Professional Documents
Culture Documents
By
ANUPAM TIWARI
The Shadows in the Cloud report
illustrates the increasingly dangerous
ecosystem of crime and espionage and
its embeddedness in the fabric of
global cyberspace.
REASON BEHIND…….
Public institutions have adopted new
technologies faster than procedures
and rules have been created to deal
with the radical transparency and
accompanying vulnerabilities they
introduce.
Before we start……..
EXECUTIVE SUMMARY
Complex ecosystem of cyber espionage that systematically compromised government,
business, academic, and other computer network systems .
Analysis of data stolen from politically sensitive targets and recovered during the course of
the investigation .
Effort of an eight month collaborative activity between the Information Warfare Monitor
(Citizen Lab and SecDev) and the Shadowserver Foundation.
OVER ALL SUMMARY
Dalai Lama
Collateral Compromise
Attribution
Field Victim
Data Recovery
Investigation Identification
Attack Vectors/Malware
IP Address Relationships
Van Horenbeeck
Web-based interface that lists cursory information on compromised
computers located on one command and control server
Information obtained from one command and control server from which
we retrieved exfiltrated documents
PALANTIR Screenshots
Recover IP Addresses
ENTITIES OF INTEREST FROM RECOVERED IP ADDRESSES
GEOGRAPHIC DISTRIBUTION OF COMPROMISED HOTS
Diplomatic Missions and Government Entities
PATRIOTIC HACKING
• Focus on acquiring
• Motivated by profit username and
malware authors • Provide the password pairs,
leverage their infrastructure for known as envelopes, • Purchase compromised
technical skills to cybercrime by through the use of credentials from envelopes
create and distribute maintaining malicious malware kits, which stealers and sell virtual
exploits as well as websites, xploiting are then sold. assets to online games
trojan horse vulnerable websites players, QQ users and
programs. & providing hosting others who drive the
for the command and demand for stolen virtual
control capabilities of goods
Malware Authors trojans. Envelopes
Stealers
Complex task
Aim of this presentation is to spread awareness on the report made public by the Shadow
server Foundation : SHADOWS IN THE CLOUD
The ppt is under improvement and the fresh ppt will be uploaded in some time.