AusCERT Online Crime Symposium 2013

9:10 - 9:25
15 minutes

Introduction
Graham Ingram
General Manager, AusCERT

9:20 - 09:55
35 minutes

Breaking the Bank: An Analysis of the 2012 'Triple Crown' Financial Industry DDoS attacks
Roland Dobbins
Arbor Networks

This presentation will provide an analysis of the high-profile 'Triple Crown' DDoS attacks launched against major US financial institutions in late 2012. Covered topics will include details of the attack methodology; attack success factors; comparison/contrast of these attacks with previous and current DDoS attack trends and methodologies; and successful attack mitigation strategies.

9:55 - 10:30
35 minutes

Regional Threat Profile
Marcel van den Berg
Team Cymru, USA

This would be in the form of high resolution animated 3D movies showing malware and botnet threats on a regional map of the world and locally. We will examine possible explanations for differences over the region for botnets, phishing, malware URL distribution and highlight ways of mitigating the risk.

11:00 - 11:35
35 minutes

Beating the Bots: How to Legally Combat the Swiss Digital Army Knife
Nicole van der Meulen
Vrije Universiteit, Amsterdam

Over the last several years, botnets have managed to establish themselves as one of the most critical cyber security threats. From DDoS attacks to internet banking fraud, a botnet can do it all; hence leading to its popular nickname: the Digital Swiss Army Knife. The complexity facing those engaged in the fight against botnets is exacerbated through the resilience offered against countermeasures by state-of-the-art botnets, namely P2P botnets. Their dynamic nature means fighting a continuously moving target. Botnets therefore require a more ‘aggressive’ approach. There is little doubt about that among those engaged in cyber security. But how legal and politically acceptable are the countermeasures proposed? Who can carry them out? And perhaps most importantly, under what circumstances? These fundamental legal and policy questions require answers, since their present absence has led to a conservative approach on the side of various stakeholders, ranging from academics to security professionals, which has allowed botnets to proliferate.

11:35 - 12:10
35 minutes

New Zealand Internet Task Force. Building trust from the bottom of the world
Mike Seddon
Telecom NZ Operational Security Manager
New Zealand Internet Task Force Chair

The New Zealand Internet Task Force was formed in 2008.

With no national CERT, and impacted by geographic isolation, we recognised the need to bring together domestic security professionals to focus on the operational robustness, integrity, and security of the Internet in New Zealand. NZITF brings together domestic and international experts across government, law enforcement, academia, and the private sector, in a collaborative effort to make New Zealand a less attractive target for cyber-criminal behaviour.

This talk is about setting up the Task Force from scratch; recognising when to quietly work on building capability and credibility, and when to start making waves; recognising the advantages and disadvantages of trying to make a difference from the bottom of the world.

12:10 - 12:45
35 minutes

Engineering National Cyber Drill Artefacts
Mahmud Ab Rahman
NetbyteSEC, Malaysia

Cyber security drill is a simulation of a cyberspace attack on the ICT infrastructure. In Malaysia, a national-scale cyber security drill covered for critical national information infrastructure sectors, conducted annually, running since 2008. The approach of the national-scale cyber security drill is using a practical and hands-on concept for the artefacts. It is intended towards evaluating the readiness of critical national information infrastructures in handling cyber attacks. One of the many objectives of a cyber security drill is to create awareness among the critical national information infrastructure personnel regarding the possibility of cyber attacks, live-circle of cyber attacks and the severity of the outcomes of such attacks. Thus creating scenario and artefacts match with real nature of attack to simulated scenario is crucial. The scenario and artefacts need to be closely representing real attack environments. Many considerations have to be carefully evaluated to design and engineering the scenario and the artefacts. In this presentation, the presenter will share his experiences and lesson learnt when designing scenario and artefacts for national-scale cyber security drills.

13:30 - 14:05
35 minutes

Jeff Wu
Manager, Trust & Safety Asia-Pacific, Facebook

14:05 - 14:40
35 minutes

Mobile Attacks: Separating Hype From Reality
Charlie Miller
Twitter

There is a lot of hype out there about attacks on mobile devices. It's enough to make you break out that old flip phone from 2005. In this talk, I'll try to discern truth from reality. I'll discuss how mobile operating systems defend themselves as well as give examples of mobile operating system exploits. I'll clarify how easy (or hard) it is to write exploits and attack mobile devices, from the perspective of someone who has written exploits for most mobile platforms. I'll outline how easy (or hard) it is to write mobile malware and what malware of this kind can do. Finally, I'll address mobile security software and how it works (or doesn't). By the end of this talk, you'll be in a better position to determine the risk mobile devices present and differentiate the reality from the hype.

15:10 - 15:45
35 minutes

AFP Operation LINO – Integrated Point of Sale Data Compromise
Virgil Spiridon
Deputy Director
Directorate for Countering Organised Crime, Romanian National Police
and Glen McEwen
Manager Cybercrime Operations
Australian Federal Police

From as early as October 2010, Romanian cyber criminals had identified a series of vulnerabilities within the point of sale computer systems of many Australian retail businesses, which caused clear text credit card information to be stored on the retailer’s computer system without any form of masking or encryption. The weak security features in place in each of the affected retailers then allowed the syndicate to access the victim computer systems with relative ease and steal the valuable data, leaving very little evidence of them having done so.

The police response to this series of compromises started when the Australian Federal Police (AFP) received a referral from an Australian bank in June 2011. This response soon grew into a joint international criminal investigation with the Romanian National Police (RNP) and other overseas agencies and culminated in the execution of 36 search warrants, the seizure of over 150 terabytes of data and the arrest of seven Romanian nationals.

This presentation will cover the modus operandi of the criminal syndicate, the investigation undertaken by the RNP, the AFP and their partners, and the outcomes of the investigation including the impact upon the online underworld

15:45 - 16:20
35 minutes

Surviving the Cyber Fraud Nightmare
Detective Superintendent Brian Hay
Fraud & Corporate Crime Group, Queensland Police Service

Recently the Queensland Fraud and Corporate Crime Group assisted an ABC documentary crew in filming an episode around the insidious problem of Internet Romance Fraud. Romance Fraud accounts for the vast majority of fraud related money that is sent to West African countries such as Ghana and Nigeria – approximately $7.5M every month. Why do people send the money? Why don’t they report it to Police? Hear the story of Jill. Jill got caught up in an online Business venture involving Nigerian interests. She travelled to Amsterdam and met the West African criminals and handed them cash – they took her to buildings and offices where they opened trunks of money. Jill is intelligent, had a successful business but lost everything, parting with over $300,000.00 Jill is a driving force within the established Victims of Fraud Support Group, but she is no longer a victim she is a survivor. Join Detective Superintendent Brian Hay and Jill for a session that seeks to challenge some of the preconceptions about what is all too often – a silent crime.

“Social Monster” the documentary goes to air at 9-30pm ABC2 Wednesday.

Closing remarks
Graham Ingram
General Manager, AusCERT