弁財天

ゴフマン「専門家を信じるのではなく、自分自身で考えて判断せよ」

BAEのエイドリアン・ニッシュが2016年のバングラデシュ銀行強盗とソニー映画のハックの関連を説明 update4

「テレサメイの旦那はBAEシステム最大の株主だった。シリア空爆で株価高騰」w。
はぁ?
なにやら別の真相が?w

What links the 2016 Bangladesh Bank heist to the Sony Pictures hack? BAE's Adrian Nish explains

What links the 2016 Bangladesh Bank heist to the Sony Pictures hack? BAE's Adrian Nish explains

BAE's head of threat intelligence made the comments at WIRED Security


In February this year, hackers broke into Bangladesh Bank and stole $951 million from the central reserve. It took six months to plan and a mere four days to execute and the attackers believed they had erased all traces that they were ever there. They were wrong.

Within months, intelligence teams, including the one at BAE Systems, had not only recovered the hackers' code to see how they planned the attack, they were able to link it to the Sony Pictures hack of 2014 and a toolset used by a North Korean criminal gang.

Comparing the bank heist to the casino one in George Clooney film Oceans Eleven, Adrian Nish, BAE's head of threat intelligence in its Applied Intelligence Division UK, detailed the preparation, the code used and how intelligence was used to help find the source at this year's inaugural WIRED Security event.

"The attackers had several stages they had to go through. Firstly, the set up. Just like in Oceans Eleven, there was a lot of planning put in place to get the right team members," Nish explained.

"This started in May 2015; almost six months before, when the attackers set up bank accounts in Manilla, Philippines and Sri Lanka. They then broke into the bank's network and waited for the perfect moment to strike."

This strike came on Thursday, February 4 2016. In Bangladesh, Thursday is the end of the working week so attackers waited until the last possible moment to launch. The following Monday was also Chinese New Year, so banks in the Philippines would be closed.

This gave the criminals a four-day window to execute the heist and leave relatively unseen.

In total, the gang attempted to make 35 transactions, all sent through the Federal Reserve in New York where Bangladesh held its foreign reserves. Of these, five were let through and only one was detected as malicious. This gave the criminals a windfall of $81 million. A fraction of the billion dollars they were after, but still a huge sum of money.

How did the hackers access the bank?

Nish continued that the hackers were able to subvert the systems the bank were using by creating custom malware which they implanted into the network to cover up their tracks.

"We found some of the code used," explained Nish," and when we analysed it, we found how the attackers managed to manipulate the system using Swift Alliance Access."

Swift Alliance Access (SAA) is the main messaging software used by financial organisations. Bangladesh Bank has this software on its network and the attackers were able to run patches on the software so the code would modify Swift without being detected.

By overwiting logic in the memory, the attackers infiltrated the software by flipping just eight bits of code. "Similar to flipping a door on a vault," added Nish. Behind that, the attackers had access to billions of dollars in the accounts in the same way they would to cash inside a vault.

This code was where the attackers were reading and writing certain files, running under the OS-level administrator system. They had root access to manipulate the software and hide their tracks and were even able to manipulate the messages sent over Swift to mimic the kind of language used in the industry.

The link to the Sony Pictures hack

"This was not only a heist," continued Nish. "We were able to take some of the code and look for evidence of that code used elsewhere. This wasn’t a unique case.

"The Bangladesh Bank attack overlapped with other cases we investigated including the Sony Pictures attack from 2014. The Sony hack was attributed by the US to North Korea and this meant we had a clue to who was behind it."

What can banks learn from this heist?

Nish said that once the attackers got onto the Bangladesh Bank system, they could monitor what legitimate users were doing. Typically this would be segregated.

Nish also said some banks don’t do enough to test their system security once it's been set up and this ultimately comes down to training.

"The people we have defending our systems need training; how to spot attacks, how to set up security," said Nish. "There is always more you can do to secure systems from using new technology to new approaches, and businesses want to make sure they’re investing wisely.

"Having young, bright people doing the right training, getting involved with the hard technical skills and learning more communication is key. A lot comes back to communication. If you can find these people with these skills, we’ll all be in a better place."

