who we are - ClubTi Centro

Transcription

•23/09/2011
Hotel Federico II
“Spionaggio industriale computerizzato:
una minaccia che incombe
quotidianamente
sui sistemi IT delle imprese”
Paolo Lezzi
CEO
Maglan Europe
Internal - Property of Maglan Defense Technologies Ltd. & Maglan Europe S.r.l
who we are
►1998 – MAGLAN Labs: the 1st Civilian Research Laboratory on Information
Defense conducted in Israel
►2009 – MAGLAN European HQ in Milan
►2010 – MAGLAN promotes the 1st Annual Information Warfare Conference
in Rome
► 2011 – MAGLAN Group an International leader in technical auditing and
consulting services on Information Defense
•1
•23/09/2011
for whom
¾ Maglan offers its services to:
¾ governmental and military institutions
¾companies in finance, TLC, hi‐tech dectors
¾ anyone who has information assets to defend.
how
¾ continuous threats and risks analysis and research in the
i f
information
i security
i field
fi ld with
i h laboratory
l b
simulations
i l i
¾ identification of defensive measures
¾ cost/benefit solutions assessment
¾ maximization of existing
¾ high quality services
•2
•23/09/2011
why
¾ The research laboratory constant activity with the working
close relationship with many hardware and software
vendors and the experience gained in the security field
allow Maglan to be 6‐8 month ahead of current world
threats
¾ NATO and UE representative
¾ Auditing and consulting services in Information Assets
D f
Defense
f its
for
it clients
li t is
i the
th one and
d only
l MAGLAN
mission.
what
Technical Information Security
Security, Consulting & Audit
IT Industrial Espionage Countermeasures
Research Labs
Homeland IT Security for National Infrastructures
Computer Warfare & Network Intelligence
•3
•23/09/2011
where
Tel--Aviv, Israel
Tel
Maglan
International Headquarters
Milan, Italy
P.za De Angeli 3
+39.02.4801.3067
London, UK
Lugano,, Switzerland
Lugano
Lagos, Nigeria
Maglan Research Labs
R&D : Tzur
Tzur--Yigal
Yigal,, Israel
Nairobi, Kenia
Singapore C.,
Singapore
Web site: www.maglangroup.com
Hacking to Computerized Industrial Espionage
•Exploiting computerized technologies to
collect, intercept, damage and steal
information and data which are not of public
property, not freely available;* frequently
classified : secret, confidential, internal and
sensitive.
•Obtain an Information Superiority and
strategic advantage towards direct or indirect
competitors.
•* Whatsoever is the environment, e.g. : Governmental, Defense, Commercial.
•4
•23/09/2011
Computer Hacker and Information Warrior
Attacker : Professional abilities, Cause, Motivation, Resources, Means
National Security
Military / Intelligence
Industrial
Espionage
Professional
Computer Experts
Computer Attackers
Hacker, Cracker
Crime
Intell.
Organizational
White Hat
Internet
Terror
Military
Black Market
Mercenary
Focal
Police
State Level
Experts
Accidental
NetINT Experts / Hackers : Recruitment & Training
•Retired
•Black (White) Hat
•Mercenary
•Industrial Espionage
•Qualified Computer Hacker with wide knowledge & understanding
of IT networking, operating system, programming and code injection
capabilities.
capabilities
•Quite personality over 21 years old. Working for money or high level
benefits.
•5
•23/09/2011
NetINT Experts / Hackers : Recruitment & Training
Industrial Espionage Experts ‐ Behind the Keyboard (1)
• Classic Competitors
• Biz. Intelligence Companies
• Information
I f
ti “Trader”
“T d ”
• Outsource, IT providers
• Employees and exex-Employees
• Journalists
• Special ‘Entrepreneur’
• Intelligence
I t lli
Services
S i
•6
•23/09/2011
Industrial Espionage Experts ‐ Behind the Keyboard (2)
•Employees and exex-Employees
• Frustrated
• Exploited
E l it d
• Infiltrated
• Keep in touch …
•Outsource, IT providers
• Just doing my job ((do&go
do&go))
• Outsource
O
• Sensitive Timing
•Professional Hackers *
Industrial Espionage Technical Spectrum
Classified Net
WAN
LAN
Prevention
DOS
Penetration
Extranet
Decoding
Interception
Data
Theft
Distortion
Vandal
Virus
Internet
impersonation
Data
Leak
Human
Intelligence
Exploiting
Intranet
Chipping
•7
•23/09/2011
What I know of you that you don’t know I know… ?
Information Exposure: examples
•8
•23/09/2011
Sensitive Information Gathering: tools and techniques
USB News
___________ : Vodafone
distributes Mariposa botnet
•9
•23/09/2011
Security threats in the news
Fake Antivirus programs that
infect your computers and
pretend to find viruses in order to
sell you their fake protection
program.
Mobile Security: Do you trust your phone?
Games, social networks and bank applications, work and personal emails, photos, documents,
geolocation data.
•10
•23/09/2011
London Stock Exchange website hacked with Malware ads
Surfing on www.londonstockexchange.com (without clicking on anything)
caused Windows to be compromised by malware. Malware was delivered
through third-party advertisements which appeared on the site.
