1. Click to edit Master title style
9/30/2015 1
Cybersecurity
Extortion &
Fraud
Goodwin College
September 30, 2015Sponsored by:
2. Top Five
Things You Can
Do to Protect
Your Clients
and Your
Business
UCONN Stamford
March 30, 2015
Presented by
Bruce Carlson
President & CEO
Connecticut Technology Council
Introduction
3. Top Five
Things You Can
Do to Protect
Your Clients
and Your
Business
UCONN Stamford
March 30, 2015
Presented by
Mark Scheinberg
President
Goodwin College
Welcome
4. Top Five
Things You Can
Do to Protect
Your Clients
and Your
Business
UCONN Stamford
March 30, 2015
Presented by
Paul Savas
Vice President
Comcast Business Western New England
Region
Welcome
5. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
Martin
McBride
Presented by
Keynote Speaker:
William P. Shea
Deputy Commissioner of Emergency
Services & Public Protection,
State of the CT
To Discuss Cybersecurity Extortion and Fraud
6. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
P re s e n t e d
b y
Patricia Fisher
President & CEO, JANUS Associates
Board Member, CTC
Chair, CTC Cybersecurity Task Force
Introduction of Panelists
7. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
Martin
McBride
Presented by
Speaker:
Leon A Pintsov
CEO
SignitSure
To Discuss Bitcoin and its Security Challenges
8. Bitcoin
What is Bitcoin and how it is used in cyber extortion
and fraud incidents?
L. A Pintsov
CTC Seminar on Cybersecurity
September 30, 2015
8
9. Outline
Cyber attacks, extortion and Bitcoin
Bitcoin - a little bit of mechanics
Properties of Bitcoin
Security and Privacy
Limitations
Future prospects
Conclusion
9
13. How bad guys monetize their cyber
exploits?
By selling attackers’ tools
By selling stolen data
By disabling victim’s internal IT system (e.g. via encryption of
main and back-up business data bases rendering them
useless unless a decryption is applied).
By disabling victim’s website for a significant period of time
[e.g. by repeated Denial of Service (DoS) or Distributed
Denial of Service (DDoS) attacks].
Last two attacks can be monetized only by extortion.
“Ransoms vary in price and are usually demanded in
Bitcoin”.
Note: The cost of attacks to bad guys are increasing and can
be quite significant! Thus, we know of a few attacks that are
done just to make a point (as it used to be the case with
computer viruses sometime ago).
13
14. July 31, 2015
Alert Number I-073115-PSA
E-mail Extortion Campaigns Threatening Distributed Denial of Service Attacks
The Internet Crime Complaint Center (IC3) recently received an increasing number of complaints from businesses reporting
extortion campaigns via e-mail. In a typical complaint, the victim business receives an e-mail threatening a Distributed Denial of
Service (DDoS) attack to its Website unless it pays a ransom. Ransoms vary in price and are usually demanded in Bitcoin.
Victims that do not pay the ransom receive a subsequent threatening e-mail claiming that the ransom will significantly increase if
the victim fails to pay within the time frame given. Some businesses reported implementing DDoS mitigation services as a
precaution.
Businesses that experienced a DDoS attack reported the attacks consisted primarily of Simple Discovery Protocol (SSDP) and
Network Time Protocol (NTP) reflection/amplification attacks, with an occasional SYN-flood and, more recently, Wordpress XML-RPC
reflection/amplification attack. The attacks typically lasted one to two hours, with 30 to 35 gigabytes as the physical limit.
Based on information received at the IC3, the FBI suspects multiple individuals are involved in these extortion campaigns. The
attacks are likely to expand to online industries and other targeted sectors, especially those susceptible to suffering financial
losses if taken offline.
If you believe you have been a victim of this scam, you should reach out to your local FBI field office, and file a complaint with the
IC3 at http://www.ic3.gov/. Please provide any relevant information in your complaint, including the extortion e-mail with header
information.
Tips to protect yourself:
•Do not open e-mail or attachments from unknown individuals.
•Do not communicate with the subject.
•If an attack occurs, utilize DDoS mitigation services. 14
15. Akamai Report dated 9-9-2015
Akamai's Team is warning of increased activity by a group – known as DD4BC –
that since 2014 has threatened to take down corporate networks with
distributed denial-of-service (DDoS) attacks if a Bitcoin ransom is not paid.
Akamai confirmed 141 attacks executed against 124 unique businesses between
September 2014 and July 2015.
