You are on page 1of 18

Risk Assessment:

Offensive Surveillance in Todays Changing,


Challenging and Dangerous World
By
Eric Rabe, Chief Marketing & Communications Officer
HackingTeam
April 15, 2015
At
Interpol World 2015, Singapore

SLIDE #1 INTRO
GOOD MORNING. Thanks for the chance to talk with you about our
more challenging and dangerous world...
and the need for effective offensive security and online surveillance.
Let me put the focus on being on offense. Much of what we have heard
about here at Interpol World has been about keeping bad guys out of
your systems -- playing defense. I want to talk about the importance of
going after and hunting down the bad guys

History
State of public opinion an public policy
Implications and what we can do about it

SLIDE #2 MITNICK
So lets start in the 1970s. Thats when a 16-year-old named Kevin Mitnick
used a dial-up modem to break into the computers of Digital Equipment
Corporation (DEC) Once in, Mitnick stole software helping himself to
whatever interested him.

SLIDE #2A MITNICK WANTED


It took a decade, but in 1988 Mitnick was convicted of stealing that DEC
software. He went to jail for 12 months.
So it was that Mitnick became the first Cyber criminal.
But as soon as he was released, Mitnik was back at it...using his talents to
hack the computer networks of IBM, Nokia, Motorola and others.

SLIDE #2B MITNICK SECURITY


And today Mitnick is apparently doing fine -- serving as a security expert.
Public outrage was muted in the wake of his crimes. Many saw early
hackers as a sort of Robin Hood characters -- an example of the little guy
triumphing over the establishment and big industry.
That legacy is still with us today but there is nothing honorable about how
criminals and terrorists operate in the digital space.
SLIDE #3 T.O.C.
Today Transnational Organized Crime uses the Internet and connected
devices mobile phones, tablets and computers -- as a part of the basic
infrastructure of crime and terrorism.
The Worldwide Threat Assessment prepared in February for the U.S. Senate
notes the devastating pervasiveness of global crime facilitated by digital
technologies and the Internet.

SLIDE #3A TOC QUOTE


Savvy, profit-driven criminal networks traffic in Drugs, persons,
wildlife and weapons, corrode security and governance, undermine
legitimate economic activity and the rule of law; cost economies
important revenues
Here at Internet World, leaders agree. Just in the last two days, weve heard
warnings that criminals are fast exploiting technology and leaving
governments and their police forces behind.

SLIDE #4 COST WORLDWIDE


The problem cost business $113 billion in 2013 according to an estimate by
the Infosec Institute.
The victims, while often big business and banks, also were frequently
individual citizens according to Infosec.
Fraud accounts for more than one-third of the cost of all cybercrime.
And online crime is unique because it provides an unprecedented
opportunity for secrecy.
Criminals and terrorists are using digital tools in four distinct ways.
SLIDE #5 CYBER CRIME
First, there is Cyber crime. Cyber crime is crime that could not occur
without the Internet and connected devices. Such crime includes Point-ofSale intrusions, distributing Crimeware, Denial-of-Service attacks,
Cyber-espionage and others.

SLIDE #6 CYBER CRIME GROWTH


The number of such security incidents is growing fast.
In the USA, data on the cost of cybercrime have been collected for more
than a decade by the Internet Crime Complaint Center. The IC3 studies
show a steady increase so that in 2013, the total cost eclipsed three-quarters
of a billion dollars...just in the U.S.
The increase over 12 years was 4,400%.
Many experts worry that the Internet of Things is an open door for cyber
criminals into the homes and even the bodies of all of us as we adopt the
new technology without adequate security protection.
4

SLIDE #7 THEFT FROM BUSINESS


Target, Sony, big banks in every country -- all have been victims of online
crime...just in the last few months. Stealing credit card numbers and owner
identification is among the most popular online crimes, and stolen credit
card numbers routinely show up for sale on the "DarkNet."
Just last week, the new Interpol Gobal Complex for Innovation took down
the Simda botnet which had infected more than 770,000 computers
worldwide.
In Feb. 2015, EC3, Europols European Cyber Crime Center, broke up
Ramnit. Ramnit, a botnet that infected some 3.2 million computers around
the globe. It was designed, like Simda, to steal banking credentials.
Ramnits victims were primarily in India, Vietnam, Bangladesh, and the
USA.

SLIDE #7A OLD CRIME, NEW TOOLS


Criminals rely on their mobile phones, tablets and computers to commit
traditional crimes including the oldest prostitution. Indeed, all sorts of
sex-related crimes are facilitated by the technology.
Other examples include murder for hire, drug trafficking and extortion.

