Trend Kejahatan Berbasis IT di Dunia Per
Special
Presenta�on
on
Trend
Kejahatan
Berbasis
IT
di
Dunia
Perbankan
Prof.
Richardus
Eko
Indrajit
Chairman
of
ID-‐SIRTII
and
APTIKOM
indrajit@post.harvard.edu
www.eko-‐indrajit.com
About
ID-‐SIRTII
and
APTIKOM
“
building
public
awareness
on
internet
security
“
; The
Na�onal
CSIRT/CERT
of
Indonesia
(quasi
government
ins�tu�on)
; Conduc�ng
traffic
monitoring
and
log
management
of
the
country’s
internet
infrastructure
; Coordina�ng
more
than
300
ISPs
all
over
the
na�on
; Responsible
for
safeguarding
internet
infrastructure
used
by
mission
cri�cal
ins�tu�ons
; Associa�on
of
IT
colleges
and
universi�es
in
Indonesia
; Consist
of
750
higher-‐learning
ins�tu�ons
(more
than
1,500
study
programs)
; Approximately
600,000
ac�ve
student
body,
with
50,000
graduates
per
year
; Join
collabora�on
for
curriculum
development
and
shared-‐
resources/services
ini�a�ves
Internet
and
Crimes
Phone
Banking
Fraud
Credit
and
Debit
Card
Crime
ID-‐SIRTII
Monitoring
Analysis
Knowledge
Domain:
The
Cyber
Six
Cyber
Space
Cyber
Law
Cyber
Threat
Cyber
Crime
Cyber
A�ack
Cyber
Security
1
Cyberspace.
; A
reality
community
between
PHYSICAL
WORLD
and
ABSTRACTION
WORLD
; 1.4
billion
of
real
human
popula�on
(internet
users)
; Trillion
US$
of
poten�al
commerce
value
; Billion
business
transac�ons
per
hour
in
24/7
mode
Internet
is
a
VALUABLE
thing
indeed.
Risk
is
embedded
within.
8
Informa�on
Roles
; Why
informa�on?
– It
consists
of
important
data
and
facts
(news,
reports,
sta�s�cs,
transac�on,
logs,
etc.)
– It
can
create
percep�on
to
the
public
(market,
poli�cs,
image,
marke�ng,
etc.)
– It
represents
valuable
assets
(money,
documents,
password,
secret
code,
etc.)
– It
is
a
raw
material
of
knowledge
(strategy,
plan,
intelligence,
etc.)
What
is
Internet
?
; A
giant
network
of
networks
where
people
exchange
informa�on
through
various
different
digital-‐based
ways:
Email
Mailing
List
Website
Cha�ng
Newsgroup
Blogging
E-‐commerce
E-‐marke�ng
E-‐government
“… what is the value of internet ???”
2
Cyberthreat.
n
The trend has increased in
an exponential rate mode
n
Motives are vary from
recreational to criminal
purposes
n
Can caused significant
economic losses and
political suffers
n
Difficult to mitigate
web defacement
Threats
are
there
to
stay.
Can’t
do
so
much
about
it.
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
11
Interna�onal
Issues
; What
Does
FBI
Say
About
Companies:
–
–
–
–
–
91%
have
detected
employee
abuse
70%
indicate
the
Internet
as
a
frequent
a�ack
point
64%
have
suffered
financial
losses
40%
have
detected
a�acks
from
outside
36%
have
reported
security
incidents
Source:
FBI
Computer
Crime
and
Security
Survey
2001
Underground
Economy
Growing
Vulnerabili�es
Incidents and Vulnerabilities Reported to CERT/CC
4500
2500
“Through 2008, 90 percent of
successful hacker attacks
will exploit well-known software
vulnerabilities.”
”
2000
- Gartner*
3500
3000
140,000
120,000
100,000
80,000
60,000
1500
1000
40,000
500
20,000
0
0
1995
1996
1997
1998
1999
Vulnerabilities
2000
2001
2002
2003
2004
Security Incidents
*
Gartner
“CIO
Alert:
Follow
Gartner’s
Guidelines
for
Upda�ng
Security
on
Internet
Servers,
Reduce
Risks.”
J.
Pescatore,
February
2003
**
As
of
2004,
CERT/CC
no
longer
tracks
Security
Incident
sta�s�cs.
Total Security Incidents
Total Vulnerabilities
4000
160,000
Poten�al
Threats
Unstructured
Threats
w
w
w
Insiders
Recrea�onal
Hackers
Ins�tu�onal
Hackers
Structured
Threats
w
w
w
Organized
Crime
Industrial
Espionage
Hack�vists
Na�onal
Security
Threats
w Terrorists
w Intelligence
Agencies
w Informa�on
Warriors
3
Cybera�ack.
; Too
many
a�acks
have
been
performed
within
the
cyberspace.
; Most
are
triggered
by
the
cases
in
the
real
world.
; The
eternal
wars
and
ba�les
have
been
in
towns
lately.
; Estonia
notorious
case
has
opened
the
eyes
of
all
people
in
the
world.