DD4BC started off small, only executing an average of nearly four DDoS
extortion attacks per month from September 2014 to March. Activity started
climbing in April with 16 attacks, peaked in June with 41 attacks, and tapered off
a bit in July with 31 total attacks.
The organizations being targeted are in a variety of industries, including 58
percent in financial services, 12 percent in media and entertainment, nine
percent in online gaming, six percent in retail and consumer goods, five percent
in software and technology, and another five percent in internet and
telecommunications.
“If a targeted organization pays the ransom, there is no reason to believe that
the attackers will not return again, and often for a higher amount.” “Additionally,
this could encourage other groups who may use the same name or in some way
be associated with this group to threaten your organization and also send attack
traffic. These types of attacks only work when the victims make it profitable for
them. Not paying the ransom will often lessen the pervasiveness of these
attacks.”
One of the group's latest tactics involves threatening to expose organizations
via social media, the report mentioned.
15
23. Results (from Akamai report)
The data suggests that the individuals
involved in the DD4BC operations have
received ransom payments from the
DDoS threats.
Historically, targets of ransom
demands are selected based on their
anticipated reluctance to involve law
enforcement.
DD4BC is expanding its targets to
enterprise-level organizations.
23
24. Why Bitcoin is a seemingly preferred
payment extortion tool?
(Perceived) Anonymity
/Unlinkability/Untraceability
Relative Ease of Use (for both the extortionist
and the victim)
• Remember instructions in the ransom email?
Ubiquity/Popularity as a payment method
within the Community of Bad Guys
BTC can be easily transferred from one member of
the community to another
Value in BTC can be dormant/stored for a
considerable period of time, i.e. the value
cannot be frozen or confiscated as long as it is
in the Block Chain. 24
25. 25
Bitcoin (n.): A revolutionary
digital currency free of central
banks, deposits, or stable
concepts of ownership and
value.
The New Devil’s Dictionary
26. Paper Money
In US are issued by the US Central Bank in
accordance with an economic policy.
When Alice wishes to give a coin to Bob (in return
for some goods or services) Bob can examine the
coin to ensure that it is valid (i.e., not counterfeit).
Double spending is not a concern because Alice
cannot give the same (valid) coin/bill to two
different parties.
Payer anonymity, payment unlinkability (no link
between payer and payee), and untraceability are
provided
26
27. Bitcoin (BTC)
An electronic cash scheme invented by Satoshi
Nakamoto (a pseudonym) in 2008.
Bitcoin is decentralized, i.e., there is no “Bank” or a
Central Authority
(but there is a committee of 5-6 key developers who
maintain the BTC system as Open Source Software)
Payer anonymity and payment untraceability are not
primary goals of Bitcoin.
Anyone can use Bitcoin:
Download a wallet from bitcoin.org.
Obtain bitcoins by “mining” or from an exchange such
as VirtEx, BTC China (and, until recently, MtGox).
How can the creation of coins be regulated?
How does the recipient of a coin ensure it has not
been previously spent?
27
28. Bitcoin
The first bitcoins were generated by Satoshi Nakamoto on
Jan 3 2009.
The basic unit of bitcoin currency is 1 BTC. Each BTC can be
divided into 100 million pieces, the smallest of which, i.e.,
0.00000001 BTC, is called a “satoshi”.
Bitcoins can be generated (i.e., mined) in theory by anyone.
They are generated at the rate of R BTC every 10 minutes
(approximately).
Initially, R = 50.
On Nov 28 2012, R was lowered to 25.
R will be halved over time (every 212 K transaction or
roughly 4 years), until the year 2140, when a total of 21
million BTC will have been generated. This is a hardcoded
limit. No BTC inflation!
By March 2014, 12.1 million BTC had been generated.
28
29. Value of BTC
• The dollar value of 1 BTC has fluctuated widely:
(seecoinbase.com/charts)
May 22 2010: $0.0025 Jan 1 2013: $13.30
Jul 17 2010: $0.08 Apr 9 2013: $223.10
Jan 1 2011: $0.30 Jul 6 2013: $69.31
Feb 9 2011: $1.00 Oct 31 2013: $127.25
Jun 8 2011: $31.91 Nov 30 2013: $1126.82
Jan 2 2012: $ 5.22 Jan 1 2014: $747.56
Jul 1 2012: $ 6.63 Mar 23 2014: $563.27
• Apr 20 2015: 1 BTC = $230
29
30. Organization of Bitcoin (basic
elements)
Transaction: The transferring of a coin from one user to
another. All transactions are public and are broadcast to
all users.
