Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation.

Similar presentations

Presentation on theme: " Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation."— Presentation transcript:


2  Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation

3 Cracker: Computer-savvy programmer creates attack software Script Kiddies: Unsophisticated computer users execute programs Hacker Bulletin Board SQL Injection Buffer overflow Password Crackers Password Dictionaries Successful attacks! Crazyman broke into … CoolCat penetrated… Malware package=$1K-2K

4  A virus attaches itself to a program, file, or disk  When executed, the virus activates, replicates Malware Infection Rates: ○ Web: 1 in 566 ○ E-mail: 1 in 196 ○ 40% of data breaches Program A Extra Code Program B infects

5  Independent program sends copies of itself from computer to computer across networks To Joe To Ann To Bob Email List:

6  Social engineering manipulates people into performing actions or divulging confidential information. 29% of Breaches Phone Call: This is John, the System Admin. What is your password? Transfer $ from Nigeria ABC Bank has a problem with your account Watch this funny video… see attached You have a notice from Facebook

7 The fake web page looks like the real thing Extracts account information

8  An attacker pretends to be your final destination on the network.  The attacker may look like a strong WLAN access point.  1% of hacking attacks

9 After penetration, hacker installs a rootkit  Eliminates evidence of break-in  Modifies the operating system  Rate of infection/malware Rootkit: 39% Backdoor: 66% Keystroke logger: 75% Backdoor entry Keystroke Logger Hidden user

10  Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation Anonymous  Political causes, e.g.: Middle East Democracy WikiLeaks Mexican Miner’s rights  Bad ways, e.g.: Web defacement DDOS attacks on Visa, MasterCard, MPAA Computer hacking  2% of external breaches

11  Cross international boundaries  Distributed Denial of Service: Attack web pages  $100 per 1000 infected computers  Command & Control: 51% of malware attacks

12  Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation Target: Finance, Retail, Food  55% of external breaches Cost of Credit Card Numbers:  U.S.: $10  European: $50  Bulk: $1 or more

13  Silently tracks the keys you enter  Sends credit card info, password to the criminal  You see unusual charges on credit card statement  75% of Malware

14  Trojan Horse: Masquerades as beneficial program  The Zeus Trojan: Infected millions of computers Mostly in the U.S. and often via Facebook 2007 - today: top 5 malware problems Steals bank passwords and empties accounts Can impersonate a bank website

15  Gonzalez cracked and exposed over 170 million credit card numbers Stole from: Barnes & Noble, Boston Market, OfficeMax, Sports Authority, TJ Maxx, Dave & Buster’s, Marshall’s, Heartland Payment Systems, 7-Eleven, and Hannaford Brothers  Sentenced to 20 years prison, 2009 Followed by 3 years supervised release  2003 arrested & released: became informant to Secret Service

16  Skimmers used at ATMs, gas stations, stores.  Skimmers make up 91% of physical security attacks (35%)  Skimmers match color of bank ATMs Manufactured in bulk, by 3D printers  Check for loose parts; hide PIN  Gonzalez encode PINs onto debit card magnetic strips

17  You are infected. Buy antivirus.  You’ve stored underage pornography. Pay a fine or go to jail. -FBI  CryptoLocker: Your disk has been encrypted. Pay to decrypt. Pay in 72 hours or else… Backup can be corrupted – MS Shadow Swansea, Massachusetts Police paid $750

18 PatternCalculationResultTime to Guess (2.6x10 18 /month) Personal Info: interests, relatives20Manual 5 minutes Social Engineering1Manual 2 minutes American Dictionary80,000< 1 second 4 chars: lower case alpha 26 4 5x10 5 8 chars: lower case alpha26 8 2x10 11 8 chars: alpha52 8 5x10 13 8 chars: alphanumeric62 8 2x10 14 3.4 min. 8 chars alphanumeric +10 72 8 7x10 14 12 min. 8 chars: all keyboard95 8 7x10 15 2 hours 12 chars: alphanumeric62 12 3x10 21 96 years 12 chars: alphanumeric + 1072 12 2x10 22 500 years 12 chars: all keyboard95 12 5x10 23 16 chars: alphanumeric62 16 5x10 28

19  Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation 2010 Stuxnet worm,  Developed by U.S., Israel  Hit Iranian nuclear power plants  damaged nearly 1000 centrifuges  nearly 1/5 of those in service  Iran attacked American banks, oil companies