A�ack
can
occur
any�me
and
anyplace
without
no�ce.
Case
#1
Case
#2
Case
#3
Case
#4
Case
#5
A�acks
Sophis�ca�on
Auto
Coordinated
Tools
Cross site scripting
“stealth”” / advanced
scanning techniques
High
packet spoofing denial of service
Intruder
Knowledge
sniffers
sweepers
GUI
Staged
distributed
attack tools
www attacks
automated probes/scans
back doors
network mgmt. diagnostics
disabling audits
hijacking
sessions
burglaries
exploiting known vulnerabilities
Attack
Sophistication
password cracking
self-replicating code
password guessing
Low
1980
1985
1990
1995
2005
Vulnerabili�es
Exploit
Cycle
Novice Intruders
Use Crude
Exploit Tools
Crude
Exploit Tools
Distributed
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Advanced
Intruders
Discover New
Vulnerability
#
Of
Incidents
Time
Highest Exposure
Intruders
Begin
Using New
Types
of Exploits
4
Cybersecurity.
; Lead
by
ITU
for
interna�onal
domain,
while
some
standards
are
introduced
by
different
ins�tu�on
(ISO,
ITGI,
ISACA,
etc.)
; “Your
security
is
my
security”
–
individual
behavior
counts
while
various
collabora�ons
are
needed
Educa�on,
value,
and
ethics
are
the
best
defense
approaches.
Risk
Management
Aspect
Threats
Exploi
t
Vulnerabilities
Protect
against
Controls
Expose
Reduce
Risk
Assets
Met
by
Have
Security
Requirements
Asset
Values
Impact on
Organisation
Strategies
for
Protec�on
Protecting Interactions
Protecting Information
Protecting Infrastructure
Mandatory
Requirements
; “Cri�cal
infrastructures
are
those
physical
and
cyber-‐
based
systems
essen�al
to
the
minimum
opera�ons
of
the
economy
and
government.
These
systems
are
so
vital,
that
their
incapacity
or
destruc�on
would
have
a
debilita�ng
impact
on
the
defense
or
economic
security
of
the
na�on.”
; Agriculture
&
Food,
Banking
&
Finance,
Chemical,
Defense
Industrial
Base,
Drinking
Water
and
Wastewater
Treatment
Systems,
Emergency
Services,
Energy,
Informa�on
Technology,
Postal
&
Shipping,
Public
Health
&
Healthcare,
Telecommunica�ons,
Transporta�on
Systems
Informa�on
Security
Disciplines
; Physical
security
; Procedural
security
; Personnel
security
; Compromising
emana�ons
security
; Opera�ng
system
security
; Communica�ons
security
a
failure
in
any
of
these
areas
can
undermine
the
security
of
a
system
Best
Prac�ce
Standard
BS7799/ISO17799
1
Information
Security Policy
10
Security
Organisation
Compliance
2
9
Bus. Continuity
Planning
8
Integrity
Confiden�ality
Asset
Classification
Controls
3
Informa�on
System
Development &
Maint.
7
Access
Controls
Personnel
Security
Availability
Communication
& Operations
Mgmt
Physical
Security
6
5
4
5
Cybercrime.
n
Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
n
Virtually involving inter national
boundaries and multi resources
n
Intentionally targeting to fulfill
special objective(s)
n
Convergence in nature with
intelligence efforts.
Crime
has
inten�onal
objec�ves.
Stay
away
from
the
bull’s
eye.
Type
of
A�acks
Malicious
Ac�vi�es
Mo�ves
of
Ac�vi�es
1.
2.
3.
4.
Thrill
Seekers
Organized
Crime
Terrorist
Groups
Na�on-‐States
6
Cyberlaw.
n
Difficult to keep updated as
technology trend moves
n
Different stories between the
rules and enforcement efforts
n
Require various infrastructure,
superstructure, and resources
n
Can be easily “out-tracked” by
law practitioners
Cyberlaw
is
here
to
protect
you.
At
least
playing
role
in
mi�ga�on.
The
Crime
Scenes
IT as a Tool
IT as a Storage Device
IT as a Target
First
Cyber
Law
in
Indonesia.
Range of penalty:
; Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
; 6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
Main
Challenge.
ILLEGAL
“… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”
ID-‐SIRTII
Mission
and
Objec�ves.
“To expedite the economic growth of the country through providing
the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
Cons�tuents
and
Stakeholders.
sponsor
Government
of Indonesia
ISPs
Law
Enforcement
NAPs
IXs
ID-SIRTII
National
Security
Communities
International
CSIRTs/CERTs
Coordina�on
Structure.
ID-SIRTII (CC)
as National CSIRT
Sector CERT
Internal CERT
Vendor CERT
Commercial CERT
Bank CERT
Telkom CERT
Cisco CERT
A CERT
Airport CERT
BI CERT
Microsoft CERT
B CERT
University CERT
Police CERT
Oracle CERT
C CERT
GOV CERT
KPK CERT
SUN CERT
D CERT
Military CERT
Lippo CERT
IBM CERT
E CERT
SOE CERT
KPU CERT
SAP CERT
F CERT
SME CERT
Pertamina CERT
Yahoo CERT
G CERT
Hospital CERT
UGM CERT
Google CERT
H CERT
Other CERTs
Other CERTs
Other CERTs
Other CERTs
Major
Tasks.