Peer-to-peer network: The users of Bitcoin are organized
in a peer-to-peer network.
Blocks: Every 10 minutes or so, the latest transactions
are verified and collected into a block. This block is hashed
and (cryptographically) linked with other blocks. The block
is broadcast to the entire peer-to-peer network.
30
31. Organization of Bitcoin (basic
elements)
Block chain: The list of blocks is called the Block
Chain. It contains a record of all past transactions.
Mining: The process of verifying transactions and
compiling a block is called mining. A successful miner
receives a reward (new BTCs plus transaction fees).
Proof-of-work: To successfully compile a block and
receive a reward, the miner has to solve a
cryptographic challenge (requiring a very significant
amount of computing power).
31
32. Block Chain
Address of the previous block
H( ) is the Digest of the previous block
Head of the Chain
Address and Digest of the Last Block
32
33. Properties of the Block chain
Block chain is a data structure (a linked list)
that allows to append data onto the last
existing block.
H ( ) is a hash function, in the case of the
Bitcoin H( ) is SHA256
Block chain provides tamper-evident log of
data stored in the Block chain
Any attempt to modify data in any of the previous
blocks is easily detectable because the Head of the
Chain is securely stored (at multiple locations)
33
35. Key pairs and Identities in Bitcoin
Each user selects randomly generated number a and using it
computes another number A. This is done by the wallet software.
The user’s private key is a; the user’s public key is A.
In Bitcoin, a user’s public key A is used to identify the user.
A user can (and frequently does) select a different key pair for each
transaction. Thus, identity of the user can change with each
transaction.
(Remember extortion emails?)
If a user loses its private key all Bitcoins associated with this key are
lost forever
35
36. Transaction
A transaction is the transfer of a coin (of any value) from one user to
another user.
Suppose that Alice has a coin, say of value 1 BTC.
The transaction in which Alice obtained this bitcoin is represented by TXA.
Suppose Alice wishes to give this coin to Bob.
The transaction of 1 BTC is represented as follows:
TAB = {TXA, A, B, 1 BTC}A, where {M}A denotes a message M and its
signature with respect to the public key A (in other words the message is
signed with Alice’s public key).
This transaction is broadcast to the entire peer-to-peer BTC network.
Transaction TAB
is identified by its SHA-256 bit hash value.
Note: The transaction contains both Alice’s and Bob’s public keys, but not
their names or any other identities. These keys are used to verify that
transaction was initiated by Alice.
36
40. Mining
Incentive: The block creator is awarded R BTC (currently, R
= 25) besides transaction fees.
Users form mining pools and share an award.
Work factor: The target t (for the proof-of- work) is updated
every 2016 blocks (2 weeks) to ensure that the average
time it takes to generate a block is about 10 minutes.
Currently, the bitcoin network is generating hashes at the
rate of approximately 254
per second. The hash difficulty is
approximately t = 63.
A PC can do approximately 223
hashes per second. So, one
PC will take about 35,000 years to generate a block.
40
41. Block Chain Mechanism
Users will accept a block if all the transactions in it
are valid, and if the coins have not been previously
spent.
Users show their acceptance of the block by
using its hash value (digest) as the “previous hash”
for the next block, thereby growing the block chain.
The block chain serves as a public ledger that
records all transactions.
41
42. Security notes
Bitcoin is “secure” as long as honest users
collectively control more CPU power than any
cooperating (colluding) group of users.
Since all transactions are public, payer
anonymity and payment untraceability can not
be guaranteed.
42
43. BTC anonymity, unlinkability, traceability…
There is fundamental and inherent conflict between
decentralization and anonymity. For most users decentralization
seems to be more important than anonymity.
How hard is to link different addresses of the same user?
How hard is to link different transactions of the same user?
How hard is to link sender of payment to its recipient?
Crypto currencies privacy (anonymity) properties are generally
much weaker than those in traditional centralized banking system
because anybody can examine Block chain of all transactions.
Bitcoin allows for multiple “side channels” that leaks data and for
data mining techniques (e.g. Transaction Graph Analysis) to
establish links.
There are several new proposals how to fix BTC anonymity issues
for good using zero-knowledge protocols (e.g. Zerocoin,
Zerocash). They all have some implementations challenges, but if
realized, these protocols will be able to achieve real anonymity
thus creating significant advantages for bad guys and significant
headaches for the law enforcement agencies.
43
44. Extensibility and Limitations
Block chain data structure and distributed peer-to-
peer consensus mechanism have potentially many
applications, even outside finance (e.g. IoT).