Servers Hacked (17 april 2011)
The European Space Agency (ESA), established in 1975, is an
intergovernmental organisation dedicated to the exploration of
space, currently with 18 member states. Headquartered in Paris,
ESA has a staff of more than 2,000 with an annual budget of
about €3.99 billion / $5.65 billion US dollars (2011).
• Main informations about server.
• Main
M i accounts
t from
f
ESA.INT
ESA INT (Root
(R t A
Accounts,
t Emails,
E il
FTPs, Admins, Editors, etc).
•11
•23/09/2011
Duplicate RSA Keys Enable Lockheed Martin Network Intrusion
Once made aware of the attack,
the company began instigating new
security measures to prevent future
breaches. These included shutting
down some of the company's
remote access capabilities on its
systems, as well as a new order for
90,000
replacement
SecurID
tokens
for
the
company's
employees. Users were also asked
to
change
their
passwords
company-wide.
p y
LulzSec & Anonymous
•12
•23/09/2011
Fake SSL Certificates
DigiNotar e GlobalSign: oltre 500 certificati fasulli
I certificati fasulli possono
permettere di indirizzare gli utenti
su siti fake, oppure monitorare i
navigatori e le loro operazioni sui
siti originali.
Domini coninvolti:
Google, Microsoft, Facebook, Twitter, Skype, Yahoo!,
siti istituzionali del Governo olandese, organizzazioni di
intelligence quali CIA, Mossad e MI6 e la rete Tor.
Attacks Monitoring
►Research on the Italian Web attacks:
•Preliminary analysis: September 2010 – January 2011
•13
•23/09/2011
Italian web sites penetrated
•2011
January
1827
December
3596
November
4448
•2010
October
1175
September
1136
0
1000
2000
3000
4000
5000
Intrusion to Internet System
•Know
vulnerability
exploiting
•Custom
Custom‐‐tailored
exploit
•ISP / Internet
•Level : web server
Full control
•TCP/IP
•FTP
(21)
•SSH
(22)
•Telnet
T l
(23)
•SMTP (25)
•DNS
(53)
•HTTP (80)
•POP3 (110)
•HTTPS (443)
•HTTP
•HTTPS
•DMZ
•Level : web server
Limited control
•Level : web server OS
Full control
•Level : web server / OS
tunneling
•Firewall
•LAN
LAN ‐ Internal Network
•14
•23/09/2011
Core Attacking Techniques (1)
• Scanning
• Exploiting
• Enumeration
• Implantation
I l t ti
• Hardening
• ‘Milking’
Core Attacking Techniques (2)
•Firewall
•Web Defacement
•Internal LAN
•DMZ
•‘time to act Trojan’
•15
•23/09/2011
The silent threat of Covert Channels
Tunneling to hide network traffic:
•HTTP/S tunnel
•DNS tunnel
Attacker
Internal LAN
•ICMP tunnell
Firewall
Encryption, encoding and Steganography to hide data:
Type of Computerized Industrial Espionage events
investigated by Maglan over EU countries
• Hi
Hi‐‐Tech
2006
2007
• Hi
Hi‐‐Tech
• Bio
Bio‐‐Tech
• Hi
Hi‐‐Tech
• Bio
Bio‐‐Tech
• Financial
• Financial
• Financial
• Industry
2008
2009
2010
•16
•23/09/2011
Industrial Espionage againt UE
Hacking to Industrial Espionage against Italian
organization and companies - 2011 Prediction
2006
2007
2008
2009
2010
2011
•sophistication
•17
•23/09/2011
actions
• Best Defense = know your w eaknesses
• Management Awareness
• Company status checkup - short & sharp
• Security Configuration - “Maximizing what you already have”
• Encryption
• Continuous risk management
Our proposal
Immediate Proactive IT Vulnerability Assessment
48 hours attack simulation in order to verify the intrusion possibility from
outsite to get into the internal client LAN. This test can include up to 45.000
different offensive scenarios in order to gain an illegal access to sensitive data
and to export them outside the internal LAN, performing an internal data
leakage through an encrypted covert channel.
•18
•23/09/2011
La sfida della Cyber Intelligence al sistema-Italia.
Strategie e tattiche dell’ Information Warfare (InfoWar) e della Network Intelligence (NetINT).
Dalla sicurezza delle imprese alla sicurezza nazionale.
next event
The 2nd Annual
Information Warfare Conference
Rome October 27th - Confindustria
“La sfida della Cyber Intelligence al sistema-Italia”
Strategie e tattiche dell’ Information Warfare (InfoWar) e
della Network Intelligence (NetINT)
Dalla sicurezza delle imprese alla sicurezza nazionale.
“Spionaggio industriale computerizzato: una
minaccia che incombe quotidianamente
sui sistemi IT delle imprese”
p
Paolo Lezzi
CEO
Thanks for your time
www.maglangroup.com
HQ: Milan, Italy
Labs: Tzur‐Yigal, Israel
Worldwide:
London (UK), Lugano (CH), Tel‐Aviv (IL), Singapore C. (SN), Lagos (NG), Nairobi (KE)
•19

who we are - ClubTi Centro

Transcription

Similar documents

Nonwovens Converted Product Sourcing Directory

Gate – Mdina - Superintendence of Cultural Heritage

11ilililililil11

Lynton Black Media 2006 portfolio.indd

1509 EU

EYEWEAR HALL 2 EQUIPMENT HALL

Design cases by Cyclo Mondo Ltd.

Kementerian Pertahanan Republik Indonesia dan Departemen

ABSTRACT ABSTRAK INTRODUCTION

AB EXPORT Srl – Castel d`Azzano Verona

Plasma for fractionation

Cybercrime - The Innovation Group

October 1899 - State Library of Western Australia