INCIDENT HANDLING DOMAIN
and ID-SIRTII MAIN TASKS
1. Monitoring traffic
2. Managing log files
3. Educating public
4. Assisting institutions
Reactive Services
Proactive Services
Security Quality
Management Services
Alerts and Warnings
Announcements
Technology Watch
Intrusion Detection Services
x
Artifact Handling
x
x
x
x
Awareness Building
Security-Related
Information
Security Audit and Assessment
Configuration and Maintenenace
of Security Tools, Applications,
and Infrastructure
Security Consulting
Dissemnination
Vulnerability Handling
Intrusion Detection
Services
5. Provide training
x
X
Education Training
6. Running laboratory
x
x
Risk Analysis
BCP and DRP
Incident Handling
x
Product Evaluation
7. Establish collaborations
Incidents
Defini�on
and
Samples.
“one or more intrusion events that you suspect are involved in a
possible violation of your security policies”
“an event that has caused or has the potential to cause damage
to an organization's business systems, facilities, or personnel”
“any occurrence or series of occurrences having the same
origin that results in the discharge or substantial threat”
“an undesired event that could have resulted in harm to people,
damage to property, loss to process, or harm to the
environment.”
web defacement
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
Priori�es
on
Handling
Incidents.
TYPE OF INCIDENT
AND ITS PRIORITY
Public Safety and
National Defense
Economic Welfare
(Very Priority)
(High Priority)
Political Matters
Social and Culture
Threats
(Medium Priority)
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
Core
Chain
of
Processes.
Core Process
Monitor
Internet
Traffic
Analyse
Incidents
Response and
Handle Incidents
Deliver
Required
Log Files
Manage
Log Files
Supporting Activities
Educate Public for Security Awareness
Assist Institutions in Managing Security
Provide Training to Constituency and Stakeholders
Run Laboratory for Simulation Practices
Establish External and International Collaborations
Report on
Incident
Handling
Management
Process and
Research
Vital
Statistics
Legal
Framework.
Undang-Undang No.36/1999
regarding National Telecommunication Industry
New Cyberlaw on Information
and Electronic Transaction
Peraturan Pemerintah No.52/2000
regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006
regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
Challenges
to
ID-‐SIRTII
Ac�vi�es.
; Preven�on
– “Securing”
internet-‐based
transac�ons
– Reducing
the
possibili�es
of
successful
a�acks
– Working
together
with
ISP
to
inhibit
the
distribu�on
of
illegal
materials
; Reac�on
– Preserving
digital
evidence
for
law
enforcement
purposes
– Providing
technical
advisory
for
further
mi�ga�on
process
; Quality
Management
– Increasing
public
awareness
level
– Ensuring
security
level
in
cri�cal
infrastructure
ins�tu�ons
Work
Philosophy.
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Why should we have regulation?
Why should we establish institution?
Why should we collaborate with others?
Why should we agree upon mechanism?
Why should we develop procedures?
Why should we have standard?
Why should we protect our safety?
Why should we manage risks?
Why should we form response team?
Holis�c
Framework.
SECURE INTERNET
INFRASTRUCTURE
ENVIRONMENT
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
People
Process
Technology
Advisory
Board
Incident
Indication
Analysis
Traffic
Monitoring
System
Executive
Board
Incident
Response.
Management
Log File
Management
System
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
Two
Way
Rela�onship
Real
World
“Physical War””
Cyber
Space
“Virtual War””
Two
Way
Rela�onship
Real
World
relate
relate
real interaction
real transaction
real resources
real people
flow of information
flow of product/services
flow of money
Cyber
Space
Two
Way
Rela�onship
Ethics
Law
Real
World
Cyber
Space
Rule of Conduct
Mechanism
Cyber Law
“Ruling Cyber Space interaction with Real World Penalty”
”
Classic
Defini�on
of
War
WAR is here to stay…
“Can Cyber Law alone
become the weapon
for modern defense
against 21st century
Cyber Warfare & Cyber
Crime?”
