IRISSCERT
Cyber Crime Conference
The 4th Annual IRISSCERT Cyber Crime Conference was
held on Thursday the 22nd of November 2012 in the D4Berkley Court Hotel,
in Ballsbridge Dublin. It was an all day conference which focused on
providing attendees with an overview of the cyber threats facing
businesses in Ireland and throughout the world and what they can do to help deal
with those threats.
Experts on various aspects of cyber crime and
cyber security shared their thoughts and experiences with attendees,.
The IRISSCERT Annual Conference is an
opportunity to not only increase your knowledge but also to meet and network
with your peers in a relaxed environment. The Cyber Crime Conference for 2013 is
scheduled to be held on November 21st 2013.
In parallel to the conference, IRISS also
hosted Ireland's premier Cyber Security Challenge to identify
Ireland's top cyber security experts. These experts competed against each other in a
controlled environment to see who would be the first to exploit weaknesses in a
number of systems and declare victory. The purpose of the competition is to
demonstrate how attackers could gain access to your systems and allow you to
learn from the event on how to prevent such attacks from impacting your network.
Schedule
Speaker Lineup
Keynote Speaker -
Marcus J. Ranum, Chief Security Officer of Tenable Security, Inc.
Marcus is a world-renowned expert on
security system design and implementation. Since the late 1980's, he has
designed a number of groundbreaking security products including the DEC
SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network
Flight Recorder intrusion detection system. He has been involved in every
level of operations of a security product business, from developer, to
founder and CEO of NFR. Marcus has served as a consultant to many FORTUNE
500 firms and national governments, as well as serving as a guest lecturer
and instructor at numerous high-tech conferences. In 2001, he was awarded
the TISC "Clue" award for service to the security community, and also holds
the ISSA lifetime achievement award. In 2005 he was awarded Security
Professional of the Year by Techno Security Conference.
Topic:
Cyberwar in the era of Stuxnet
We all know Stuxnet was a significant
historical event in the time-line of computer security, but most of us are
unsure what it means, practically and professionally. Are the "big
scenarios" of cyberwar - countries knocked back to the pre-industrial age -
just around the corner? How much do we really need to worry about
state-sponsored cyberwar? Marcus will offer some perspectives on how this is
likely to play itself out.
Michael Moran, coordinator for
Crimes against Children, Interpol
Michael Moran is the coordinator for
Crimes against Children at INTERPOL, the International Criminal Police
Organisation. This team, based within the Serious Crime directorate at
INTERPOL specialises all aspects of international criminality against
children and especially in online child sexual exploitation. His duties
include management of international networks of officers working in the
field including the INTERPOL Specialists working group on Crimes against
Children, the International Child Sexual exploitation database and victim
identification network along with International Operations. He is also the
INTERPOL representative with the VGT and ICANN (GAC observer). From November
2011 to July 2012 he was temporarily deployed as acting Assistant Director
Cyber Security and Crime for the INTERPOL Global complex for Innovation in
Singapore.
He has an MSc. in Forensic Computing and Cybercrime Investigation from UCD
(MSc FCCCI) and a BA (Hons) IT, from IPA as well as a diploma in Project
Management from UCC. He has a higher Diploma in Information Systems and is a
certified Internet Webmaster Professional.
He is an advisor to the University College Dublin Centre for Cybercrime
Investigation at the School of computer science and informatics. He is the
designer of a module on online child exploitation there and continues to
lecture there. He is a developer and instructor of the “Europol Combating
Child Exploitation online” course held annually in Germany. He talks at many
conferences, trainings and seminars around the world.
Topic: Tackling Online Crimes Against
Children
Crimes against Children is a statement
that has many connotations, most of which are unsavoury, difficult and
complex. People find it difficult to talk about, to discuss or to debate.
Discussion about it often takes the polar opposites of the hysterical
rhetoric of the populist as against the turbid language of academic papers.
Yet, in order to deal with it we must talk about it as this remains the best
way to deal with it.
