Name: Fox Files, DataDiode, InTell

Text: NR 1 MARCH 2013

COLUMN

The Hypocrisy of Ethical Hacking
lt seems such an interesting idea: 'ethical' hackers who guard
our vulnerable data bases containing privacy-sensitive data .
Surely there is no objection to that?

The Netherlands' so-called 'Lektober' (literally, leaky October) in
2011 witnessed a number of incidents and demonstrated that data
security needs to be improved in our country. lt was a wake-up call.
After that, Robin Hood stories about hacks moved from tech news
to the front pages.
Fortunately the appreciation for ethical hackers has grown.
However, they still run the risk of being prosecuted . Even if a
hacker himself believes he is engaged in ethical work, the affected
companies and the law often hold a different view.
Two issues recently hit the headlines. At two medical institutions
in the Netherlands, the 'Groene Hart' hospital and 'Diagnostiek
voor U', patient details became accessible to hackers, who sought
publicity through the media. ln both instances the Public Prosecutor opted to institute legal proceedings. On first glance, this
appears to turn the world upside down: if someone made a mistake
here, then surely it was the organizations which were negligent in
safeguarding the details of their clients?
There is certainly something to be said for that. But on doser examination the hackers appear to be less ethical than thought. ln the
case of the hospital, the hacker went straight to the media rather
than to the hospital itself. Ethical hackers raised a number of questions about the time between discovery and notification, the means
used and the volume of data which was stolen. At 'Diagnostiek voor
U', Dutch MP Henk Krol broke into an Electronic Health Record
using a stolen password. He looked up friends in the data base,
COLOPHON

and soon after notifying the organization he approached the media .

Editorial address

gallery of the court, not from the otherwise well -informed media.

1learned the significant reasons for prosecution from the public
FOX-IT

Marketing Department

PO Box 638

The media's pillorying of companies which have fallen victim to

2600 AP Delft

hacking, without any reasonable discussion about the ethics of the

+31 (0)15 284 79 99

hacker, misses the point. lt is time for ail of us to take a good hard

marketing@fox- it.co m

look in the mirror. And there, alongside the ethics of hackers and

www.fox-it.com

companies, are also the ethics of the media.

Concept and design

Ronald Prins, CEO FOX-IT

viervier
Interviews and articles

Sabel Comunicatie
Fu ll Circle Commun icatio ns
FOX- IT

Free subscription

Register on fox-it.com

MARKET

04

lndia approves DataDiode
The Fox Data Diode has met lndia's highest security
standards. Governmental authorities can now deploy
the product in lndia to protect their high-security
networks and critical infrastructures.

PRACTICE

10

Mobil e Digital Tracks
nvestigation
1

lnvest igators in the Netherlands have equipped
a police van w ith Tracks lnspector. Thi s way, the police
can conduct digital tracks investigation directly at the
crime scene.

PRACTICE

12 Actionable Intel ligence
If an enterprise's Information Security team is unaware
of a new cyber threat, they cannot defend against it.
Fox ln TELL helps companies to protect their customers
and brand.

OPINION

15

CCO alongside the CEO
Ad Scheepbouwer, the former CEO ofTNT and KPN,
has joined FOX-IT. He suggests introducing a new
specia list to the boardroom of major organizations:
the Chief Cybersecurity Officer.

MARKET

16

Portfol io
A selection of products and services FOX-IT offers
i nternationa lly.

NEWS

20

Bits
Short news about Red October on mobiles, FOX-IT's
detection of the NBC.com hack, the FOX-IT Digital
Forensics Academy and upcoming trainings and events.