Two
Way
Rela�onship
Real
World
impact
impact
Cyber
Space
Two
Way
Rela�onship
blackmail
threaten
destroy
attack
mess up
ruin
Real
World
penetrate
crime
destroy
terminate
Poli�cal
Incidents
Interna�onal
Events
Published
Books
Cyber
Space
disrupt
Training
Materials
Pirated
Tools
Community
of
Interests
Two
Way
Rela�onship
justify
suspect
sue
investigate
Real
World
Personal
Blogs
Ci�zen
Journalism
inspect
sabotage
condemn
examine
spy
gossip
Anonymous
Interac�on
Cyber
Space
perceive
Phishing
and
Forgery
Campaign
and
Provoca�on
Communi�es
Reviews
The
Paradox
of
Increasing
Internet
Value
internet
users
+
+
transac�on
value
+
interac�on
frequency
+
communi�es
spectrum
usage
objec�ves
=
The
Internet
Value
it
means…
threats
a�acks
crimes
Internet
Security
Issues
Domain
;
Internet
is
formed
through
connec�ng
a
set
of
digital-‐
based
physical
technology
that
follows
a
good
number
of
standards
and
protocols
;
All
technical
components
(hardware
and
so�ware)
interact
to
each
other
within
a
complex
dependent…
TECHNICAL
ISSUES
INTERNET
SECURITY
BUSINESS
ISSUES
SOCIAL
ISSUES
;
What
are
interac�ng
in
the
net
are
real
people,
not
just
a
bunch
of
“intellectual
machines”
–
by
the
end
of
the
day,
human
mind,
characters,
behaviors,
and
values
ma�er
;
It
is
not
an
“isolated
world”
that
does
not
have
any
rela�onship
with
the
real
physical
world
;
It
is
a
part
of
business
system
as
transac�ons
and
interac�ons
are
being
conducted
accordingly
;
As
technology
mimic,
enable,
drive,
and
transform
the
business,
internet
dependency
is
high
;
For
the
ac�vi�es
that
rely
on
�me
and
space
–
where
resources
and
processes
can
be
digitalized
-‐
the
network
is
the
business
Technical
Trend
Perspec�ve
the
phenomena…
malicious
code
vulnerabili�es
spam
and
spyware
phishing
and
iden�fy
the�
�me
to
exploita�on
the
efforts…
Intrusion
Preven�on
So�ware
Patches
Firewalls
Malware
Blocking
Encryp�on
and
PKI
An�spyware
Network
Access
Control
An�Virus
Applica�on
and
Device
Control
Web
and
Email
Security
Business
Trend
Perspec�ve
the
context…
Risk
Management
Prac�ces
Cost
Benefit
Analysis
Regulatory
Compliance
Governance
Requirements
Digital
Asset
Management
Standard
and
Policy
Enforcement
the
strategy…
Archiving
and
Reten�on
Management
IT
Audit
Business
Con�ngency
Plan
Chief
Security
Officer
Security
Management
Technology
Compliance
Disaster
Recovery
Center
ISO
Compliance
Standard
Cer�fica�on
Storage
and
Backup
Management
Backup
and
Recovery
Applica�on
and
Device
Control
Social
Trend
Perspec�ve
the
characteris�cs…
Computer
Savvy
Society
Digital
System
Everywhere
Free
World,
Open
Market
the
choices…
policy
vs.
design
enforcement
vs.
culture
Internet
as
New
Fron�er
pressure
vs.
educa�on
reward
vs.
punishment
standard
vs.
self
control
regula�on
vs.
ethical
behavior
Borderless
Geography
top-‐down
vs.
bo�om-‐up
preven�on
vs.
reac�on
The
Core
Rela�onships
People
(Social
Aspects)
Context/Content
Applica�ons
(Business
Aspects)
Technology
(Technical
Aspects)
Converging
Trend
BUSINESS
TECHNICAL
ISSUES
ISSUES
SOCIAL
ISSUES
Internetworking
Dependency
Since
the
strength
of
a
chain
depends
on
the
weakest
link,
then
YOUR
SECURITY
is
MY
SECURITY…
Things
to
Do
1.
2.
3.
4.
5.
6.
7.
8.
Iden�fy
your
valuable
assets
Define
your
security
perimeter
Recognize
all
related
par�es
involved
Conduct
risk
analysis
and
mi�ga�on
strategy
Ensure
standard
security
system
intact
Ins�tu�onalize
the
procedures
and
mechanism
Share
the
experiences
among
others
Con�nue
improving
security
quality
Key
ac�vi�es:
use
the
THEORY
OF
CONSTRAINTS
!
(Find
the
weakest
link,
and
help
them
to
increase
their
security
performance
and
capabili�es…)
What
should
we
do?
; Monitoring
the
dynamic
environment
happening
in
real
world
and
cyber
world?
; Building
effec�ve
procedures
and
mechanism
among
ins�tu�ons
responsible
for
these
two
worlds?
; Forming
interna�onal
framework
for
collabora�on
and
coopera�on
to
combat
cyber
crimes?
; Finding
the
most
fast
and
effec�ve
methodology
to
educate
society
on
cyber
security?
; Developing
and
adop�ng
mul�-‐lateral
cyber
law
conven�on?
; Ac�ng
like
intelligence
agencies?
Interpol?
Detec�ves?
CSIRTs/CERTs?
ASEAN?
United
Na�ons?
Lessons
Learned
; As
the
value
of
internet
increase,
so
does
the
risk
of
having
it
in
our
life.
; Hackers
and
crackers
help
each
others,
why
shouldn’t
we
collaborate?
; Enough
talking
and
planning,
start
execu�ng
your
risk
management
strategy…
Beware
…
Thank
You
Prof.
