Upload
jerric-lyns-john
View
492
Download
2
Embed Size (px)
Citation preview
What is privacy?Privacy is the ability of an individual
or group to seclude themselves or information about themselves and thereby express themselves selectively
What is privacy?Privacy is the ability of an individual
or group to seclude themselves or
information about themselves and thereby express themselves selectively
Lets go back in time!1700’s – Initial Postal Mails - opened by the system
1791 – The bill of rights – freedom of speech & freedom from unreasonable search and seizure
1800’s – Sealed Envelops
1868 – Right to privacy irrespective of race and color
1890’s – Govt. tapping telephone networks
1907 – First bugging apparatus –Dictograph
Lets go back in time!1934 – FCA Act Section 605: Prohibits 3rd party interception of communication
1950’s – Govt begins public surveillance
1967 – Interception requires Warrant
1989 – WWW service added to internet
2001 – Authorities allowed to search databases, after 9/11
2004 – Facebook debuts
And recently…2008 – Expands surveillance power of authorities.
2009 – Bradley Manning leaks classified information, Wiki Leaks
2013 – Edward Snowden leaks, highly classified intelligence information
- Govt wiretaps
- PRISM – Surveillance program
- Now he’s somewhere in Russia
80% internet traffic passes through USAIt is so laid down in their rules, that they can observe any data that passes through American soil
Because 80% of the services are American Tell me one service that you prominently use and is not an
American?The top US companies are the forerunners in Machine Learning, so its completely normal to be paranoid!
Adam L. PenenbergA journalism professor at New York University
- Pando Daily
- New York Times
- Forbes
- Fast Company
- The Economist
PandoDaily “I challenged hackers to investigate me and what they found out is chilling” – Adam L. Penenberg26th October, 2013
Adam L.P.
It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.
I’m being hacked — and only have myself to blame.
Excerpts from the article.
Two months before the hack, he signed a contract with Nicolas
Over the years he has performed hundreds of pen-tests and physical break-ins, slipping into hospitals, insurance companies, manufacturers, magazine and newspaper companies, power companies, and many more
But these were on-site intrusion, Adam didn’t want an on-site intrusion
A personal “pen-test” contract
Rules Percoco would leave Adam’s kids out of pen-test
Adam shouldn’t sue PercocoMade with Trustware lawyers
The Team
Nicolas Percoco – VP
Garret Picchioni – Security Analyst
Josh Grunzweig – Digital Forensic Specialist
Matthew Jakubowski (Jaku) – Hacker
Jaku - Majored in “Sandwich Engineering” and minored in “Witch Hunting” at “College University.” – LinkedIn
SpiderLab
Plan failuresYou know real world scenario of an individual is different from the corporates
I mean break into ones house, obviously he was working on-site for long to get this idea!
Wi-Fi HackThese are just the public Wi-Fi Hotspots
Nicolas found 1200 spots within a tenth of a mile from Brownstone, Brooklyn Heights
Adam used a Mac so they were able to narrow it down.
Legal limitation made this a failure
Pilates StudioHis wife was the next vulnerable point of contact
A female friend of Jaku, the hacker, signed up for a Pilates group class at the wife’s studio
User a Flash drive to print “Resume”
But the remote backdoor installation was too good for the old Mac
Brooklyn HeightsBrownstone is too good a place to be sniffing around.
They had to drop plans since neighbors started to notice!
Post and replyAdam posted an article to get an instant reply
“We really wanted to get into your basement” – Twitter
Apparently the reply was from Jaku’s friend
Phish Attack - 3They resend the mail
Obviously when she reads the mail she will open the attachment
But the code had a bug , so it didn’t work
“The attachment didn’t work” –replied the wife
Success!Phish Attack - 4The newly updated OSX malware, which another member of the team, digital forensics specialist Josh Grunzweig coded, was dropped on to her machine
They now have full access over her computer
Got hold of W2S – SSN, Credit Card, Bank A/C, income etc..
PasswordThey got router password
Chase Bank account Password (used her cookies to prevent 2 step verification)
Now I hope you are getting cramps!
• Secure Socket Layer (SSL)
• Chase Dual ControlSM.
• Positive Pay Service and Reverse Positive Pay Service
Password + ForensicThey were able to creep more of his Passwords which were some how similar and followed a pattern
Humans do these and forensics knows that!
- Amazon
iCloud - HackedAdam was an Apple fanboy
SpiderLabs reported Adams iPhone and Mac as lost.
So coming back to that slide
Adam L.P.
It’s my first class of the semester at New York University. I’m discussing the evils of plagiarism and falsifying sources with 11 graduate journalism students when, without warning, my computer freezes. I fruitlessly tap on the keyboard as my laptop takes on a life of its own and reboots. Seconds later the screen flashes a message. To receive the four-digit code I need to unlock it I’ll have to dial a number with a 312 area code. Then my iPhone, set on vibrate and sitting idly on the table, beeps madly.
I’m being hacked — and only have myself to blame.
Excerpts from the article.
Heartbleed Bug8 April 2014
OpenSSL – Heartbleed data –during an active TLS connection - 64KB
Although we can’t call this an infiltration, this is significant
Who do we hold accountable? –Well this is rectified and updated, but dates back to about 2 years
“Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication” – heartbleed.com
“if you need strong anonymity or privacy on the internet, you might want to stay away from the internet entirely for the next few days while things settle.”–torproject.org
RSADecember 2013
$10 million NSA-RSA deal
Used random number generator with skeleton key this was certified by National Institute of Standards and Technology (NIST)
Who do we hold accountable?
“RSA Tells Its Developer Customers: Stop Using NSA-Linked Algorithm” – WIRED.com
Laptop bugDecember 2013
Implant bugs on laptops/accessories purchased online
It's a USB "hardware implant" that secretly provides the NSA with remote access to the compromised machine.
Who do we hold accountable?
“NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries”
“It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely”– spiegel.de
Zetas Drug Cartel $90 million in cash, 61 tons of narcotics, and "enough weapons to
equip an insurgency,"Mexico via TX
Take Control
Its time our governments come together and address this as a humanitarian issue and must be redressed.
Security against Terrorism shouldn’t hold our privacy at stake.
World is changing, Lets all hope for good!
If that doesn’t happen, then its time we become the “anon”
Of this situation
Lets not say it!We are anonymous
We are legion
We do not forgive
We do not forget
Expect Us
-Should we be paranoid about the government, then they should fear us!