WORKING WITH TRACKS INSPECTOR

The Specialist Investigation Vehicle (SIV) also incorporates
Fox-1r's Tracks Inspecter, software with which tactical
investigators can read digital evidence material relatively
easily. With Tracks Inspecter the tactical investigator has
direct access to the digital information and can apply
relevant findings immediately in the investigation at the
crime scene. Cooperation with the Specialist Investigation Vehicle in Twente thus also appeared to be a good
combination. Tracks Inspecter is user-friendly, intuitive
and runs in a web browser. This is exactly what the tactical
investigator needs to be able to conduct digital investigation easily himself

1


F •

J I

1

G / > 'i
8 >

U

8
1

If an enterprise's information security team doesn't know about a
new cybe r t hreat, t hey ca n't defend against it. Fox lnTELL provides
a way to see into the dark underworld of cybercrime so companies
can protect their customers and their brands from cybercriminals'
pending exploits and targeted atta cks.
Underlyi ng FOx-1î's network security and breach mitigation services

ally gather, proces s and leve rage actionable intelligence, both to

is expert cyber intelligence. lt's ingrained in so many things that

fulfill client-spec ific requests and to innovate new products and

the compa ny does, offering Fox ln TELL as a sta ndal one produ ct

services. ln addition toits own Internet monitoring, Fox today

first in Europe and now in the U.S. was inevitable.

work s with a network of partners doing their own monitoring
as wel l as intelligence, security and law enforcement agencies

For years, FOX-IT has grown a world-class organization to co ntinu -

12

j

FOX FILES # 1

2013

worldwide.

PRACTICE

~

F' C T W

9J6JQR7F'8
KDM . S R P / 3 R K 9

G+lJB/SVP<0,>0JZlD95
HN9

UMW9XP8YOL2NFC52Q32 2

HCTG30/

XDG3S7P-LV6MWO-GVSZ2UERPPGS2

KENF,N>S . C-OE62IMS D
K,lTUZT2JOY3LWCBI7MRMNETY J
/ U 2 H + Z 2 9 < = 64

+HOCDIG9,PDLST6
2T=BHF4AL0=414S O
60>-L2J9HlH-G2W+KYFE+653+<6BGWNX812JHNZZ7RBNHKMRB5MBU45U2TV

XW9BJGXCG6

"J F > V C - J 6 6 7 L X 8 U 4 0 W

C/U7GYBQUHD+V6ETKHPU=D

4KKPPKBTMIBCKQZ
E61KX5 • >,R27Y4WTYW44KL9

C6M44W'='C .H ,NUAOXL4F . G A F - L Q O I Z 0 F 20ROB • LD
ZV1 4 A 0 6 + G F 2 = 4 P T F - < , 0
DR3HQG7.-6SRPKS3>R,EC7

53< > 0>069SOOC38X57>7MR.