Richardus
Eko
Indrajit
Chairman
of
ID-‐SIRTII
and
APTIKOM
indrajit@post.harvard.edu
www.eko-‐indrajit.com
Presenta�on
on
Trend
Kejahatan
Berbasis
IT
di
Dunia
Perbankan
Prof.
Richardus
Eko
Indrajit
Chairman
of
ID-‐SIRTII
and
APTIKOM
indrajit@post.harvard.edu
www.eko-‐indrajit.com
About
ID-‐SIRTII
and
APTIKOM
“
building
public
awareness
on
internet
security
“
; The
Na�onal
CSIRT/CERT
of
Indonesia
(quasi
government
ins�tu�on)
; Conduc�ng
traffic
monitoring
and
log
management
of
the
country’s
internet
infrastructure
; Coordina�ng
more
than
300
ISPs
all
over
the
na�on
; Responsible
for
safeguarding
internet
infrastructure
used
by
mission
cri�cal
ins�tu�ons
; Associa�on
of
IT
colleges
and
universi�es
in
Indonesia
; Consist
of
750
higher-‐learning
ins�tu�ons
(more
than
1,500
study
programs)
; Approximately
600,000
ac�ve
student
body,
with
50,000
graduates
per
year
; Join
collabora�on
for
curriculum
development
and
shared-‐
resources/services
ini�a�ves
Internet
and
Crimes
Phone
Banking
Fraud
Credit
and
Debit
Card
Crime
ID-‐SIRTII
Monitoring
Analysis
Knowledge
Domain:
The
Cyber
Six
Cyber
Space
Cyber
Law
Cyber
Threat
Cyber
Crime
Cyber
A�ack
Cyber
Security
1
Cyberspace.
; A
reality
community
between
PHYSICAL
WORLD
and
ABSTRACTION
WORLD
; 1.4
billion
of
real
human
popula�on
(internet
users)
; Trillion
US$
of
poten�al
commerce
value
; Billion
business
transac�ons
per
hour
in
24/7
mode
Internet
is
a
VALUABLE
thing
indeed.
Risk
is
embedded
within.
8
Informa�on
Roles
; Why
informa�on?
– It
consists
of
important
data
and
facts
(news,
reports,
sta�s�cs,
transac�on,
logs,
etc.)
– It
can
create
percep�on
to
the
public
(market,
poli�cs,
image,
marke�ng,
etc.)
– It
represents
valuable
assets
(money,
documents,
password,
secret
code,
etc.)
– It
is
a
raw
material
of
knowledge
(strategy,
plan,
intelligence,
etc.)
What
is
Internet
?
; A
giant
network
of
networks
where
people
exchange
informa�on
through
various
different
digital-‐based
ways:
Mailing
List
Website
Cha�ng
Newsgroup
Blogging
E-‐commerce
E-‐marke�ng
E-‐government
“… what is the value of internet ???”
2
Cyberthreat.
n
The trend has increased in
an exponential rate mode
n
Motives are vary from
recreational to criminal
purposes
n
Can caused significant
economic losses and
political suffers
n
Difficult to mitigate
web defacement
Threats
are
there
to
stay.
Can’t
do
so
much
about
it.
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
11
Interna�onal
Issues
; What
Does
FBI
Say
About
Companies:
–
–
–
–
–
91%
have
detected
employee
abuse
70%
indicate
the
Internet
as
a
frequent
a�ack
point
64%
have
suffered
financial
losses
40%
have
detected
a�acks
from
outside
36%
have
reported
security
incidents
Source:
FBI
Computer
Crime
and
Security
Survey
2001
Underground
Economy
Growing
Vulnerabili�es
Incidents and Vulnerabilities Reported to CERT/CC
4500
2500
“Through 2008, 90 percent of
successful hacker attacks
will exploit well-known software
vulnerabilities.”
”
2000
- Gartner*
3500
3000
140,000
120,000
100,000
80,000
60,000
1500
1000
40,000
500
20,000
0
0
1995
1996
1997
1998
1999
Vulnerabilities
2000
2001
2002
2003
2004
Security Incidents
*
Gartner
“CIO
Alert:
Follow
Gartner’s
Guidelines
for
Upda�ng
Security
on
Internet
Servers,
Reduce
Risks.”
J.
Pescatore,
February
2003
**
As
of
2004,
CERT/CC
no
longer
tracks
Security
Incident
sta�s�cs.
Total Security Incidents
Total Vulnerabilities
4000
160,000
Poten�al
Threats
Unstructured
Threats
w
w
w
Insiders
Recrea�onal
Hackers
Ins�tu�onal
Hackers
Structured
Threats
w
w
w
Organized
Crime
Industrial
Espionage
Hack�vists
Na�onal
Security
Threats
w Terrorists
w Intelligence
Agencies
w Informa�on
Warriors
3
Cybera�ack.
; Too
many
a�acks
have
been
performed
within
the
cyberspace.
; Most
are
triggered
by
the
cases
in
the
real
world.
; The
eternal
wars
and
ba�les
have
been
in
towns
lately.
; Estonia
notorious
case
has
opened
the
eyes
of
all
people
in
the
world.
A�ack
can
occur
any�me
and
anyplace
without
no�ce.