SLIDE #8 TOR
The Tor network deserves special mention in this context of old crimes
committed in new ways. Tor takes pride in providing anonymous Internet
connections to allow individuals to communicate in secret.

Advocates say Tor protects free expression, whistle bowers and activists
working to overcome repressive regimes.
Business Week magazine called Tor, perhaps the most effective means of
defeating the online surveillance efforts of intelligence agencies around the
world.
But lets make no mistake about this: Tor is the reason that the DarkNet is
growing and growing fast.
Tor is the doorway to the DarkNet for pornographers, sex traffickers,
contract killers, extortionists and, of course, a healthy market for illegal
drugs.

SLIDE #8A TOR


In 2013 there was a glitch at Tor. It was quickly fixed, but it gave
researchers a chance to examine the URLs of people and groups offering
services on TOR.
Drugs and sex purveyors made about one-third, and other criminal
enterprises such as weapons trafficking made up even more.

SLIDE #9 ULBRICHT
Of course, there have been successes by law enforcement like the arrest and
conviction of Ross William Ulbricht. The master-mind of the Silk Road
drug market was convicted in February (2015), and he faces life in prison at
his sentencing in May.
Despite this success, there is ample evidence that the sale and delivery of
narcotics remains robust on the DarkNet along with weapons trafficking,
pornography, and services for terrorists.

SLIDE #10 TERRORISM


That brings us to the fourth category of illegal activity in today's digital
environment....
....the use of digital tools to commit crimes of terror.
Terror organizations routinely rely on modern communications technologies
to do their daily work.

SLIDE #11 Mumbai


As long ago as 2008, in Mumbai, India, attackers killed 167 people
coordinating their two-day rampage using encrypted Blackberry
smartphones.
Even two years later -- as the surviving attackers and accomplices were
being tried -- police in India were still unable to break the Blackberry
encryption.

SLIDE #12 TERRORISM


Southeast Asia is the third most active region in the world for terrorist
attacks.
Some 1200 occurred in 2013 according to an analysis by the think-tank War
on the Rocks.
This map indicates the severity and location of the 2013 attacks in the
region.
As you can see, most attacks that year took place in the PHILIPPINES and
THAILAND.

As Mumbai illustrates, for many years, it has been important that police
investigators be able to track the activity of criminals and terrorists as they
use mobile phones, computers and the Internet.
But coordinating attacks is only one of four objectives terrorists have in
mind when they think using of digital.
Others are:
(1) recruitment
(2) psychological warfare and promoting fear
(3) fund raising.

There are three new developments that make terrorist and criminal use of
digital technology far more dangerous than it has ever been.
SLIDE #13 DANGEROUS DEVELOPMENTS: Rise of Digital
Criminals
The first is the rise of criminals and terrorists of the digital generation.
Today's young terrorists grew up in the digital age.
They are fully conversant with modern communications technologies and
how to use them anonymously.
SLIDE #13A DANGEROUS DEVELOPMENTS: Global Reach
#2 The criminals and terrorists have global reach.
40% of the world's population is online. Criminals and their victims are
brought together in a new, unprecedented proximity.

SLIDE #13B DANGEROUS DEVELOPMENTS: Anonymous

Third, as I mentioned earlier criminals can hide with what approaches


perfect secrecy.
More and more, privacy protection concerns are enabling that anonymity for
the bad guys.

SLIDE #14 LEGAL SURVEILLANCE: Access


FurthermoreWhat was once a single well-understood public telecom
network, today has become a global network of networks with traffic
flowing over many distinct paths from sender to receiver.
Because is it often encrypted, messages over this network cannot be read
even by the companies originating, carrying or terminating the traffic.
Of course, such traffic is virtually invisible to investigators of crime as
well.
-------------More than 12 years ago, in early 2003 one company realized the threat to
law enforcement from the changing way all of us were beginning to
communicate.

SLIDE #15 HACKING TEAM LOGO


Seeing a growing need, Hacking Team, in Milan, Italy, began considering
ways to make it possible for law enforcement and intelligence agencies
to do the work they had always done.
Between 2003 and 2006, HT worked to develop what became known as
Remote Control System.
Relying on a tiny bit of software installed on a subjects device and
operating invisibly, RCS was able to intercept phone calls and emails
irrespective of the system carrying them, before they could be encrypted or
after they were deciphered.
9

The Hacking Team solution could do that without the suspect of an


investigation having any knowledge of the surveillance that was taking
place.

SLIDE #16 GALILEO


Hacking Teams system has grown well beyond simply intercepting specific
messages. Today the latest version of RCS, Galileo, can determine the
location of a surveilled device, turn on its microphone or camera, examine
any documents stored on the device and understand what other devices are
operating on the same network.
The technology leadership of HT labs in Milan keeps the software invisible
to the latest detection systems and able to surveil the latest phone and
computer systems.
That is a job that is impossible for most police agencies working alone.
-----------------Others are calling for better tools to use against criminals and terrorists in
the digital age.
SLIDE #17 OBAMA/CAMERON
In January, President Obama and Prime Minister Cameron jointly called on
the companies most in control of the worlds communications the tech
companies of Silicon Valley to cooperate in tracking wrongdoers.
The leaders wanted tech companies to provide access to the content of their
customers communications, stored data and other information although
exactly how this would be accomplished remains undefined.
---------------Law enforcement leaders are also issuing wake up calls to the public and
the tech community saying that something must be done.
10

SLIDE #18 FBI, COMEY, Oct. 2014


In the USA, the head of the FBI, James Comey, went on the attack in
October of last year saying that the pendulum has swung too far in the
direction of privacy protections.

SLIDE #19 GCHQ, HANNIGAN, Nov. 2014:


At about the same time, Richard Hannigan, the newly appointed head of
Britains General Communications Headquarters, the GC-HQ, penned a
demand for better law enforcement access to online communications.
Hannigan told readers of the Financial Times, that the Internet has become
the command and control network of choice for terrorists and criminals.

SLIDE #20 FRANCE, VALLS, Jan. 2015


In January, following the Charlie Hebdo attacks, the French Prime Minister,
Manuel Valls called for greater latitude for authorities in the area of online
surveillance.
----But the tech world seems uninterested in cooperating with any of these
world law enforcement leaders.

SLIDE #21 COOK, APPLE


Perhaps most vocal has been Apple Computer and its CEO, Tim Cook.

11

Cook calls all this scare-mongering.


Apple promises to encrypt all traffic on its networks, in the iCloud and on
internal servers offering customers end to end encryption on all
devices.

SLIDE #22 GOOGLE ENCRYPTS


Google too is encrypting traffic on its systems
...even while gathering consumer data for sale to businesses and cooperating
with the Chinese governments demand for censorship.
Still, Google has been vocal about refusing to cooperate with law
enforcement.

SLIDE #23 PUBLIC OPINION


Furthermore the Internet companies seem to have public opinion on their
side.
That is especially true in the U.S. And Europe. But as I will argue in a
moment, the fall out could well be felt here in Asia.

SLIDE 23A PUBLIC OPINION: Pew


Surveys show that top concerns of adults in the west are around privacy.
One survey of more than 2500 experts concluded, The struggle over
privacy and tracking policies will extend through the next decade.
That survey by the respected Pew Research Center found concerns extended
from use of personal information gleaned from online activity to law
enforcement surveillance.
12

SLIDE #23B PUBLIC OPINION: Post-Snowden


Public antipathy toward law enforcement in general and toward surveillance
specifically has never been greater especially in the wake of Mr. Snowden.
Post-Snowden, a survey found that 80% of those asked think Americans

should be concerned about "the government's monitoring of phone calls


and internet communications.

SLIDE #24 GALLUP POLL: Big Govt


In fact, in the U.S. this sentiment appears to be growing. Over the last 50
years, the Gallup organization has been asking Americans whether big
government, big labor or big business poses the greatest threat to the
country.
In December 2013, the poll showed that by record numbers, the average
citizen expected to be victimized rather than protected by government.
The European Union and individual countries such as Germany are leading a
charge for more expansive regulation.
Already the Wassenaar Arrangement protocols impose the worlds
strongest regulation on developers of surveillance software including the
technology of Hacking Team which is based in Italy.

SLIDE #25 ACTIVISTS


With this wind at their backs, an army of activists is at work. Zealous on
the issues of privacy protection, human rights, and distrust of government,
these groups seem blissfully unaware of the real dangers in our world and
the need for tools to fight them.

13

SLIDE #25A ACTIVISTS: Hacking Team


As Hacking Team grows and succeeds as a business, the company itself has
been one popular target of these groups. Generally this takes the form of
castigation online.
Organizations such as Human Rights Watch and Privacy International have
singled out Hacking Team for criticism claiming that our technology is used
to stifle dissent, hunt down journalists or democracy advocates and harm
human rights.
One organization, Citizen Lab at the University of Toronto in Canada has
dedicated considerable resources in efforts to breaking into HT systems and
identifying our technology.

