Cyber Security Awareness October 2014

Cyber Security'the good,' 'the bad,' & 'the ugly'

Agenda

• Cyber Security• Social Media• Privacy• Cyberbullying• ID Theft• Cyber Spies• Cyber Crime• Questions

October is Cyber Security

Awareness Month

Your Digital LifePersonal Cyber Security

Social Media

Growth of Tech and Social Media

Blurring the lines

Social Media

Private Life

Work

Family

School

Internet of EverythingSmart MetersToll road/bridgeTraffic managementParking MetersAutomobilesHome AutomationHealth MonitoringShoppingAppliancesCattle (tracking/monitoring)

By 2020 there will be more things on the internet than people, est. 50 billion things

Data Rate Increasing

• Amount of data created, captured, and replicated in 2007 was 281 exabytes (281,000,000,000 GB)• In 2011 there will be nearly 1,800 exabytes of

information created• In 2012 we created more data than in the last 5000

years

Social Media, the Good

Psychology Today 10 OCT 2014

Social media is just a new way of connecting that is much more efficient

Online Profile & Rep

• Your "online profile" is the sum of online content about you that you've created and content about you created by others. Items include: emails, videos, posts on social networks, someone posting a picture or comments about you on a social network or website, credit, financial, and medical information.• Your "online reputation" is the image created of you

through information you or others shared online in blogs, posts, pictures, tweets, and videos.

Social Media & HR• The use of social media outside of personal lives has

increased and continues to increase• Concern that potential employers will misconstrue what is

seen• Used for monitoring current employees• Used for screening job applicants• Employees see it as a good way to “get to know” the applicant

Picture from Department of Homeland Security

Personal Ramifications

• Employers are increasingly using social media for background checks.

• Insurance companies use social media to look for fraud.

• Spies use social media to look for informants.

Online Privacy and Reputation• Do you have control of what is

posted?• Not all fame is good!• People use anonymity to post

stuff about others!• Embarrassment, loss of

credibility

Rev2/28/2011

Online Privacy• Would you invite a

stranger into your house to look at your children's photo album?• Public v. Private• Aggregate

information sources could give someone more information than intended.

But what about what others share about you online?

Giving up Privacy for $s or for free

Bad guys use social media too

Bad guys can exploit your use of social

media to infect your computer with malware

Information about you online• Do I have control of what is

posted about me?

• Look yourself up!

• Even if you are not on the web, you may be on the web!

• Do what you can to control what is out there.

• What is your social relevancy (Reputation)?

• Setup alerts and monitor what is posted about you.

• Public records on the web…

Get Alerts

Social Shopping & Brand Protection

If you own a business or are self-employed:• Have you looked to see

what is posted about you?• Do you monitor for

comments or ratings?• How do you address

complaints? • Do you monitor for brand-

jacking? http://knowem.com/

Are people using your intellectual property?

Watch what you put online

http://www.youtube.com/watch?v=Soq3jzttwiA

Can someone use what you post against you?

Social Media & Politics; A Game Changer

Terrorists also use Social Media

It never goes away

Information on the Internet never diesInformation, once on the Internet, can be there for years, even if the service claims it is goneDon’t post anything you wouldn’t want seen by everyone

Can happen to anyone

Oh no!

Cyber Spying

Governments

Privacy is dead?

Cyberbullying & Internet Trolls

Real life consequences

Cyberbullying

• "Cyberbullying" happens when a child, preteen, or teen is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another child, preteen, or teen using the Internet, interactive and digital technologies, or mobile phones• Examples of cyberbullying include, mean text messages

or emails, rumors sent by email or posted on social networking sites, and embarrassing pictures, videos, websites, or fake profiles.• http://www.stopbullying.gov

Prevention

Results

• In extreme cases, some children have committed suicide• Distracts from

academics• Increases risk of

depression• Hurts self-esteem

Megan MeierRyan HalliganHope Witsell

Tyler ClementiTy Smalley Jesse Logan

A new area of psychology

Virtually You: The Dangerous Powers of the E-Personality Elias Aboujaoude

Online Drama

Getting into trouble

Hacktivisim

Identity Fraud & Theft

Situation

• Why does someone want your personal information?• In an information age,

information becomes a commodity• Information has a value• Some information has a

greater value• Your personal information is

potentially worth more than you think

What is PII

• Personally Identifiable Information• Name and account number• Name and social security number• Name and address• Credit Card Number

• Where you might find it• Tax files• Account Statements• Records (Medical, Public and other)• Businesses you do business with

Who keeps your personal data?

Social Media Sites – User generated, friends and family, enemies

Corporations – Big data, Tracking, Sales, Marketing

Government – Local, State, Federal and other

Organizations – Non-profits, Clubs, VSOsSchools – Grades, Clubs, School

NewspaperMedia – Newspapers, News, Video

Data from unexpected sources

ID Theft vs. ID Fraud

• “Identity fraud," consists mainly of someone making unauthorized charges to your credit card. • “Identity theft,” is when someone gathers your personal

information and assumes your identity as their own.

