Paul C Dwyer
President
ICTTF International Cyber Threat Task Force
Cyber
Threats
Today
www.ICTTF.org

Paul C Dwyer
Paul C Dwyer is an internationally recognised
information security authority with over two decades
experience.
A certified industry professional by the International Information
Systems Security Certification Consortium (ISC2) and the
Information System Audit & Control Association (ISACA) and
recently selected for the IT Governance Expert Panel.
Paul's credentials include:
• -Qualified Hacker
• -SOX (SAS70) Auditor
• -ISO 27001 Lead Auditor
• -BS25999 / BCP Expert
• -Forensic Investigator
• -PCI DSS Specialist
• -Prince2
He has worked and trained with such organisations as the US
Secret Service, Scotland Yard, FBI, National Counter Terrorism
Security Office (MI5), is approved by the National Crime Faculty
and is a member of the High Tech Crime Network (HTCN).
Paul is currently CEO of Cyber Risk International and President of
the ICTTF.

THE CYBER WORLD AND
THE PHYSICAL ARE INTEGRATED

What is Cyber Crime?
Cyber crime or computer crime as it is
generally known is a form of crime
where the Internet or computers are
used as a medium or method to
commit crime which includes hacking,
copyright infringement, scams, denial
of service attacks, web defacement
and fraud.

Cybercrime Drivers
It’s a business with an excellent economic model.
Other reasons, you name it:
• Technology
• Internet
• Recession
• “A safe crime”
• It’s easy to get involved
• Part of Something

Crimeware Toolkits
Criminal gangs are creating fake banking apps
Traditional Banking Trojan kits are attacking:
mTAN (Transaction Authentication Number)
• Zeus MITMO
• Spitmo (SpyEye)
• Citmo (Carberp)
• Tattanga
New generic mobile kits are being developed independently
of PC kits for Zeus, Ice IX, SpyEye, Citadel, Carberp.
Increasingly industrialized, new distribution channels
Legit apps used with stolen credentials

Underground Stock Exchange
• Categories
– Carding Forums
– Dump Vendors
– Non Carding Forums

“actions by a nation-state to penetrate another nation's computers or
networks for the purposes of causing damage or disruption.”
• “Digital Infrastructure….Strategic National Asset”
President Barack Obama
• May 2010 – Pentagon – Cybercom
• UK - a cyber-security "operations centre” (GCHQ)
• “Fifth Domain” The Economist
What is Cyber Warfare?

Hacktivism? Part of …..

Control of the Internet

Motivation?

Cyber
Crime
Cyber X
Cyber
Warfare
Cyber
Espionage
Adversary

Blurred Lines NOT Silos

APT

Cyber fronts in the
Ukraine!
Is it War?

What do they Want?
19

Unit 61398

Surface Web
Deep Web 90%+

Old Stuff – New Way

Psych(BI)ology of Cyber

The Devil – Really?

Jihad

Three Clicks is Now One Click!

Cybercriminals are Business People!

I’m not joking!
Hack the Human!

Reality?

Government and Regulators
• Governments have a role
• They expect organisations
to do their part
• Regulations can not keep
pace with technology
• Nobody can protect and
organisation better than
the organisation

Resilience
33
Recognise:
Interdependence
Leadership Role Responsibility
Integrating Cyber Risk Management
Leverage Relationships and Encourage Suppliers

Security Industry Evolved
?
Defence in Depth Breaches are Inevitable

Cyber Case Study
Extended Presentation Material

Cyber Heist Uncovered

Tue Feb 19th 2013 4.31 PM

Military Precision – 24 Countries
36,000 Withdrawal's
Totaling - $45,000,000

Prepaid Debit Cards – Bank Muskat –
Oman
Hackers cancelled withdrawal limits –
“Hacked Payment Processor”
Card Numbers – Sent to foot soldiers
around the world – “Unlimited Operation”
“Cashing Crews” Imprinted Data on Cards
“Flash Mob” Using Secure IM Sites
What Happened?

Cybercriminal
Mastermind
Hacker
Money Mule
Manager
Money
Mules
Mule
Mule
Manager

Dominican – Yonkers – North of Manhattan
Entire crew within streets of “Strattan Street”
Dry run – Dec 2012 – Rak Bank
Nearly $400,000 - 700 Withdrawals

Why Trust a Criminal?
Copyright - Paul C Dwyer Ltd - All Rights Reserved

Cybercrime Has
Consequences

Thank You – Stay Connected
www.paulcdwyer.com
youtube.com/paulcdwyer
mail@paulcdwyer.com
+353-(0)85 888 1364
@paulcdwyer
WE IDENTIFY, MITIGATE AND MANAGE CYBER RISKS
Cyber Risk International
Broadmeadow Hall– Applewood Village -Swords – Co Dublin – Ireland
+353-(0)1- 905 3260 xxxxxx
mail@cyberriskinternational.com
www.cyberriskinternational.com