Address is a public key


Leverages crypto algorithms


Bitcoins are transferred by signing
them over to recipient


Blockchain


public ledger


Exchanges allow Bitcoins to be
bought and sold


11,510,050 in circulation 230PM


Capitalization of 1.2B

Today’s high


107.77

Low


105

Volume


15,650

Silk Road on the Dark web

Typical SR Posting

Seller includes his
key so that buyer
can encrypt buyer’s
shipping address for
seller. SR never sees
shipping address

{

Is all lost? What Now?

Does legitimacy trump anonymity?

They’re just as paranoid as
we are!

Internet Security Best
Practices

Dark Internet Security
Best Practices

Why the cyber criminals
should not feel safe…


Maturation of
B
itcoin


Account verification on
the exchanges


FINCEN regulations


AML


KYC


IRS tracking


Web site cooperation


Tor blocking

Unanswered questions


Internet


How do we get Internet users to make better
decisions?


Will new Identity management solutions help
resolve the username password scalability problem?


Will prosecutions have a deterrent effect?


Dark Internet


Will
B
itcoin legitimacy trump anonymity?


Will PRISM increase TOR usage ?


What is the future of TOR networks ? Will sites
block access?

Steve Bruck

Steve.Bruck@BruckEdwards.com

703.899.4331