Case
#1
Case
#2
Case
#3
Case
#4
Case
#5
A�acks
Sophis�ca�on
Auto
Coordinated
Tools
Cross site scripting
“stealth”” / advanced
scanning techniques
High
packet spoofing denial of service
Intruder
Knowledge
sniffers
sweepers
GUI
Staged
distributed
attack tools
www attacks
automated probes/scans
back doors
network mgmt. diagnostics
disabling audits
hijacking
sessions
burglaries
exploiting known vulnerabilities
Attack
Sophistication
password cracking
self-replicating code
password guessing
Low
1980
1985
1990
1995
2005
Vulnerabili�es
Exploit
Cycle
Novice Intruders
Use Crude
Exploit Tools
Crude
Exploit Tools
Distributed
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Advanced
Intruders
Discover New
Vulnerability
#
Of
Incidents
Time
Highest Exposure
Intruders
Begin
Using New
Types
of Exploits
4
Cybersecurity.
; Lead
by
ITU
for
interna�onal
domain,
while
some
standards
are
introduced
by
different
ins�tu�on
(ISO,
ITGI,
ISACA,
etc.)
; “Your
security
is
my
security”
–
individual
behavior
counts
while
various
collabora�ons
are
needed
Educa�on,
value,
and
ethics
are
the
best
defense
approaches.
Risk
Management
Aspect
Threats
Exploi
t
Vulnerabilities
Protect
against
Controls
Expose
Reduce
Risk
Assets
Met
by
Have
Security
Requirements
Asset
Values
Impact on
Organisation
Strategies
for
Protec�on
Protecting Interactions
Protecting Information
Protecting Infrastructure
Mandatory
Requirements
; “Cri�cal
infrastructures
are
those
physical
and
cyber-‐
based
systems
essen�al
to
the
minimum
opera�ons
of
the
economy
and
government.
These
systems
are
so
vital,
that
their
incapacity
or
destruc�on
would
have
a
debilita�ng
impact
on
the
defense
or
economic
security
of
the
na�on.”
; Agriculture
&
Food,
Banking
&
Finance,
Chemical,
Defense
Industrial
Base,
Drinking
Water
and
Wastewater
Treatment
Systems,
Emergency
Services,
Energy,
Informa�on
Technology,
Postal
&
Shipping,
Public
Health
&
Healthcare,
Telecommunica�ons,
Transporta�on
Systems
Informa�on
Security
Disciplines
; Physical
security
; Procedural
security
; Personnel
security
; Compromising
emana�ons
security
; Opera�ng
system
security
; Communica�ons
security
a
failure
in
any
of
these
areas
can
undermine
the
security
of
a
system
Best
Prac�ce
Standard
BS7799/ISO17799
1
Information
Security Policy
10
Security
Organisation
Compliance
2
9
Bus. Continuity
Planning
8
Integrity
Confiden�ality
Asset
Classification
Controls
3
Informa�on
System
Development &
Maint.
7
Access
Controls
Personnel
Security
Availability
Communication
& Operations
Mgmt
Physical
Security
6
5
4
5
Cybercrime.
n
Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
n
Virtually involving inter national
boundaries and multi resources
n
Intentionally targeting to fulfill
special objective(s)
n
Convergence in nature with
intelligence efforts.
Crime
has
inten�onal
objec�ves.
Stay
away
from
the
bull’s
eye.
Type
of
A�acks
Malicious
Ac�vi�es
Mo�ves
of
Ac�vi�es
1.
2.
3.
4.
Thrill
Seekers
Organized
Crime
Terrorist
Groups
Na�on-‐States
6
Cyberlaw.
n
Difficult to keep updated as
technology trend moves
n
Different stories between the
rules and enforcement efforts
n
Require various infrastructure,
superstructure, and resources
n
Can be easily “out-tracked” by
law practitioners
Cyberlaw
is
here
to
protect
you.
At
least
playing
role
in
mi�ga�on.
The
Crime
Scenes
IT as a Tool
IT as a Storage Device
IT as a Target
First
Cyber
Law
in
Indonesia.
Range of penalty:
; Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
; 6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
Main
Challenge.
ILLEGAL
“… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”
ID-‐SIRTII
Mission
and
Objec�ves.
“To expedite the economic growth of the country through providing
the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
Cons�tuents
and
Stakeholders.
sponsor
Government
of Indonesia
ISPs
Law
Enforcement
NAPs
IXs
ID-SIRTII
National
Security
Communities
International
CSIRTs/CERTs
Coordina�on
Structure.
ID-SIRTII (CC)
as National CSIRT
Sector CERT
Internal CERT
Vendor CERT
Commercial CERT
Bank CERT
Telkom CERT
Cisco CERT
A CERT
Airport CERT
BI CERT
Microsoft CERT
B CERT
University CERT
Police CERT
Oracle CERT
C CERT
GOV CERT
KPK CERT
SUN CERT
D CERT
Military CERT
Lippo CERT
IBM CERT
E CERT
SOE CERT
KPU CERT
SAP CERT
F CERT
SME CERT
Pertamina CERT
Yahoo CERT
G CERT
Hospital CERT
UGM CERT
Google CERT
H CERT
Other CERTs
Other CERTs
Other CERTs
Other CERTs
Major
Tasks.