One of the most difficult crimes against
children to discuss is sexual abuse. Traditionally this was a very local
crime that took place within the home or in isolated cases. After all, in
order to abuse a child the criminal needs unfettered access, time and
security, none of which is easily obtained. Exposure to this crime only
occurred if you were directly affected. All this has changed with the
advent of the internet.
The Internet and ICT in general has revolutionised the world and most things
in it through its facilitation of communication, data exchange and the
indexing of both. This is also true for child sexual abuse.
The ease with which offenders or potential offenders can get access to free
speech protected advocacy websites; the ease with which child abuse material
(also erroneously called child pornography) is produced, stored and
transferred and the ease with which people with a sexual interest in
children can contact them have thrown up many challenges for law
enforcement, parents and society in general.
In this talk Mick Moran will explain in a sober, simple and open way the
subject of sexual abuse of children, the effects of ICT on its perpetration
and the role of the systems administrator, IS security personnel and others
in combating it.
Rik Ferguson - Director Security
Research & Communication EMEA - Trend Micro
Rik Ferguson brings more than seventeen
years of security technology experience to his role as Director of Security
Research & Communications at Trend Micro. In this position, Rik is actively
engaged in research into online threats and the underground economy. He also
researches the wider implications of new developments in the Information
Technology arena and their impact on security both for consumers and in the
enterprise, contributing to product development and marketing plans. Rik
writes the Countermeasures blog and is the lead spokesperson for Trend
Micro. He is often interviewed by the BBC, CNN, CNBC, Channel 4, Sky News
and Al-Jazeera and quoted by national newspapers and trade publications
throughout the world. Rik also makes a regular appearance as a presenter at
global industry events. Remaining actively engaged in customer projects, Rik
tries to ensure his views and areas of research reflect the security
concerns as experienced by enterprises and individuals as they come to grips
with new technologies. In April 2011 Rik was formally inducted into the
InfoSecurity Hall of Fame.
Prior to assuming his current role, Rik
served as Solutions Architect at Trend Micro. Previously, he served as
Security Infrastructure Specialist at EDS where he led the security design
work for government projects related to justice and law enforcement and as
Senior Product Engineer at McAfee focused on network security, intrusion
prevention, encryption and content filtering.
Neira Jones - Head of Payment
Security - Barclaycard
As Head of Payment Security at
Barclaycard, Neira Jones is responsible for ensuring that the transactions
processed by Barclaycard’s 100,000 business customers worldwide are safe,
secure and compliant with industry standards and that the importance of
information security is understood in the industry. Neira’s success in
steering Barclaycard and its customers through the changes in payments
security, and in particular with the PCI DSS (Payment Card Industry data
Security Standard) has resulted in Barclaycard winning two prestigious
awards at the February 2012 Merchant Payments Ecosystem conference (MPE,
formerly ECAF) for "Data Security" & "Merchants".
In 2011 Neira was inducted to the Infosecurity Europe Hall of Fame and in
April 2012 at SC Magazine Awards 2012 Europe she was awarded Information
Security Person of the Year. The Barclaycard Payment Security team which she
heads has twice been awarded the Information Security Team of the Year award
from SC Magazine the first time in 2011 and again in 2012. Past awards
include the 2010 European Card Acquiring Forum (ECAF) award for Data
Security (PCI DSS) and in October 2010, Neira was voted one of the top 10
most influential people in infosec in the UK by SC Magazine and ISC2.
In addition, Neira has been on the PCI Security Standards Council Board of
Advisors since 2009 and has over twenty years experience in financial
services working for among the best known and respected names in the
financial services sector. Before joining Barclaycard, Neira managed
business process re-engineering as well as technology strategy functions.
Her knowledge of the finance industry and her skills in change and
transformational management have been instrumental in demonstrating that
payment security issues could not be solved by IT alone. It was this
holistic approach to tackling the problems of information security, as well
as her commitment to working with partners, that brought her to Barclaycard.
