Threats are escalating! 90% of all businesses affected each year. $17B+ annual cost. 5%+ of IT budget.
U.S. Corporations Top Security Concerns Source: Adapted from InfoWorld, November 16 th, 2001 Percent of respondents concerned in each category. Systems Penetration DoS Attacks Data Theft
Financial Loss Areas Source: Adapted from CSI/FBI Security Survey, 2002, 2007 Note: In 2008, the most expensive incidents are still Financial Fraud, followed by Bots.
Percent of Organizations Hit by Various Types of Breaches Source: Adapted from CSI Security Survey, 2008
Post Incident Actions Source: Adapted from CSI Security Survey, 2008
Percentage of IT Budget Spent on Security, Average 5% Source: Adapted from CSI Security Survey, 2008
IT Security Issues 503 Respondents Cross-Section of Organizations Intrusions, Not reported Dollar Losses are soaring FBI, $10B annual losses total-2002 Some estimates go much higher
Profile of a Computer Criminal Other Sources:Information Technology for Management, thinkquest.org & nsca.com Business Week 2/21/2000 Thousands and thousands of Web Sites Easy to write Male 19-30, no criminal record Computer specialist, clerical, student, manager Self confident, eager, energetic High IQ, personable, creative Egocentric Ax to grind Anti-establishment Doesn’t view himself as a criminal A substantial amount of technical knowledge. Contempt of the law or feeling above the law. Manipulative and risk-taking nature. An active imagination.
Identity Theft Identity theft occurs when someone uses the personal information of another (i.e., name, date of birth, social security number, credit card numbers, bank account numbers, etc.), fraudulently and without permission. Criminals usually do this to obtain money or goods and services, but identity theft is also perpetrated to obtain false drivers’ licenses, birth certificates, social security numbers, visas and other official government papers. Source: Motes, K. “Identity Theft”, http://www.odl.state.ok.us, December 27, 2002.http://www.odl.state.ok.us
Calling it the largest such bust ever, the U.S. Attorney in Manhattan and the FBI apprehended an alleged ring of identity thieves, accusing three men of stealing tens of thousands of credit reports. The ring is alleged to have operated over a period of three years, suspected of pilfering credit reports from the three major commercial credit reporting agencies and using that information to siphon funds from bank accounts and make fraudulent purchases. Authorities have accounted for $2.7 million in losses so far. At the center of the scheme as outlined Monday by Justice Department and FBI officials is a help-desk employee of Teledata Communications (TCI), a company in Bay Shore, N.Y., that lets banks and other lenders access credit histories compiled by Equifax, Experian and TransUnion.TCI The TCI employee, Philip Cummings, stands accused of wire fraud and conspiracy in filching lenders' passwords and subscriber codes that let a network of identity thieves obtain tens of thousands of credit reports of more than 30,000 individuals. TCI declined to comment. The government has fingered two other defendants, Linus Baptiste and Hakeem Mohammed, in related cases. "The defendants took advantage of an insider's access to sensitive information in much the same way that a gang of thieves might get the combination to the bank vault from an insider," Kevin Donovan, assistant director in charge of the FBI's New York field office, said in a statement. "But the potential windfall was probably far greater than the contents of a bank vault, and using 2lst century technology, they didn't even need a getaway car. Using the same technology, we determined what was done and who did it, proving that technology is a double-edged sword." Experts on identity theft said the existence of such a ring was the natural by-product of the existing system of computerized credit information. "This situation was a problem waiting to happen," said Linda Foley, executive director of the Identity Theft Resource Center in San Diego. "We know that there are many cases of computer breaches where information (is stolen) leading to identity theft." Experts also blamed TCI and the credit agencies for their roles in the identity theft problem. "How much screening did (Cummings) go through before being hired for the help desk?" Foley said. A Gartner analyst pointed out the problem of too many low-level employees having access to consumers' personal information. "The fact that lower-tier employees, people who don't have as high a degree of accountability, have access to such information is a problem, and it's one we see on a regular basis," Gartner analyst Doug Barbin said. Among the TCI clients whose passwords and subscribers codes the identity thieves used are Ford Motor Credit's Grand Rapids, Mich., branch; Washington Mutual Bank in St. Augustine, Fla.; Washington Mutual Finance in Crossville, Tenn.; Dollar Bank in Cleveland; and Central Texas Energy Supply. ID Theft - CNET News.com November 25, 2002, 2:34 PM PT
“Hi, I’m Philip, may I help you?” Hakeem MohammedLinus Baptiste
Data Interception: Old Model Versus New Model Private Network R Increased Opportunity for Data Interception > 10X Public Network
1. Network Attacks Degrades Services Slows Network Performance Often Does Not Breach Internal IT Workings Can be Started by People with only Modest IT Skills
DoS Attack Denial of Service Attack Easy to Mount Difficult to Defend Against
Denial of Service Attack High Threat Users are denied service to a server Can tie up an organization’s network $$$ Lost commerce Image Message/Request IP Packet Source Address Destination Address 18.104.22.16822.214.171.124
Normal Service Message/Request IP Packet Source Address Destination Address 126.96.36.199188.8.131.52 184.108.40.206 220.127.116.11
Denial of Service Attack Message/Request IP Packet Source Address Destination Address Bogus.bogus.bogus18.104.22.168 22.214.171.124
Love Bug Virus May 4 th, 2000 45 Million Users 300,000 Internet host computers E-Mail Replication VBScript Program Characteristics: Wide-Spread Deletes Files Replicates Changes Home Page
Anna Kournikova Virus VBScript Program Characteristics: Replicates attachment February 12 th, 2001 E-Mail Replication
Slammer / Sapphire Worm January 25 th, 2003 100,000+ Servers Buffer Overflow Network Outages involving: * Airline flights & ATM’s * Internet backbone disruption – S. Korea Characteristics: Wide-SpreadAttacked specific port Smallest, efficient, 376 bytesEasy to detect Filled Internet Bandwidth, Overloaded NetworksRandom, went after every server Very Rapid Spread, doubling time 8 secondsTook DB Servers out of operation Did not destroy files Buffer Originating Computer Random Scanning Vulnerable Server Port 1434