H>BW44 T 2MRLAJ4PX6BOL7EKW Q 2QFMOSTYT
TBIJLW57RH9
QCYJWKO,QR3LIBVB
.K8AL+AVLMNXWNQR0NCSNS/< =
KUK9MB,XA,BLF0912 HBLUE3
9YS6<=ZTHC3>058/6l=A6K9P 70RSRBNIXLITR.XBQ-WB79W5
. NSVJH9
OIR=R=HOPZT-P98/
X4QLDPER700+1I-HV4YYU>XFPNDQY5DE)HI <
6EX656
-JOT88RN=70+GH4 ~ MQRUNDDH,H4Y-TH83WKTM27IS
B+V4UOV/OMQ=UQ.-LP+,OJ+MM.>7
TQU0>74-JC6EODEG
8 D , l . S P F S 1 R R R Q . 8 . H 6 0 / 1 9 •(,J
.3<8E5AZONEOTC = A 6 P B Z I N . 0 9
QEFBB
F7<5QK9>4.-50L6
TBB7,IBWUGOOI1WORTB74
SRS O
J N , /K2LWCCGOZEQ6+80D3XY
VC=4YXI=V502XF50MBIRR=QHK
7AU+QDUBK<
+OT60
65, 7FJ6DT/MIEJDMG3LUEA9+6W9V2B J6UH =Q
ME+PUZJS .. ,lAAE+S+KGCLJ
U
U
SSG• PSVAGR.85./RL/
S=-E8QOK06<64=AOM6DN/VG2-+WN
9N/ZN1AXKY
Z S J < Q T + X = > I I D 5 4 J , 2 8 W T ERBRBB7X J Q•<
OHSVG9W7B2K>WSX = ZRHTZS
4NQ//YN
GV121SHRU91TOB
L lPSDF20VD3S = B
KXP2,Z ,, 5 < - 2 • FC0::cOSOQ7LIOl-MDXIIO
E = 6 2 2 Y S C Z I L - 0 1 5 B K D B V L F 4 H S 7 5 l > N S DJG5/5G
H47W OXZKO < O>EA5CT+P8NLSWN
TJN-EIWBWUGXII>HX7U8U+E>SOLQUM+, 8•
VBE+ = X,F,QMXBF
70VLL P RJC4RULWEN+-S>9>9<8HKO
PH><2KJA2SC09X0Nl=NWOMONDMDL
S U.OT9L]ALO T
FKVWPN ., > R L C , H 9 7 0 / J 5 2 R VSHT2GJV3Ql • .F'MHCLZNN
VFH9+QX188C93Ll32HNSI
91NKTK4HOS76VX-J
BV0 ,.4 2 N F E E 6 S P I J B P + U
5<2Q-:WVG60IK3E=ORBSW8 • • >W-OV
' ND, I+P3FDA
HJTY,-TLST-l++4HP/Q8TJ4/VF
RPPZQR2HDXYM8020Z2B7A=F8QPVK.
1< >=900UVRA f',
3703J4HVVJD4
• JSSA>Q8ZC+L+N
EHDV8XP45,H=- . D,DVXDU=.8>.NX G - + 7 L / . Y8RUIG-G.QHC06X
I-NJ5T2KZXKP8E
P-Z9ESSKZES1TGHRODSY8GIB66LDWQL.L.3PZQ0
T
R6V+QAX/0956048150S7+0
041-F8F7H/LHLM
F / X . lF'XS7LAHAAWHPIQLOHQDPLPWWlJ2W7VF'/BX l
0
/-Z.F'GFQ-6PV9
+67-4IECRH=FWSDDXFTJDLSNRR+
+D
FR,NK9-TF1 .R9GU-30
-310>A+>L>C8ET1R4SNFY<><7FS29A+440N21Ml-L
/ N+JHMIN Q YAVL<
YS C
/ SSF . 8 >.Z-HTYVS72
<>DV>Z7=YNP11KCCP-,07SJ7SNWDAUBE>+J5=KA
p J 7 H X / p W K X B 6 H T
l P W V H 0 K 0 N 0 6 M > > B F' W
AG AB I H V Q 0 FM H, l 8 N 9 Q X R 4 G G > F F + K l - 6 l 8 6 3 - = G MX L
M/QEHQ+>Y/FQ/TL.JY502
2W>R.3PYU2WU,-TBTO-,JOECY28HMU+<><0913QDN
SNLQP/ IP
~MT>TJLWAZUMA6 • 8BI
RGHK-/37DATB55VJG4<34WG+X/-N-EUNK2XFXI-OJOl
lT.VEZYDL0 • NY9A60WAB2201IJO
• EN4BGIF67J+PFN=<03M,30VO=FWF'JlCN=6PD=V9449
Y 5AMFR712ZP8/HBA>8HR9JVHCDEMX>
D 3YQ8J.B-RS4PXJlUAT Q WRUPEUIEOBEJXF2L64KHE-7D
4-0GM.X6J2JR69S,V<'pftBEU.44BF'DDJYUOX,BRX]MVCJPSK6MHNG./C=C37CTS
+ , R , J • WWSZ68M>WZF95>48-6T28-QKZQD>JM-580MWEZUOG
JNVROOD1E2DRVM-VEBOUZBO
ASM]2K->SMMCQ-HA+YWLT+PVO,CPT8NTIOE. ,A,YMF'l2A83AP
,0RZ8.4D8Y/0NLF600PY12DN2DH=L7XEQ<3G8QKZ=FIKQN>>l N
G80WC.ITYEVCD.9YQ
8J+LL>9EL4QRU> • W,F''
Zl.MO+JQ fl
P• 6 9 8 B 5 - Z 6 = E • 9BS8>AR,MA9<>+0ZB N Z Q> / , , 9 / V > O l 6 R Z G B E T 1 L G - Q D .Q 4SR+A7174VK]E/SVTZWYAG9HBIL/Y=O
0V9BC6CQ48NSNONSQ0HXEZV.+DVE3+<1XYNQSPLQ+LG7H+>2Q9G>IC=IGSM
=10B+TRTXPB<0,KJGH01CF'FASJ-SZHlW9JY83lYHWL74/LVE,M
C 6 S S M 1 4 3 / - U + Q C L U N 3 C / K M 1 I G 5 A S 7 1 9 , Q K L 2 / < 0 6 . 86K.+4H37B=C3EIQF'OG6S+F'3K
L<64V8N6>PLBHXAPVP33XT52ATMZ6UJ7.8DZU2B==U8=8/9TBRLNT27YU6X73RWEB7SOG.DCN.>E57X7H9COT9H=Y53JEIOG>7UE0
152W4 . 0DNY8ZP,3SYANE9EBKVEC'"'.D • U 9 Z + V S Z Z 6 G P N V H + = S + K , 9 P . C . > E 7