Bitcoin as it is operating now has several niche
applications (e.g. international contractors and
extortionists) and have some severe limitations and
shortcomings:
“Bitcoin will start to malfunction early next year. Transactions will become increasingly
delayed, and the system of money now worth $3.3 billion will begin to die as its flakiness
drives people away, so says Gavin Andresen, who in 2010 was designated chief caretaker
of the code that powers Bitcoin by its shadowy creator”. Andresen’s gloomy prediction
stems from the fact that Bitcoin can’t process more than seven transactions a second” (e.g.
compared for about 20,000 for Visa)
45% of exchanges are closed due to various failures or fraud issues.
Wall Street made $30 M investment into Chain Inc. to
develop Block chain technology for financial
applications aiming to reduce complexity and cost of
existing system.
Investors include Visa, Capital One, Goldman Saks,
Fiserv and Orange.
44
46. Conclusion
Bitcoin opened a large and fast developing areas for research as well as several
practical applications and generated considerable interest from computer
scientists, economists, business people, lawyers, governments and non ethical
hacking community (the bad guys).
Bitcoin is most certainly a testament to human ingenuity, its implementation
integrates a number of known and ingenious ideas with new creative and
elegant computational techniques.
Practice seems to be ahead of the theory. No one knows whether Bitcoin is
stable and going to survive or it will experience a major setback or a shock and
be folded
(following Digi Cash and number of other cryptocurrencies into a graveyard).
Given amount of investment and interest that BTC has generated so far it is
likely that BTC concepts and implementation techniques will produce important
and far-reaching implications in many areas of society and economy.
Regulation
Stay tuned!
Note: This presentation contains materials from many web sources, including Princeton University
Course “Bitcoin and Cryptocurrencies Technology”, Akamai and personal communications and materials
from Prof. A. Menezes of the University of Waterloo in Canada. These materials are gratefully
acknowledged.
46
47. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
P re s e n t e d
b y
Panelists
William P. Shea
Deputy Commissioner of Emergency Services & Public
Protection, The State of Connecticut
Leon Pintsov
CEO, SignitSure
Timothy Ronan
Attorney, Pullman & Comley, LLC
Moderator: Patricia Fisher
President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force
Joseph Coray
Vice President, Technology & Life Science Practice, The Hartford
59. BRIDGEPORT | HARTFORD | STAMFORD | WATERBURY | WHITE PLAINS
www.pullcom.com
These slides are intended for educational and informational purposes only. Readers are advised to seek
appropriate professional consultation before acting on any matters in this update. These slides may be
considered attorney advertising. Prior results do not guarantee a similar outcome.
These slides are intended for educational and informational purposes only. Readers are advised to seek
appropriate professional consultation before acting on any matters in this update. These slides may be
considered attorney advertising. Prior results do not guarantee a similar outcome.
60. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
P re s e n t e d
b y
Panelists
William P. Shea
Deputy Commissioner of Emergency Services & Public
Protection, The State of Connecticut
Leon Pintsov
CEO, SignitSure
Timothy Ronan
Attorney, Pullman & Comley, LLC
Moderator: Patricia Fisher
President & CEO, JANUS ASSOCIATES; Board Member, CTC; Chair, CTC Cybersecurity Task Force
Joseph Coray
Vice President, Technology & Life Science Practice, The Hartford
61. Extortion
& Fraud
Goodwin College
September 30, 2015
Sponsored by:
P re s e n t e d
b y
Bruce Carlson
President & CEO
CT Technology Council
Patricia Fisher
President & CEO
JANUS Associates, Inc.
Nancy Hancock
Partner
Pullman and Comley LLC
Richard Harris
Partner
Day Pitney LLP
Rick Huebner
President & CEO
Visual Technologies, Inc.
Lyle Liberman
COO
JANUS Associates, Inc.
Andy McCarthy
VP of Engineering &
Technical Ops,
Western NE Region
Comcast
Suzanne Novak
Owner/President
ERUdyne. LLC
Dr. Leon Pintsov
CEO
SignitSure Inc.
Paige Rasid
COO
CT Technology Council
Ray Umerley
Vice President
Chief Data Protection
Officer, Pitney Bowes
Ron Vernier
SVP and CIO
Hartford Steam Boiler
C y b e r s e c u r i t y Ta s k F o rc e
62. Click to edit Master title style
9/30/2015 62
Cybersecurity
Extortion & Fraud
Goodwin College
September 30, 2015
Sponsored by: