O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

ifda financial attacks - Conférence ECW 2018 Rennes

399 visualizações

Publicada em

Conférence Médias Intelligence Artificielle Cybersécurité - ECW 2018 - European Cyber Week - Rennes - 22 novembre 2018

Publicada em: Tecnologia
  • Have you ever used the help of ⇒ www.HelpWriting.net ⇐? They can help you with any type of writing - from personal statement to research paper. Due to this service you'll save your time and get an essay without plagiarism.
       Responder 
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • Seja a primeira pessoa a gostar disto

ifda financial attacks - Conférence ECW 2018 Rennes

  1. 1. « Economic War » : Operational fight against Immersive Fictitious Data Architectures used during financial attacks (IFDA) Thierry BERTHIER http://cyberland.centerblog.net/ Associate professor in mathematics, Associate researcher in cybersecurity - cyberdefence - CREC, Saint Cyr
  2. 2. Contents 1) How BEC scams became 2017’s most lucrative crime …. 2) IFDA Attacks (low level) - IFDA : Immersive Fictitious Data Architectures 3) IFDA Attacks (high level) - IFDA : Immersive Fictitious Data Architectures 4) How to fight IFDA used in financial Attacks (BEC Scams & HoaxCrash) ? 5) The Future of IFDA Attacks : AI, GANs, …. - Inside or outside the Matrix ?
  3. 3. 1) How BEC scams became 2017’s most lucrative crime …. BEC SCAMS : Business Email Compromise & CEO Fraud
  4. 4. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  5. 5. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  6. 6. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  7. 7. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  8. 8. https://www.pandasecurity.com/mediacenter/news/bec-scams-crime-2017/
  9. 9. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  10. 10. https://www.fightingidentitycrimes.com/stay-on-top-of-business-email-compromise/
  11. 11. OUR MARKET – FINANCIAL & COGNITIVE CYBERCRIMINALITY THE FAKE NEWS 1- False Wire Transfer Orders 2- HOAXCRASHES False Wire Transfer Orders affect every kind of companies from every kind of sector. « President Frauds » consist in, as a crook, convincing the collaborator from a company to transfer funds in emergency to a third to repond to a supposed order from the director on the pretext of a debt to rectify, an advance payment ou other. Communication and press services from listed companies regularly send press releases to specialised agencies. An attacker can look for impersonate the communication service of the group imitating the graphic chart of real releases, the homepage of the company website and using the official logo of the group. 3 Fake News, financial and cognitive cybercriminality
  12. 12. 4 Emmanuel Macron announces a law project to struggle against « fake news » on the Internet. Le Parisien with AFP, 01/03/2018 « Fake news » : Facebook takes part in a $14 millions fund. La Tribune, 04/03/2017 The struggle against fake news is fundamental in order to offer a relevant environment to announcers. Maurice Lévy, Publicis, 03/06/2018 Google is going to invest $300M to struggle against fake news. HuffingtonPost, 03/20/2018
  13. 13. 300% CONSEQUENCES MORE AND MORE $5B COSTLY The goal of a financial or economical fake information diffusion about a listed company is to trigger a Flash Crash on the targeted equity. 10 minutes are largely enough to create a Flash Crash, fraudulently speculate on the equity and generate a profit of several millions of dollars. « President Frauds », impressive sums of money stolen : $99M $23M *According to the Justice Department (March 2017) 93% In France Since 2016 in tje USA (figure from FBI) Rise by of french companies (considering the 50K exporter SMB in France) have been victim of at least one fraud attempt in 2016. (Euler Hermes study 2017) Billions of dollars of damage from President frauds. of President frauds in the USA since 2015. 5
