lecciones aprendidas de wikileaks

©2011 Check Point Software Technologies Ltd. | [PROTECTE] – All rights reserved.

Lessons Learned from WikiLeaks

John Vecchi Head of Product Marketing

©2011 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. | 2

WikiLeaks: Lessons Learned

Changing Threat

Landscape


Today’s Threat Landscape

Crime and Profit-driven

Increased Sophistication

Financial theft

Intellectual property

Criminal networks

Cyber-warfare and Hactivists

Cyber-warfare

Iran and Stuxnet

Cyber Hacktivists

WikiLeaks


On Top 2010/2011 Threats…

“…widely considered the most sophisticated computer threat

created to date…Stuxnet exploited four unknown vulnerabilities, at

a time when exploiting a single one is a big deal.” SOFTPEDIA.com 2011

Stuxnet

“Hackers seeking source code from Google, Adobe and others

used nearly 12 pieces of malware and levels of encryption to

burrow deeply into company networks…” WIRED 2010

Operation

Aurora

“Zeus…detected only 23 percent of the time…is the No. 1 financial

Trojan—representing 44 percent of all financial malware infections

today.” Darkreading.com 2010

Zeus

Zbot * Monthly Malware Statistics Report—www.securelist.com


Spear phishing, whaling, USBs/media

and „friendly fire‟—are one of the most

prominent methods for achieving a

successful attack.

Social

Engineering

With Hacktivism on the rise—and many

who feel WikiLeaks serves the public's

interest—insiders leaking sensitive data are

a growing method for breaches.

Inside

Threats

* Monthly Malware Statistics Report—www.securelist.com

Top Methods Used…


Number of attack attempts

occurring per second by the

end of 2010.* 80

* Monthly Malware Statistics Report—www.securelist.com

On Attacks…



The Rise of WikiLeaks


http://www.guardian.co.uk/world/iraq-war-logs?INTCMP=SRCH

http://www.huffingtonpost.com/2010/07/25/afghanistan-war-logs-

wikileaks_n_658660.html

http://en.wikipedia.org/wiki/WikiLeaks

http://en.wikipedia.org/wiki/SIPRNet

The WikiLeaks Mission

…Wikileaks is a not-for-profit media

organisation… and an intelligence service

of the people…

…our mission is to be an uncensorable

Wikipedia for untraceable mass

document leaking and analysis…

— Julian Assange

“ ”

http://wikileaks.org/







What They’ve Leaked…

Released over 1 Million confidential

documents since 2007

Affecting more than 13 different nations

Covering governments, banks, churches,

trade organizations, etc..


WikiLeaks Around The World

2008: Details of illegal operations

by the Swiss bank Julius Bär in

the Cayman Islands released

2009: Internal Kaupthing Bank documents

leaked, showing bank activities that led to

2008-2010 financial crisis in Iceland

2009: 86 telephone recordings

of Peruvian politicians and

businessmen involved in Peru

oil scandal.

2010: Over

250K classified

US diplomatic

and government

documents

released April 2011: Over 500K sensitive files

related to Guantanamo Bay released

2011: Assange

threatens release of

damaging B of A docs

http://en.wikipedia.org/wiki/File:Julius_Baer.svg


On Bradley Manning—How Files Leaked






A low-level employee has access to

classified data at a level way above

his pay grade

Has access to a CD/RW drive on

a system that can access that data

Has permissions for unrestricted copying

from the network to the CD/RW drive

http://wikileaks.org/



‘Hactivism’ Emerges


A Re-emerging Attack Vector

Hacktivism Motivated by politics and

idealism. Not motivated

by Money.



Hacktivism Are not necessarily criminally

minded, but people claiming

to be independent of any

government / organization.



Hacktivism Focus includes information

theft — disclosed to

discredit and embarrass

political opponents.



Hacktivism Primary activities include

DDoS attacks,

website defacement and

information theft.


T h e P o w e r o f H a c k t i v i s m :

Anonymous


— Chris Landers, Baltimore City Paper

Anonymous is the first Internet-based

superconsciousness. A group — in the sense

that a flock of birds is a group. At any given

moment, more birds could join, leave

or peel off in another direction entirely.

“ ”

http://en.wikipedia.org/wiki/Superconsciousness


Anonymous’ Global Hacktivism

2008:

Church of Scientology

2009 & 2010: Australian

government sites

2010: Zimbabwe

government sites

2010: Amazon, PayPal,

Visa and MasterCard

2010: Dutch

government sites

2010: PostFinance

bank site 2010: Tunisian

government sites

2010: Egyptian

government sites

2011: Sony

PlayStation & BMI

networks

2011: HBGary attack

and defacement



Lessons to Learn


It Will Happen Again…

R e c e n t 2 0 1 1 D a t a L o s s E v e n t s

March March April April

RSA Security

40,000

SecurID

authentication

accounts

stolen

NOTE: Match look of slide 3

British Petro

unencrypted

laptop with

personal data

of 13,000

claimants

Epsilon

Exposed

names/email of

millions of

customers from

50 companies

Sony

Exposed

personal data

of over 77M

PlayStation

users


What Can We Learn?

LESSONS LEARNED

Lack of Data Copying

Policy

Lack of policy to

control or restrict

copying sensitive

data based on

classification level

increase risk of loss


What Can We Learn?

LESSONS LEARNED

Lack of Data Copying

Policy

Classified data access

above employee grade Low-level employees

had classified data

access at a level

above their position

responsibility or grade


What Can We Learn?

LESSONS LEARNED

Lack of data copying

policy


above employee grade

New, hacktivist threats

within exist and are real

Hacktivism creates

new threats within—

one of the most

difficult things to

protect against.


What Can We Learn?

LESSONS LEARNED


policy





Hactivist data breaches will

go global in seconds

Sensitive data leaked

on the internet goes

global in seconds,

with no option to

delete it. Hactivist

sources can be

obfuscated easily.


What Can We Learn?

LESSONS LEARNED


policy





Hactivist data breaches will

go global in seconds

DDoS/defacement attacks

motivated by politics

WikiLeaks and

Anonymous are

motivated by

politics, not money.

DDoS and/or

defacement attacks

are objectives.



How to Avoid a

WikiLeaks Incident


What Can We Learn?

WHAT YOU CAN DO

Identify & close network vulnerabilities with proactive security technologies: Next-Gen FW

DDoS protection

Web security/&

control

Proactive IPS

Deploy preventative

network protection


What Can We Learn?

Deploy preventative

network protection

Enforce encryption and

data copying policy

WHAT YOU CAN DO

Deploy encryption technology and

enforce granular data copying policies on

ALL workstations and laptops.

Combine with strong endpoint protection.


What Can We Learn?

Deploy preventative

network protection


data copying policy

Deploy proactive DLP

technology

WHAT YOU CAN DO

Reduce the opportunity for data

leakage and breaches by leveraging and

deploying proactive DLP technology to protect data in-use

and in-motion.


What Can We Learn?

Deploy preventative

network protection


data copying policy


technology

Best practices for ‘impact

scenarios’ & event analysis

WHAT YOU CAN DO

Extend Risk Management

strategies to include ‘impact scenarios’ and effective threat

analysis and response.


What Can We Learn?

Deploy preventative

network protection


data copying policy


technology

Focus on best practices

and ‘impact scenarios’

Train users on sensitive

information handling

WHAT YOU CAN DO

Train users on sensitive information handling policies, and on the presence of sensitive data in

emails, documents and applications.



How 3D Security Can

Help


Check Point 3D Security Can Help

Proven, Proactive Next-

Generation Firewall

Comprehensive, Market-

Leading Data Security

Engage and Train Users

with UserCheck

Increase Visibility & Best

Practices with SmartEvent


Proactive 3D Next-Gen Firewall

Check Point Unified Security Management

Smart-1

SmartWorkflow Software Blade

Policy Change Management

SmartEvent Software Blade

Unified Event Analysis

DLP Software Blade

Application Control

Software Blade IPS

Software Blade FW & VPN

Software Blades URL Filtering

Software Blade

Antivirus & Anti-Malware

Software Blade

Identity Awareness

Software Blade

Power-1


Unified Control of All Security Layers

Gra

nu

lar V

isib

ility

Identity

Awareness

Application

Control

DLP

Mobile

Access

SmartEvent

IPS


Check Point Data Security

Media Encryption

Full Disk Encryption

Data Loss Prevention

Document Security

VPN and Access Control


Today’s Typical User ‘Involvement’

NO EXPLANATION

NO TRAINING


People Taking Part in Security

RESOLUTION &

TRAINING

EXPLANATION


Check Point UserCheck Technology

Data Loss Prevention Alert

An email that you have just sent has

been identified as containing sensitive

information.

An email that you have just sent has

been allowed based on DLP policy

exception.

For additional details, please refer to the

Corporate Data Security Policy

Application Usage Alert

You are trying to use Skype.

Corporate application use policy does

not allow the use of Skype.

If you require Skype access for business,

please click Explain below.

Corporate Proper Use Policy

TRAIN & ENGAGE USERS IN REAL-TIME!


360º Visibility and Threat Analysis

View unified events for firewall, IPS, DLP, Application Control and more in a single console


BECAUSE TODAY’S THREAT

LANDSCAPE REQUIRES A

PROACTIVE, UNIFIED APPROACH

Summary

lecciones aprendidas de wikileaks

Technology

wikileaks mission wikileaks

reemerging attack vectorfocus

reemerging attack vectorare

asuccessful attack

pieces of malware

bank activities

financial trojanrepresenting

financial crisis