IIJ Technical WEEK 2012 2012 12 11 16 1
Agenda 2012 2
2012 2012 Anonymous 3
2012 Anonymous #OpJapan Anonymous Timeline 2012/06/25 AnonOps "Operation Japan (#opjapan)" 2012/06/26 HomePage DDoS 2012/06/27 29 DDoS IRC 20 HOIC,Slowloris,Tor s Hammer IP 27 4
2012 Web 5
2012 PC OS Jailbreak (root ) http://www.soumu.go.jp/menu_news/s-news/ 01kiban08_02000087.html 6
2012 Microsoft RSA1024 SSL/TLS : PKI ComodoHacker : RA 500 Flame : MD5 Adobe : PKI CA/Browser Forum 7 7
2012 ( ) ID ID ( ) ID ID ( ) ( ) 8
Agenda 2012 DCWG 9
DCWG DNS Changer DNS DNS Changer 10
DCWG Operation Ghost Click: FBI DCWG Rove Digital https://inet.trendmicro.co.jp/doc_dl/select.asp?type=1&cid=81 http://www.fbi.gov/news/stories/2011/ november/malware_110911/malware_110911 http://www.dcwg.org/ http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-forengineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-andmanipulated-internet-advertising-business Georgia Tech, Internet Systems Consortium, Mandiant, National Cyber-Forensics and Training Alliance, Neustar, Spamhaus, Team Cymru, Trend Micro, University of Alabama at Birmingham,( ISP) 11
DCWG DNS Changer DNS DNS DNS DNS Microsoft Windows Apple Mac OS 400 Web drive by download (FBI ) DNS 2012 7 9 12
DCWG DNS Changer timeline ( ) 2005 DNS Changer (TDSS FAKEAV ) 2006 ( Rove Digital ) 2008 9 Atrivo IX Estdomains ICANN 2009 Nelicash FAKEAV 2011 11 08 FBI 7 6 ( 1 ) 13
DCWG OS MyDoom(2004) hosts ARP cache poisoning DNS poisoning DHCP DNS Changer OS DNS IIJ Internet Infrastructure Review IIR Vol.15 http://www.iij.ad.jp/company/development/report/iir/015.html 14
DCWG DNS Changer IIJ Internet Infrastructure Review IIR Vol.15 http://www.iij.ad.jp/company/development/report/iir/015.html 15
DCWG DNS Changer DNS 1 4 Google, Yahoo!,Bing, Ask.com Google Ads, Overture,Doubleclick ( ) wikileaks.org TDSS HTML DNS DNS FAKEAV Rove Digital https://inet.trendmicro.co.jp/doc_dl/select.asp?type=1&cid=81 16
DNS Changer DNS Changer MBR DNS (IIJ ) UTSTARCOM,routers from BNSL(India),D-Link,Linksys,OpenWRT/DD-WRT,A-Link,Netgear,ASUS ZVMODELVZ Web Manager, SMC (ISC Merike Kaeo Nanog54 Security BoF ) (FAKEAV) FAKEAV(Protection Center) http://www.mcafee.com/japan/security/vird.asp?v=dnschanger.bu FAKEAV(AntiMalware) http://www.threatexpert.com/report.aspx?md5=9f09ff8dba53c3f3734295528297d015 FAKEAV(MacGuard) http://blog.f-secure.jp/archives/50605046.html FAKEAV(WindowsAntiSpyware) http://www.gfi.com/blog/movie-time-dns-changer-trojan/ FAKEAV(SpySheriff) http://www.youtube.com/watch?v=ve5ku01jya8 17
連携の成功事例DCWG 犯人グループの逮捕 エストニアに本拠地を持つRove Digital を親会社にした企業グループ http://www.fbi.gov/newyork/pressreleases/2011/manhattan-u.s.attorney-charges-sevenindividuals-for-engineeringsophisticated-internet-fraudscheme-that-infected-millions-ofcomputers-worldwide-andmanipulated-internet-advertisingbusiness F-Secure 社のMikko HipponenのPintrest よりhttp://pinterest.com/mikkohypponen/case-dns-changer/ 18
DCWG timeline 2011 11 04 2011 11 08 2012 02 06 2012 02 27 2012 2 2012 03 06 2012 03 07 2012 05 22 DCWG.org (Rove Digital ) 551,436 ISC DNS DNS (2012 3 9 ) NANOG 54 ISC Merike Kaeo ISP IIJ-SECT blog DNS Changer JPCERT/CC TelecomISAC Japan WorkingGroup ISP JPCERT/CC DNS (DNS Changer) DNS 120 407,927 IIJ-SECT blog DNS Changer ( ) JPCERT/CC DNS Changer 2012 05 23 Google Notifying users affected by the DNSChanger malware. 2012 05 30 2012 06 04 2012 07 09 2012 07 10 Telecom-ISAC Japan Facebook Notifying DNSChanger Victims. DNS 210,851 IIJ-SECT blog DCWG http://www.dcwg.org/wp-content/uploads/2012/07/dcwg-unique-ips-20120708.txt 19
DCWG DNS Changer Working Group http://www.dcwg.org/last-day-of-dcwg-data/ 20
DCWG IIJ-SECT blog https://sect.iij.ad.jp/d/2012/02/245395.html https://www.jpcert.or.jp/at/2012/at120008.html https://www.telecom-isac.jp/news/news20120530.html 21
DCWG http://googleonlinesecurity.blogspot.jp/2012/05/notifying-users-affected-by-dnschanger.html https://www.facebook.com/notes/facebook-security/notifying-dnschanger-victims/10150833689760766 http://dns-ok.jpcert.or.jp/ http://www.dns-ok.us/ DNS DNS 22
DCWG (ISP ) DCWG DNS ( google public DNS ) DNS ISP DCWG 7 9 5,522 23
DCWG DNS Changer Forward-looking Threat Research Feike Hacquebord Paul Ferguson WG DCWG DCWG CSIRT ISP 24
DCWG DNS Changer (2) DCWG ( DNS ) ISP http://www.dcwg.org/category/data/ 25
Agenda 2012 DCWG 26
(1) http://www.npa.go.jp/safetylife/seianki26/theme_a/a_d_1.html 27
(2) http://law.e-gov.go.jp/htmldata/h10/h10ho114.html 11 4 ( ) ( ) ( ) ( ) ( ) 28
(3) CERT/CC KB/VN JPCERT/CC JVN IPA 16 235 (JVN) http://www.ipa.go.jp/security/ciadr/partnership_guide.html 29
( ) 30
Culture of Security 31
(SEC) I. (iii) CF Disclosure Guidance: Topic No. 2 Cybersecurity http://www.sec.gov/divisions/corpfin/guidance/cfuidgance-topic2.htm http://www.nisc.go.jp/conference/seisaku/dai28/pdf/28shiryou1-1.pdf 32
Agenda 2012 DCWG 33
IM Web 34
IM Web 35
CEPTOAR Council WG ( ) (J-CSIP) ( IPA,JPCERT/CC) (NiCT,TelecomISAC Japan) ( 4,800 ) (AV ) (ISOG-J) WG5 NISC (IPA,JPCERT/CC, NiCT,TelecomISAC Japan) ( ISOG-J) 36
IT (ISOG-J WG5 NSF2012 B5, http://www.jnsa.org/seminar/nsf/2012/pro.html) 37
38
2012 2012 Anonymous DCWG 39
IIJ TEL 03-5205-4466 9 30 17 30 / / info@iij.ad.jp http://www.iij.ad.jp/ 40