20  Next wars will be computer attacks to power, water, financial systems, military systems, etc Cyberweapons are MUCH cheaper than military Causes as much damage High priority: Protecting utilities, infrastructure  New black market in 0-day attacks. Governments pay more > $150,000/bug Govts. include Israel, Britain, India, Russia, Brazil, North Korea, Middle Eastern countries, U.S. New hacking firms openly publicize products

21  Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation  21% external breaches: State affiliated 96% from China

22  People’s Liberation Army targets manufacturing, research, military aircraft  NY Times fought off China for 4 months Who gave info on P.M. Wen Jiabo? 45 mostly-new malware Attacked from 8 AM-midnight China time Stole all passwords; hacked 53 PCs  Discussed repeatedly at Pres. Level China says U.S. guilty (Snowden)

23  NSA has requested/manipulated: Water down encryption Install backdoors in software Collect communication data  Verizon, Google, Yahoo, Microsoft and Facebook were coerced into …? Gag orders prevent companies from speaking Yahoo/Google: nearly 200 million records, Dec 2012 Includes email metadata (headers) and content

24  Provided secure email services… including to Edgar Snowden  FBI wanted Software, Private Key and Passwords for ALL clients  Ladar Levison: “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”  Effect: Buyers wary of products from surveillance-state/info warfare countries

25  Yes  No

26  Yes No “The confidence that people have in security is inversely proportional to how much they know about it.” -Roger Johnston

27  Symptoms: Antivirus software detects a problem Pop-ups suddenly appear (may sell security software) Disk space disappears Files or transactions appear that should not be there System slows down to a crawl Stolen laptop (1 in 10 stolen in laptop lifetime) Often not recognized

28  (Additional) Spyware symptoms: Change to your browser homepage/start page Searches end up on a strange site Firewall turns off automatically Lots of network activity while not particularly active New icons, programs, favorites which you did not add Frequent firewall alerts about unknown programs trying to access the Internet Often not recognized


30  Anti-virus software detects malware and can remove it before damage is done  Install, keep anti-virus software updated  Anti-virus is important but limited in capability

31  Do not open email attachments unless you expect the email with attachment you trust the sender  Do not click on links in emails unless you are absolutely sure of their validity  Only visit and/or download software from web pages you trust

32 Web Request Ping Request FTP request Email Connect Request Web Response Telnet Request Email Response SSH Connect Request DNS Request Email Response Web Response Illegal Source IP Address Illegal Dest IP Address Microsoft NetBIOS Name Service

33  Microsoft regularly issues updates to fix security problems  Windows Update should automatically install updates.  Avoid logging in as administrator

34 Merry Christmas Bad Password Good Password Merry Xmas mErcHr2yOu MerryChrisToYou MerChr2You MerryJul MaryJul Mary*Jul,rttuc,sdJ3446sjqw (Keypad shift Right …. Up) (Abbreviate) (Lengthen) (convert vowels to numeric) M5rryXm1s MXemrarsy (Intertwine Letters) Glad*Jes*Birth (Synonym)

35 Combine 2 unrelated words Mail + phone = m@!lf0n3 Abbreviate a phraseMy favorite color is blue= Mfciblue Music lyricDeck the halls with boughs of holly, Fa la la la la la la la la la Dthwboh,F9xl

36 Password Recommendations PCI DSS vers. 3 [PCIv3] CIS Microsoft Windows 8 [CIS8] Password length7 characters14 characters Account lockout threshold6 invalid attempts5 invalid attempts Account lockout duration (clears lockout counter) 30 minutes15 minutes Screen saver time-out15 minutes Max. password age90 days60 days Min. password ageNot specified1 day Password history retention424 Password complexity requirements Numeric and alphabetic 3 of 4: uppercase alpha, lowercase alpha, numeric, punctuation

37  Always use secure browser to do online purchasing  Never use a Debit card on-line.  Frequently delete temp files, cookies, history, saved passwords etc. https:// Symbol showing enhanced security

38  Disappearing info: Malware, ransomware, disk failure, …  What information is important to you?  Is your back-up: Recent? Off-site & Secure? Process Documented? Tested? Encrypted?

39  Restricted data includes: Social Security Number Driver’s license # or state ID # Financial account number (credit/debit) and access code/password DNA profile (Statute 939.74) Biometric data  In US, HIPAA protects:  Health status, treatment, or payment

40 Thanks to: UW Parkside: Sabbatical Keep Safe!

Download ppt " Surveillance State  Information Warfare  Cyber Crime  Hacktivism  Vandalism  Experimentation."

Similar presentations

Ads by Google