INCIDENT HANDLING DOMAIN
and ID-SIRTII MAIN TASKS
1. Monitoring traffic
2. Managing log files
3. Educating public
4. Assisting institutions
Reactive Services
Proactive Services
Security Quality
Management Services
Alerts and Warnings
Announcements
Technology Watch
Intrusion Detection Services
x
Artifact Handling
x
x
x
x
Awareness Building
Security-Related
Information
Security Audit and Assessment
Configuration and Maintenenace
of Security Tools, Applications,
and Infrastructure
Security Consulting
Dissemnination
Vulnerability Handling
Intrusion Detection
Services
5. Provide training
x
X
Education Training
6. Running laboratory
x
x
Risk Analysis
BCP and DRP
Incident Handling
x
Product Evaluation
7. Establish collaborations
Incidents
Defini�on
and
Samples.
“one or more intrusion events that you suspect are involved in a
possible violation of your security policies”
“an event that has caused or has the potential to cause damage
to an organization's business systems, facilities, or personnel”
“any occurrence or series of occurrences having the same
origin that results in the discharge or substantial threat”
“an undesired event that could have resulted in harm to people,
damage to property, loss to process, or harm to the
environment.”
web defacement
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
Priori�es
on
Handling
Incidents.
TYPE OF INCIDENT
AND ITS PRIORITY
Public Safety and
National Defense
Economic Welfare
(Very Priority)
(High Priority)
Political Matters
Social and Culture
Threats
(Medium Priority)
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KMBased Website)
Core
Chain
of
Processes.
Core Process
Monitor
Internet
Traffic
Analyse
Incidents
Response and
Handle Incidents
Deliver
Required
Log Files
Manage
Log Files
Supporting Activities
Educate Public for Security Awareness
Assist Institutions in Managing Security
Provide Training to Constituency and Stakeholders
Run Laboratory for Simulation Practices
Establish External and International Collaborations
Report on
Incident
Handling
Management
Process and
Research
Vital
Statistics
Legal
Framework.
Undang-Undang No.36/1999
regarding National Telecommunication Industry
New Cyberlaw on Information
and Electronic Transaction
Peraturan Pemerintah No.52/2000
regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006
regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
Challenges
to
ID-‐SIRTII
Ac�vi�es.
; Preven�on
– “Securing”
internet-‐based
transac�ons
– Reducing
the
possibili�es
of
successful
a�acks
– Working
together
with
ISP
to
inhibit
the
distribu�on
of
illegal
materials
; Reac�on
– Preserving
digital
evidence
for
law
enforcement
purposes
– Providing
technical
advisory
for
further
mi�ga�on
process
; Quality
Management
– Increasing
public
awareness
level
– Ensuring
security
level
in
cri�cal
infrastructure
ins�tu�ons
Work
Philosophy.
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Why should we have regulation?
Why should we establish institution?
Why should we collaborate with others?
Why should we agree upon mechanism?
Why should we develop procedures?
Why should we have standard?
Why should we protect our safety?
Why should we manage risks?
Why should we form response team?
Holis�c
Framework.
SECURE INTERNET
INFRASTRUCTURE
ENVIRONMENT
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
People
Process
Technology
Advisory
Board
Incident
Indication
Analysis
Traffic
Monitoring
System
Executive
Board
Incident
Response.
Management
Log File
Management
System
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
Two
Way
Rela�onship
Real
World
“Physical War””
Cyber
Space
“Virtual War””
Two
Way
Rela�onship
Real
World
relate
relate
real interaction
real transaction
real resources
real people
flow of information
flow of product/services
flow of money
Cyber
Space
Two
Way
Rela�onship
Ethics
Law
Real
World
Cyber
Space
Rule of Conduct
Mechanism
Cyber Law
“Ruling Cyber Space interaction with Real World Penalty”
”
Classic
Defini�on
of
War
WAR is here to stay…
“Can Cyber Law alone
become the weapon
for modern defense
against 21st century
Cyber Warfare & Cyber
Crime?”
