• Save
E Crime Mid Year Meeting London
Upcoming SlideShare
Loading in...5

E Crime Mid Year Meeting London






Total Views
Views on SlideShare
Embed Views



2 Embeds 10

http://www.linkedin.com 6
https://www.linkedin.com 4



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

E Crime Mid Year Meeting London E Crime Mid Year Meeting London Presentation Transcript

  • Don’t be blinded by The Light Jason Hart CISSP CISM SVP CRYPTOCard
  • About Me
  • Legal Disclaimer ALWAYS GET PERMISSION IN WRITING. – Performing “scans” against networked systems without permission is illegal. Password cracking too – You are responsible for your own actions! – If you go to jail because of this material it’s not my fault, although I would appreciate it if you dropped me a postcard. – This presentation references tools and URLs - use them at your own risk!
  • Accepted Security Principles • Confidentiality HOW DO I • Integrity ACHIEVE THIS IN A CLOUDY WORLD? • Availability • Accountability • Auditability
  • Welcome to the 3rd Age of Hacking (It’s Easier) • 1st Age: Servers • Servers • FTP, Telnet, Mail, Web. • These were the things that consumed bytes from a bad guy • The hack left a foot print • 2nd Age: Browsers: • Javascript, ActiveX, Java, Image Formats, DOMs • These are the things that are getting locked down – Slowly – Incompletely • 3rd Age: Passwords: - Simplest and getting easier • Gaining someone's password is the skeleton key to their life and your business • Totally invisible – no trace
  • Cyber Crime – Cloud Attack Welcome to the Future of Hacking • Channels: web, mail, open services • Targeted attacks on premium resources • Carpet bombing for most attacks • Secondary infections through controlled outposts
  • Authentication Mechanisms • HTTP Authentication – Basic Authentication – Digest Authentication • Integrated Windows (NTLM) Authentication • Certificate-Based Authentication • Forms-based Authentication
  • Password Surfing ☺ "login: *" "password: *" filetype:xls • This returns xls files containing login names and passwords.
  • Auto Meta Data Mining • Automated doc search via Google/Bing • Specify domains to target • Automated download and analysis of docs
  • The Weapons Key loggers both software and hardware So easy And many more
  • ToR • ToR is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet and is being used by Governments World Wide
  • 100 Government & Embassy Passwords I uncovered last year on a hacking forum – reported to Hi Tech Crime Unit Indian Embassy in Oman da da01877y Kazakhstan Embassy in Russia akmaral@kazembassy.ru 86rb43 Kyrgyztan Embassy in Iran embiran asdfgh Uzbekistan Consulate in France Parij_C p2a2r0i9j Kazakhstan Embassy in Russia alla@kazembassy.ru vhs35 Kyrgyztan Embassy in kazakhstan kaz_emb W34#eEDd Kazakhstan Embassy in212.34.224.157 m0006614 Berlin_C b5a6h7o8r9 dol57 Uzbekistan Consulate in Germany Indian Embassy in Italy Russia askarest@kazembassy.ru srpq86m Uzbekistan Embassy in Russia57.66.151.179 Dehli_C i1n9d5u6 Kazakhstan Consulate in India b.kuatbekova@kazembassy.ru bk145 Indian Embassy in Belgium commercial@indembassy.be india01 Uzbekistan Consulate in New York Nyu_York_UN t2r7d31ln8 Kazakhstan Embassy in Russia baimenche@kazembassy.ru 1956 Mongolian Embassy in USA esyam@mongolianembassy.us temp Uzbekistan Consulate in South Korea Seul_C s1e7u0l7c Kazakhstan Embassy in Russia den@kazembassy.ru bek70 Mongolian Embassy in USA j.mendee@mongolianembassy.us temp Uzbekistan Consulate in USA Vashington_c s7a9s5h3a1 Kazakhstan Embassy in Russia emo@kazembassy.ru art35 Mongolian Embassy in USA n.tumenbayar@mongolianembassy.us temp Uzbekistan Embassy in Afghanistan AfghanQ a1f2g3h4a5n6q Kazakhstan Embassy in Russia galikhin@kazembassy.ru aGC4jyfPassword UK Visa Application Centre in Nepal vfsuknepal@vfs-uk-np.com The Office ofEmbassy in Afghanistantlc@dalailama.com tsephell Uzbekistan Dalai Lama afghanm a1f1g0h1a0n2m
  • LIVE e-
  • Next Generation Social Engineering • http://twitter.com/#search?q=New%20Job%20Role • http://twitter.com/#search?q=Hacked%20Password
  • Simple Iphone User Attack …. User www Hacker
  • What is the Solution?
  • What’s the solution Some options are more secure than others • Create a password policy • Improve your password security • Implement Two-Factor Authentication
  • Solving the password problem User productivity requires simple, flexible, continuous and secure access to information Internal people Branch Offices PDA Users Remote Users 3rd Party Access Users and their workspaces Password Solution to password problem Two-factor authentication – a unique identity for every user, every time they log in, using: something they know + something they have Your Cloud Business processes, applications and company assets
  • Jason Hart CISSP CISM Blog: www.twofactor.blogspot.com Jason.Hart@CRYPTOCard.com Thank you