Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Case 216 The Incident That Brought Us Together December 12, 2005 Jim Barlow,

Published byDominick Richards Modified over 8 years ago

Similar presentations

Presentation on theme: "SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Case 216 The Incident That Brought Us Together December 12, 2005 Jim Barlow,"— Presentation transcript:

1 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Case 216 The Incident That Brought Us Together December 12, 2005 Jim Barlow, NCSA and Victor Hazlewood, SDSC

2 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Outline Case 216 Overview Timeline Intruder infrastructure Observations Why are we here today? Data Security Why do we need to worry? Conclusion

3 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Timeline Aug 03 – First known related attack Oct 03 – Dec 03 BNL, Caltech, and Colorado Mar 04 Berkeley, LBL, NCAR, ANL, NCSA, SDSC Apr 04 Stanford, Intruder email, SDSC (Tsutomo website), Spafford comments to NSF, CIAC Note to FIRST, News coverage: AP and Washington Post, SDSC begins trace

4 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Timeline May 04 UMN and CMU sniff intruder, SDSC home directories wiped, password collector discovered at Colorado, DOE incidents, notice to Internet2 goes unnoticed, Big Company incident, NCSA honeypot set, Jim and Victor become partners of a sort June 04 - Nov 04 password collector and intruder hub moves to numerous places, intruder infrastructure changes multiple times, amazing cooperation between sites and with LE, possible perpetrator identified

5 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Timeline Dec 04 - May 05 Contact made with Swedish authorities Luckily, Swedish sites are also victims FBI notifies Swedish authorities of individual involved Swedes serve search warrant on teenager Monitored intruder activity stops for first time in over a year

6 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Intruder Infrastructure Infrastructure Diagram

7 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Observations Intruder gets a B- rating Intruder misses/ignores lots of items Had the potential to be much more effective (and dangerous) Never appeared to make the money jump

8 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Why are we here today? What has changed from last year? Have attacks gone away? Already seen similar attack methods Are we all completely secure? How do we get from here to there? Last year’s meeting. See final report* This year’s meeting. Theme: Data Security

9 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS 2005 – The year of the data breach Two data security incident per week Ranges from hacking to stolen machines Sites tracking incidents privacyrights.org – 95 incidents since Feb 15 idtheftcenter.org – 125 from Jan to early Nov attrition.org – 100+ reports this year High profile incidents ChoicePoint Iron Mountain storage company

10 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Data Breaches

11 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Why Should We Worry? Scientific data is valuable Who would want it? Titan Rain incident Competing researchers “Fictitious” incident Not just external threats Protect users from each other Informal survey of six HPC sites Strict guidelines can cause other problems

12 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Other Questions to Ponder Who are using our resources? Where are our crown jewels? What is the goal of security?

13 SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Conclusion Goals of breakout sessions and conference Sharing of information and ideas Understanding our communities diverse perspectives Discuss our communities strengths and weaknesses Identify our community security needs How do we improve our posture? How can the NSF help?

Download ppt "SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Case 216 The Incident That Brought Us Together December 12, 2005 Jim Barlow,"

Similar presentations

Learning by numbers: trends in collective and collaborative activity on OpenLearn Professor Andy Lane.

Learning by numbers: trends in collective and collaborative activity on OpenLearn Professor Andy Lane.
October 2010  A Web Portal recognized as the authoritative source for national interagency wildland fire information is needed to.

October  A Web Portal recognized as the authoritative source for national interagency wildland fire information is needed to.
Cybersecurity Summit 2004: Conclusions and Recommendations Tom Bettge and Ginger Caldwell Scientific Computing Division National Center for Atmospheric.

Cybersecurity Summit 2004: Conclusions and Recommendations Tom Bettge and Ginger Caldwell Scientific Computing Division National Center for Atmospheric.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Copyright © 2007 Learning Point Associates. All rights reserved. TM Introduction to PPICS for Washington 21st CCLC Grantees Michael Hutson Research Associate.

Copyright © 2007 Learning Point Associates. All rights reserved. TM Introduction to PPICS for Washington 21st CCLC Grantees Michael Hutson Research Associate.
Line Efficiency     Percentage Month Today’s Date

Line Efficiency     Percentage Month Today’s Date
SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Providing Scalable 24/7 Support Track 3: Harborside Ballroom E Tuesday, January 15 th 2:30 to 3:15 pm Ronald Ardron, Jr., Manager of Technical Support.

Providing Scalable 24/7 Support Track 3: Harborside Ballroom E Tuesday, January 15 th 2:30 to 3:15 pm Ronald Ardron, Jr., Manager of Technical Support.
Communications Resources 2008 POCO Seattle Susan Root Director, Conference Business Services 24-26 July 2008 xx.

Communications Resources 2008 POCO Seattle Susan Root Director, Conference Business Services July 2008 xx.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
For Discussion --09 December 2013 Geneva, Switzerland.

For Discussion --09 December 2013 Geneva, Switzerland.
CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.

CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.
Phishing Rising to the challenge Amy Marasco Microsoft.

Phishing Rising to the challenge Amy Marasco Microsoft.
Www.softwareassist.net Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.
WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301) 512-3350.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Developing a Comprehensive GENI Cyber Security Program Adam.
Economics and Statistics Administration U.S. CENSUS BUREAU U.S. Department of Commerce Research on Estimating International Migration of the Foreign-Born.

Economics and Statistics Administration U.S. CENSUS BUREAU U.S. Department of Commerce Research on Estimating International Migration of the Foreign-Born.
Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews.

Bridget-Anne Hampden U.S. Department of Education Guaranty Agency Security Reviews.

Similar presentations

Ads by Google