SlideShare a Scribd company logo

Hacker risks presentation to ACFE PR Chapter

Download as PPTX, PDF
Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

ACFE presentation on April 30, 2013 Presented by: Enrrique J Gonzalez, Jose Arroyo, Jose Quiñones

Technology
1 of 82
Is XXI century Fraud Hacking? ACFE Puerto Rico Chapter Presented by: Enrique Gonzalez Jose Arroyo Jose Quinones
IT Terminologies • Threat – potential danger to information or systems • Vulnerability – absence of a safeguard or weakness providing an opportunity for attack • Attack – attempt to exploit a vulnerability or violate a security policy, mechanism or control • Breach – successful attack with or without detection • Exposure = (vulnerability + likelihood of attack – number of instances of being exposed to a loss from a threat agent) 2
Facts • Internet has grown very fast and security has lagged behind. • It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged • It is very hard to track down people because of the ubiquity of the network. • Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions
Computer Crime _the Beginning • In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. • Today we have about 70K of incidents of cyber attacks which are reported and the number grows.
Computer Crime- 1994 • A 16-year-old music student called Richard Pryce, better known by the hacker alias DataStream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, Nasa and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. • Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money.
Computer Crime- 1995 • In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones. • On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail. • The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995.
Computer Crime- 1999 • In March, the Melissa virus goes on the rampage and wreaks havoc with computers worldwide. After a short investigation, the FBI tracks down and arrests the writer of the virus, a 29-year-old New Jersey computer programmer, David L Smith. • More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999
Computer Crime- 2000 • In February, some of the most popular websites in the world such as Amazon and Yahoo are almost overwhelmed by being flooded with bogus requests for data. • In May, the ILOVEYOU virus is unleashed and clogs computers worldwide. Over the coming months, variants of the virus are released that manage to catch out companies that didn't do enough to protect themselves. • In October, Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen.
Computer Crime- 2000-07 • March 2005 - Bank of America – 1,200,000 lost social security and account numbers were lost • May 2006 - Veteran’s Administration – 26,500,000 social security numbers and DOB were lost when a laptop was stolen • January 2007 - TJ Maxx – 47,500,000 credit card numbers were stolen by hackers taking advantage of unencrypted wireless network in parking lot
10 Largest Data Breaches Since 2000
Why do Hackers Attack? • Because they can!!!!!!!!!! • A large fraction of hacker attacks have been pranks • Financial Gain • Espionage • Venting anger at a company or organization • Terrorism
Types of Hacker Attack • Active Attacks – Denial of Service – Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks – Sniffing • Passwords • Network Traffic • Sensitive Information – Information Gathering
Modes of Hacker Attack • Over the Internet • Over LAN • Locally • Offline • Theft • Deception
Spoofing  Definition:  An attacker alters his identity so that some one thinks he is some one else  Email, User ID, IP Address, …  Attacker exploits trust relation between user and networked machines to gain access to machines  Types of Spoofing:  IP Spoofing:  Email Spoofing  Web Spoofing
Denial of Service (DOS) Attack • Definition: • Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. • Types: – Crashing the system or network • Send the victim data or packets which will cause system to crash or reboot. – Exhausting the resources by flooding the system or network with information • Since all resources are exhausted others are denied access to the resources – Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks
Password Attacks - Process • Find a valid user ID • Create a list of possible passwords • Rank the passwords from high probability to low • Type in each password • If the system allows you in – success ! • If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more)
Password Attacks – Types • Dictionary Attack – Hacker tries all words in dictionary to crack password – 70% of the people use dictionary words as passwords • Brute Force Attack – Try all permutations of the letters & symbols in the alphabet • Hybrid Attack – Words from dictionary and their variations used in attack • Social Engineering – People write passwords in different places – People disclose passwords naively to others • Shoulder Surfing – Hackers slyly watch over peoples shoulders to steal passwords • Dumpster Diving – People dump their trash papers in garbage which may contain information to crack passwords
Study Findings • 30% of users chose passwords whose length is <= 6 characters • 60% of users use limited set of alpha-numeric characters • 50% of users use names, slang words, dictionary words, or simple key sequences • In just 110 attempts, a hacker would typically be able to gain access to one new account every second, or 17 minutes to break 1000 accounts http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practic
Password Protection http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practic es.pdf
XKCD Comics explains it well
Good, old fashioned stealing
Who is causing the buzz? • The amount of data that can be capture from just doing an Internet search • The inability of corporate employees to identify a social engineering attack • The easy access intruders have to both physical and virtual data through the use of Social Engineering
Money lost?
Who is been attacked?
How it is done?
How is it done? • DefCon 20 SE CTF Report
Why?
Another target • If this happens to corporations, imagine SE attacks to an individual.
ID theft & Falce ID • Complete Digital Life destroyed to Mat Honan, thanks to Google, Apple and Amazon.
False ID
Number of Incidents 2011 http://www.idtheftawareness.com/id_theft_ pages/WhatIsIdTheft.php
Is there hope?
“Phishing” http://kooptickets.nl/~claudia/mycfcu.com/….. Netherlands
Identity Theft • When someone uses your personal information without your permission to commit fraud or other crime – Name – Social Security number – Date of birth – Credit card number – Bank account numbers
“Skimming”
“Skimming”
“Skimming”
“Dumpster Diving” Jason E. Street
Scrap Paper • March 10, 2008 • School teacher purchases box of scrap paper for her fourth grade students - $20 • What she really gets? • Medical records of 28 hospital patients!
Medical ID Theft • April 2007, Salt Lake City • Woman delivers a baby at a local hospital • …then abandons it! • Baby tests positive for methamphetamine • Hospital identifies mother as Anndorie Sachs and tracks her down • Anndorie says she did not have a baby recently • DCFS threatens to take away her other 4 children, aged 2-7
Medical ID Theft (cont) • Good news – Accusations were dropped – Anndorie was absolved of paying the bill • Bad news – Anndorie’s medical records were altered to show the blood type and medical record of a complete stranger – Anndorie has a blood clotting disorder – The hospitals insist that they have fixed the issue, but Anndorie can’t be sure because they need to PROTECT the PRIVACY of the IDENTITY THIEF!
Protect your sensitive information • Shred pre-approved credit offers, receipts, bills, other records that have SSN • Do not provide CC#, SSN, etc. out over email • Do not click on links in unsolicited emails
What's your organization’s most important asset?
Critical and Confidential Data • Intellectual Property: source code, product design documents, process documentation, internal price lists, R&D • Corporate Data: Financial documents, strategic planning documents, due diligence research for mergers and acquisitions, corporate secrets • Personal/Personnel/User Data: Social security numbers, credit card numbers, medical records, financial statements
How data is lost?
Threat actors Verizon Data Breach Report
Open Access • Misconfigured share folders on a network can become a source for data leak. • A common error of the system administrators is to give more privileges to users than they need. – This breaks the least privilege principle and has consequences. • Wireless access – Captive portals give a false sense of security – The encryption is as good as its password
Excessive Permissions • Everyone: Full Control – Often developers code as a full admin on their station and do not take into account restricted users. • Combination of Share Permissions and File Permissions is often misconfigure • dbo privileges on the database for regular users • Firewall rules
How data can be protected? • Proper File an share permissions – Don’t use Everyone or Users groups – Adhere to least privilege principle • Group Policy Objects (GPO) are you friends – Activate Audits Objects and Processes – Configure Logging – Tracking • Monitor your data – IDS/IPS – DPI
Data Loss Prevention • Finger Print • File Size • File Type • RegEx • Rule Based
Are you sure you are getting it all?
Encryption • During Transmission – VPN – Secure Shell – Tunneling • At rest – File Encryption (EFS, File Vault, etc.) – Full drive encryption (Bit Locker, Truecrypt, etc.) • It also can be used by the bad guys
... bring the cracker
Who’s got your data? Verizon Data Breach Report 2012
Track your data • Embed a URI or <web bug> • Digital Rights Management • Traffic/Network FLOWs • Deep Packet Inspection • SSL proxy
After the fact, what do you do? • How identify an incident • Incident Handling Process • Live vs Dead Analysis
Incident vs Event • Event: Observable, measurable occurrences on our systems. It can be something that happened to someone who saw it, or was recorded by a log or audit file on a device. • Incident: actions that result in harm or the significant threat of harm to the information systems or data in the organization
Steps to Incident Handling • Preparation: Policies, procedures, educate, practice • Identification: Declare, classify, prioritize • Containment: Observe, quarantine, isolate • Eradication: Clean, patch, reconfigure • Recovery: Restore, test, monitor, • Lessons Learned: Debrief, discuss, evaluate, modify, mitigate
Live Analysis • Live Analysis – Memory Dump – Live Disk Imaging – Network Status/Capture – System State • Dead Analysis – Pull the plug – Disk imaging – Image analysis
Why live analysis should always be considered? • RAM only processes – Metasploit Meterpreter • RAM disks – /dev/shm – ImDisk • Network Connections – Open transfers – Networked shares like SMB/NFS or SSHFS – Tunneling
So … • Your data is the most important asset in the organization and “others” • You have to do your best effort to protect your assets but sometimes your best is not enough • Be prepared to fail, learn from it and keep your mind open to possibilities
How many of you... …have your Social Security card in your wallet or purse right now?
Due Care and Due Diligence • Due Care: Steps taken to show that a company has taken responsibility for the activities that occur within the corporation and has taken the necessary steps to help protect the company, its resources, and employees. • Due Diligence: The process of systematically evaluating information to identify vulnerabilities threats, and issues relating to an organization’s overall risk. • Example: – Due care: Installing Antivirus software – Due diligence: Keeping Antivirus signatures updated 64
65 Examples of Major Computer Crime Laws • PATRIOT Act • Electronic Communications Privacy Act • Computer Fraud and Abuse Act • National Infrastructure Protection Act of 1997 • Computer Security Act of 1987 • Computer Crime Research Center (http://www.crime- research.org/legislation/) • Council Of Europe - Convention On Cybercrime (Ets No. 185) • Convention On Cybercrime (Budapest, 23.Xi.2001)
66 Laws, Directives, and Regulations • Gramm-Leach-Bliley Act of 1999 • Requires financial institutions to develop privacy notices and give their customers the option to prohibit financial institutions from sharing their information with nonaffiliated third parties • Requires: • The board of directors to be responsible for security issues within financial institutions • Risk management • Training to all employees on information security issues • Test security measures implemented • Written security policy
67 Laws, Directives, and Regulations • Computer Fraud and Abuse Act • The primary U.S. federal antihacking statute. • Prohibits seven forms of activity and makes them federal crimes • Federal Privacy Act of 1974 • Applies to records and documents developed and maintained by specific branches of the federal government. • An actual record is information about an individual’s education, medical history, financial history, criminal history, employment, and other similar types of information. • An agency cannot disclose the information without written permission from the individual
68 Laws, Directives, and Regulations • Computer Security Act of 1987: • Requires U.S. federal agencies to identify computer systems that will contain sensitive information • Develop security policy and plan for each of these systems • Conduct periodic training for individuals who operate, manage, or use these systems • Security awareness training and define acceptable computer use and practices • Economic Espionage Act of 1996 • Provides the necessary structure when dealing with industry and corporate espionage and further defines trade secrets to be technical, business, engineering, scientific, or financial
Law Offense Section Sentence Obtaining National Security Information (a)(1) 10 (20) years Accessing a Computer and Obtaining Information (a)(2) 1 or 5 (10) Trespassing in a Government Computer (a)(3) 1 (10) Accessing a Computer to Defraud & Obtain Value (a)(4) 5(10) Intentionally Damaging by Knowing Transmission (a(5))(A) 1 or 10 (20) Recklessly Damaging by Intentional Access (a(5))(B) 1 or 5 (20) Negligently Causing Damage & Loss by Intentional Access (a(5))(C) 1 (10) Trafficking in Passwords (a)(6) 1 (10) Extortion Involving Computers (7) 5 (10 The maximum prison sentences for second convictions are noted in parentheses he maximum prison sentences for second convictions are noted in parentheses
Current US Legal Framework
• Difficulties in Prosecution – Lack of Understanding • Judges, Lawyers, Police, Jurors – Evidence • Lack of Tangible Evidence – Forms of Assets • Magnetic Particles, Computer Time – Juveniles • Many Perpetrators are Juveniles • Adults Don’t Take Juvenile Crime Seriously 71 Computer Crime Challenge
72 Investigations • Incident Response • Have policy and procedures in place for incident response • Incident response team • Follow predetermined steps • Decide whether to conduct own forensics
73 Investigations • Incident Handling • Procedures for how to handle all incidents • Related to disaster recovery planning • Contain and repair any damage caused by an event or prevent any further damage • Linked to security training and awareness program • Become part of mailing list of the Computer Emergency Response Team (CERT)
74 Investigations • Forensics • A science and an art that requires specialized techniques for the recovery, authentication, and analysis of electronic data for the purposes of a criminal act. • Computer Forensics • Must be properly skilled • Work from a copy • Specialized tools • Chain of custody • Photograph crime scene
• Forensics Investigations Process – Identification – Preservation – Collection – Examination – Analysis – Presentation – Decision 75 Investigations
Incident Investigators • Network Analysis – Communication analysis – Log analysis – Path tracing • Media Analysis – Disk imaging – MAC time analysis (modify, access, create) – Content analysis – Slack space analysis – Steganography • Software analysis – Reverse engineering – Malicious code review – Exploit review 76
Penetration Testing • Process of simulating attacks on a network and its systems at the request of the owner, senior management. • Uses a set of procedures and tools designed to test and possibly bypass the security controls of a system. • Its goal is to measure an organization’s level of resistance to an attack and to uncover any weaknesses within the environment. • Penetration tests can evaluate web servers, DNS servers, router configurations, workstation vulnerabilities, access to sensitive information, remote dial-in access, open ports, and available services’ properties that a real attacker might use to compromise the company’s overall security. 77
Penetration Testing • When performing a penetration test, the team goes through a five-step process: – 1. Discovery - Foot printing and gathering information about the target – 2. Enumeration - Performing port scans and resource identification methods – 3. Vulnerability mapping - Identifying vulnerabilities in identified systems and resources – 4. Exploitation - Attempting to gain unauthorized access by exploiting vulnerabilities – 5. Report to management - Delivering to management documentation of test findings along with suggested countermeasures 78
Penetration Testing • The penetration testing team can have varying degrees of knowledge about the penetration target before the tests are actually carried out: – Zero knowledge - The team does not have any knowledge of the target and must start from ground zero. – Partial knowledge - The team has some information about the target. – Full knowledge - The team has intimate knowledge of the target. – A blind test is one in which the assessors only have publicly available data to work with. The network staff is aware that this type of test will take place. – A double-blind test (stealth assessment) is also a blind test to the assessor as mentioned previously, plus the security staff is not notified. 79
FASS Group Enrique J. Gonzalez, MIS CFE, CISSP Forensic, Auditing, Security Services info@fassgroup.net
Jose A. Arroyo, MS MCSA, MCT, CEH 787-340-3781 jarroyo@obsidisconsortia.org josearroyo@talktoait.com
Jose L. Quiñones, BS MCSA, MCT, CEH, CIE, GCIH, GPEN, RHCSA 787-238-5568 josequinones@codefidelio.org jquinones@obsidisconsortia.org

Recommended

Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021PrabhatChoudhary11
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMrunalBakshi
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 

Recommended

Computer crime
Computer crimeComputer crime
Computer crimeUc Man
 
Cybersecurity2021
Cybersecurity2021Cybersecurity2021
Cybersecurity2021PrabhatChoudhary11
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeMurray Security Services
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRafel Ivgi
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMrunalBakshi
 
Traditional problem associated with cyber crime
Traditional problem associated with cyber crimeTraditional problem associated with cyber crime
Traditional problem associated with cyber crimevishalgohel12195
 
2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer Crimes2014-09-03 Cybersecurity and Computer Crimes
2014-09-03 Cybersecurity and Computer CrimesRaffa Learning Community
 
Cyber security
Cyber security Cyber security
Cyber security REVA UNIVERSITY
 
Cyber crime in india
Cyber crime in indiaCyber crime in india
Cyber crime in indiaArpan Shah
 
Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyPELUMI APANTAKU
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesAssignment Studio
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaMohammed Mahfouz Alhassan
 
Computer crime
Computer crimeComputer crime
Computer crimeVinil Patel
 
Cyberterrorism
CyberterrorismCyberterrorism
CyberterrorismVarshil Patel
 
Chapter 3
Chapter 3Chapter 3
Chapter 3anas_desa
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 
Computer security
Computer securityComputer security
Computer securityRoshanMaharjan13
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet CrimeGerman Teran
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Rajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentationRajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentationRajveer Choudhary
 
Hackers
HackersHackers
HackersMohamed Boudchiche
 
Module vi mis
Module vi misModule vi mis
Module vi misArnav Chowdhury
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimeslittle robie
 
A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber CrimeNikhil Chaudhary
 
Cybercrime
CybercrimeCybercrime
CybercrimeVinil Patel
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...n|u - The Open Security Community
 

More Related Content

What's hot

Cyber crime in india
Cyber crime in indiaCyber crime in india
Cyber crime in indiaArpan Shah
 
Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyPELUMI APANTAKU
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesAshesh R
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesAssignment Studio
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaMohammed Mahfouz Alhassan
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case studyShubh Thakkar
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet CrimeGerman Teran
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Rajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentationRajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentationRajveer Choudhary
 

What's hot (20)

Cyber crime in india
Cyber crime in indiaCyber crime in india
Cyber crime in india
 
Cybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and SocietyCybercrime in Nigeria - Technology and Society
Cybercrime in Nigeria - Technology and Society
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
 
Cybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse CasesCybercrime And Computer Misuse Cases
Cybercrime And Computer Misuse Cases
 
E crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several typesE crime thesis Cyber Crime and its several types
E crime thesis Cyber Crime and its several types
 
Computer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of GhanaComputer and Cyber forensics, a case study of Ghana
Computer and Cyber forensics, a case study of Ghana
 
Computer crime
Computer crimeComputer crime
Computer crime
 
Cyberterrorism
CyberterrorismCyberterrorism
Cyberterrorism
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Cyber crime- a case study
Cyber crime- a case studyCyber crime- a case study
Cyber crime- a case study
 
Computer security
Computer securityComputer security
Computer security
 
[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime[Exposicion] Computer and Internet Crime
[Exposicion] Computer and Internet Crime
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examiner
 
Rajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentationRajveer choudhary cyber crime presentation
Rajveer choudhary cyber crime presentation
 
Hackers
HackersHackers
Hackers
 
Module vi mis
Module vi misModule vi mis
Module vi mis
 
Cyber Crimes
Cyber CrimesCyber Crimes
Cyber Crimes
 
A report on cyber Crime
A report on cyber CrimeA report on cyber Crime
A report on cyber Crime
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 

Similar to Hacker risks presentation to ACFE PR Chapter

History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackersHarsh Sharma
 
Cyber Security Motivation
Cyber Security MotivationCyber Security Motivation
Cyber Security MotivationSuman Thapaliya
 
Cybercrimes and Cybercriminals
Cybercrimes and CybercriminalsCybercrimes and Cybercriminals
Cybercrimes and CybercriminalsAshikur Rahman
 
Cybercrime
CybercrimeCybercrime
CybercrimeSERCOD
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Shawon Raffi
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHINGsanthuana sg
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4gpioa
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYChaya Sorir
 

Similar to Hacker risks presentation to ACFE PR Chapter (20)

History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrime
 
Social Engineering : To Err is Human...
Social Engineering : To Err is Human...Social Engineering : To Err is Human...
Social Engineering : To Err is Human...
 