SLIDE #25B ACTIVISTS: World


Nations around world are also common targets for activists.
Advocates claim to find examples of human rights suppression by
governments using tools such as those developed by Hacking Team.
Activists continue to drive public opinion demanding more privacy
protections and limits on law enforcements powers of investigation.
Already in Europe, new regulations are in place. The activist community
wants more. Potential shackles on LEAs seem more likely just as the world
is becoming dramatically more dangerous.

SLIDE #26 CHILLING EFFECT


The potential effect of this wave of opposition leads only in one direction:

14

More regulation
Slower technology development
Investigators unable to do their job and
A safe refuge for criminals online

Even here in Asia, restrictive action by government in the west has the
potential to take important tools out of your hands. And not just your
hands, but also the hands of investigators everywhere.
If advocates have their way, the development of surveillance technology
from Hacking Team and others could be stopped in its tracks.
This cannot be allowed to happen.

SLIDE #27 WHAT CAN LAW ENFORCEMENT DO?


Law enforcement has always been expected to investigate crime, conduct
surveillance of wrong doers, and protect us all.
Now Law Enforcement has new enemies in this fight.
They include online encryption by tech companies, the ubiquity of Tor,
and a fast-growing DarkNet, the safe haven of the digital criminal.
We at Hacking Team believe that law enforcement must be able to track the
actions of criminals and terrorists in the digital world just as law
enforcement has always been able to do that in the physical world.
Together we must make the case.
We cannot expect attitudes to change if we do not step up to this
challenge.
Here are five things you can do to help.

15

SLIDE #27A #1 Speak Out


1. Speak out for the need for digital surveillance toolswhenever there
is an opportunity, explain the challenges of conducting investigations.
Let policy makers and the press know that in order to protect the
public law enforcement must have access to mobile phones, mobile
devices, computers and the Internet communications of criminals and
terrorists.

SLIDE #27B #2 ID Balance privacy/security


2. Recognize and publicly repudiate the tide of sentiment that calls for
privacy at any cost. Privacy is an essential and cherished ideal,
but the right of the public to be protected from illegal activities of
those who would use digital technologies for crime must also be
ensured.

SLIDE #27C #3 Publicize


3. Whenever possible, publicize cases in which digital investigations
play an important role. It is critical that the public understand the
importance of being able to track the work of criminals and terrorists in
the online world.

SLIDE #27D #4 Surveillance only as allowed by law


4. Make a pledge that lawful surveillance tools like the ones Hacking
Team produces will be used only in accordance with the law.
If investigative tools are abused, then that adds fuel to the arguments
of those who would prohibit the use of digital surveillance
technology.

16

SLIDE #27E #5 Investigate with care


5. Conduct investigations with care. Ensure that the tools you are using
and the work you are doing is conducted with confidentiality and
integrity.

SLIDE #28 CONCLUSION


Public opinion in the U.S. and Europethe actions of regulators thereand
the development by governments of new laws all of theses can have an
impact on your ability to do your jobs anywhere in the world.
The trends cannot be ignored.
Nor can we wait and hope that the tide will turn. Horrific crime or terror
attacks in the future might influence the pendulum to swing in the direction
of more and better surveillance capabilities. But that is a high price to pay.
We at Hacking Team urge you to consider what you can do to make the
pubic aware of the very real threats we all face, and the challenges for law
enforcement in the Internet age...and the needed for effective offensive
surveillance.
###

References:
Sage Reference: Henson, B., Reyns, B. (2011). Internet crime. In W.
Chambliss (Ed.), Key Issues in Crime and Punishment: Crime and criminal
behavior. (pp. 155-168). Thousand Oaks: SAGE Publications, Inc. doi
10.4135/9781412994118.12
http://www.sagepub.com/haganintrocrim8e/study/chapter/handbooks/42347
_10.2.pdf
17

IFCC (2001). IFCC 2001 Internet Fraud Report. (p. 3).


http://www.ic3.gov/media/annualreport/2001_IFCCReport.pdf
FBI Comey testimony before Congress: As a communications tool, the
Internet remains a critical node for terror groups to exploit.
http://www.fbi.gov/news/testimony/isil-in-america-domestic-terror-andradicalization?utm_campaign=emailImmediate&utm_medium=email&utm_source=congressionaltestimony&utm_content=407952

18

You might also like