"Identify theft is one of the fastest growing crimes in the US."John Ashcroft79th US Attorney General

The Busboy That Started It All

• March 20th 2001, MSNBC reported the first identity theft case to gain widespread public attention• Thief assumed the identities of Oprah Winfrey and

Martha Stewart, took out new credit cards in their names, and accessed their bank accounts• Stole more than $7 million from 200 of the world’s

super rich - Warren Buffet and George Soros, tech tycoons Paul Allen and Larry Ellison• Used a library computer, public records, a cell

phone, a fax machine, a PO Box, and a copy of Forbes Richest People• 32-year-old Abraham Abdallah was described as “a

high school dropout, a New York City busboy, a pudgy, disheveled, career petty criminal.”

ID Theft & Fraud

• PII exposed by others (Data Breaches)• PII exposed by ourselves (online & others)• Malware (Spyware, Viruses, etc…)• Social Engineering

• Phone• Internet (Phishing, social websites etc…) • In Person (at your door, in a restaurant etc…)

• Physical theft• Mail box• Trash (Dumpster diving)• ATMs (skimming)• Home break-ins

Close to Home

Physical theft

• Dumpster diving• ATM – Credit Card skimming• Mailbox• Home Break-in

Close to Home

“Lock Bumping”

http://cbs11tv.com/seenon/Bump.Key.Safety.2.499252.html

Credit Card/ATM Skimming

Credit Card Skimming Stats

TOP MERCHANT GROUPS

RESTAURANTSGASHOTELSCAR RENTALSALL OTHER

SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE

Credit Card Skimming Stats

BY MERCHANT LOCATIONS

CALIFORNIAFLORIDANEW YORKNEW JERSEYTEXASMEXICOILLINOISALL OTHER

SOURCE: CALIFORNIA RESTAURANT ASSOCIATION, VISA USA, UNITED STATES SECRET SERVICE

Public Records

“The federal government is the biggest offender.”Paul StephensPrivacy Rights Clearinghouse

What do they do with stolen IDs?

• Information is sold on the Black Market

• Sometimes the information is traded for drugs

• Used to fund terrorist operations

In the news…

Computer and Mobile Security

P2P (Peer to Peer file sharing)

• Used to ‘share’ computer files• Legal issues with

copyright• Malware issues• Privacy issues, do you

know what you are sharing?

Malware

• Malware (Viruses, Worms, Spyware, etc…)• 1999 Melissa, Kevin Mitnick, • 2000 Mafiaboy, DoS Assault, • 2001 Code Red, Nimda, • 2002 Root Rot, Slapper, • 2003 SQL Slammer, • 2004 MyDoom, BerBew, • 2005 Samy (MySpace), • 2007 Storm Worm, Botnets, etc..• 2102 Advanced Persistent Threat

APT

Malware has cost trillions of dollars in the last

decade

Viruses

• In the past, they were primarily destructive• Today, they focus on stealing information• Or using your computer as a Bot (Zombie) to send out

SPAM or attack other systems

Malware is not gone

Phishing: Internet Fraud

• Oldest trick in the book, there are examples in the 1500s• One particular fraud is called

the “Nigerian 419” scam or “Advanced Fee Fraud”• Started as a letter, then it

showed up in faxes and now it is sent by email.• The message contains many

variations on the story

Rev2/28/2011

http://www.secretservice.gov/fraud_email_advisory.shtml

Computer Spyware

Cell Phone Spyware

http://www.youtube.com/watch?v=uCyKcoDaofghttp://news.rutgers.edu/medrel/news-releases/2010/02/rutgers-researchers-20100222http://www.youtube.com/watch?v=UZgf32wVTd4

Data Breaches

Desensitization of data breaches

The Problem

Albert Gonzalez, 28

With accomplices, he was involved in of most of the major data breaches: Heartland, Hannaford Bros., 7-Eleven, T.J. Maxx, Marshalls, BJ’s Wholesale Club, OfficeMax, Barnes & Noble, Sports Authority, Dave & Busters, Boston Market, Forever 21, DSW, and others.

Who is behind data breaches?

• 70% from external agents• 48% caused by insiders• 11% implicated business

partners• 27% involved multiple parties

How others might expose your PII

• Data Breach• Lack of security on the part of

businesses• Organizations may post

information online• Loss of a laptop, hard drive, or

paper work• Data loss by a third party• Hacker (Organized Crime & Nation

State)• Organizations may break into your

computer

Top 10 Largest Breaches

Data provided by DataLoss db as of February 2014

Careers in IT and Cyber Security Application Development Network Engineer Analyst Teaching

Auditor/Assessor Systems Administration Program Management Law enforcement

Linkstwitter.com/sobca

facebook.com/LearnSecwww.learnsecurity.org

linkedin.com/in/donaldehesteryoutube.com/user/LearnSecurity

Slideswww.slideshare.net/sobca