Social Engineering
Social EngineeringSocial Engineering
Social Engineering
 
Hacking
Hacking Hacking
Hacking
 
Introduction to hackers
Introduction to hackersIntroduction to hackers
Introduction to hackers
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Cyber Security Motivation
Cyber Security MotivationCyber Security Motivation
Cyber Security Motivation
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cybercrimes and Cybercriminals
Cybercrimes and CybercriminalsCybercrimes and Cybercriminals
Cybercrimes and Cybercriminals
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
hacking.ppt
hacking.ppthacking.ppt
hacking.ppt
 
2hacking.ppt
2hacking.ppt2hacking.ppt
2hacking.ppt
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
HACKING AND PHISHING
HACKING AND PHISHINGHACKING AND PHISHING
HACKING AND PHISHING
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Crontab Cyber Security session 4
Crontab Cyber Security session 4Crontab Cyber Security session 4
Crontab Cyber Security session 4
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 

More from Jose L. Quiñones-Borrero

Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresJose L. Quiñones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingJose L. Quiñones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Jose L. Quiñones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Jose L. Quiñones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students Jose L. Quiñones-Borrero
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingJose L. Quiñones-Borrero
 

More from Jose L. Quiñones-Borrero (15)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
 
Weaponization of IoT
Weaponization of IoTWeaponization of IoT
Weaponization of IoT
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

Hacker risks presentation to ACFE PR Chapter

  • 1. Is XXI century Fraud Hacking? ACFE Puerto Rico Chapter Presented by: Enrique Gonzalez Jose Arroyo Jose Quinones
  • 2. IT Terminologies • Threat – potential danger to information or systems • Vulnerability – absence of a safeguard or weakness providing an opportunity for attack • Attack – attempt to exploit a vulnerability or violate a security policy, mechanism or control • Breach – successful attack with or without detection • Exposure = (vulnerability + likelihood of attack – number of instances of being exposed to a loss from a threat agent) 2
  • 3. Facts • Internet has grown very fast and security has lagged behind. • It is hard to trace the perpetrator of cyber attacks since the real identities are camouflaged • It is very hard to track down people because of the ubiquity of the network. • Large scale failures of internet can have a catastrophic impact on the economy which relies heavily on electronic transactions
  • 4. Computer Crime _the Beginning • In 1988 a "worm program" written by a college student shut down about 10 percent of computers connected to the Internet. This was the beginning of the era of cyber attacks. • Today we have about 70K of incidents of cyber attacks which are reported and the number grows.
  • 5. Computer Crime- 1994 • A 16-year-old music student called Richard Pryce, better known by the hacker alias DataStream Cowboy, is arrested and charged with breaking into hundreds of computers including those at the Griffiths Air Force base, Nasa and the Korean Atomic Research Institute. His online mentor, "Kuji", is never found. • Also this year, a group directed by Russian hackers broke into the computers of Citibank and transferred more than $10 million from customers' accounts. Eventually, Citibank recovered all but $400,000 of the pilfered money.
  • 6. Computer Crime- 1995 • In February, Kevin Mitnick is arrested for a second time. He is charged with stealing 20,000 credit card numbers. He eventually spends four years in jail and on his release his parole conditions demand that he avoid contact with computers and mobile phones. • On November 15, Christopher Pile becomes the first person to be jailed for writing and distributing a computer virus. Mr Pile, who called himself the Black Baron, was sentenced to 18 months in jail. • The US General Accounting Office reveals that US Defense Department computers sustained 250,000 attacks in 1995.
  • 7. Computer Crime- 1999 • In March, the Melissa virus goes on the rampage and wreaks havoc with computers worldwide. After a short investigation, the FBI tracks down and arrests the writer of the virus, a 29-year-old New Jersey computer programmer, David L Smith. • More than 90 percent of large corporations and government agencies were the victims of computer security breaches in 1999
  • 8. Computer Crime- 2000 • In February, some of the most popular websites in the world such as Amazon and Yahoo are almost overwhelmed by being flooded with bogus requests for data. • In May, the ILOVEYOU virus is unleashed and clogs computers worldwide. Over the coming months, variants of the virus are released that manage to catch out companies that didn't do enough to protect themselves. • In October, Microsoft admits that its corporate network has been hacked and source code for future Windows products has been seen.
  • 9. Computer Crime- 2000-07 • March 2005 - Bank of America – 1,200,000 lost social security and account numbers were lost • May 2006 - Veteran’s Administration – 26,500,000 social security numbers and DOB were lost when a laptop was stolen • January 2007 - TJ Maxx – 47,500,000 credit card numbers were stolen by hackers taking advantage of unencrypted wireless network in parking lot
  • 10. 10 Largest Data Breaches Since 2000
  • 11. Why do Hackers Attack? • Because they can!!!!!!!!!! • A large fraction of hacker attacks have been pranks • Financial Gain • Espionage • Venting anger at a company or organization • Terrorism
  • 12. Types of Hacker Attack • Active Attacks – Denial of Service – Breaking into a site • Intelligence Gathering • Resource Usage • Deception • Passive Attacks – Sniffing • Passwords • Network Traffic • Sensitive Information – Information Gathering
  • 13. Modes of Hacker Attack • Over the Internet • Over LAN • Locally • Offline • Theft • Deception
  • 14. Spoofing  Definition:  An attacker alters his identity so that some one thinks he is some one else  Email, User ID, IP Address, …  Attacker exploits trust relation between user and networked machines to gain access to machines  Types of Spoofing:  IP Spoofing:  Email Spoofing  Web Spoofing
  • 15. Denial of Service (DOS) Attack • Definition: • Attack through which a person can render a system unusable or significantly slow down the system for legitimate users by overloading the system so that no one else can use it. • Types: – Crashing the system or network • Send the victim data or packets which will cause system to crash or reboot. – Exhausting the resources by flooding the system or network with information • Since all resources are exhausted others are denied access to the resources – Distributed DOS attacks are coordinated denial of service attacks involving several people and/or machines to launch attacks
  • 16. Password Attacks - Process • Find a valid user ID • Create a list of possible passwords • Rank the passwords from high probability to low • Type in each password • If the system allows you in – success ! • If not, try again, being careful not to exceed password lockout (the number of times you can guess a wrong password before the system shuts down and won’t let you try any more)
  • 17. Password Attacks – Types • Dictionary Attack – Hacker tries all words in dictionary to crack password – 70% of the people use dictionary words as passwords • Brute Force Attack – Try all permutations of the letters & symbols in the alphabet • Hybrid Attack – Words from dictionary and their variations used in attack • Social Engineering – People write passwords in different places – People disclose passwords naively to others • Shoulder Surfing – Hackers slyly watch over peoples shoulders to steal passwords • Dumpster Diving – People dump their trash papers in garbage which may contain information to crack passwords
  • 18. Study Findings • 30% of users chose passwords whose length is <= 6 characters • 60% of users use limited set of alpha-numeric characters • 50% of users use names, slang words, dictionary words, or simple key sequences • In just 110 attempts, a hacker would typically be able to gain access to one new account every second, or 17 minutes to break 1000 accounts http://www.imperva.com/docs/WP_Consumer_Password_Worst_Practic
  • 22.
  • 23. Who is causing the buzz? • The amount of data that can be capture from just doing an Internet search • The inability of corporate employees to identify a social engineering attack • The easy access intruders have to both physical and virtual data through the use of Social Engineering
  • 25. Who is been attacked?
  • 26. How it is done?
  • 27. How is it done? • DefCon 20 SE CTF Report
  • 28. Why?
  • 29. Another target • If this happens to corporations, imagine SE attacks to an individual.
  • 30. ID theft & Falce ID • Complete Digital Life destroyed to Mat Honan, thanks to Google, Apple and Amazon.
  • 32. Number of Incidents 2011 http://www.idtheftawareness.com/id_theft_ pages/WhatIsIdTheft.php
  • 35. Identity Theft • When someone uses your personal information without your permission to commit fraud or other crime – Name – Social Security number – Date of birth – Credit card number – Bank account numbers
  • 40. Scrap Paper • March 10, 2008 • School teacher purchases box of scrap paper for her fourth grade students - $20 • What she really gets? • Medical records of 28 hospital patients!
  • 41. Medical ID Theft • April 2007, Salt Lake City • Woman delivers a baby at a local hospital • …then abandons it! • Baby tests positive for methamphetamine • Hospital identifies mother as Anndorie Sachs and tracks her down • Anndorie says she did not have a baby recently • DCFS threatens to take away her other 4 children, aged 2-7
  • 42. Medical ID Theft (cont) • Good news – Accusations were dropped – Anndorie was absolved of paying the bill • Bad news – Anndorie’s medical records were altered to show the blood type and medical record of a complete stranger – Anndorie has a blood clotting disorder – The hospitals insist that they have fixed the issue, but Anndorie can’t be sure because they need to PROTECT the PRIVACY of the IDENTITY THIEF!
  • 43. Protect your sensitive information • Shred pre-approved credit offers, receipts, bills, other records that have SSN • Do not provide CC#, SSN, etc. out over email • Do not click on links in unsolicited emails
  • 44. What's your organization’s most important asset?
  • 45. Critical and Confidential Data • Intellectual Property: source code, product design documents, process documentation, internal price lists, R&D • Corporate Data: Financial documents, strategic planning documents, due diligence research for mergers and acquisitions, corporate secrets • Personal/Personnel/User Data: Social security numbers, credit card numbers, medical records, financial statements
  • 46. How data is lost?
  • 47. Threat actors Verizon Data Breach Report
  • 48. Open Access • Misconfigured share folders on a network can become a source for data leak. • A common error of the system administrators is to give more privileges to users than they need. – This breaks the least privilege principle and has consequences. • Wireless access – Captive portals give a false sense of security – The encryption is as good as its password
  • 49. Excessive Permissions • Everyone: Full Control – Often developers code as a full admin on their station and do not take into account restricted users. • Combination of Share Permissions and File Permissions is often misconfigure • dbo privileges on the database for regular users • Firewall rules
  • 50. How data can be protected? • Proper File an share permissions – Don’t use Everyone or Users groups – Adhere to least privilege principle • Group Policy Objects (GPO) are you friends – Activate Audits Objects and Processes – Configure Logging – Tracking • Monitor your data – IDS/IPS – DPI
  • 51. Data Loss Prevention • Finger Print • File Size • File Type • RegEx • Rule Based
  • 52. Are you sure you are getting it all?
  • 53. Encryption • During Transmission – VPN – Secure Shell – Tunneling • At rest – File Encryption (EFS, File Vault, etc.) – Full drive encryption (Bit Locker, Truecrypt, etc.) • It also can be used by the bad guys
  • 54. ... bring the cracker
  • 55. Who’s got your data? Verizon Data Breach Report 2012
  • 56. Track your data • Embed a URI or <web bug> • Digital Rights Management • Traffic/Network FLOWs • Deep Packet Inspection • SSL proxy
  • 57. After the fact, what do you do? • How identify an incident • Incident Handling Process • Live vs Dead Analysis
  • 58. Incident vs Event • Event: Observable, measurable occurrences on our systems. It can be something that happened to someone who saw it, or was recorded by a log or audit file on a device. • Incident: actions that result in harm or the significant threat of harm to the information systems or data in the organization
  • 59. Steps to Incident Handling • Preparation: Policies, procedures, educate, practice • Identification: Declare, classify, prioritize • Containment: Observe, quarantine, isolate • Eradication: Clean, patch, reconfigure • Recovery: Restore, test, monitor, • Lessons Learned: Debrief, discuss, evaluate, modify, mitigate
  • 60. Live Analysis • Live Analysis – Memory Dump – Live Disk Imaging – Network Status/Capture – System State • Dead Analysis – Pull the plug – Disk imaging – Image analysis
  • 61. Why live analysis should always be considered? • RAM only processes – Metasploit Meterpreter • RAM disks – /dev/shm – ImDisk • Network Connections – Open transfers – Networked shares like SMB/NFS or SSHFS – Tunneling
  • 62. So … • Your data is the most important asset in the organization and “others” • You have to do your best effort to protect your assets but sometimes your best is not enough • Be prepared to fail, learn from it and keep your mind open to possibilities
  • 63. How many of you... …have your Social Security card in your wallet or purse right now?
  • 64. Due Care and Due Diligence • Due Care: Steps taken to show that a company has taken responsibility for the activities that occur within the corporation and has taken the necessary steps to help protect the company, its resources, and employees. • Due Diligence: The process of systematically evaluating information to identify vulnerabilities threats, and issues relating to an organization’s overall risk. • Example: – Due care: Installing Antivirus software – Due diligence: Keeping Antivirus signatures updated 64
  • 65. 65 Examples of Major Computer Crime Laws • PATRIOT Act • Electronic Communications Privacy Act • Computer Fraud and Abuse Act • National Infrastructure Protection Act of 1997 • Computer Security Act of 1987 • Computer Crime Research Center (http://www.crime- research.org/legislation/) • Council Of Europe - Convention On Cybercrime (Ets No. 185) • Convention On Cybercrime (Budapest, 23.Xi.2001)
  • 66. 66 Laws, Directives, and Regulations • Gramm-Leach-Bliley Act of 1999 • Requires financial institutions to develop privacy notices and give their customers the option to prohibit financial institutions from sharing their information with nonaffiliated third parties • Requires: • The board of directors to be responsible for security issues within financial institutions • Risk management • Training to all employees on information security issues • Test security measures implemented • Written security policy
  • 67. 67 Laws, Directives, and Regulations • Computer Fraud and Abuse Act • The primary U.S. federal antihacking statute. • Prohibits seven forms of activity and makes them federal crimes • Federal Privacy Act of 1974 • Applies to records and documents developed and maintained by specific branches of the federal government. • An actual record is information about an individual’s education, medical history, financial history, criminal history, employment, and other similar types of information. • An agency cannot disclose the information without written permission from the individual
  • 68. 68 Laws, Directives, and Regulations • Computer Security Act of 1987: • Requires U.S. federal agencies to identify computer systems that will contain sensitive information • Develop security policy and plan for each of these systems • Conduct periodic training for individuals who operate, manage, or use these systems • Security awareness training and define acceptable computer use and practices • Economic Espionage Act of 1996 • Provides the necessary structure when dealing with industry and corporate espionage and further defines trade secrets to be technical, business, engineering, scientific, or financial
  • 69. Law Offense Section Sentence Obtaining National Security Information (a)(1) 10 (20) years Accessing a Computer and Obtaining Information (a)(2) 1 or 5 (10) Trespassing in a Government Computer (a)(3) 1 (10) Accessing a Computer to Defraud & Obtain Value (a)(4) 5(10) Intentionally Damaging by Knowing Transmission (a(5))(A) 1 or 10 (20) Recklessly Damaging by Intentional Access (a(5))(B) 1 or 5 (20) Negligently Causing Damage & Loss by Intentional Access (a(5))(C) 1 (10) Trafficking in Passwords (a)(6) 1 (10) Extortion Involving Computers (7) 5 (10 The maximum prison sentences for second convictions are noted in parentheses he maximum prison sentences for second convictions are noted in parentheses
  • 70. Current US Legal Framework
  • 71. • Difficulties in Prosecution – Lack of Understanding • Judges, Lawyers, Police, Jurors – Evidence • Lack of Tangible Evidence – Forms of Assets • Magnetic Particles, Computer Time – Juveniles • Many Perpetrators are Juveniles • Adults Don’t Take Juvenile Crime Seriously 71 Computer Crime Challenge
  • 72. 72 Investigations • Incident Response • Have policy and procedures in place for incident response • Incident response team • Follow predetermined steps • Decide whether to conduct own forensics
  • 73. 73 Investigations • Incident Handling • Procedures for how to handle all incidents • Related to disaster recovery planning • Contain and repair any damage caused by an event or prevent any further damage • Linked to security training and awareness program • Become part of mailing list of the Computer Emergency Response Team (CERT)
  • 74. 74 Investigations • Forensics • A science and an art that requires specialized techniques for the recovery, authentication, and analysis of electronic data for the purposes of a criminal act. • Computer Forensics • Must be properly skilled • Work from a copy • Specialized tools • Chain of custody • Photograph crime scene
  • 75. • Forensics Investigations Process – Identification – Preservation – Collection – Examination – Analysis – Presentation – Decision 75 Investigations
  • 76. Incident Investigators • Network Analysis – Communication analysis – Log analysis – Path tracing • Media Analysis – Disk imaging – MAC time analysis (modify, access, create) – Content analysis – Slack space analysis – Steganography • Software analysis – Reverse engineering – Malicious code review – Exploit review 76
  • 77. Penetration Testing • Process of simulating attacks on a network and its systems at the request of the owner, senior management. • Uses a set of procedures and tools designed to test and possibly bypass the security controls of a system. • Its goal is to measure an organization’s level of resistance to an attack and to uncover any weaknesses within the environment. • Penetration tests can evaluate web servers, DNS servers, router configurations, workstation vulnerabilities, access to sensitive information, remote dial-in access, open ports, and available services’ properties that a real attacker might use to compromise the company’s overall security. 77
  • 78. Penetration Testing • When performing a penetration test, the team goes through a five-step process: – 1. Discovery - Foot printing and gathering information about the target – 2. Enumeration - Performing port scans and resource identification methods – 3. Vulnerability mapping - Identifying vulnerabilities in identified systems and resources – 4. Exploitation - Attempting to gain unauthorized access by exploiting vulnerabilities – 5. Report to management - Delivering to management documentation of test findings along with suggested countermeasures 78
  • 79. Penetration Testing • The penetration testing team can have varying degrees of knowledge about the penetration target before the tests are actually carried out: – Zero knowledge - The team does not have any knowledge of the target and must start from ground zero. – Partial knowledge - The team has some information about the target. – Full knowledge - The team has intimate knowledge of the target. – A blind test is one in which the assessors only have publicly available data to work with. The network staff is aware that this type of test will take place. – A double-blind test (stealth assessment) is also a blind test to the assessor as mentioned previously, plus the security staff is not notified. 79
  • 80. FASS Group Enrique J. Gonzalez, MIS CFE, CISSP Forensic, Auditing, Security Services info@fassgroup.net
  • 81. Jose A. Arroyo, MS MCSA, MCT, CEH 787-340-3781 jarroyo@obsidisconsortia.org josearroyo@talktoait.com
  • 82. Jose L. Quiñones, BS MCSA, MCT, CEH, CIE, GCIH, GPEN, RHCSA 787-238-5568 josequinones@codefidelio.org jquinones@obsidisconsortia.org

Editor's Notes

  1. The most important asset for an organization is its data.
  2. http://blog.hotspotshield.com/2012/08/16/us-businesses-lost-48-billion-in-data-breaches-in-2011-infographic/
  3. The most important asset for an organization is its data.
  4. The examination of computers from within the operating system using custom forensics or existing sysadmin tools to extract evidence
  5. It is critical that the investigator works from an image that contains ALL of the data from the original disk