  14. 14. Euler Hermes Report - BEC SCAMS 2018 Business Email Compromise – CEO Fraud
  15. 15. 2) IFDA Attacks (low level) IFDA : Immersive Fictitious Data Architectures
  16. 16. Immersive Fictitious Data Architectures (IFDA) - Financial Attacks Model Attacker : Goal, Strategy S, Gain function to maximize Attacker produces a series of actions : [ (AR1,AD1), (AR2,AD2), …… , (ARn,ADn)  Goal or not] where ARi is an action on physical space, ADi is an action on cyberspace (sending mail, SMS, dataset, files, malware, html link, video, audio, text). (AR2, AD2) = S < (AR1,AD1) ; (TR1,TD1) > (AR3, AD3) = S < [(AR1,AD1)(TR1,TD1)(AR2,AD2)] ; (TR2,TD2) > ….. ( ARk , ADk ) = S < [(AR1-AD1), (TR1,TD1), ….. , (ARk-1,ADk-1)] ; (TRk-1,TDk-1) > Preserving the trust of the target in the sequence : TRUST-TARGET < [(AR1-AD1), (TR1,TD1), ….. , (ARk-1,ADk-1), (TRk-1,TDk-1), (ARk, ADk) ] > = 1 (if 0 stop) Preserving the consistency of the sequence : CONSISTENCY < [(AR1-AD1), (TR1,TD1), ….. , (ARk-1,ADk-1), (TRk-1,TDk-1), (ARk, ADk) ] > = 1 (if 0 stop) Maximize the IMMERSIVITY of the sequence Target : Target produces (or not) a series of actions (physical space – cyberspace) : [ TR1-TD1, TR2-TD2, …… , TRn- TDn,…. ] in response (or not) to the actions of Attacker.
  17. 17. BRM Attack – July 21 2015 1,6 Millions – Président Fraud
  18. 18. 3) IFDA Attacks (high level) IFDA : Immersive Fictitious Data Architectures
  19. 19. Vinci HoaxCrash - Nov 22 2016
  20. 20. Vinci HoaxCrash - Nov 22 2016 - IT-Finance.com
  21. 21. HoaxCrash Motivations of the attacker SEA - AP (2013) Political – Hacktivism (Syrian conflict) Whitehaven Coal (2013) Political – ecological activism G4S (2014) Political - activism AVON (2015) Economic - (image damage - speculation) FITBIT (2016) Economic & activism VINCI (2016) Economic (stock market volatility - speculation) HoaxCrash Attacks
  22. 22. CyberSpy NewsCaster Operation - start in 2011 : 2000 high level compromised targets NewsCaster - Data exfiltration - iSight Partners – IRAN (?)
  23. 23. COBALT Operation- 2016 – 2017 ( IRAN ? )
  24. 24. 4) How to fight IFDA used in financial Attacks (BEC Scams & HoaxCrash) ?
  25. 25. ALETHEION SOLUTION BLOCKCHAIN - AI SaaS 7 FOVIBLOCK FOVIDETECT HOAXBLOCK HOAXDETECT ATTACS FAKE NEWSINITIAL SALE ACCESS CONTROL LEDGERION BIOMETRIC TWO-FACTORS AUTHENTICATION THROUGH ALETHEION APP
  26. 26. LEDGERION HARDWARE 6 ALETHEION SOLUTION Aletheion uses the best solution from the market, co-branded with RSA, in order to ensure a high security level during the first authentication step to reach the Blockchain – AI interface. Ledgerion is a PINPAD from RSA SecurID looking like a credit card and encrypting users passwords to get an additional security level, especially in environments considered with a high risk of electronic wiretapping.
  27. 27. 5) The Future of IFDA Attacks : AI, GANs, …. Inside or outside the Matrix ?
  28. 28. We will soon be faced with sophisticated and credible Immersive Fictitious Data Architectures (IFDA). They will rely on our cognitive biases and on our emotional and biological weaknesses to deceive us and to fully exploit the "human factor" in attacks. Inside the Matrix ? - Outside the Matrix ?
  29. 29. https://www.elsevier.com/books/from-digital-traces-to-algorithmic-projections/berthier/978-1-78548-270-0 http://www.iste.co.uk/book.php?id=1372 https://theconversation.com/immersions-a-haut-risques-dans-la-fausse-vraie-realite-du-monde-105914 More on IFDA
  30. 30. More on IFDA IFDA HUNTER – SécurIA Program Security A.I. Group – Hub FranceIA http://www.hub-franceia.fr/ https://iasecurite.wordpress.com/ https://veillecyberland.wordpress.com/

×