Topic:
Social Media: The New Dimension For Incident Response
Nicolas Villatte is a Principal
Consultant with Verizon Business EMEA RISK Team
Nicolas Villatte is a Principal Consultant
with Verizon Business EMEA RISK Team. In this role, Nicolas has been
responsible for managing the EMEA incident response laboratory as well as
overseeing and performing incident response and investigation, helping
customers mitigate against and investigate incidents such as stolen
information, hacked servers and applications, anonymous email threats,
malware infections and fraud.
Topic : Security and Risk Management
Lessons from The Verizon Databreach Investigations Report
Every year Verizon Business releases a
Data Breach Investigations Report (DBIR). In 2010, Verizon Business also
made the underlying framework VERIS open source. Several partners have
adopted the framework to report on data breaches and have shared their
anonymized data with Verizon Business. The result is a study that gives the
reader not only a unique insight into the world of Cybercrime, and how
hackers work but also a useful source of information to aid risk management
decisions making.
Gavin O'Gorman, Senior Threat
Intelligence Analyst, Symantec
As a senior analyst in Symantec Security
Response’s Attack Investigation Team (AIT), Gavin handles the investigation
of high priority attacks and long term research of threats. He presents AIT
work regularly at industry conferences. Gavin has worked previously as a
reverse engineer and incident handler in Symantec Security Response. He has
a master’s degree in Computer Security & Forensics from DCU, has spent
several years researching anonymous networks, and also lectured network
security in DCU.
Topic - Investigating Law Enforcement
Themed Ransomware
Over the past six months there has been a
spate of ransomlock trojans which make use of the logos and icons of various
police forces. Citing some fictional transgression, the trojans lock a
user's computer screen, effectively disabling the computer. They then demand
payment of a ‘fine’ to unlock the computer. In an attempt to lend the ‘fine’
an air of authenticity, the trojans use geo-location to display a logo from
local law enforcement. If you are in Germany for example, then a German
police force logo is displayed on the computer. If you are in Ireland, then
you may see a Garda Síochána image! The Security Response Attack
Investigations Team has analyzed and investigated multiple versions of these
trojans. This presentation will describe that work, charting the evolution
of the trojans and describing the attackers behind the fraud.
Eoin Keary CISSP, CISA,
Chief Technology Officer, BCC Risk Advisory
Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd. (www.bccriskadvisory.com)
an Irish company who specialise in secure application development, advisory,
penetration testing, Mobile & Cloud security and training.
Eoin is also an international board member, and vice chair of OWASP, The
Open Web Application Security Project (owasp.org). During his time in OWASP
he has lead the OWASP Testing and Security Code Review Guides and also
contributed to OWASP SAMM, ASVS and the OWASP Cheat Sheet Series.
Eoin has led global security engagements for some of the world’s largest
financial services and consumer products companies. He is a well-known
technical leader in industry in the area of software security and
penetration testing.
Topic: Everything we know and do to secure
web applications is wrong
The premise behind this talk is to challenge both the technical controls we
recommend to developers and also out actual approach to testing. This talk
is sure to challenge the status quo of web security today.
"Insanity is doing the same thing over and over and expecting different
results." - Albert Einstein
We continue to rely on a “pentest” to secure our applications. Why do we
think it is acceptable to perform a time-limited test of an application to
help ensure security when a determined attacker may spend 10-100 times
longer attempting to find a suitable vulnerability?
Our testing methodologies are non-consistent and rely on the individual and
the tools they use. Some carpenters use glue and some use nails when
building a wooden house. Which is best and why do we accept poor
inconsistent quality.
Fire and forget scanners won’t solve security issues. Attackers take time
and skill but our industry accepts the output of a software programme to
help ensure security?
How can we expect developers to listen to security consultants when the
consultant has never written a line of code? Why don’t we ask ‘How much code
development have you done, seen as you are assessing my code for security
bugs?"
Currently we treat vulnerabilities like XSS and SQLI as different issues but
the root causes it the same. – it’s all code injection theory!! Why do we do
this and make security bugs over complex?
Why are we still happy with “Testing security out” rather than the more
superior “building security in”?
Dave
Venman Security Engineer Manager, Sourcefire EMEA
Dave Venman has been
working out why and how networks break on their own for more than 15 years,
and for the last four years, working out why and how networks are being
broken by people for fun or profit. He has wanted to be working in IT
security since reading Cliff Stoll's book "The Cuckoo's Egg" in the early
90s, but it took him 10 years to persuade someone he was actually capable of
doing the job.
Topic - Roll your own
Next Generation Security Solution
All sorts of vendors
will tell you that their NGFW / NGIPS is better than everyone else's.
That's great if you have the budget, but if you don't this talk will break
down some of the steps the best protected companies are taking to defend
themselves, and some of the open source software there is to help you copy
them.
Jo De Muynck & Romain Bourgue, Security Experts,
ENISA
Jo De Muynck is a National Expert seconded
from Belgium to ENISA. Prior to joining the Agency he worked as a security
specialist for BELNET as part of the team responsible for the national
CERT.be and BELNET CERT. Before that, he worked for the Internet Monitoring
Unit of the FPS Economy, SMEs, self-employed and Energy.
Romain Bourgue is an Expert in NIS for
Computer Security and Incident Response at ENISA. Before joining the Agency
he was working as IT Security Expert for the French Ministry of Agriculture,
Food and Fishing and, as a freelance, for private sector.
Topic: Improving cooperation for CERTs
tackling cybercrime
Successful cooperation with other
stakeholders, such as LEA, and effective awareness raising are two key
factors for CERTs in their fight against cybercrime.
ENISA is actively supporting the CERT
community by identifying and addressing operational and legal barriers in
their collaboration within the community and with other stakeholders. ENISA
will be presenting the results of its activities in this area by focusing on
CERT cooperation with LEA and the EISAS Pilot project for improved
Pan-European awareness raising activities.
Candid Wueest, Principal Threat Researcher, Symantec
Candid Wüest holds a master of computer
science from the Swiss Federal Institute of Technology (ETH) and various
certifications. During the day he works for Symantec's global security
response team, where he has been going far beyond anti virus signatures
during the last 9 years. He researches new threat vectors, analyses trends
and formulates new mitigation strategies. He has published various articles
and appeared in magazines and TV shows. He is a frequent speaker at
conferences like VB, RSA or hashdays.
He learned coding and the English language
on a Commodore 64.
Topic: Current Advances in Banking
Trojans
For ten years we have been fighting
against malware that targets online banking. Trojans like Zeus, SpyEye,
Torpig, Carberp and others still manage to loot millions of dollars from
infected user accounts every year.
This presentation will analyze the current
situation of online banking malware. How sophisticated are the current
versions of these Trojans and how did they evolve? Which techniques are
currently used to bypass the security measurements of online banking
applications? Are man in the browser attacks still the most sophisticated
ones? Or are other attacks like proxies or DNS redirections taking over? How
much do the attackers focus on mobile banking or tokens on mobile phones
like mTAN? These mobile features have been introduced to create a second
authentication channel, independent from the infected PC, in order to
protect against Trojan attacks and are therefore of interest to the
attackers. We will dissect new features like the P2P option of Zeus but also
lesser know methods like the Firefox XUL injection used by Trojan.Neloweg.
Mark Hillick, Senior Engineer,
KybEire
Mark is a founder of the HackEire CTF
contest and was a founding member of IRISS-CERT. He
is currently a Senior Engineer at 10gen, the creators of MongoDB, where he
is helping users
and spreading the MongoDB word.
Prior to 10gen, Mark led the EMEA TRM Networking Team for Citrix Systems,
where he was
responsible for many of Citrixʼs biggest worldwide customers and ensuring
they leveraged
Netscaler in the best and most secure fashion across their infrastructures.
Mark is one of few people worldwide and the only one in Ireland to have
achieved the
industry-leading GIAC GSE certification. As a result, he also currently
writes questions for
GIAC exams. As you can see from the title of the talk, Mark is one of the
contributing team
members to the Security Onion project.
Topic Peeling off your network layers with
Security Onion
In this talk, I'm going to demonstrate how
easy the Security Onion distro makes Network Security Monitoring (NSM).
As many folk in the security industry know, traditional Intrusion Detection
Systems (IDS) can be costly, difficult to install, may not provide all the
capabilities that you need to defend your network and frequently end up as a
doorstop in your datacentre. In the early noughties, the craze was to
install IDS hardware because the auditor had said so. Then in the late
noughties, research analysts were saying there was no need for dedicated IDS
solutions because devices were collapsing and everything was going to be on
your firewall, oh yeah that silver bullet :)
NSM is different because it provides with visibility like never before, it
combines traditional IDS alerts with additional data to give you a more
complete picture of what's really happening on your network.
This presentation will demonstrate a NSM solution, called Security Onion,
running on commodity hardware, can be used to detect real attacks and help
give you a view like never before!!
They say the best things in life are free and for once, it just might be
true......
Arron Finnon, Research Consultant, Activity
Information Management Ltd.
Arron has been involved in security
research for over 6 years, and has discussed a wide range of security
related topics at a number of Security/Hacking conferences in both the UK
and Europe. In addition to this, Arron has produced over 60 security related
podcasts, interviewing countless security professionals as part of the
popular Finux Tech Weekly show.
During Arron’s time at university he was also awarded the SICSA Student Open
Source Award for his Advocacy of Free and Open Source software. Now a
Research Consultant with Activity Information Management Ltd.
Topic: Time for a Better Gun?
Depending on how you look at it, I have
been fortunate or unfortunate enough to be involved with IDS/IPS for
sometime - although my involvement hasn't been within the world of vendors
and products, but detection and mitigation. IDS/IPS devices have, and
rightly so, faced a lot of criticism over the years. Few could argue that
these systems making massive claims that have no real world basis is bound
to attract a cynical eye, however in the end its achieved nothing.
IDS/IPS have apparently been dead for a number of years, which I always find
amazing as they have been deployed in large numbers since their obituaries
were written, although in some cases they are there for no other reason than
to satisfy compliance. Still the facts are as follows:
- They do have a place and a purpose
- They don't always do what they claim
- The security community will continue to moan about them not being a
"silver-bullet" solution.
The above is all true, I am not going to lie and its not my intention to
alter that belief. However, my main thoughts are that the language used in
assessing the effectiveness of detection systems is in the complete control
of vendors. They have control over the information made available to
organisations wishing to purchase these systems and, without independence,
we are all at the mercy of a few companies with vested interests. Something
must change, otherwise the same mistakes will carry on being created as they
have been in the past.
The IPS is dead, long live the IPS!
This talk looks at the current situation that surrounds the murky world of
vendor spin and Intrusion Detection/Prevention Systems. Discussing the
potential avenues that, as a security community, we can take control of the
situation and attempt to change things for the better. This is in no way a
vendor pitch, in fact this is probably the most anti-vendor talk I have ever
given. It is my aim to plant a seed, allowing people to walk away with the
idea that more questions need to be asked, and that we must find a better
way of asking them. Hopefully, attendees will leave with at least one major
question niggling at their subconsciousness: "What questions would an IPS
hacker ask?"
Christopher Boyd, Senior Threat
Researcher, GFI Software
Christopher Boyd is a Senior Threat
Researcher for GFI Software, a former Microsoft MVP in Consumer Security and
former Director of Malware Research for FaceTime Security Labs.
He's been thanked by Google for contributions to security and responsible
disclosure, and has been credited with numerous finds in security including
the first rootkit in an Instant Messaging hijack, the first example of a
rogue web browser installing without permission and the first DIY Twitter
Botnet creation kit.
In addition to presenting in Singapore, Spain and India he has also given
talks at RSA, the Antispyware Coalition, InfoSec Europe, SecTor and Rootcon.
His areas of research include Adware, videogame / console exploits, IM and
P2P research.
You Fumbld your Tumbl
Tumblr now has a bigger
userbase than WordPress, with 20 billion posts spread across 50 million
blogs. More and more companies are taking the plunge and signing up, often
with little idea of the dangers, scams and threats that plague the userbase
on a daily basis. Phishing, surveys, Malware, redirects, scripting attacks
and affiliate deals are all part and parcel of the experience for budding
Tumblr users - falling prey to these scams could be costly to a corporate
entity trying to keep up with the latest social media strategies deployed by
their competitors.
This presentation will
take a look at some of the most popular attacks on both the service and its
users, exploring the techniques and the files used to generate some profit
for the scammers or just give users a bad hair day for no other reason than
the fun of it. From large scale phish attempts and fake Tumblr staff blogs,
to weightloss spam runs and the use of memetics to catch out unwary users,
this talk will show corporate users how to keep their accounts safe from
harm, avoid risky users that could expose them to malicious content and the
steps to take to fix any potential compromise.
With numerous case study
examples from the past year to draw on, attendees will come away from the
talk with a solid base to map out a safe Tumblr strategy that could also be
applied to other social networking portals such as Pinterest.
Mathieu Gorge, ISI
Chairman and CEO VigiTrust
Mathieu Gorge has been in the security
industry for the past 13 years. He is a regular speaker at international
security conferences (RSA, ENISA, ISACA). He is also on the Global
Educational Advisory Committee of the ISSA and a well respected figure in
the security industry in North America and in EMEA. Mathieu specialises in
Cybercrime, Payments Security (PCI DSS), Security of Social Networks.
Infosecurity Ireland (ISI) supports the interaction of technology firms,
research institutes, third level colleges and industry associations to
ensure continuous development of Ireland as a centre of excellence in
information security
Sponsors
Thanks to the generosity of our
sponsors IRISS is able to
host this event. The following organisations kindly lent their support to our
conference;
Symantec™
is a global leader in providing security, storage and systems management
solutions to help our customers – from consumers and small businesses to the
largest global organizations – secure and manage their information and
identities independent of device. Symantec does this by bringing together
leading software and cloud solutions that work seamlessly across multiple
platforms, giving customers the freedom to use the devices of their choice and
to access, store and transmit information anytime, anywhere.
Renaissance
distributes Sophos products in Ireland along
with a portfolio of complimentary data security products to suit your needs for
now and into the future. As threats and risks change so does the Renaissance
portfolio to meet these ever evolving requirements. Renaissance partners with
most of the leading solution providers in Ireland and has a range of accredited
trained partners throughout Ireland. Renaissance through our partners provides
you with the products and support which your business needs to ensure a safe
secure environment to carry out your business.
We
help organisations keep data safe and block the growing number of complex
threats. Smart investments yield positive gain and investing with
Sophos is smart. As a
Sophos customer you benefit from industry
leading, high quality security solutions for business.
Our complete security portfolio means that you can protect every part of your
business; Web, Email, Endpoint, Mobile, Network and Data. Our Unified Protection
brings all these products together as a hardware, software, virtual or cloud
based solution with centralised management enabling you to deliver end to end
Security. Our ability to provide complete security without complexity means
better security for you at reasonable pricing for you. It’s that simple.
We understand your needs and are committed to giving you the information and
tools you need for a successful partnership with us. That’s a promise.
MEDIA SPONSORS
Help
Net Security has been a prime resource for information security news since
1998. The site is updated daily with
fresh content including interesting articles, information on new product
releases, latest industry news and more. Besides reading daily news coverage,
you can download all of the issues of our digital
(IN)SECURE Magazine.
SC
Magazine is the world's largest dedicated IT security publication having
served the IT security industry for over 15 years. Our readers turn to
SC Magazine each month for
informative and up-to-date features on key players in the industry, exclusive
interviews, case studies and the renowned SC product reviews. With 100% of our
readers intending to make multiple purchases over the next 12 months and over
42% of our readers turning to these product reviews for advice on what product
they should purchase, it is the first port of call for key IT security
professionals.
Should you or your company be interested in
sponsoring the upcoming event or sponsoring IRISS please send an email for
info@iriss.ie for our sponsorship pack.
