Crime*

OR

Who will be hacked tomorrow and how can we prevent it

Online

Mateusz Marszalek BY

* best viewed in fullscreen

Internet is serious business:

billion internet users 2

800 million

Facebook

accounts

All of them are potential victims...

2.8 million

emails sent

every second

298 million

smartphones

sold in 2010

more than population of Americas and Africa combined

31 hours/week

spent online

by teenagers 16 billion

songs bought

from iTunes

60% customers

pay online

with credit card

2 million

Google searches

every minute

86% customers

bought something

online in 2008

every 9 seconds

one pair of shoes

is sold on eBay

103 million

PayPal

accounts value of global online transactions in 2010

bigger than GDP* of Sweden

$ 500 billion

*Gross Domestic Product

...of online fraud and identity theft:

YOU can be next...

December 2010 Login

details of 200,000 users

stolen from blog network

Gawker

April 2011 Account

information and credit

card numbers of 70 million

users stolen from Sony’s

PlayStation Network

2009 $560 million lost

because of online fraud in

United States alone

2011 Attempted hacking

attack on multiple users of

Google email account

Scared? Good. Because there is more:

Suddenly, not only internet users are in trouble...

March 2010 Stuxnet

virus targets Iranian

nuclear power plants

November 2011 Data

from Norwegian oil, gas

and defense companies

stolen by hackers

2007-2008 Hackers

interfere with two space

satelites

November 2011 Illinois

water treatment system

damaged by hackers

So, let’s brainstorm some ideas...

...but also whole cities and nations.

And as the internet expands, these

problems become more visible.

A reasonable goal would be to prevent

online crime from increasing in the next

five years – then we can think about

decreasing it.

To succeed, governments, corporations

and individuals need to be actively

involved.

Governments should be involved in cyberspace

As the internet doesn’t have boarders,

multi-national cooperation

is required. And so are

budget adjustments

on defense.

Detailed strategic plans must

be created by governments

and organizations.

Promoting online awareness

among citizens wouldn’t hurt.

The earlier the better.

We could also detect threats

before they become reality.

Monitoring the internet and its

users might prevent some

damage...

...or introduce even more.

Privacy issues are a huge

problem itself. We should

thread carefully.

Just like the UK

and their new

Cyber Security Strategy

Well done!

Corporations should think about their clients

If firms aren’t secure, neither are

their clients. Security measures at

every step are required.

But all of that will cost money. Expect customers to pay for that.

Do you keep data about your

customers? Encrypt it and make

backup.

Control who has access to it.

Always keep your infrastructure

updated. Consider going open

source* – more eyes for detecting

security holes is better.

If you want to catch criminals, think

like them. Or hire one**. Obviously

they are good at what they are

doing. And when the worst happens – be

honest about it. You’ve already lost

your data, don’t lose the trust of

your clients.

like Google

or Facebook

Kevin Mitnick is taken,

and Neo from Matrix

is fictional. But keep

looking.

* **

Be prepared for the worst – have

ready contingency plans at hand.

Individuals should always pay attention.

But human is an animal of habit. Changing habits of one

is difficult. Now, changing habits of 2 billion...

Keep your guards up all the time. If

something is too good to be true, it

probably is. Always ask questions.

Keep your software updated. Install

antivirus and firewall. Don’t open emails

and links from unknown sources.

Use strong passwords. 123abc, your

birthdate or your pet’s name – not

strong passwords. They can be easily

found on your Facebook profile.

Quiz time!

Who’s the weakest link

in security chain?

Answer:

Human

And so can the answers to your security

questions. Think about what you share

with the rest of the internet.

I have good news and bad news (Please don’t shoot the messanger)

So let’s do something. Just like with the environment, start from yourself.

If you’re using the same password

for many accounts OR

If your passwords are weak

I’ll wait.

...

Done? Great! Now tell your family and friends to do the same.

...

Done? Fantastic! Check the next slide for more ideas how you can improve

your safety online. Tell your local politicans and companies you’re dealing with

that you care about internet security.

Step by step, it will get better.

Bad news: none of these

solutions are perfect. There are

no magic bullets.

Good news: but doing

something is better than doing

nothing.

Change them now.

Not tomorrow, not later, not

after this presentation.

Now

Thanks for watching

Credits, where credits are due

All logos and registred trademarks are the property of their

respective owners. Unless stated otherwise, images are from

iStockphoto.

Other icons from slide 1: thenounproject.com

Photos of Smooth Internet Criminal from slides 1&5 were taken by

chanpipat and published by FreeDigitalPhotos.net.

Photo of water faucet (or tap for our British friends) from slide 4

was taken by Travis Forsyth and published on flickr.

Photo of a man who happened to be in the wrong place and at the

wrong time from slide 8 was published by BananaStock.

Slide 2

Facebook: Facebook Inc.

Email: about.com

Google: comscore

Time online: cybersentinel.co.uk

Smartphones: Quirksmode

eBay, PayPal and online sales volume (estimate): eBay Inc. financial

figures for 3Q 2011

iTunes: Engadget

Credit card and online sales: Nielsen; Trends in Online Shopping

2008

Internet users: internetworldstats.com/stats

GDP: World Bank

World population: United Nations

Slide 3

PlayStation Network: Wired

Gawker: PCWorld

US online fraud: Wired

Google mail: Reuters

Slide 4

Stuxnet: CBS News

Norway: BBC News

Satellite: Business Week

Illinois: BBC News

Further reading

FBI tips on protecting from internet fraud: http://www.fbi.gov/scams-

safety/fraud/internet_fraud

Choosing a smart password:

http://www.google.com/support/accounts/bin/answer.py?answer=32040

&hl=en

Tips to prevent online fraud:

http://peoples.rbsnb.com/preventiontips.html

Internet crime prevention tips: http://www.ic3.gov/preventiontips.aspx

Live long and prosper