Adrian Nish leads the Threat Intelligence team in BAE System’s Applied Intelligence division. His team tracks both criminal and national security threats to build a picture of the actors in terms of their motivation and capabilities. These insights feed the technical defensive systems deployed by customers as well as providing context for decision makers.

Adrian regularly advises Government and Business on evolutions in the threat landscape. He holds a PhD in Physics from the University of Oxford and is an Associate Fellow at the London-based defence think-tank RUSI.

BAEのエイドリアン・ニッシュが2016年のバングラデシュ銀行強盗とソニー映画のハックの関連を説明。

フィクションでオーシャンズ11と実際の バンガロールのサイバー銀行強盗を比べてるw
Life imitating art
映画「OCEAN'S ELEVEN」HOLLYWOOD(2001) $150M 1億5千万ドル
バングラデシュ強盗 CYBER SPACE(2016) $951M 9億5100万ドル

Lesson learned
  • Limit administrator acconts; and monitor their use/abuse
  • Segregate networks; if it doesn't need to talk to the internet then don't let it
  • Perform penetration testing;use intelligence on real attacks
  • Expect the attaker to subvert your response functions; have out-of-band communications
  • The adversaries are trained professionals; we need out team to be too

Disrupting a modern cyber-criminal enterprise
いまどきのサイバー犯罪企業を崩壊させるには。
  1. Criminals
    犯罪者は
  2. (create)Capabilities
    能力を発揮
  3. (which use)Infrastracture
    どのインフラを使うか
  4. (to attack)Victims
    攻撃する犠牲者
  5. (& secretly)Stolen Assets
    こっそり資産を盗む
  6. (brought)Launderers
    マネーロンダリング業者に渡す
    (back to...)
このフィリピンのカジノ口座の先にN県警の自動車税を口実にしたマネロンとダークネット決済基盤[Silk Road 4.0]があるわけですな。だぶん開発は現在も進行中w

比の麻薬更生策を支援、首相が大統領に表明へ 2016年10月26日 15時01分
 安倍首相は26日午後、フィリピンのドゥテルテ大統領と首相官邸で会談する。
 首相は、ドゥテルテ政権が注力する麻薬対策に協力するため、麻薬常習者の更生に向けた支援などを念頭に具体策を取りまとめる考えを表明する。複数の日本政府関係者が明らかにした。
 麻薬対策は、ドゥテルテ氏が大統領就任後、最優先課題に掲げている。日本政府はフィリピン側の要望を踏まえ、早急に支援策の検討作業に入る。フィリピン国内で麻薬常習者の更生に向けて活動する非政府組織(NGO)を支援する案などが浮上している。
 ドゥテルテ氏の強権的な麻薬取り締まりの手法を巡っては、米国や国際社会から批判の声が上がっている。首相はドゥテルテ氏との信頼関係構築を重視し、取り締まりとは別の手法で麻薬対策を後押しする構えだ。
フィリピンはバングラデシュのサイバー銀行強盗の送金先で、マネー・ロンダラーの役割。 さらにフィリピン国民の2%(200万人)がシャブ中になっている。なのでシャブの売買代金のマネロンとダークネット決済基盤の需要が常にある。なにしろ1985年頃からシャブ中なのだ。

カスタム・マルウェアはパッチ当てソフトだった。
「彼らは四日間の旧正月の休暇の前から計画。リアリタイムにモニターしていた。」
「伝統的な銀行強盗がドアを開けたままにするように、彼らがやったことはビットを反転させるだけだった。」
エイドリアン・ニッシュ

ぐはは。BGPに細工するDDOS攻撃?NTTコム?

vDOS — a “booter” service
はぁ?
豚サービス?

だから豚の貯金箱の絵かぁ。
これイスラエルじゃない。土人だわ。NTTコムか?
しかもビットコインとペイパルで決済できるのか。ありえねー。
そういえばSilk Road 4.0を開発してたやつらがいたなー。

DNSのBGPルーティングを細工した攻撃なんて誰にも理解できない。

投稿されたコメント:

コメント
コメントは無効になっています。