Your SlideShare is downloading. ×
0
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Cyber Crime & Big Data  Webinar -- 10-16-13
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Cyber Crime & Big Data Webinar -- 10-16-13

213

Published on

Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.

Paul Rosenzweig hosts the Medill National Security Journalism Initiative's Cyber Crime & Big Data Webinar -- 10-16-13. From Evanston, IL and Washington, DC. Hosted by NSJI's Ellen Shearer.

Published in: Education, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
213
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • “Bulletproof” hosting, also known as “bulk-friendly hosting” that enables users to circumvent applicable laws in their country of origin.At one point maintained that accusations leveled against them were slander.
  • Source: http://www.guardian.co.uk/technology/2007/nov/15/news.crime,
  • Possibility for computer science grads to earn 10x what they would in Russia and twice as much as they would in WestSophisticated phishing: MalwareAlarm.com, a site operated by the RBN, at one point averaged 2 million US users per monthMalware functions perfectly
  • Users tricked into entering personal financial info
  • Lecture 13
  • New Yorker – Peter Steiner 1993 - copyright
  • Transcript

    • 1. Cyber Crime & Big Data Paul Rosenzweig www.paulrosenzweigesq.com www.redbranchconsulting.com
    • 2. The Scope of the Loss • UK -- £27 billion/year (Detica) (2010) • World -- $1 trillion/year (McAfee) (2009) • Commission on the Theft of American Intellectual Property -- $300 billion/year (2013) • Another way of looking at it: • Top 45 US companies average $5.6 million/year (2011) in cybersecurity losses from an incident, up from $3.8 million in 2010 (Ponemon Institute) • Conclusion: Direct monetary loss is very significant but not overwhelming
    • 3. RBN -- HISTORY • An internet service provider, run by criminals for criminals, founded as early as 2004 • Allegedly created by “Flyman,” a 20-something programmer to be the nephew of a well-connected Russian politician • Initial activity was legal (though not exactly civic-minded) • Provides URLs, dedicated servers and software – an evil version of Comcast combined with Home Depot
    • 4. SERVICES OFFERED • “Bulletproof” servers ($600/month) • Highly effective malware ($380 per 1,000 targets) • Rentable bots ($200 per bot) • Free technical support, patches, updates and fixes
    • 5. WHY SO SUCCESSFUL? • Better than a real job • Professionalism • Protection from the Kremlin?
    • 6. Greatest Hits • 2005-2006 “Rock phish” nets $150 million for participants • 2007 Mpack/Bank of India : All users’ account info stolen • • • • via keystroke logging malware; no download necessary (!) 2007 Russia-Estonia incident 2008 Russia-Georgia Conflict 2009 Citibank* 2012(?) Operation Blitzkreig??
    • 7. Connecting the Dots -- Starting with 2 Known Terrorists in US WATCH LIST: CIA/INS/FBI POSSIBLE TERRORISTS IN THE US:  On or before August 23rd, 2001, Nawaq Alhamzi and Khalid Al-Midhar added to INS watchlist MAKE PLANE RESERVATIONS USING SAME NAMES:  On or about August 25, 2001, Khalid Al-Midhar purchases cash ticket for American Airlines flight #77 scheduled for September 11, 2001  On or about August 27, 2001, Nawaq Alhamzi books a flight on American Airlines flight #77 scheduled for September 11, 2001
    • 8. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Mohamed Atta Majed Moqed Waleed Alshehri Target - Unknown Target - South Tower of World Trade Center Saeed Alghamdi Ahmed Alghamdi Ahmed Al Haznawi Fayez Ahmed Ziad Jarrah Mohand Alshehri Hamza Alghamdi Satam Al Suqami United Airlines Flight 93 United Airlines Flight 175 Marwan Al-Shehhi Abdulaziz Alomari Wail Alshehri Ahmed Alnami
    • 9. Address Connections RESERVATIONS MADE WITH ADDRESS #1 AND ADDRESS #2  On or about August 25, 2001, Khalid Al-Midhar makes a reservation on American Airlines flight #77 scheduled for September 11, 2001 using Common Address #1  On or about August 27, 2001, Nawaq Alhamzi books flight on American Airlines flight #77 scheduled for September 11, 2001 using Common Address #2 ADDRESSES ARE USED BY THREE (3) ADDITIONAL PASSENGERS  Mohamed Atta has reservation on American Airlines flight #11 scheduled for September 11, 2001 using Common Address #1 as a contact address  Marwan al-Shehhi has reservation on United Airlines flight #175 scheduled for September 11, 2001 using Common Address #1 as a contact address  Salem Alhamzi has reservation on American Airlines flight #77 scheduled for September 11, 2001 using Common Address #2 as a contact address
    • 10. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Mohamed Atta Majed Moqed Abdulaziz Alomari Wail Alshehri Waleed Alshehri Satam Al Suqami 5 are Identified United Airlines Flight 175 United Airlines Flight 93 Target - South Tower of World Trade Center Target - Unknown Ahmed Alghamdi Marwan Al-Shehhi Mohand Alshehri Fayez Ahmed Hamza Alghamdi Saeed Alghamdi Ahmed Al Haznawi Ziad Jarrah Ahmed Alnami
    • 11. Phone Number Connections ONE (1) ALERTED PASSENGER MAKES RESERVATION USING COMMON TELEPHONE NUMBER  On or about August 28, 2001, Mohamed Atta uses Florida Telephone #1 as a contact number when making reservations on American Airlines flight #11 scheduled for September 11, 2001 NUMBER IS USED BY FIVE (5) ADDITIONAL PASSENGERS  On or about August 26, 2001, Waleed Alshehri and Wail Alshehri make reservations on American Airlines flight #77 scheduled for September 11, 2001 using Florida Telephone #1 as a contact number  On or about August 27, 2001, reservations for electronic, one-way tickets were made for Fayez Ahmed and Mohand Alshehri for United Airlines flight #175 using Florida Telephone #1 as a contact number  On or about August 28, 2001, Abdulaziz Alomari reserves a seat on American Airlines flight #11 using Florida Telephone #1 as a contact number
    • 12. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Mohamed Atta Majed Moqed Abdulaziz Alomari Wail Alshehri Waleed Alshehri Satam Al Suqami 10 are Identified United Airlines Flight 175 United Airlines Flight 93 Target - South Tower of World Trade Center Target - Unknown Ahmed Alghamdi Marwan Al-Shehhi Mohand Alshehri Fayez Ahmed Hamza Alghamdi Saeed Alghamdi Ahmed Al Haznawi Ziad Jarrah Ahmed Alnami
    • 13. Frequent Flyer Connections ONE (1) ALERTED PASSENGER MAKES RESERVATION USING A FREQUENT FLYER NUMBER  On or about August 25, 2001, Khalid Al-Midhar makes a reservation on American Airlines flight #77 scheduled for September 11, 2001 using Frequent Flyer #1 FREQUENT FLYER NUMBER IS USED BY ONE (1) ADDITIONAL PASSENGER  On or about August 25, 2001, Majed Moqed makes a reservation on American Airlines flight #77 scheduled for September 11, 2001 using Frequent Flyer #1
    • 14. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Mohamed Atta Majed Moqed Abdulaziz Alomari Wail Alshehri Waleed Alshehri Satam Al Suqami 11 are Identified United Airlines Flight 175 United Airlines Flight 93 Target - South Tower of World Trade Center Target - Unknown Ahmed Alghamdi Marwan Al-Shehhi Mohand Alshehri Fayez Ahmed Hamza Alghamdi Saeed Alghamdi Ahmed Al Haznawi Ziad Jarrah Ahmed Alnami
    • 15. Public Record Connections PUBLIC RECORDS  Alerted subjects Nawaq Alhamzi and Khalid Al-Midhar lived with Hani Hanjour  Alerted subject Wail Ashehri was roommates and shares PO Box with Satan Al Suqami
    • 16. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Mohamed Atta Majed Moqed Abdulaziz Alomari Wail Alshehri Waleed Alshehri Satam Al Suqami 13 are Identified United Airlines Flight 175 United Airlines Flight 93 Target - South Tower of World Trade Center Target - Unknown Ahmed Alghamdi Marwan Al-Shehhi Mohand Alshehri Fayez Ahmed Hamza Alghamdi Saeed Alghamdi Ahmed Al Haznawi Ziad Jarrah Ahmed Alnami
    • 17. Remaining Connections WATCH LIST: INS ILLEGAL/EXPIRED VISAS  On or about August 29, 2001, Ahmed Alghamdi reserves an electronic oneway ticket on United Airlines flight #175 scheduled for September 11, 2001 FIVE (5) ADDITIONAL PASSENGERS:  Alerted subject Ahmed Alghamdi and Hamza Alghamdi both use same address on their airline reservations  Alerted subject Hamza Alghamdi has/does live with Saeed Alghamdi, Ahmed Alhaznawi, Ahmed Alnami  Alerted subject Ahmed Alhaznawi lives/lived with Ziad Jarrah
    • 18. American Airlines Flight 77 American Airlines Flight 11 Target - Pentagon Target - North Tower of World Trade Center Nawaq Alhamzi Salem Al-Hazmi Khalid Al-Midhar Hani Hanjour Majed Moqed Mohamed Atta Abdulaziz Alomari Wail Alshehri Waleed Alshehri Satam Al Suqami All 19 are Identified! United Airlines Flight 175 United Airlines Flight 93 Target - South Tower of World Trade Center Target - Unknown Ahmed Alghamdi Marwan Al-Shehhi Mohand Alshehri Fayez Ahmed Hamza Alghamdi Saeed Alghamdi Ahmed Al Haznawi Ziad Jarrah Ahmed Alnami
    • 19. All 19 via 7 “Clicks” Khalid Al-Midhar Majed Moqed Mohamed Atta Waleed Alshehri Marwan Al-Shehhi Wail Alshehri Satam Al Suqami Fayez Ahmed Nawaq Alhamzi Salem Al-Hazmi Mohand Alshehri Ahmed Alghamdi Hani Hanjour Abdulaziz Alomari Saeed Alghamdi Hamza Alghamdi Ahmed Alhaznawi Ziad Jarrah Ahmed Alnami
    • 20. Moore's Law and Computing Power
    • 21. Data Storage Costs
    • 22. Privacy is dead. Get over it. – Scott McNealy, Sun MicroSystems CEO (1999)
    • 23. End of Practical Obscurity  Dept. of Justice v. Reporters Committee, 489 U.S. 749 (1989)  Denial of FOIA request for “rap sheet” of suspected Mafia don upheld  “Plainly there is a vast difference between the public records that might be found after a diligent search of courthouse files, county archives, and local police stations throughout the country and a computerized summary located in a single clearinghouse of information”  “The privacy interest in maintaining the practical obscurity of rap-sheet information will always be high”  Contrast that with the operation of Acxiom, Experian, ChoicePoint or Lexis/Nexis, today.  Private companies that “harvest” public records for its own database  Birth records, credit records, convictions, real estate, liens, bridal registries, kennel club records, etc. etc. etc.  Notably, most (though not all) such records are of governmental origin
    • 24. Guess What This Is … Facebook Break-Up Data Holiday Stress Spring Break April Fools Mondays Summer Vacation Xmas – “Too Cruel”
    • 25. Passenger Name Record (PNR) Typical Data Elements 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. PNR record locator code Date of reservation Date(s) of intended travel Name Other names on PNR Address All forms of payment information Billing address Contact telephone numbers All travel itinerary for specific PNR Frequent flyer information (miles flown, address) Travel agency Travel agent Code share PNR information Travel status of passenger 16. 17. 18. 19. 20. 21. 22. 23. 24. 25. 26. 27. 28. 29. 30. 31. 32. 33. 34. Split/Divided PNR information Email address Ticketing field information General remarks Ticket number Seat number Date of ticket issuance No show history Bag tag numbers Go show information OSI information * SSI/SSR information * Received from information All historical changes to the PNR Number of travelers on PNR Seat information One-way tickets Any collected APIS information ATFQ fields * Restricted field
    • 26. Keeping A Future Terrorist Out of the United States Situation  DHS uses a sophisticated data assessment program called the Automated Targeting System (ATS) to perform risk assessments on those who seek to enter the United States  Roughly 411 million people attempt to enter the U.S. annually; nearly 91 million come to the U.S. by air  ATS allows DHS’ Customs and Border Protection (CBP) to connect the dots to foil potential terrorist plots by denying entry to would-be terrorists Action  June 14, 2003: a Jordanian named Raed al-Banna, carrying a valid business visa on his Jordanian passport, tries to enter the U.S. at O’Hare Airport  His data is run through ATS; CBP is wary of his travel habits and takes him to secondary screening  CBP gleans that al-Banna has been living in the U.S. since 2001 and illegally working petty jobs  A CBP officer takes al-Banna’s photograph and fingerprints, and he is deported soon there after Result  February 28, 2005: al-Banna rams a car filled with explosives into a crowd of military and police recruits in the Iraqi town of Hillah, killing more than 125  His hand and forearm are found inside the smoldering vehicle handcuffed to the steering wheel  The attack remains one of the deadliest suicide bombings in Iraq since the inception of the war Raed al-Banna The CBP officer who deported al-Banna said, “I was shocked. That it was so close to home, that I actually interviewed someone who not only was capable of doing but actually did something like that. You never know who you are interviewing or what they are capable of doing.” Case# 0000016 2005/03/01 www.dhs.gov 26
    • 27. The “Right” to Privacy  No Constitutional right to protect records held by third parties  Bank records -- U.S. v. Miller, 425 U.S. 435 (1973)  Phone toll records – Smith v. Maryland, 442 U.S. 735 (1979)  Common law right?  Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890-1891)  "The common law secures to each individual the right of determining, ordinarily, to what extent his thoughts, sentiments, and emotions shall be communicated to others.”  Not historically applicable against the government  Such “rights” as we have are therefore creatures of statute  Privacy Act of 1974  E-Government Act of 2002  Our Privacy Laws Are Out of Date And Do Not Match The Technology Or The Need 29
    • 28. Mossad in Dubai “The Murder of Mahmoud alMabhouh,”February 2010 http://video.gulfnews.com/services/player/bc pid4267205001?bckey=AQ~~,AAAAAFv965 0~,tQKIhooE6H7bm0EXwcdF0fKpVqjAuia&bctid=66672644001
    • 29. 31

    ×