Presentation on theme: "1 21 September 2009 Things that go bump in the net Chris Twitter: www:"— Presentation transcript:
1 21 September 2009 Things that go bump in the net Chris Email: firstname.lastname@example.org Twitter: http://twitter.com/securityg33k www: http://email@example.com://twitter.com/securityg33khttp://www.securityg33k.com/ bump Slightly more random tweets: http://twitter.com/TheSuggmeister http://twitter.com/TheSuggmeister
2 21 September 2009 Who am I? Chris
3 21 September 2009
4 Why am I here? Some numbers: 85 million records lost in 2008 1 Viruses top 1 million (April 2008) 2 £328.4m UK Phone, internet and mail order fraud (Card-not-present fraud) in 2008 3. £169.8m Counterfeit (skimmed / cloned) fraud in 2008 3.
5 21 September 2009 And yet… The advice given to the average computer user remains roughly same –Install Anti-Virus (AV) –Make sure your firewall is turned on & working –Chose good passwords –and don’t write them down –Regular software updates And it’s not working all that well
6 21 September 2009 What are we going to talk about? Introduction Risks Things to watch out for 1. Viruses 2. 419 & other scams 3. Phishing & Vishing 4. Evil Twins 5. Facebook 6. Loss & Theft
7 21 September 2009 Time Permitting Set up tips –Passwords –Installing / Setting up your PC –Setting up your router –Setting up wireless –Installing updates –Testing it all works –Keeping it secure-ish –Email Security –A word of physical security at home Otherwise it’s available online at http://www.securityg33k.com/http://www.securityg33k.com/
8 21 September 2009 Introduction
9 21 September 2009 Where do you fit in? Not Online Online I have nothing to hide I take steps to protect my privacy Worst Best Depends how you do it Not as safe as you think Most LeastMost Trust Online presence Online but not shopping / banking online Online shopping/banking at trusted sites Facebook, myspace, bebo, Twitter with privacy controls Facebook, myspace, bebo, Twitter without privacy controls Limewire / Bit Torrent Removed from electoral role, use aliases, PO- BOX for all mail, no loyalty cards, use cash for every thing Shopping with credit cards Loyalty cards Letting your cards go out of site Blatant trust that your information will not be used against you at some point Online shopping anywhere
10 21 September 2009 “Remember, best block no be there” Mr. Miyagi (Pat Morita) Karate Kid II
11 21 September 2009 Not got anything to hide? Do you really want anyone to know… How much you paid for your house Salary School grades Illnesses Points on your license Your family photos When you’re going to be away on holiday? Or when you’re down the pub
12 21 September 2009 Risks
13 21 September 2009 So you want to connect to the internet? The Internet
14 21 September 2009 Before you do… Vulnerabilities Threats Value
15 21 September 2009 Where do viruses come from?
16 21 September 2009 Speed
17 21 September 2009 So what?
18 21 September 2009 Most likely scenario Your PC will get clogged up You’ll probably get a lot of pop-up’s, some with porn. It’ll be quit a challenge to do anything worthwhile without getting redirected to somewhere else. Anything you type might be being forwarded to the bad guys. Your PC will be completely unpredictable. Those family photos?
19 21 September 2009 Worst case scenario Your bank account will be cleared out and it’ll take months to get it straightened out.
20 21 September 2009 Who are these bad people & what do they want?
21 21 September 2009
22 21 September 2009 The bad guys & their motivations Author National Interest Personal Gain Personal Fame Curiosity Script-Kiddy Hobbyist Hacker Expert Specialist Vandal Thief Spy Trespasser Published with kind permission from Dave Aucsmith Sr. Director. Microsoft Institute for Advanced Technology in Governments
23 21 September 2009 National Interest Personal Gain Personal Fame Curiosity Hobbyist Hacker Expert Specialist Script-Kiddy Vandal Spy Trespasser The bad guys & their motivations Author Tools created by experts now used by less skilled attackers and criminals Thief Published with kind permission from Dave Aucsmith Sr. Director. Microsoft Institute for Advanced Technology in Governments
24 21 September 2009 National Interest Personal Gain Personal Fame Curiosity Hobbyist Hacker Expert Specialist Largest area by volume Largest area by $ lost Script-Kiddy Largest segment by $ spent on defense Fastest growing Segment = crime AuthorVandal Thief Spy Trespasser The bad guys & their motivations Published with kind permission from Dave Aucsmith Sr. Director. Microsoft Institute for Advanced Technology in Governments
25 21 September 2009 Just how organized is organized crime? Published with kind permission from Mikko Hypponen Chief Research Officer. F-Secure Corporation
26 21 September 2009 A Market Published with kind permission from Mikko Hypponen Chief Research Officer. F-Secure Corporation
27 21 September 2009 Marketing Play video
28 21 September 2009 Assuming you’ve followed the usual set up advice (see end of presentation)
29 21 September 2009 Now things look a bit more like this……. Vulnerabilities Threats Value
30 21 September 2009 That’s it, right?
31 21 September 2009 Wrong! Things to watch out for…
32 21 September 2009 1. Anti-Virus doesn’t stop everything
33 21 September 2009 “Antivirus suites fail more often than not” F-SecureKasperskyMcAfeeSunbeltSophos Trend Micro Symantec 28%18%44%26%38%34%35% Dr.WebAVGESETF-ProtVirusBusterNorman 36%31%27%23%16%23% Average daily detection rate from 12/5/09 to 10/6/09 Source: http://www.cyveillance.com/web/docs/WP_CyberIntel_H1_2009.pdf http://lastwatchdog.com/antivirus-suites-fail/
34 21 September 2009 Yeah, but how do they infect me? (or how to viruses get around anti- virus?)
35 21 September 2009 How do they do that? Vulnerabilities Threats Value
36 21 September 2009 Popular Searches
37 21 September 2009 The old classic - Email attachments Published with kind permission from Mikko Hypponen Chief Research Officer. F-Secure Corporation
38 21 September 2009 Cute yet a little bit rubbish web sites… Published with kind permission from Mikko Hypponen Chief Research Officer. F-Secure Corporation
39 21 September 2009 How can I tell something bad has happened? Maybe…. nothing Or….
40 21 September 2009 Your computer is infected with 182 viruses – click here to fix Source: Washingtonpost.com
41 21 September 2009 More scareware Source: Washingtonpost.com
42 21 September 2009 Even more scareware …looks convincing doesn’t it? Source: Washingtonpost.com
43 21 September 2009 What can I do? 1. Prevention… Buy & use the most up to date anti-virus you can. Use spyware software such as Malwarebytes. Don’t trust anti-virus alone. Mix up your browsing, maybe use Firefox? Do you really want to open that email attachment? Those cute eCards might not be so cute. Never, ever, click here to fix your virus issues. Take some time to read up how to set you computer up.
44 21 September 2009 If you do get a virus 2. Cure Disconnect from the internet – take your cable out. I’d power off. Reboot into safemode Run anti-virus (again). Download and run Malwarebytes Antimalware & Superantispyware Some good information to print out at: –http://www.bleepingcomputer.com/virus-removal/remove- windows-police-prohttp://www.bleepingcomputer.com/virus-removal/remove- windows-police-pro –http://www.dslreports.com/forum/cleanuphttp://www.dslreports.com/forum/cleanup Reinstall ? (boot and nuke first).
45 21 September 2009 2. Scams
46 21 September 2009 Nigerian 419 scams Good Day, My name is Dr William Monroe, a staff in the Private Clients Section of a well-known bank, here in London, England. One of our accounts, with holding balance of £15,000,000 (Fifteen Million Pounds Sterling) has been dormant and last operated three years ago. From my investigations and confirmation, the owner of the said account, a foreigner by name John Shumejda died on the 4th of January 2002 in a plane crash in Birmingham. Since then, nobody has done anything as regards the claiming of this money, as he has no family member that has any knowledge as to the existence of either the account or the funds; and also Information from the National Immigration also states that he was single on entry into the UK. I have decided to find a reliable foreign partner to deal with. I therefore propose to do business with you, standing in as the next of kin of these funds from the deceased and funds released to you after necessary processes have been followed. This transaction is totally free of risk and troubles as the fund is legitimate and does not originate from drug, money laundry, terrorism or any other illegal act. On your interest, let me hear from you URGENTLY. Best Regards, Dr William Monroe Financial Analysis and Remittance Manager [Phone Number Removed
47 21 September 2009 Lonely?
48 21 September 2009 What can I do? 1. Prevention… Ignore it. Check it out on. –http://www.snopes.com/http://www.snopes.com/ –http://www.hoax-slayer.com/http://www.hoax-slayer.com/ –http://www.419eater.com/http://www.419eater.com/ If you have to wire money to someone you don’t know via WesternUnion or Moneygram be very suspicious.
49 21 September 2009 What can I do? 2. Cure Contact your bank to stop transactions Contact the police
50 21 September 2009 3. Phishing & Vishing
51 21 September 2009 Phishing Example
52 21 September 2009 Phishing Example
53 21 September 2009 Obvious Signs The link on the screen doesn’t match the link that you mouse over…
54 21 September 2009 How it should work https://images.mybank.com/ https://www.mybank.com/ BANK 1342 https://mybank.com/travel-international/g2/foreign-currency.asp
55 21 September 2009 XSS https://images.mybank.com/ https://www.mybank.com/ 1352 https://mybank.com/item=.asp?id=%3scriptsomeotherstuff http://badguy.com/ 4 BANK & some bad stuff
56 21 September 2009 What can I do? 1. Prevention… Run the latest browser versions, some detect this kind of thing. Don’t click links to banks, ebay, facebook whatever from emails. Type in the URL to your bank and navigate to the page. If a link looks suspicious, don’t click it.
57 21 September 2009 What can I do? 2. Cure Contact your bank Maybe contact the police
58 21 September 2009 Safer Online Purchases Credit card rather than debit card
59 21 September 2009 Vishing “Hello, it’s Chris from MyBank. It seems that someone has attempted to use your card fraudulently…” “…we just need to ask a few security questions to verify who you are”.
60 21 September 2009 What can I do? 1. Prevention… Limit the amount of times you publish your phone number. Take down the fraud numbers for your bank in advance – store them in your mobile. Never phone back the number they provide you without making sure it’s valid. Speak to your bank about what they will and will not ask you. Most will not request you full password
61 21 September 2009 What can I do? 2. Cure Contact your bank on a number you verify. Maybe contact the police
62 21 September 2009 4. The Evil Twin
63 21 September 2009 Not this Evil Twin
64 21 September 2009 Wireless - Be Aware of Evil Twins BT Openzone Free Public Wifi
65 21 September 2009 Wireless - Be Aware of Evil Twins Good: BT Openzone Evil: Free Public WiFi The Internet
66 21 September 2009 What can I do? 1. Prevention… Careful what you connect to. Make sure you have the name right. Perhaps not a good place to do your banking. Think about using TOR.
67 21 September 2009 What can I do? 2. Cure… Assume everything you did was captured by a bad-guy and act accordingly –Cancel bank transactions. –Change your passwords.
68 21 September 2009 5. Facebook
69 21 September 2009 Facebook Issues
70 21 September 2009 Who do you want to see your profile?
71 21 September 2009 What can I do? 1. Prevention… Use a different email address to your usual one. Don’t make your profile public. Don’t publish address, phone details etc. Maybe don’t publish your real date of birth. Remember. If it’s published electronically, the cat *IS* out of the bag. Think before you post Read and implement privacy settings
72 21 September 2009 What can I do?
73 21 September 2009 And finally… Those fun applications
74 21 September 2009 What can I do? 2. Cure Change password etc. See facebook help
75 21 September 2009 6. Theft
76 21 September 2009 What if someone steals my PC?
77 21 September 2009 What can I do? 1. Prevention… Be aware of the area. Generally don’t leave it in the car. Don’t ask someone to look after your laptop while you go to the bathroom. It’s valuable – treat it as such. Encryption is freely available –Truecrypt Backup often –External disks are inexpensive
78 21 September 2009 What can I do? 2. Cure… Inform police Inform your company / company security departments. If it’s not encrypted, change passwords to everything. If you used it for banking, inform the bank.
79 21 September 2009 And if we have time..
80 21 September 2009 Set up tips
81 21 September 2009 Bluetooth Don’t use a bluetooth keyboard
82 21 September 2009 A word on passwords Don’t think “they will never guess I’m using the word password”…. …”They” are usually automated
83 21 September 2009 Some password tips UPPER and lowercase characters Use some numbers (not just at the end) Use some symbols ($#%_-+@ ) 14 or more characters Passphrase “The Lazy Brown Fox” Don’t use the same password for every account You could write them down (safe-ish-ly)
84 21 September 2009
85 21 September 2009 Initial PC install If it’s second hand - Wipe / Erase disks Clean Factory Install Use Strong Passwords Configure / Enable Firewall Install A/V from install CD’s (if you can) Latest versions with behaviour based rules Symantec (Norton), McAfee, Kaspersky, ESET.
86 21 September 2009 Configure router Don’t connect it to the internet until you’re ready Change default administrator account passwords. They’re well known. Set a strong password Disable things you don’t use Don’t start with wireless – just yet
87 21 September 2009 Configure wireless on the router Don’t use WEP Do use WPA or WPA2 MAC filtering Consider using a random key generator, such as this one http://darkvoice.dyndns.org/wlankeygen, to generate the key http://darkvoice.dyndns.org/wlankeygen Disable SSID broadcasting Non-Overlapping Channels 1, 5, 9, 13 Switch off wireless when you’re not using it
88 21 September 2009 Install Updates Anti-Virus Windows Auto-Update Other Firefox iTunes Quicktime
89 21 September 2009 Test connection https://www.grc.com/x/ne.dll?bh0bkyd2
90 21 September 2009 90
91 21 September 2009
92 21 September 2009
93 21 September 2009 Wrong You have to keep it secure –Auto updates –Routinely Check firewall is configured –Periodically Check AntiVirus logs –Reinstall completely periodically AV / Firewall doesn’t stop everything You need to be a little paranoid online. They REALLY are out to get you.
94 21 September 2009 Email Issues Name How many accounts settings Mostly clear text Web mail interaction also clear text So anyone can read it
95 21 September 2009 What can I do? Name How many accounts Settings –Gmail – always https
96 21 September 2009 Final word on Home security Buy and use Decent Locks for doors & window Shredders Safes Alarms Neighbours
97 21 September 2009
98 21 September 2009 Risk Risk is very unlikely to be 0. Ever.
99 21 September 2009 RISK Risk Threat x Vulnerability Risk = x Value Countermeasures
100 21 September 2009
101 21 September 2009 Malware by OS Operating System backdoors, rootkits viruses & worms trojans OS/X14911 FreeBSD33100 Unix761183 SunOS/Solaris99173 Linux94213688 Windows501515401881232798
102 21 September 2009
103 21 September 2009 Cost of Fraud in the UK Card Fraud Type – on UK issued credit and debit cards 20042005200620072008+/- (07/08) Phone, internet and mail order fraud (Card-not-present fraud) £150.8m£183.2m£212.7m£290.5m£328.4m+13% Counterfeit (skimmed/cloned)fraud£129.7m£96.8m£98.6m£144.3m£169.8m+18% Fraud on lost or stolen cards£114. 4m£89.0m£68.5m£56.2m£54.1m-4% Card ID theft£36.9m£30.5m£31.9m£34.1m£47.4m+39% Mail non-receipt£72.9m£40.0m£15.4 m£10.2m 0% http://www.apacs.org.uk/09_03_19.htm
104 21 September 2009 Records being lost all the time DateTypeIncidentRecordsOrganization 05-09-2009Hackcustomers credit card details lost from hacked server52,000Mitsubishi Corp 02-09-2009Lost LaptopMissing laptop contains names, Social Security numbers and dates of birth of 38,000 38,000Naval Hospital Pensacola 01-09-2009UnknownA file containing students names and Social Security numbers reported missing 100Bluegrass Community & Technical College 29-08-2009Stolen LaptopStolen laptops contain private and medical details of more than 7,000Birmingham NHS (Trulife) 28-09-2009Lost TapeCuyahoga County officials are searching for a box that fell off a truck and contained personal information 300Iron Mountain, Cuyahoga county, Ohio 28-08-2009Disposal Document Unknown number of employee records containing names, addresses, Social Security numbers and dates of birth thrown in trash UnknownFasco Machine Company 26-08-2009Disposal Document Employee files found in trash contained personal details including names and Social Security numbers 100Guardsmark 25-08-2009Disposal Document Unknown number of confidential files dumped on street contained names and bank details UnknownWorthing Borough Council 21-08-2009HackHacked server exposes 20 years worth of students Social Security numbers UnknownUniversity of Massachusetts at Amherst (UMASS) 20-08-2009WebSocial Security numbers and some birth dates of 6,675 exposed through file transfer program 6,675Boston University Army Reserver Officers Training Corp 20-08-2009Disposal Document Dumped medical files exposes 623 patients names, Social Security numbers, dates of birth and medical details 623Prompt Med 19-08-2009HackCredit card numbers, expiration dates, and guest names on computer systems accessed without authorization UnknownRadisson Hotels & Resorts
105 21 September 2009 Understanding the Landscape Author National Interest Personal Gain Personal Fame Curiosity Script-Kiddy Hobbyist Hacker Expert Specialist Vandal Thief Spy Trespasser Published with kind permission from Dave Aucsmith Sr. Director. Microsoft Institute for Advanced Technology in Governments