>1

Through Fox ln TELL, the information gathered by FOX-IT internally
and from across the cyber intelligence community is made available
to any enterprise on a subscription basis. The value to subscribers'

r,... t l r 1r !V
1

iw 1r

information secu rity (lnfoSec) teams is an early warning of
emerging threats and even pending attacks targeting their organi-

hf t

~: t'

.r ty
cort ro c; J nd 11 J rie ') , me_

le-s, cri 11

r ,

zation. With Fox ln TELL, financial institutions, e-tailers and other
high -profile enterprises can dramatically improve their cyber intel-

careers that protect society today. For them, fighting cybercrime is

ligence position, which enables situational awareness, deploying

not just a job but a lifelong passion.

better security controls, and making more informed risk decisions
to protect their customers and their brandon li ne.

There is no formai classroom for their sk i li sets, only years of computer time exploring code and researching exploits and intrusions.

SK ILL SETS THAT AREN'T TAUGHT IN SCHOOLS

As the use of viruses, worms, Trojans and botnets grew, so did

Long before governments began hiring hackers to strengthen their

their expertise. At FOX- IT, their job is to infiltrate the underworld

cyber security defenses, FOX-IT had already pioneered the concept.

of cybercrime for surveillance, reconnaissance, counterintelligence

ln their younger years, many Fox ln TELL experts were already

and pre-emptive threat mitigation. 'To work here is an enormous

demonstrating their computer savvy and out-of-the-box thinking.
FOX- IT

is one of the few places in the world where they cou Id

channel their unguided curiosities and talents into productive

rush,' says a Fox ln TELL operative. 'We monitor so much of the
dark corners of the Internet, 1learn so much that almost no one
else knows.'

FOX FILES

#l 2013 113

'1

PRACTICE

PORTAL- BASED ACCESS TO CLIENT-SPECIFIC PROTECTION

KNOW YOUR ENEMY

Fox ln TELL is delivered to subscribers through a secure web portal

Countries cannot properly defend themselves without intelligence,

accessible from any web-capable device. Quarterly reports caver

whether it's conventional or cyber warfare. Neither can enter-

the most relevant threats and underworld trends over the last three

prises in today's world. Fox ln TELL gives lnfoSec teams the precise

month period. When Fox ln TELL reveals an urgent threat, alerts

intell igence they need to properly defend against threats that they

are issued via email and RSS feed, as wel l as an ad hoc report via

otherwise could not see coming.

