Quantcast

Archive: 2013

FBI MoneyPak Virus: “Your computer has been locked by the FBI”

An aggressive ransomware campaign involving the so-called FBI MoneyPak virus (Reveton Trojan, Citadel, Trojan.Ransomlock.R) has been reportedly hitting computer users since 2012 and still appears to stick to a steady propagation pattern despite considerable international law enforcement effort to cease the...

Remove FBI MoneyPak Virus if Safe Mode Doesn’t Work

Cyber criminals are constantly improving and refining their virus code; recent versions of this Trojan block Windows Safe Mode functions described in our previous post. In the article that follows we will show how to remove the FBI ransomware with the help of SurfRight HitmanPro. This instruction addresses...

The Anatomy of Social Engineering 3: Reciprocity and Consistency Quirks

This section covers some of the natural human quirks, namely reciprocity and consistency, and highlights how those can be used for social engineering. There have been other studies to find out quirks of the human brain, other than the magic word “because”. These 6 quirks I’m going to talk about...

The Anatomy of Social Engineering 2: Evolutionary Triggers

The key subject matter here is how exploiting evolutionary aspects naturally affects humans in terms of manipulative influence and social engineering proper. Ties to Evolution So, let’s talk about social engineering and exploiting the human’s mind, because there’re vulnerabilities in a human mind that...

The Anatomy of Social Engineering

Reflected herein is a study by the Florida State University researchers pertaining to the analysis of social engineering from a psychological perspective. We’re going to talk about social engineering, and perhaps how you can use it to have more fun next week, if you’re not stuck doing work all the time. ...

The Modern History of Cyber Warfare 9: Cybersecurity Hurdles

The lecture wraps up with an overview of the principal policy hurdles for the West in terms of implementing proper cybersecurity now and in the future. Now I will go over, basically, the policy hurdles that the West faces (see right-hand image), specifically this country, the United States. This portion of...

The Modern History of Cyber Warfare 8: A History of Legislature Failure

This part encompasses a retrospective review of US laws and acts as well as pros and cons of current legislative proposals on the surveillance of cyberspace. So, let’s talk about US legislature in this area, or what I subtitled as “a history of failure” (see right-hand image). In the 1980s...

The Modern History of Cyber Warfare 7: Legislation and Policies

Coverage of the existing legislation addressing cybercrime, as well as cooperation of private sector and government in this realm, are reflected in this entry. So, how do we begin making policies and laws with all this uncertainty? It’s really a problem that I’m glad I don’t have to fix. However,...

The Modern History of Cyber Warfare 6: Possible Cyber War Scenario

What gets overviewed herein is the modeling of a cyber war if it were to break out, and the various nuances of attacker attribution in the present-day world. So here’s what the common perception of what a cyber war would look like. There will be, basically, targeted efforts and pervasive cultural efforts...

The Modern History of Cyber Warfare 5: The Internet of Things

The lecturer now outlines the hazards associated with billions of things being connected to the Internet and highlights nation state cyber warfare goals. As we’re approaching billions and billions of things connected to the Internet, imagine supply chain attacks for what we are calling the Internet of...

The Modern History of Cyber Warfare 4: 0day Black Market and State Sponsored Attacks

This entry covers the issue of 0day exploits being discovered and unethically used by some companies to gain profit, and touches upon state sponsored attacks. We are basically kind of in the middle of a cyber cold war, and the evidence is kind of staring right at us. So let’s talk about, basically, the...

The Modern History of Cyber Warfare 3: Ongoing Debate on APTs

This section touches upon the tangible consequences of advanced persistent threats being utilized and the debate concerning the acceptable extent of that. While we’re talking about groups of hackers, let’s just dive into the deep end of it: advanced persistent threats, and talk about the small history...

The Modern History of Cyber Warfare 2: Hacker Culture in the Western and Eastern World

The “Offensive Security” lecture at FSU continues with extensive analysis of advanced persistent threats of the last several years and an overview of hacker culture differences globally. So, while we were still in 2010, in June Stuxnet was discovered; at least Stuxnet v.1.01.1, and everyone in...

The Modern History of Cyber Warfare

This article reflects the lecture for CIS5930/CIS4930 “Offensive Security” at the Florida State University, covering some of the events that compose the history of what’s called “cyber warfare”. Today’s lecture is about that term: cyber warfare, the history of it, the public...

The Lifecycle of Cybercrime 5: Public-Private Partnerships as a Countermeasure

Now Erik Rasmussen takes some time to talk about the US Secret Service’s achievements and the role of public-private partnerships in fighting cybercrime. Nicholas Percoco: Now I’d like to have you spend a couple of minutes talking about some of the successes your organization has had. We spoke a lot...

The Lifecycle of Cybercrime 4: Perspective of the Secret Service

Now Nicholas Percoco invites Erik Rasmussen from the US Secret Service to join the discussion of cybercrime and answer questions from the community. Nicholas Percoco: So, now what we’re going to do is we’re going to bring out a special guest, somebody I’ve been working with for a long period of time,...

The Lifecycle of Cybercrime 3: Demos of Exploit-Based Data Theft

In this part of the keynote Nicholas Percoco demonstrates the flow of a typical personal data harvesting attack based on the use of common exploits. Now what I want to do is change gears a little bit. We talked about the major methods of attack, and so I want to share with you a little bit of an attack demo....

The Lifecycle of Cybercrime 2: Dissecting the Breach Process

Trustwave’s Nicholas Percoco is now shifting the focus of his keynote over to phases of the cybercrime process targeting organizations for data breaches. There are some of the other examples here that we’ll talk about, but really what I want to do is talk closely about the process. Now, these are...

The Lifecycle of Cybercrime – Nicholas Percoco and Erik Rasmussen at RSA Conference US 2013

Ethical hacker and security researcher with Trustwave Nicholas Percoco keynotes at RSA Conference 2013, addressing nuances of the present-day cybercrime. Nicholas Percoco: Thank you very much! Good afternoon! We’ll be spending the next 30 minutes or so talking about the lifecycle of cybercrime. We live...

Before, During, and After – 20 Years of DEFCON Follow-Up: Motivation Towards Checks and Balances

Gail Thackeray now turns it over to Dead Addict so that he speaks on more of a motivational side of DEFCON and relations with the law enforcement. Dead Addict: First of all I’d like to thank Jason Scott; if anyone’s looked on your DVD, there’s a good amount of material, including the issues of Tap...

Before, During, and After – 20 Years of DEFCON, or FEDCON?

Some of the pioneers of Defcon, Gail Thackeray and Dead Addict, take the floor at Defcon 20 to recall how it all started and compare it to where it is now. Gail Thackeray: Good morning, my name is Gail Thackeray and I was at DEFCON 1; I was the only prosecutor they invited to come (who would?), and my...

Jihadist Use of the Internet 2008-2011 Overview 4: Forensics and the Hierarchy of Murder

Making final strokes to the presentation, Jeff Bardin reviews more toolkits, including one on forensics, and al-Qaeda’s strategic and operational objectives. Somewhere along the line the Jihadis were able to get hold of the FBI Field Kit for forensics (see right-hand image). This was posted online on...

Jihadist Use of the Internet 2008-2011 Overview 3: Online Training Materials

Moving on with his overview of Jihadist activities on the Internet, Jeff Bardin outlines the variety of training resources available online. There are many interpretations to Jihad available online. In particular, the Salafi created their own e-books that convert those looking to become radicalized or learn...

Jihadist Use of the Internet 2008-2011 Overview 2: Cyber Jihad Methods and Tools

In here Jeff Bardin continues to highlight the Jihadist software, communication means, online guides, and dwells on the phases of radicalization process. Some of their early methods that used network security tools out there – obfuscation, denial and deception – included the distribution of Asrar...

Pleasant Password Server review

The more secure a password, the more difficult it is to remember. Even if both share a mixture of numerals, symbols, upper and lower case letters, a 20 character password is more secure than an 8 character password. While complex 8 character passwords are possible to remember if they aren’t changed...

Cyber Jihad: Jihadist Use of the Internet 2008-2011

Jeff Bardin from Treadstone 71 provides a detailed overview of the Jihadist activities on the Internet, including their software tools, online resources, etc. Good day and welcome to this cyber jihadist use of the Internet from 2008 to 2011 overview by Treadstone 71. This deck, over 60 slides, will cover...

Interview with Jay Jacobs – Part 2: Breach Detection Challenges

A follow-up on our interview where Verizon’s Jay Jacobs explains reasons for data breach detection failures, financial industry’s security problems, and more. – For the next year, are you planning to present the results in different ways, change or add segmentation? What exactly? – It’s...

Interview with Jay Jacobs, Co-Author of Verizon’s Data Breach Investigations Report

As the Principal on Verizon’s RISK team, Jay Jacobs utilizes the VERIS (Vocabulary for Event Recording and Incident Sharing) framework to collect, analyze and deliver risk data to the information security industry. He is a contributor and co-author of Verizon’s Data Breach Investigations Report series....

Investigating and Preventing Cyberbullying 6: Trust and Parental Monitoring

As the panelists move towards the end of the discussion, they are raising the issue of parent approach to their kids’ activities online. David Kirkpatrick: You know, this is a room full of people whose business is solving problems that happen online, basically. It is very interesting, and I think it’s a...

Investigating and Preventing Cyberbullying 5: Insight into Social Reporting

This part is entirely dedicated to the unique and effective reporting mechanism adopted by Facebook to mitigate cyberbullying and abuse scenarios. David Kirkpatrick: So, I want to switch gears a little bit and show you guys something as a way of leading to my next questions for Joe. So, could we have the...