Two
Way
Rela�onship
Real
World
impact
impact
Cyber
Space
Two
Way
Rela�onship
blackmail
threaten
destroy
attack
mess up
ruin
Real
World
penetrate
crime
destroy
terminate
Poli�cal
Incidents
Interna�onal
Events
Published
Books
Cyber
Space
disrupt
Training
Materials
Pirated
Tools
Community
of
Interests
Two
Way
Rela�onship
justify
suspect
sue
investigate
Real
World
Personal
Blogs
Ci�zen
Journalism
inspect
sabotage
condemn
examine
spy
gossip
Anonymous
Interac�on
Cyber
Space
perceive
Phishing
and
Forgery
Campaign
and
Provoca�on
Communi�es
Reviews
The
Paradox
of
Increasing
Internet
Value
internet
users
+
+
transac�on
value
+
interac�on
frequency
+
communi�es
spectrum
usage
objec�ves
=
The
Internet
Value
it
means…
threats
a�acks
crimes
Internet
Security
Issues
Domain
;
Internet
is
formed
through
connec�ng
a
set
of
digital-‐
based
physical
technology
that
follows
a
good
number
of
standards
and
protocols
;
All
technical
components
(hardware
and
so�ware)
interact
to
each
other
within
a
complex
dependent…
TECHNICAL
ISSUES
INTERNET
SECURITY
BUSINESS
ISSUES
SOCIAL
ISSUES
;
What
are
interac�ng
in
the
net
are
real
people,
not
just
a
bunch
of
“intellectual
machines”
–
by
the
end
of
the
day,
human
mind,
characters,
behaviors,
and
values
ma�er
;
It
is
not
an
“isolated
world”
that
does
not
have
any
rela�onship
with
the
real
physical
world
;
It
is
a
part
of
business
system
as
transac�ons
and
interac�ons
are
being
conducted
accordingly
;
As
technology
mimic,
enable,
drive,
and
transform
the
business,
internet
dependency
is
high
;
For
the
ac�vi�es
that
rely
on
�me
and
space
–
where
resources
and
processes
can
be
digitalized
-‐
the
network
is
the
business
Technical
Trend
Perspec�ve
the
phenomena…
malicious
code
vulnerabili�es
spam
and
spyware
phishing
and
iden�fy
the�
�me
to
exploita�on
the
efforts…
Intrusion
Preven�on
So�ware
Patches
Firewalls
Malware
Blocking
Encryp�on
and
PKI
An�spyware
Network
Access
Control
An�Virus
Applica�on
and
Device
Control
Web
and
Security
Business
Trend
Perspec�ve
the
context…
Risk
Management
Prac�ces
Cost
Benefit
Analysis
Regulatory
Compliance
Governance
Requirements
Digital
Asset
Management
Standard
and
Policy
Enforcement
the
strategy…
Archiving
and
Reten�on
Management
IT
Audit
Business
Con�ngency
Plan
Chief
Security
Officer
Security
Management
Technology
Compliance
Disaster
Recovery
Center
ISO
Compliance
Standard
Cer�fica�on
Storage
and
Backup
Management
Backup
and
Recovery
Applica�on
and
Device
Control
Social
Trend
Perspec�ve
the
characteris�cs…
Computer
Savvy
Society
Digital
System
Everywhere
Free
World,
Open
Market
the
choices…
policy
vs.
design
enforcement
vs.
culture
Internet
as
New
Fron�er
pressure
vs.
educa�on
reward
vs.
punishment
standard
vs.
self
control
regula�on
vs.
ethical
behavior
Borderless
Geography
top-‐down
vs.
bo�om-‐up
preven�on
vs.
reac�on
The
Core
Rela�onships
People
(Social
Aspects)
Context/Content
Applica�ons
(Business
Aspects)
Technology
(Technical
Aspects)
Converging
Trend
BUSINESS
TECHNICAL
ISSUES
ISSUES
SOCIAL
ISSUES
Internetworking
Dependency
Since
the
strength
of
a
chain
depends
on
the
weakest
link,
then
YOUR
SECURITY
is
MY
SECURITY…
Things
to
Do
1.
2.
3.
4.
5.
6.
7.
8.
Iden�fy
your
valuable
assets
Define
your
security
perimeter
Recognize
all
related
par�es
involved
Conduct
risk
analysis
and
mi�ga�on
strategy
Ensure
standard
security
system
intact
Ins�tu�onalize
the
procedures
and
mechanism
Share
the
experiences
among
others
Con�nue
improving
security
quality
Key
ac�vi�es:
use
the
THEORY
OF
CONSTRAINTS
!
(Find
the
weakest
link,
and
help
them
to
increase
their
security
performance
and
capabili�es…)
What
should
we
do?
; Monitoring
the
dynamic
environment
happening
in
real
world
and
cyber
world?
; Building
effec�ve
procedures
and
mechanism
among
ins�tu�ons
responsible
for
these
two
worlds?
; Forming
interna�onal
framework
for
collabora�on
and
coopera�on
to
combat
cyber
crimes?
; Finding
the
most
fast
and
effec�ve
methodology
to
educate
society
on
cyber
security?
; Developing
and
adop�ng
mul�-‐lateral
cyber
law
conven�on?
; Ac�ng
like
intelligence
agencies?
Interpol?
Detec�ves?
CSIRTs/CERTs?
ASEAN?
United
Na�ons?
Lessons
Learned
; As
the
value
of
internet
increase,
so
does
the
risk
of
having
it
in
our
life.
; Hackers
and
crackers
help
each
others,
why
shouldn’t
we
collaborate?
; Enough
talking
and
planning,
start
execu�ng
your
risk
management
strategy…
Beware
…
Thank
You
Prof.
Richardus
Eko
Indrajit
Chairman
of
ID-‐SIRTII
and
APTIKOM
indrajit@post.harvard.edu
www.eko-‐indrajit.com