°"

the portal to each affected client with specific information for their
organization. Subscribers can follow threat evolution in real time
through the portal, instead of receiving lengthy reports with delay.
For brand protection, Fox ln TELL scours the Internet with its unique
client-specific threat monitoring and tracking feature. Fox ln TELL

Fox ln TELL is designed to meet each client's precise threat

analysts scour the Internet looking for any appearance of the

protection needs. Features include:

client's brand in malware configurations, command and contrai infrastructures, spamming emails and underworld forums. Confirmed
threats are followed to see if and how they develop, while Fox
lnTELL's cybercrime and security experts stand ready to assist the
client with appropriate countermeasures.
PORTAL- BASED COLLABORATION INCREASES PROTECTIVE AGILITY

The Fox ln TELL portal includes a Collaboration area, which has
prove n to be an important feature for client interactions with each
other as well as with Fox ln TELL experts. Community discussions
on new threats and countermeasures raise questions and provide
answers on issues faster than intelligence reports can be gener-

- Access to the Fox lnTELL Portal
- Quarterly reports on malware and underworld developments
- A knowledgebase for ad hoc searches into information
about past and ongoing threats
- Alerts and ad hoc reports for clients susceptible to a
specific threat detected
- Client·specific threat monitoring and tracking
- Portal collaboration, where subscribers can share information with peers
- Access to real-time threat evolution monitoring

ated. A Fox ln TELL subscriber could well be experiencing or ha s
experienced an identical situation and post valuable information
before anyone else.

..



.

.

To do their job well - the way they think the job needs to be
done - Fox lnTELL experts design their own stuff, such as:
- Fully automated tools to initially process the copious
amounts of raw and semi-processed intelligence collected
from internai and external sources
- Malware recovery tools to reverse-engineer threats and
devise mitigation solutions
- Modus Operandi Engines to automatically filter ail the
false positives that choke a company's SIEM strategy
Innovations such as FOx-1î's DetACT for Online Banking
service to stop online fraud before real damage is done and
FoxCERT to rapidly mitigate data breaches and conduct
follow-on digital investigations spring from applying the
ingenuity of Fox lnTELL experts to real-world problems.

14 1 FOX

FILES

#1 2013

Ali of the above intelligence is organized within the portal
for quick subscriber access to specific information of interest. Areas dedicated to the Knowledgebase, ongoing Live
Incidents (anonymized), and Collaboration serve ail subscribers. Each subscribing organization also has their own
client-specific space, where confidential information can be
exchanged between the client and Fox lnTELL experts.
Fox lnTELL delivers intelligence according to the needs of
each cybersecurity stakeholder - from C-level management
summaries to the raw data. lnfoSec teams with the interest,
time and resources can perform their own analysis, compare
their findings with Fox lnTELL results and even discuss
methods of analysis and data interpretations with a
Fox lnTELL analyst.
If an actual attack is so new and unique that the threat
evaded the world of cyber intelligence, Fox lnTELL includes
malware recovery from clients to reverse-engineer it. This
feature not only speeds incident mitigation and prevents a
recurrence for the affected client, but helps to protect other
Fox lnTELL subscribers from the same threat. ln addition to
all of the above, FOX-IT with FoxCERT provides the expertise
to assist wlth mitigation and forensic investigation.

OPINION " '

Vacant: the CCO position
Ad Scheepbouwer joined FOX-IT in October 2012 as a member
of the board and as a shareholder. With his experience in the
boardrooms of major exchange-listed companies, he is unrivalled in knowing just how the rabbits run there. Now it is time
that sly foxes enter the boardrooms, he proposes, turning their
eyes and their thoughts to cybersecurity. Where are the Chief
Cybersecurity Officers?

lt used to be sa id of generals that they were always busy with the
previous war. You certainly can't say that about the cyberso ldiers who
protect our computer networks. lt is in fact their ambition to always
be a step ahead of the hackers. How might they be able to infiltrate
our systems? That is the question constantly on the mincis of crimefighters, which is why th ey sense trouble when others sti ll believe
that everything is just hunky-dory. Distrust is second nature to them.

FOX FILES

#1 2013 115

" ' OPI NION

TRUSTING DISTRUST

to the continuing growth of Internet traf-

He or she could then ensure that security is

Of course that is not the attitude with

fic and the increasingly intensive use of

high on the management agenda, and that

which most of us approach our work. 1do

mobile devices such as tablets and smart-

it stays there until further notice!

not think a little distrust is a bad thing, and

phones. We can do more with the Internet

at certain times 1prefer knowing for sure

year by year, but that also makes us increa s-

lt might be expected of this CCO that

to trusting. Nevertheless: in my career 1

ingly vulnerable. And so, for the time being,

initially, he makes smart choices on the

have particularly had to call on the latter.

there appears to be no end in sight for the

storage of data: the persona! details (of em -

As someone in charge you must ultimately

series of incidents we have recently experi -

ployees and clients) and the critical com-

be able to count on the people around you:

enced in the Netherlands: the malware on

pany data (such as sensitive documents or

the employees, the partners and so on. 1

the major news portal nu.ni, the Diginotar

intellectual property like AutoCAD draw-

would be seriously mistaken if my fellow

hack, the hack of Dutch telecom provider

ings of innovative products). He or she will

board members do not share that approach

KPN, the DDoS attacks on the websites of

guide the IT department, but that is just

to the (corporate) life. To the extent that 1

MasterCard and the Public Prosecutor, the

one component of the job description.

have been able to sense the atmosphere in

Dorifel virus, etc.

it is one of trust.

THE COMPANY'S RESPONSIB ILITY

the CCO would also bear responsibility for

The government is not aloof from ail this.

awareness among employees, because if

Vou simply need to be able to assume

At the end of last year the Dutch Lower

they simply use the Internet unsuspect-

that many things are correctly organized.

House discussed the National Cyber

ingly and do not pay any attention to risks

Soif people turn up with wild tales of

Security Policy extensively and with

like phishing, then that is just mopping up

cybercrime, about Mafia leaders preparing

considerable knowledge of the issues.

with an open tap.

attacks from Ukraine, viruses which spread

During the debate the possibility of a

themselves rapidly and hard-disks which

'digital tire-brigade' expressed by colleague

PURCHASING POLJCY

ha ve become infected in China, initially

Ronald Prin s was also considered. However

A policy area which should also not escape

the temptation is to take it ail with a pinch

Minister Opstelten misses no opportunity

his or her attention is purchasing policy.

of sait.

to point out that cybersecurity is in fact the

Many parties are involved in this, both

responsibility of organizations and compa -

internally (IT department, purcha sing, mar-

FATALISTIC THOUGHTS

nies. 'The government is not going to take

keting, sa les, etc.) and externally (among

By now many managers have realized that

this over from them.' So companies cannot

others suppliers, independent consultants

a hack could have dramatic consequences.

evade it: they must take on the responsibil-

and experts). ln an uncoordinated and

However they sti ll cannot imagine that

ity themselves.

impulsive purchasing policy, IT security
becomes Swiss cheese. That is why it is

they might also be targets. 'That won't

16

1

That is because a cybersecurity policy
encompasses so much more. For instance,

the boardrooms of Corporate Netherlands,

happen tou s - what are the odds?' That

TIME FOR A CCO

up to the CCO to get ail these interested

is probably a very normal or even natural

Right now many undertakings have accom-

parties along the same line and to drive the

reflex, but it is not the right reaction. An

modated the security issue somewhere

discussion. He or she needs to create the

essentially correct but at the same time

within the company. For example with

conditions in which the input of ail parties

fatalistic thought may limp along just be -

officiais with years of experience with the

can be taken into

hind that: 'A hundred percent secure really

police or justice systems. 1believe it is

account without losing a grip on security.

