SlideShare ist ein Scribd-Unternehmen logo

Hack me now, hack me then @ btp

Als PPT, PDF herunterladen
Ministry of Education Malaysia
Ministry of Education Malaysia
Technologie
1 von 48
Awareness Program
Copyright © 2011 CyberSecurity Malaysia What is All About? The awareness session is aimed to highlight the common misconception and mistake of computer and internet users on how to secure their computers. The key points include  Inside the Hackers’ Mind  Hackers’ Malicious Techniques  Secure The Human Hack Me Now, Hack Me Then The Wonderful World of HackersThe Wonderful World of Hackers
Jazannul Azriq Aripin Senior Executive, Outreach Dept., CyberSecurity Malaysia Mr. Jazannul Azriq B. Aripin; Senior Executive of Outreach Department, CyberSecurity Malaysia. He has a degree in Computer Science from Universiti Malaysia Sabah. A Microsoft Certified System Engineer (MCSE) and ISMS Lead Auditor. Five years with CyberSecurity Malaysia doing Facebook Security, Facebook Forensic, Information Security Audit (ISMS/ISO27001- 2005) and Social Engineering
Reality Check
Computer Usage 101
What You Keep Inside Your Computer Work-Related Information  company information (structure, process, systems)  corporate email  business applications access  business servers access  business documents  customer information  vendor information Personal-Related Information  personal information  personal emails  online banking  social networking  personal documents  personal photos  your dirty little secrets
Internet Usage 101
Know Your Enemy Cyber Criminal Someone You Know Someone You Don’t Know Copyright © 2013 CyberSecurity Malaysia
Hack Me #1 – Windows Logon
Hack Me #2 – Password Copyright © 2013 CyberSecurity Malaysia
Copyright © 2013 CyberSecurity Malaysia Test Your Password
Test Your Password Copyright © 2011 CyberSecurity Malaysia
Hack Me #4 – Installed Software
Copyright © 2013 CyberSecurity Malaysia
Hack Me #5 – Wireless Connection Copyright © 2013 CyberSecurity Malaysia
Copyright © 2010 CyberSecurity Malaysia19 WiFi Hacking Toolkits
Copyright © 2010 CyberSecurity Malaysia20 WiFi Hackers Can View Your Password
Copyright © 2010 CyberSecurity Malaysia21 WiFi Hackers Can Read Your Email
Copyright © 2010 CyberSecurity Malaysia22 WiFi Hackers Can See Your IM Chat Copyright © 2013 CyberSecurity Malaysia
Hack Me #6 – Internet Browser Copyright © 2013 CyberSecurity Malaysia
Copyright © 2013 CyberSecurity Malaysia
Hack Me #7 – Facebook
Facebook Statistics 27 53% 47% 35%
Digital Culture in Facebook
Copyright © 2013 CyberSecurity Malaysia
Privacy Setting Copyright © 2013 CyberSecurity Malaysia
Privacy Setting Copyright © 2013 CyberSecurity Malaysia
Hack Me #8 – Instant Messaging & Web Cam Webcam Copyright © 2013 CyberSecurity Malaysia
Hack Me #12 – Chain Email
Hack Me #14 – Phishing
Copyright © 2013 CyberSecurity Malaysia
Don’t Phish Me Copyright © 2013 CyberSecurity Malaysia
Hack Me #13 – Device Repairs Copyright © 2013 CyberSecurity Malaysia
Hack Me #14 – Social Engineering Human-based Social Engineering  gathering sensitive information by human interaction  famous tactics: posing as legitimate users, tech support, important users, shoulder surfing, eavesdropping, dumpster diving Computer-based Social Engineering  gathering sensitive information by using computer  famous tactics: email attachment, IM attachment, spam email, website, hoax email, chain letter, pop up windows, phishing The technique of gaining sensitive information by exploiting basic human nature such trust, fear, desire to help. Copyright © 2013 CyberSecurity Malaysia
39 Case Study - Parcel Delivery Scam chatting email notification parcel delivery website money mule Find the victim and gain the trust. Parcel scam begins with parcel delivery stuck for custom clearance. Verify the scam with the tracking code in the website Fees need to be paid to the local banks and money mule will transfer to the cyber criminal Copyright © 2013 CyberSecurity Malaysia
40 Chatting HiHi HiHi A/S/L? I’m Edward from England A/S/L? I’m Edward from England Oh I’m 35, Liza from KL Oh I’m 35, Liza from KL Sweet! Single? Sweet! Single? Yeah, sort of … Yeah, sort of … Find the victim and gain the trust. Cybercriminal Victim Copyright © 2013 CyberSecurity Malaysia
41 Chatting (cont’d) I’m in love with you I’m in love with you I know. I love u too! I know. I love u too! I’d like to come to Malaysia and marry you! Next Month I’d like to come to Malaysia and marry you! Next Month Oh really?Oh really? I’m going to send you some gifts + cash I’m going to send you some gifts + cash How Sweet! How Sweet! After few months of romantic moments Cybercriminal Victim Copyright © 2013 CyberSecurity Malaysia
Copyright © 2011 CyberSecurity Malaysia42 Email Notification From: Pro-Link International Express Courier <southeastasia@plinkcourier.com Date: Tue, Apr 20, 2010 at 9:23 AM Subject: Parcel Withheld Pending Clearance. To: LIZA Date: 20th April, 2010. Tracking Code: 1438312582 Dear Valued Customer, With reference to the delivery of your package, we wish to bring to your notice that your package has been placed on hold by the Malaysian customs for some reasons which happened to violate the shipping policies. As the goods arrived Malaysian custom check point, the Malaysian custom detected that currency notes were included in your parcel.
Copyright © 2011 CyberSecurity Malaysia43 Email Notification (cont’d) Thereby, certain commissions must be paid as customs duty via us which is for the immediate clearance of your package. In the mean time, the reference of tracking on the status of your package is "pending", which is in accordance with the mode of operation in the courier sector for financial delivery. We have already taken order number for this package from the custom. You are required to follow all instructions to be given to you to facilitate the release of your package. To do this, you are required to pay the required charges listed below for the immediate release of your package. Upon confirmation of payment, your package will be delivered to your address above in less than 24 business hours. Outstanding Charges: Administrative .........................RM 2,550.00 Clearance.............................. RM 1,500.00 TOTAL = RM4, 050.00 A total of 4, 050.00 Malaysian ringgit has been charged.
Copyright © 2011 CyberSecurity Malaysia44 Parcel Delivery Website
Copyright © 2011 CyberSecurity Malaysia45 Parcel Delivery Website - Enter the Tracking Code
End Message
Copyright © 2010 CyberSecurity Malaysia47 THANK YOU for listening Jazannul Azriq Aripin Senior Executive Outreach, CyberSecurity Malaysia Email : azriq@cybersecurity.my website : www.cybersafe.my inquiry : cybersafe@cybersecurity.my reporting : cyber999@cybersecurity.my
48

Empfohlen

06 facebook security
06 facebook security06 facebook security
06 facebook security
Ministry of Education Malaysia
 
04 secure the human
04 secure the human04 secure the human
04 secure the human
Ministry of Education Malaysia
 
03 secure the computer
03 secure the computer03 secure the computer
03 secure the computer
Ministry of Education Malaysia
 
Home cyber security
Home cyber securityHome cyber security
Home cyber security
Michael File
 
Cyber Crime - What is Cyber Crime
Cyber Crime - What is Cyber CrimeCyber Crime - What is Cyber Crime
Cyber Crime - What is Cyber Crime
Adeel Rasheed
 
What is spear phishing ( cyber attack )
What is spear phishing ( cyber attack )What is spear phishing ( cyber attack )
What is spear phishing ( cyber attack )
Olivia martins
 
Cyber hacking dev days by aes team
Cyber hacking dev days by aes teamCyber hacking dev days by aes team
Cyber hacking dev days by aes team
ABIN VARGHESE
 
Cyber security (daffodil international university)
Cyber security (daffodil international university)Cyber security (daffodil international university)
Cyber security (daffodil international university)
akkharbabu
 

Empfohlen

06 facebook security
06 facebook security06 facebook security
06 facebook security
Ministry of Education Malaysia
 
04 secure the human
04 secure the human04 secure the human
04 secure the human
Ministry of Education Malaysia
 
03 secure the computer
03 secure the computer03 secure the computer
03 secure the computer
Ministry of Education Malaysia
 
Home cyber security
Home cyber securityHome cyber security
Home cyber security
Michael File
 
Cyber Crime - What is Cyber Crime
Cyber Crime - What is Cyber CrimeCyber Crime - What is Cyber Crime
Cyber Crime - What is Cyber Crime
Adeel Rasheed
 
What is spear phishing ( cyber attack )
What is spear phishing ( cyber attack )What is spear phishing ( cyber attack )
What is spear phishing ( cyber attack )
Olivia martins
 
Cyber hacking dev days by aes team
Cyber hacking dev days by aes teamCyber hacking dev days by aes team
Cyber hacking dev days by aes team
ABIN VARGHESE
 
Cyber security (daffodil international university)
Cyber security (daffodil international university)Cyber security (daffodil international university)
Cyber security (daffodil international university)
akkharbabu
 
Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
Vijilan IT Security solutions
 
Cyber security
Cyber securityCyber security
Cyber security
Sajid Hasan
 
Information Security: Fundamental
Information Security: FundamentalInformation Security: Fundamental
Information Security: Fundamental
ICT Watch
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
Randolph Novino
 
Ethical hacking course.
Ethical hacking course.Ethical hacking course.
Ethical hacking course.
vasudhaaligeti
 
Are you the next target?
Are you the next target?Are you the next target?
Are you the next target?
Strategic Insurance Software
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
SMSumon8
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
anita maharjan
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Cyren, Inc
 
Wapt course detail
Wapt course detailWapt course detail
Wapt course detail
hackersguru
 
Phishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
Phishing For Beginners | Phishing Tutorial | What is Phishing | IntellipaatPhishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
Phishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
Intellipaat
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
Shitiz Upreti
 
Hacking 1
Hacking 1Hacking 1
Hacking 1
sonal bisla
 
Phishing
PhishingPhishing
Phishing
Carla Morales Vásquez
 
My presentation
My presentationMy presentation
My presentation
sa12chindra
 
Web Site Security
Web Site SecurityWeb Site Security
Web Site Security
NetStrategies
 
Security in it
Security in it Security in it
Security in it
Yoshan madhumal
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
crussell79
 
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
Patten John
 
ADAB OF DIGITAL AWARENESS
ADAB OF DIGITAL AWARENESSADAB OF DIGITAL AWARENESS
ADAB OF DIGITAL AWARENESS
applephye
 
Digital awareness tutor day
Digital awareness tutor dayDigital awareness tutor day
Digital awareness tutor day
Simon Conlin
 
00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program
Ministry of Education Malaysia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
anita maharjan
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
crussell79
 

Was ist angesagt? (19)

Benefits of investing in network security for it business
Benefits of investing in network security for it businessBenefits of investing in network security for it business
Benefits of investing in network security for it business
 
Cyber security
Cyber securityCyber security
Cyber security
 
Information Security: Fundamental
Information Security: FundamentalInformation Security: Fundamental
Information Security: Fundamental
 
Watch Guard Firebox T10 Infographic
Watch Guard Firebox T10 InfographicWatch Guard Firebox T10 Infographic
Watch Guard Firebox T10 Infographic
 
Ethical hacking course.
Ethical hacking course.Ethical hacking course.
Ethical hacking course.
 
Are you the next target?
Are you the next target?Are you the next target?
Are you the next target?
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crime
 
Secure communication in Networking
Secure communication in NetworkingSecure communication in Networking
Secure communication in Networking
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
 
Wapt course detail
Wapt course detailWapt course detail
Wapt course detail
 
Phishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
Phishing For Beginners | Phishing Tutorial | What is Phishing | IntellipaatPhishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
Phishing For Beginners | Phishing Tutorial | What is Phishing | Intellipaat
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
Hacking 1
Hacking 1Hacking 1
Hacking 1
 
Phishing
PhishingPhishing
Phishing
 
My presentation
My presentationMy presentation
My presentation
 
Web Site Security
Web Site SecurityWeb Site Security
Web Site Security
 
Security in it
Security in it Security in it
Security in it
 
Web Security and Network Security
Web Security and Network SecurityWeb Security and Network Security
Web Security and Network Security
 
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
20 Tips on Data Protection for Personal, Financial, Mobile And Network Security
 

Andere mochten auch

Andere mochten auch (8)

ADAB OF DIGITAL AWARENESS
ADAB OF DIGITAL AWARENESSADAB OF DIGITAL AWARENESS
ADAB OF DIGITAL AWARENESS
 
Digital awareness tutor day
Digital awareness tutor dayDigital awareness tutor day
Digital awareness tutor day
 
00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program
 
BackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTFBackBox Linux: Simulazione di un Penetration Test e CTF
BackBox Linux: Simulazione di un Penetration Test e CTF
 
05 wi fi network security
05 wi fi network security05 wi fi network security
05 wi fi network security
 
Building Brand Awareness in a digital world - 18th March 2013
Building Brand Awareness in a digital world - 18th March 2013Building Brand Awareness in a digital world - 18th March 2013
Building Brand Awareness in a digital world - 18th March 2013
 
IT Security Awareness
IT Security AwarenessIT Security Awareness
IT Security Awareness
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 

Ähnlich wie Hack me now, hack me then @ btp

Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
WeSecureApp
 

Ähnlich wie Hack me now, hack me then @ btp (20)

Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
GROUP 8 ONLINE SECURITY.pptx
GROUP 8 ONLINE SECURITY.pptxGROUP 8 ONLINE SECURITY.pptx
GROUP 8 ONLINE SECURITY.pptx
 
Security Awareness Training.pptx
Security Awareness Training.pptxSecurity Awareness Training.pptx
Security Awareness Training.pptx
 
EDU 01SEMINAR.pdf
EDU 01SEMINAR.pdfEDU 01SEMINAR.pdf
EDU 01SEMINAR.pdf
 
Bi
BiBi
Bi
 
A Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOsA Cybersecurity Planning Guide for CFOs
A Cybersecurity Planning Guide for CFOs
 
Cyber Law & Forensics
Cyber Law & ForensicsCyber Law & Forensics
Cyber Law & Forensics
 
Why Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small BusinessesWhy Cybercriminals are targeting Small Businesses
Why Cybercriminals are targeting Small Businesses
 
2.Cyber law and Crime.pptx
2.Cyber law and Crime.pptx2.Cyber law and Crime.pptx
2.Cyber law and Crime.pptx
 
Importance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVaultImportance Of Cybersecurity In Education System | SOCVault
Importance Of Cybersecurity In Education System | SOCVault
 
Mobile security issues & frauds in India
Mobile security issues & frauds in IndiaMobile security issues & frauds in India
Mobile security issues & frauds in India
 
Is Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson HelferIs Your Company's Data Secure? Shelley Vinson Helfer
Is Your Company's Data Secure? Shelley Vinson Helfer
 
Analysis the attack and E-commerce security
Analysis the attack and E-commerce securityAnalysis the attack and E-commerce security
Analysis the attack and E-commerce security
 
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
Why Education Sector Needs To Prioritize Cybersecurity? 7 Helpful Importance ...
 
All About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptxAll About Network Security & its Essentials.pptx
All About Network Security & its Essentials.pptx
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies Cybersecurity Awareness E-book by Propelled Technologies
Cybersecurity Awareness E-book by Propelled Technologies
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
IT Shivanshi Tiwari.pptx
IT Shivanshi Tiwari.pptxIT Shivanshi Tiwari.pptx
IT Shivanshi Tiwari.pptx
 

Mehr von Ministry of Education Malaysia

Mehr von Ministry of Education Malaysia (20)

Borang permohonan guru cemerlang 2014
Borang permohonan guru cemerlang 2014Borang permohonan guru cemerlang 2014
Borang permohonan guru cemerlang 2014
 
Fail Meja - Panduan Penyediaan
Fail Meja - Panduan PenyediaanFail Meja - Panduan Penyediaan
Fail Meja - Panduan Penyediaan
 
Fail Meja - Panduan Penyediaan
Fail Meja - Panduan PenyediaanFail Meja - Panduan Penyediaan
Fail Meja - Panduan Penyediaan
 
Fail Meja Ketua Panitia TMK
Fail Meja Ketua Panitia TMKFail Meja Ketua Panitia TMK
Fail Meja Ketua Panitia TMK
 
Panduan Fail Meja
Panduan Fail MejaPanduan Fail Meja
Panduan Fail Meja
 
Modul 1 Scratch
Modul 1 ScratchModul 1 Scratch
Modul 1 Scratch
 
00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program
 
07 end
07 end07 end
07 end
 
02 power search using google
02 power search using google02 power search using google
02 power search using google
 
01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals 01 Cyber Safe Malaysia Website Fundamentals
01 Cyber Safe Malaysia Website Fundamentals
 
00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program00 introduction to cyber safe ambassador program
00 introduction to cyber safe ambassador program
 
Manual Panduan Membina Laman FROG VLE
Manual Panduan Membina Laman FROG VLEManual Panduan Membina Laman FROG VLE
Manual Panduan Membina Laman FROG VLE
 
Mtg v5.0 full pdf bm
Mtg v5.0 full pdf bmMtg v5.0 full pdf bm
Mtg v5.0 full pdf bm
 
Takwim Penggal Persekolahan 2014
Takwim Penggal Persekolahan 2014 Takwim Penggal Persekolahan 2014
Takwim Penggal Persekolahan 2014
 
Hari ke-4: Pembentangan Kumpulan 7
Hari ke-4: Pembentangan Kumpulan 7Hari ke-4: Pembentangan Kumpulan 7
Hari ke-4: Pembentangan Kumpulan 7
 
Pembentangan TMK
Pembentangan TMKPembentangan TMK
Pembentangan TMK
 
Makna "PLuG TMK"...
Makna "PLuG TMK"...Makna "PLuG TMK"...
Makna "PLuG TMK"...
 
Kumpulan 6
Kumpulan 6Kumpulan 6
Kumpulan 6
 
Kumpulan 3
Kumpulan 3Kumpulan 3
Kumpulan 3
 
Kumpulan 4: Geng Bahagi 4
Kumpulan 4: Geng Bahagi 4Kumpulan 4: Geng Bahagi 4
Kumpulan 4: Geng Bahagi 4
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

Hack me now, hack me then @ btp

  • 2. Copyright © 2011 CyberSecurity Malaysia What is All About? The awareness session is aimed to highlight the common misconception and mistake of computer and internet users on how to secure their computers. The key points include  Inside the Hackers’ Mind  Hackers’ Malicious Techniques  Secure The Human Hack Me Now, Hack Me Then The Wonderful World of HackersThe Wonderful World of Hackers
  • 3. Jazannul Azriq Aripin Senior Executive, Outreach Dept., CyberSecurity Malaysia Mr. Jazannul Azriq B. Aripin; Senior Executive of Outreach Department, CyberSecurity Malaysia. He has a degree in Computer Science from Universiti Malaysia Sabah. A Microsoft Certified System Engineer (MCSE) and ISMS Lead Auditor. Five years with CyberSecurity Malaysia doing Facebook Security, Facebook Forensic, Information Security Audit (ISMS/ISO27001- 2005) and Social Engineering
  • 6. What You Keep Inside Your Computer Work-Related Information  company information (structure, process, systems)  corporate email  business applications access  business servers access  business documents  customer information  vendor information Personal-Related Information  personal information  personal emails  online banking  social networking  personal documents  personal photos  your dirty little secrets
  • 8. Know Your Enemy Cyber Criminal Someone You Know Someone You Don’t Know Copyright © 2013 CyberSecurity Malaysia
  • 9. Hack Me #1 – Windows Logon
  • 10.
  • 11. Hack Me #2 – Password Copyright © 2013 CyberSecurity Malaysia
  • 12. Copyright © 2013 CyberSecurity Malaysia Test Your Password
  • 13. Test Your Password Copyright © 2011 CyberSecurity Malaysia
  • 14. Hack Me #4 – Installed Software
  • 15. Copyright © 2013 CyberSecurity Malaysia
  • 16.
  • 17.
  • 18. Hack Me #5 – Wireless Connection Copyright © 2013 CyberSecurity Malaysia
  • 19. Copyright © 2010 CyberSecurity Malaysia19 WiFi Hacking Toolkits
  • 20. Copyright © 2010 CyberSecurity Malaysia20 WiFi Hackers Can View Your Password
  • 21. Copyright © 2010 CyberSecurity Malaysia21 WiFi Hackers Can Read Your Email
  • 22. Copyright © 2010 CyberSecurity Malaysia22 WiFi Hackers Can See Your IM Chat Copyright © 2013 CyberSecurity Malaysia
  • 23. Hack Me #6 – Internet Browser Copyright © 2013 CyberSecurity Malaysia
  • 24. Copyright © 2013 CyberSecurity Malaysia
  • 25.
  • 26. Hack Me #7 – Facebook
  • 28. Digital Culture in Facebook
  • 29. Copyright © 2013 CyberSecurity Malaysia
  • 30. Privacy Setting Copyright © 2013 CyberSecurity Malaysia
  • 31. Privacy Setting Copyright © 2013 CyberSecurity Malaysia
  • 32. Hack Me #8 – Instant Messaging & Web Cam Webcam Copyright © 2013 CyberSecurity Malaysia
  • 33. Hack Me #12 – Chain Email
  • 34. Hack Me #14 – Phishing
  • 35. Copyright © 2013 CyberSecurity Malaysia
  • 36. Don’t Phish Me Copyright © 2013 CyberSecurity Malaysia
  • 37. Hack Me #13 – Device Repairs Copyright © 2013 CyberSecurity Malaysia
  • 38. Hack Me #14 – Social Engineering Human-based Social Engineering  gathering sensitive information by human interaction  famous tactics: posing as legitimate users, tech support, important users, shoulder surfing, eavesdropping, dumpster diving Computer-based Social Engineering  gathering sensitive information by using computer  famous tactics: email attachment, IM attachment, spam email, website, hoax email, chain letter, pop up windows, phishing The technique of gaining sensitive information by exploiting basic human nature such trust, fear, desire to help. Copyright © 2013 CyberSecurity Malaysia
  • 39. 39 Case Study - Parcel Delivery Scam chatting email notification parcel delivery website money mule Find the victim and gain the trust. Parcel scam begins with parcel delivery stuck for custom clearance. Verify the scam with the tracking code in the website Fees need to be paid to the local banks and money mule will transfer to the cyber criminal Copyright © 2013 CyberSecurity Malaysia
  • 40. 40 Chatting HiHi HiHi A/S/L? I’m Edward from England A/S/L? I’m Edward from England Oh I’m 35, Liza from KL Oh I’m 35, Liza from KL Sweet! Single? Sweet! Single? Yeah, sort of … Yeah, sort of … Find the victim and gain the trust. Cybercriminal Victim Copyright © 2013 CyberSecurity Malaysia
  • 41. 41 Chatting (cont’d) I’m in love with you I’m in love with you I know. I love u too! I know. I love u too! I’d like to come to Malaysia and marry you! Next Month I’d like to come to Malaysia and marry you! Next Month Oh really?Oh really? I’m going to send you some gifts + cash I’m going to send you some gifts + cash How Sweet! How Sweet! After few months of romantic moments Cybercriminal Victim Copyright © 2013 CyberSecurity Malaysia
  • 42. Copyright © 2011 CyberSecurity Malaysia42 Email Notification From: Pro-Link International Express Courier <southeastasia@plinkcourier.com Date: Tue, Apr 20, 2010 at 9:23 AM Subject: Parcel Withheld Pending Clearance. To: LIZA Date: 20th April, 2010. Tracking Code: 1438312582 Dear Valued Customer, With reference to the delivery of your package, we wish to bring to your notice that your package has been placed on hold by the Malaysian customs for some reasons which happened to violate the shipping policies. As the goods arrived Malaysian custom check point, the Malaysian custom detected that currency notes were included in your parcel.
  • 43. Copyright © 2011 CyberSecurity Malaysia43 Email Notification (cont’d) Thereby, certain commissions must be paid as customs duty via us which is for the immediate clearance of your package. In the mean time, the reference of tracking on the status of your package is "pending", which is in accordance with the mode of operation in the courier sector for financial delivery. We have already taken order number for this package from the custom. You are required to follow all instructions to be given to you to facilitate the release of your package. To do this, you are required to pay the required charges listed below for the immediate release of your package. Upon confirmation of payment, your package will be delivered to your address above in less than 24 business hours. Outstanding Charges: Administrative .........................RM 2,550.00 Clearance.............................. RM 1,500.00 TOTAL = RM4, 050.00 A total of 4, 050.00 Malaysian ringgit has been charged.
  • 44. Copyright © 2011 CyberSecurity Malaysia44 Parcel Delivery Website
  • 45. Copyright © 2011 CyberSecurity Malaysia45 Parcel Delivery Website - Enter the Tracking Code
  • 47. Copyright © 2010 CyberSecurity Malaysia47 THANK YOU for listening Jazannul Azriq Aripin Senior Executive Outreach, CyberSecurity Malaysia Email : azriq@cybersecurity.my website : www.cybersafe.my inquiry : cybersafe@cybersecurity.my reporting : cyber999@cybersecurity.my
  • 48. 48

Hinweis der Redaktion

  1. - Anybody can access ur computer, data…..nak tanya……mcm mana nak tau lappy tu bebetul secure…..
  2. The way hackers nampak…….bukan nya computer itself….. Hardware Software Meatware
  3. Goreng sikit ttg apa yg ada dlm komputer….
  4. In terms of hacker will attack……..ada password or anti-virus….
  5. Secure our computer with a password so that unauthorized users may not have access to our data and personal/confidential information. If we have a shared computer at home that is used by the children as well, each user should have a login ID and a password and as the head of the family, we should create an Administrator&amp;apos;s password. Go to this link to test our password : http://www.cybersafe.my/pswd-checker/index.html This application is designed to assess the strength of password strings. Just type in our password and get an instant strength rating: Weak, Medium, Strong, or Best. To really pick a good password, we should assume the best case scenario for the attacker, and the worst case scenario for us.   When an attacker brute-forces our password, they basically iterate through all possible character combinations.  Don&amp;apos;t worry: Microsoft isn&amp;apos;t secretly collecting passwords ,this page doesn&amp;apos;t record what we type, it merely generates a response based on the nature of the input. How to create a good password? Please refer below link for more information: httphttp://netforbeginners.about.com/od/antivirusantispyware/tp/5-steps-to-a-strong-password. htm://www.microsoft.com/security/online-privacy/passwords-create.aspx http://en.wikipedia.org/wiki/Password_strength Http://www.passwordmeter.com/ http://howsecureismypassword.net/
  6. This is another option for the Privacy Setting How You Connect – control how you connect with people you know How Tags Work – control what happens when friends tag you or your content App and Website – control what gets shared with apps, games and websites Limit the Audience for Past posts – Limit the audience for posts you shared with more than friends Block People and Apps – manage the people and apps you’ve blocked
  7. This is the new interface for the Facebook Privacy Setting. Much more simple and easy to read and understand. Each of the option have the explanation for it and this is easy for the Facebok user to know and understand what is all about for each option. These two option; Control Privacy When You Post and Control Your Default Privacy, basically you can control whose going to read you post and who can view your profile. We may explore more on the next slide.
  8. DontPhishMe v.1.6.0 has been fully reviewed by Mozilla [1] and Google [2] and it is now available to public.   DontPhishMe v.1.6.0 will be the last major changes/release in version 1 and the whole detection method/algorithm will be changed, re-code and release as version 2.   Here are the changelogs of DontPhishMe v.1.6.0:   1) Whitelist only the domain instead of subdomain and domain to prevent false positive 2) Major famous websites&amp;apos; domain added to whitelist to increase performance and reduce resource utilization 3) Added support for Bank Muamalat 4) Added support for BSN
  9. Waspada sindiket penipuan bungkusan melalui internet KUALA LUMPUR: Polis Diraja Malaysia hari ini mengingatkan orang ramai supaya berwaspada dengan sindiket penipuan bungkusan yang semakin berleluasa melalui Internet. PDRM dalam satu kenyataan di laman Facebook hari ini menjelaskan modus operandi sindiket berkenaan adalah dengan berkenalan dengan mangsa melalui laman sosial seperti Facebook, e-mel dan laman sembang dalam tempoh satu hingga empat bulan.Selepas persahabatan terjalin, anggota sindiket kemudian memaklumkan kepada mangsa bahawa bungkusan telah dihantar kepadanya sebagai barangan hadiah.Bungkusan itu dikatakan mengandungi barang perhiasaan, wang, emas dan disusuli dengan kiriman resit penghantaran melalui e-mel kepada mangsa. Menurut PDRM, mangsa kemudian akan dimaklumkan oleh sindiket bahawa bungkusan berkenaan ditahan oleh Kastam Malaysia. &amp;quot;Mangsa diminta menjelaskan beberapa bayaran kepada Kastam dan syarikat ejen dengan memasukkan wang ke dalam akaun yang akan diberikan oleh sindiket bagi tujuan menuntut bungkusan terbabit. &amp;quot;Mangsa yang terpedaya hanya sedar ditipu selepas membuat beberapa bayaran sebagaimana yang diminta oleh sindiket tanpa mendapatkan bungkusan itu,&amp;quot; kata PDRM.  Justeru itu PDRM menasihatkan orang ramai supaya sentiasa berhati-hati dan tidak mudah percaya dengan kenalan melalui Internet dan mengelak daripada menjadi mangsa kepada penipuan jenayah siber itu. - BERNAMA  Source:http://www.bharian.com.my/bharian/articles/Waspadasindiketpenipuanbungkusanmelaluiinternet/Article
  10. Different names, same parcel scam KUALA LUMPUR: First, there was &amp;apos;Greg Kennedy&amp;apos;, then &amp;apos;Clinton Morris&amp;apos; and &amp;apos;James Mattson&amp;apos;. Now, a Mr John Miller has pierced the heart of another lonely woman in cyberspace in the 245th case of parcel scams this year. All the scammers were Nigerians posing as Britons and operating from here with local women as their accomplices. Federal Commercial Crime deputy director II Datuk Rodwan Mohd Yusof said the 245 women had lost a total of RM9.4 million to the fraudsters from January to April this year. He said 48 Nigerians and their accomplices have been caught over the past four months in connection with parcel scams that has left the authorities baffled over how easily some women are sucked into parting with their life savings. “It’s puzzling how these women, some of them professionals and well-educated, fall for such tricks easily despite such cases being highlighted in the media.” He said the well-publicised cases of 130 people charged and convicted for such crimes last year has not helped prevent more women from falling victims to the fraudsters. Source:http://www.mmail.com.my/content/72699-different-names-same-parcel-scam
  11. Nigerian men like to scam people, they invented UK addresses, European names, even Malaysian addresses to attract the victim. Don&amp;apos;t be surprised, some of these Nigerians have Indonesian women friends, and they use their women friend&amp;apos;s Maybank accounts. &amp; claiming that these account belongs to the custom staff. Many of these Nigerian men pretended to be European guys and chatting with Asian girls online and after 2-3 months &amp;quot;online dating&amp;quot;, these Nigerians will start scamming the desperate Asian women, by &amp;quot;sending&amp;quot; a parcel which &amp;quot;contains&amp;quot; a wedding gown, cash etc. This parcel scam also involves custom, parcel stuck at KLIA immigration, custom staff&amp;apos;s Maybank account Interesting Story “Nigerian Parcel Scam Terbongkar Lagi! Saya kongsikan klip audio, rakaman perbualan di antara saya dan ahli sindiket Nigerian Parcel Scam dirakamkan pada jam 2.30 petang tadi menggunakan telefon bimbit dan dimuat naikkan dengan bantuan rakan, Sabil. “ From Mazidul Akmal Blog http://www.mazidulakmal.com/2011/05/nigerian-parcel-scam-terbongkar-lagi.html
  12. Email Notification indicates that the parcel has been withhold by Malaysian customs.
  13. Continued from previous slide.
  14. Fake parcel delivery website to convince the victim about the parcel has been arrived and withhold at Malaysia customs.
  15. If the victim enters the tracking code number which has been enclosed in the email notification, the fake parcel delivery website will display the parcel delivery record from origin location to destination. This record is a fake!
  16. Educationx3