.
... Cyber Crime Investigation
िशवकुमार G. Sivakumar சிவகுமார்
Computer Science and Engineering
भारतीय ौोिगकी संान मुंबई (IIT Bombay) siva@iitb.ac.in
September 28, 2013
• The Good (Web 1.0, 2.0, 3.0) 20%
• The Bad (Threats, Vulnerabilities, Attacks) 50%
• The Ugly? (Defence, Offence, Forensics) 30% (How to Learn)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. The Good side first!
How are you affected?
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Internet (Web 1.0)
Milestones
1 2
3
4 5 6
02 http://www.isc.org/
97 96 95 94 88 93
70s 82
10 1k 80k 1M 4.5M 16M
30M 100M 2k
5 25
90 150
20k 50k 800k
500 200k 1.2M
Academic WWW
(steroids) Java LAN−boom!
(TCP/IP) (DoD funds) Hosts
INTERNET GROWTH
99 Users
Countries Domains WWW sites
Commercial Users
E−commerce 147M
All
Motto: Information AnyTime, AnyWhere, AnyForm, AnyDevice, ...
WebTone like DialTone Basic Hardware (sine qua non!)
Democratized access to information! (Digital Divide)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Social Networking (Web 2.0)
The OS/system software that empowers users to become producers of knowledge and ensures their right to collaboration/assembly.
Examples: Wikipedia, Flickr, Orkut, Twitter, ....
Mantras: Architecture of participation, Wisdom of crowds, Better as more use - Long tail, Tagging, commenting, blogs, Open access (source/content) for Remix/Mashup
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. पूव प (Purva Paksha)
.
...
Web 1.0 may have democratized access to information, but it is like drinking water from a fire hose!
Search engines provide partial solutions, but cannot combine, categorize and infer!
.
...
Web 2.0 may have allowed right to assembly/collaboartion, but
• Proliferated unreliable, contradictory information.
• Facilitated malicious uses including loss of privacy, security.
.
...
What do you want from Web 3.0?
What you want to see/hear when you wakeup?
I have a dream ...
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Semantic Web (Web 3.0)
The application layer tapping the hardware (Web 1.0) and OS (Web 2.0)? Giving us right to knowledge!
Ramana Maharishi
.. . .
. author-of Naan Yaar?.
Aksharamanamalai
.
Vichara Mani Mala
.
Reality in Forty Verses
.
contemporaries .
.
Kanchi Chan- drasekara Saraswathi
.
Jiddu Kr- ishnamurti
.
Place: Tiru- vannamali, Tamil Nadu
.
Lived
.
30/12/1879 to 14/4/1950
.
Combined, categorized information inferred from various sites, languages. www.dbpedia.org comes close today!
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. ानम ्परमम ्ेयम ् (Knowledge is Ultimate Goal)
न चोरहाय न च राजहाय न ातृभाम न च भारकारी
ये कृते वधत एव िनं िवाधनं सवधनधानं
It cannot be stolen by thieves, cannot be taken away by the king, cannot be divided among brothers and does not cause a load. If spent, it always multiplies. The wealth of knowledge is the greatest among all wealths.
கற்றது ைக மண் அளவு
கல்லாதது உலகு அளவு
What has been learned is like a fistful of sand, What remains is like the whole earth!
If I have seen further [than others] it is by standing on the shoulders of giants... Issac Newton िवा ददाित िवनयम
IIT Bombay’s motto is the title of this slide.
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. What’s Bad about Computers and Internet?
• “Can’t live with them, can’t live without them!”
• Know Your Enemy (threats/Vulnerabilities)
Can cyber/internet crimes cause events like the following?
• July 2006 Mumbai rains
• 26/11 attack on Mumbai
• Gulf of Mexico oil spill
• Mangalore air crash
• Stop all Mumbai local trains
• Damage BARC nuclear reactor
• Disrupt all Mumbai mobile phones? (Prof. Jhunjhunwala’s example)
• How to protect Critical National Infrastructure?
• Passive Defence
• Counter Intelligence (Technical side)
• Demo from atlas.arbor.net and cert-in.org.in Your questions/suggestions now will be invaluable!
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Security Concerns
Match the following!
Problems Attackers
Highly contagious viruses Unintended blunders Defacing web pages Disgruntled employees or customers Credit card number theft Organized crime
On-line scams Foreign espionage agents Intellectual property theft Hackers driven by technical challenge
Wiping out data Petty criminals
Denial of service Organized terror groups Spam E-mails Information warfare
Reading private files ...
Surveillance ...
• Crackers vs. Hackers
• Note how much resources available to attackers.
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. What are Cyber crimes?
. Cybercrime ..
...
Activity in which computers or networks are a tool, a target, or a place of criminal activity. (Categories not exclusive).
• Against People
• Cyber Stalking and Harrassment
• (Child) Pornography
• Phishing, Identity Theft, Nigerian 419
• Against Property
• Cracking
• Virus and Spam
• Software/Entertainment Piracy
• Trade secrets, espionage
• Cyber Terrorism!
• Hactivism! (in some countries!)
• Information Warfare
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Some Examples
Food for thought...
• Vikram Buddhi, Assange, Snowden
• Stuxnet .
...
Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the U nited States and Israel to attack Iran’s nuclear facilities. Stuxnet initially spreads via Mic rosoft Windows, and targets Siemens industrial control systems.
While it is not the first time th at hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.
• Flame (Iran Oil terminals, 2012)
• DarkSeoul
Check out Wikipedia for more.
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Real-time Intelligence- atlas.arbor.net
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Who is scanning?
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Who is hosting phising sites?
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Malicious Servers
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. 2013 DBIR
2013 Data Breach Investigations Report (Verizon)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. 2013 DBIR
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Mercenaries for Hire: HiddenLynx
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. 2013 DBIR
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. cert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. cert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. cert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. cert-in.org.in
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Excellent Training Programs
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Internet Attacks Toolkits (Youtube)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Internet Attacks Timeline
From training material at http://www.cert-in.org.in/
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Internet Attack Trends
From training material at http://www.cert-in.org.in/
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Partial Landscape
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Defending a Critical National Infrastructure
Recent fibre cut.
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Defending a Critical National Infrastructure
Our Solution
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. What is a Computer Network?
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. So, what’s Internet?
• A bottom-up collection (interconnection) of networks
• TCP/IP is the only common factor
• Bureaucracy-free, reliable, cheap
• Decentralized, democratic, chaotic
• Internet Society (www.isoc.org)
• Internet Engineering Task Force (www.ietf.org)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Why is Internet Vulnerable?
Quick overview of how Internet works.
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Denial of Service
Small shop-owner versus Supermarket
Crossmargs
Anamika
• What can the attacker do?
• What has he gained or compromised?
• What defence mechanisms are possible?
• Screening visitors using guards (who looks respectable?)
• VVIP security, but do you want to be isolated?
• what is the Internet equivalent?
DDOS increasingly the biggest worry on Internet. (Pearl Harbour comparison)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Yahoo DDoS attack
• A real example of network insecurity.
• Caused traffic to Yahoo to zoom to 100s of Mbps
• Broke the capacity of machines at Yahoo and its ISPs
• Internet Control Message Protocol (ICMP) normally used for good purposes.
• Ping used to check “are you alive?”
Ping
Yes
Typically small packet (64 bytes) a host
Ping a Network
Many replies
Used by system administrators to check local network
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Yahoo DDoS attack
MIT network (5000+)
Stanford
Univ3 P1
P2 P3
P1,P2,P3,... Fake broadcast ping from Victim
How many replies does unsupecting victim get?
From whom? (respectable?)
DDOS (distributed denial of service attack) Freely available for "script kiddies’’ to wreak havoc!
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Vulnerabilities
• Application Security
• Buggy code
• Buffer Overflows
• Host Security
• Server side (multi-user/application)
• Client side (virus)
• Transmission Security
A B
C Network Security Secrecy
Integrity
Availability
A B
C
A B
C
A B
C
(Modification) (Fabrication)
(Denial of Service attack)
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Security Requirements
Informal statements (formal is much harder)
• Confidentiality Protection from disclosure to unauthorized persons
• Integrity Assurance that information has not been modified unauthorizedly.
• Authentication Assurance of identity of originator of information.
• Non-Repudiation Originator cannot deny sending the message.
• Availability Not able to use system or communicate when desired.
• Anonymity/Pseudonomity For applications like voting, instructor evaluation.
• Traffic Analysis Should not even know who is communicating with whom. Why?
• Emerging Applications Online Voting, Auctions (more later)
And all this with postcards (IP datagrams)!
िशवकुमार
G. Sivakumarசிவகுமார்
Computer Science and Engineeringभारतीय ौोिगकी संान मुंबई
(IIT Bombay) siva@iitb.ac.in Cyber Crime Investigation.. Cryptography and Data Security
• sine qua non [without this nothing :-]
• Historically who used first? (L & M)
• Code Language in joint families!
Confidentiality Data Integrity Authentication Non-Repudiation
Encryption
Digital Signature Message
authentication User
Identification
Ciphers Block Stream
Ciphers Hashing Signatures
Pubic-Key Methods Secret Key
Establishment
Key Management