isn't feasible, is it? So therefore .. .'

important to strengthen this as soon as

And so cybersecurity is not given the

possible with specialists in (fighting)

CRJSJS PREVENTION

attention it deserves, while the risks

cybercrime. This also introduces the

ln the sa me way that other board mem-

become greater and more plentiful thanks

necessity of more focused guidance.

bers monitor the price trends and sa les

Should cybersecurity not be at the very top

performance of the business units, the new

FOX FI LES

#1

2013

of the CIO agenda? Should it not perhaps

board member can also keep track of ail the

even be desirable to expand the manage-

information on IT security inside and out-

ment or the board of directors by one

side the company. For instance, he will have

member? ln addition to the CEO, CFO and

the opportunity to keep raising the security

CTO should there not also be a position for

policy - or to put it better, the cri sis pre-

a CCO, the Chief Cybersecurity Officer?

vention policy - to a stea dily higher level.

OPINION "

Anyone opting to do nothing will certainly have their turn. An

cybercrime-fighters who

more current than ever: those who
want pea ce must prepare for war. Com panies which embrace that

the ir work, but who in fact deserve trust precisely because of it. '1

ancient principle is in fact

were appointed distrustfully because of

motto can save themselves and their environ ment a lot of mischief.
And indeed: in a timely manner they w ill draft in th e help of th e

Ad Scheepbouwer, CEO Fox-IT

FOX FILES

#l 2013 117

~ MARKET

ABOUT FOX-IT
Fox-IT prevents, solves and mitigates the most serious threats as

technology into innovative so lutions that ensure a more secure

a result of cyber-attacks, fraud and data breaches with innovative

soc iety. We develop custom and packaged solutions that

solutions for government, defense, law enforcement, critical

maintain the security of sensitive government systems, protect

infrastructure, banking, and commerc ial enterprise clients

industrial control networks, defend online banking systems, and

worldwide. Our approach comb in es human intelli gence and

secure highly confident ial data and networks.

FRAUD

THEFT

HACKING

TERRORISM

INNOVATION LABS

... and foc us on sectors wn €] s sgç_u ity is essentia I,
working with partners worldwide.

18

1

FOX FILES

#1 2013

ESPIONAGE

MARKET " '

A selection

DETACT
DetACT prevents fraud by stopping malware, phishing and hybrid

of products
and services

by FOX-IT

TRACKS INSPECTOR

attacks on online channels. Offering real-time detection of
passively monitored payment streams, it empowers lnfosec
teams with behavior analytics on the navigation layer, featuring
unique history profiling and anomaly detection. The combination
of transparent client side detection tooling and world-class cyber
intelligence results in an exceptionally high detection accuracy.
lt's scalable and implementation neither affects the customer
experience and nor the enterprise architecture.

FOXCERT

The volume and importance of digital information is on the rise

Du ring a cybersecurity emergency, FoxCERT enables you to act

in criminal investigations. Detectives must depend on specialists

quickly, decisively and correctly. FoxCERT provides immediate

unfamiliar with their cases, to process digital information. This

assessment and consultation, an emergency response team

causes delays since there is a Jack of digital forensics specialists

onsite, collaborative action aligned with your incident resolution

and labs to support caseloads. Tracks lnspector offers an

objectives, access to Fox-IT cybercrime and digital investigation

intuitive, web-based, collaborative and scalable solution that puts

resources, assistance with PR, crisis management and law

digital investigations into the hands of detectives.

enforcement. FoxCERT is on-call 2417 at +3115 284 79 99.

~~~~ '7'-$-~
ÎIÎÎ
DATADIODE

it li.

INTELL

The Fox DataDiode is a unidirectional hardware device, used at

If an lnfoSec team doesn't know about a new cyber threat, they

the boundary of two networks. lt allows data to travel - in real

can't defend against it. Fox ln TELL tracks and analyzes cyber

time - only in one direction. To protect sensitive/classified data,

threats and potential attacks in real-time as they are planned

information is passed from a lower to a higher security network,

within the cybercrime underworld. Fox lnTELL's portal-based

but not vice versa. To protect critical infrastructure, information

service improves an enterprise's cyber intelligence position,

can be pushed from a trusted lndustrial Contrai System (ICS) to

which enables better situational awareness, security contrais and

an external network, while the facility remains digitally

risk decisions to protect their customers and their brandon li ne.

inaccessible. lt's highly certified, a.o. CC EAL7+ and NATO Secret.

Collaboration and real-time threat tracking give lnfosec teams
huge advantages.

~~~~ t};llS
ÎIÎÎ

itli ~~·

~~~~ ""~-$­
ÎIÎÎ

it li~·

FOX FILES

#1 2013 119

RED OCTOBER ON SMARTPHONES
ln january, Kaspersky Lab published its discovery of
the cyber-espionage malware virus Red October
(Rocra). The attacks focused on embassies and
scientific research organizations. Over the course
of five years, information got stol en and networks
explored by using a combination of Chinese exploits
and Russian malware components. Through infected
computers, Red October spread to smartphones,
using Blackberry and Android operating systems.
Fox lnTELL did research on command and contrai
servers and located infected smartphones across
America, Africa, Asia and Europe.

DIGITAL FORENSICS ACADEMY

23 Apr 2013

lnfoSecurity Europe 2013, London, UK

ln digital forensic investigations, the volume and

24 Apr 2013

Expert Meeting: Using intelligence to

complexity of data to be examined is increasing.
Globally, governmental and private organizations

keep ahead of online banking threats,

are struggling to find enough qualified digital

London, UK

forensic experts to keep up with the demand.
Digital forensics is a field of rapid developments,
keeping up is the challenge.

FOX-IT

understands

24 Apr 2013

Forensics Europe Expo, London, UK

01 May 2013

eCrime Congress, Du bai, UAE

19 May 2013

CEIC, Orlando, FL, USA

28 May 2013

AFCEA Tech net International, Warsaw, PL

05 jun 2013

eCrime France, Paris, FR

31 jul 2013

OHM2013, Geestmerambacht, NL

these issues and can help with a complete six-week
Digital Forensics Academy. This way, organizations
get their Jess experienced staff quickly up to speed
and help the experienced staff to keep up to date.
More information? See www.fox- it.com

1NVESTIGATIONS ON THE
1NTERN ET - THE BASICS

FOX-IT FIRST TO DETECT
N BC.COM HACI<

lt sounds simpler than it is: investigating on the

The Fox-IT Security Operations Centre (SOC) was t he

Internet. Participants in this four-day training course

first to discover that the NBC.com website was spreading

learn the basics of Internet Technology and a variety

Citadel malware on February 21. lmmediately NBC was

of methods for searching online. Many professiona ls,

informed, who mitigated the hack of the web server and

ranging from tactical detectives to information desk

stopped the drive-by download attack. A ma licious iframe

staff, have completed this basic training course and

pointed to the exploit kit 'Red Kit', which abused known

successfully apply their skills at work. Our trainers

java and Adobe vulnerabilities to infect visitor's comput-

make the difference: they are ethical hackers and

ers with a version of the Citadel Trojan. The malware is

specialists in the fie ld of digita l forensics and IT

configured for stea ling money from the user's accounts

security, with a teaching background . Visit fox-it.com

by manipulati ng on li ne banking sessions with a number

for more information or mail training@fox-it.com

of American banks.

Document Path: ["651-fox-it-newsletter-fox-files-datadiode-intell.pdf"]

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh