Upload
benjamin-page
View
240
Download
2
Tags:
Embed Size (px)
Citation preview
Wi r
e sha r k
Death of Security:Breached Hosts/Stolen Data/IP EspionageLaura ChappellAuthorWireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guidewiresharkbook.com
SESSION CODE: SIA335
Case 1: OutsourcingCompany Name Withheld
Company A prepared to release new cellular product – they defined this product as their “future cash cow”
Manufacturing cost reduction issuesManagement decided to outsource production to IndiaSingle hard drive contained all technical specs for the companySingle person responsible for hand-delivering drive to outsource targetDrive “disappeared”Cross-country issues for law enforcementNo one watching single personCompetitor released product first
Case 2: Failed Employee “Separation”Intake brings in new employees; separation removes them from company
Separation process leakedEmployee copied content from server to a series of USB drivesEx-employees should be “separated” properly
Case #3: The Beer Garden Employee Birthday Gone Wrong
Company A’s employee allegedly leaves prototype product in beer garden on birthdayPrototype allegedly “found” by another customerPrototype sold to gadget magGadget mag article describes prototypeREACT team searches author’s homePrototype returned to Company A
Gourmet Haus StaudtRedwood City, California
Case #4: Blabla by Stephen WattOn behalf of Albert Gonzalez
Gonzales was a Paid USSS Informant170 million credit/debit card numbers
TJX7-11Barnes & NobleOfficeMaxHeartland Payment SystemsHannaford Brothers
Watt pleaded guilty in 2009 as an accomplice to Gonzalez's multi-million card-hacking business. Watt created a sniffer program, Blabla, used to access at least 45 million credit and debit card numbers from TJX's corporate network.Gonzales 17-25 years + $3 million restitutionWatt 2 years and $171.5 million restitution (May 7th in)
Stephen Watt
Case #4: Jeremy JethroOn behalf of Albert Gonzalez
Jeremy Jethro Paid $60,000 by Gonzales for IE exploitConfined to home for the first 6 months of his 3-year long sentence; $10,000 restitution
Christopher Scott; 7-year sentenceDamon Toey; 5-year sentenceHumza Zaman; 46 months and $75,000*
“They want to turn their skills into cash;
information for money exchange.”
*Former network security manager at Barclays Bank
Where R UR Credit Card Numbers?
Case #4: Blabla by Stephen WattOn behalf of Albert Gonzalez
Gonzales was a Paid USSS Informant170 million credit/debit card numbers
TJX7-11OfficeMaxHeartland Payment SystemsHannaford Brothers
Watt pleaded guilty in 2009 as an accomplice to Gonzalez's multi-million card-hacking business. Watt created a sniffer program, Blabla, used to access at least 45 million credit and debit card numbers from TJX's corporate network.
WAIT!
WHAT!!!?
Suspect Traffic OverviewTrace files available at wiresharkbook.comLook for traces preceded by “sec-” and “nmap-”
DEMO
Related Content
WSV303 Death of a Network: Identify the Hidden Cause of Lousy Network Performance
SIA336 Wiretapping Kung Fu: Becoming a Network Analyst Guru
SIA332 (Panel) Securing the Cloud: Expert Panel
Online Videos: www.wiresharkbook.com
Resources
www.microsoft.com/teched
Sessions On-Demand & Community Microsoft Certification & Training Resources
Resources for IT Professionals Resources for Developers
www.microsoft.com/learning
http://microsoft.com/technet http://microsoft.com/msdn
Learning
Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st
http://northamerica.msteched.com/registration
You can also register at the
North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
JUNE 7-10, 2010 | NEW ORLEANS, LA